Hi Rick, I am writing some API calls using the WW .NET CallbackHandler and have a couple questions.
Regarding Verbs, are all requests sent as "POST"? Because it seems like you can create any method to do anything and return anything with a "POST". I'm not sure why a "PUT" or "GET" would be used.
What is the best practice and most common way to add authentication to the CallbackHandler API calls? I want to be able to call these from out side the application with authentication. (I could not find any examples online).
Thank you! Craig
I can barely remember how CallbackHandler worked 😄 Is this a WebForm application? If not it seems you'd be better off creating an MVC or a Core application with MVC API...
You can use any verb with the CallbackHandler but because you have to pass the method name plus any other data you often end up using a POST for everything. But GET also works and PUT/DELETE would as well.
For Authentication you need to build a custom solution.
This is why I'd recommend the .NET Core bits - Westwind.AspNetCore has a token service using SQL built in that you can use to generate and validate user tokens. You still have to handle the authentication though... but it handles retrieving a token, and validating a token and resolving a user key from the token.
+++ Rick ---
Hi Rick, Yes, unfortunately this is a WebForm application that is still supported and already has CallbackHandler implemented. Basic Authentication with https is fine, but I'm not sure exactly how to implement. Is it as easy as posting in header and test with WebSurge or Postman?
Regarding the verbs, thanks for clarifying! I thought I was missing something since this is RESTful solution... All mine are POST then.
Thank you, Craig