Dropbox API v2 launches(blogs.dropbox.com) |
Dropbox API v2 launches(blogs.dropbox.com) |
At this point they should start putting some spin on it.
"Help your company employ more people. Dropbox for Business's lack of administration tools will grow your headcount. When you see your admins waiting for a list of users to load, or trying to write their own tools based on scraping the website, feel good about how you're fighting unemployment."
I don't suppose there is a way to programmatically consume the activity stream and pick events to undelete, too?
I'm sorry I can't edit the smug sassiness out of my original reply.
I'd love to recommend using the new Dropbox comments feature but I can't until I know there is a way of getting that data out after putting it in. I'm not entering metadata into a system that doesn't have fully programmable export. Been burned too many times.
Pretty please?
I would like my web server to be able to slurp up all the images from my customer's Dropbox. Unfortunately, shared folders can't be downloaded if they are larger than 2Gb, which is quite often for me.
Is there an API suitable for this?
EDIT: oh yes, yes there is! https://www.dropbox.com/developers/chooser
EDIT 2: It would be sweet if you guys also exposed SHA2 hash of the files in Choser. Often times they user will mistakenly load the same file, and I would rather not do the work at all if I don't have to.
Git annex automatically uses SHA256 on all files as the UUID (optionally set SHA512 in .gitattributes). You can PGP sign your git commits to add more verification.
Plus you dont have to trust a 3rd party with your data, as it can sync entirely over local networks via SSH, directly to a USB harddrive, and it supports encryption when using S3 or other cloud storage.
I managed to teach my non-technical girlfriend how to use it without much effort but getting business people to use it might be a hurdle.
Aw. All grown up.
It's too bad their JavaScript SDK isn't ready yet but making HTTP calls from JavaScript is dead simple so that's not the worst thing.
Overall looks like a good set of priorities for what SDKs got done first.
I'm only half joking there :)
In all seriousness, though, it did make my brain tilt about 15 degrees to see the words "JavaScript" and "SDK" next to each other like that.
What's the problem with a POST based API?
I've done REST and "rest" for many years and every single time it starts out really simple. Oh I just need the profile data so let's make a RESTful endpoint just for profile. So easy! Oh wait the profile page need data from X, Y and Z. Well we gotta be RESTful so let's make 4 HTTP calls. Oh, latency sucks on mobile and terrible networks and we have to cut down on HTTP calls? Sorry, can't, we're RESTful...okay fine ONE RPC endpoint for the profile page's information.
I think REST has it's place; it's good if you want a really intuitive way to access a very specific resource. Beyond that? For developing web apps? Almost always have to go down the RPC route and there is nothing wrong with that. Not everything has to be "RESTful" damn it!@
I agree with your point about REST though, it's not even a standard. If it was there would be no debate about what REST is and what it isn't. It's a vague set of idea and its author himself kind of said his paper was targeted at "specialists" and not classical "developers".
People keep on telling me "read the spec", well there is no normative spec.
On the other hand, I've never much cared about the "no true REST" crap that the conversation always seems to turn into. I'm too pragmatic to care if I'm adhering to someone's concept of a convention.
OTOH, since your data is accessible to anyone after they push "return true" as their auth mechanism, I guess it doesn't really matter. If they offered proper encrypted storage, it'd be much more important.
Though even without encryption, a closed-source client that auto-updates leaves one big hole: They can push an update to specific users or activate code for them. With an open source client, that part could be mostly avoided.
Unfortunately, Tarsnap seems to be the only contender in this area (trustworthy backups). On Windows, this means using VMware shared folders.
I really like how Cryptomator works, and I think Dropbox could easily provide similar functionality, and perhaps in an even more user-friendly way, too, since they can just integrate it with their Dropbox app, rather than this functionality being in a whole separate application.
Dropbox is not an advertising company like Google. They still have some of the highest fees for cloud storage around. So why do they care about seeing what's in people's files? Why not allow people to encrypt the files locally before uploading them?
And lest we forget, in the PRISM slides, Dropbox was mentioned as "coming soon". So unless they want to admit they are already part of the PRISM program, then what better way to dispel those rumors (not made any better by getting Condoleezza Rice on their board) that they are cooperating with the NSA.
http://www.zdnet.com/article/fbi-nsa-said-to-be-secretly-min...
...until you close it for grinding too much cpu.
Everything about this should be open source, and I won't ever use it until it is. Also they should make a lot more effort towards promising privacy and security. As it stands right now, they seem intent on handing your file access to governments and building systems that are insecure by design. No thanks. Open source and then we'll talk.
[0] https://www.dropbox.com/developers-v1/business/docs#log-get-...
[1] https://www.dropboxforum.com/hc/en-us/community/topics/20020...
AWS has two JavaScript SDKs.
Realistically, though, Dropbox can't offer many of the features that differentiate them in the marketplace (collaboration, previews, sharing, etc) if all of the files they store are opaque to them. Playing in the "generic blob storage" market alongside S3 is a losing game for pretty much everybody.
Also, about n-crypted cloud – last time I looked, the file size limit was 150 MB – that kills the utility for my team, but it's still a decent option from my experience...
Have you read the news this year? There's never been a worse time to be unaware and unclear of what software installed on your device does. Companies are so bad at security they lose people's private information by the million, Dropbox themselves didn't even validate passwords for a four hour window once upon a time.
You mean like this: http://www.theregister.co.uk/2015/06/10/condoleezza_rice_to_...
But a paranoid board director is reasonable, or?
[0] https://tools.ietf.org/html/rfc5323
[1] https://tools.ietf.org/html/draft-snell-search-method-00
https://groups.yahoo.com/neo/groups/rest-discuss/conversatio...
GET /users/@me/accounts/:id --> specific user account GET /users/@me/accounts --> all user accounts
would suffice and would read naturally , it would also give you ability for other user with appropriate credentials (admin kind) to see some other user account information yes, very disappointed with design decisions (I understand that from a purist perspective URI is opaque but well named URIs help communication with people)
Suppose you have too many accounts to list, so you start taking predicates in the API, or you start returning a pagination token that's passed back in on a subsequent requests. You quickly overwhelm URIs and have to start serializing complex objects in headers or query params. Eventually you give up and switch to POST so you can just post a json body and be done with it.
What you are talking is ad hoc search capability and that is usually done differently either by posting content type which indicates search payload or using different generic URI for search queries within a whole system
There's nothing RESTful about making more HTTP calls. There's no reason that there can't be representations of a resource in a RESTful API that happen to include, in the representation rather than by reference, representations of subresources.
(You probably would want to have authoritative URLs for the subresources in the representation, assuming the media type of the representation is one which supports that.)
Twilio is an interesting case. They claim all REST, yet they encourage people to generate URLs using IDs. (Twilio's API is great, apart from the incomphrensible decision to use IETF style dates, the silly "Mon, Nov 8 2009" format that only made sense in the 70s over obvious year-month-etc. style.)
I'm not sure there are any popular, really REST APIs out there.
It does, but that's an unrelated issue to the one addressed in GP, which addresses the condition where the information exists on the server side when the response is sent to know what subresources are part of the composite that is desired.
> I'm not sure there are any popular, really REST APIs out there.
The Web itself is a popular API, which provided both the motivation for defining REST and which was, itself, shaped by REST in that REST was developed in parallel with and influenced the design of HTTP/1.1.
Sub resources sure but I'm not talking about sub resources because sub resources are dead easy. This is more of a "oh we should also display resource X, Y and Z in these different spots".
If you want to be really "RESTful", TYPICALLY (and I say typically because I think every developer has a different definition of REST, lol), your URLs only align to resources so joining resources means multiple calls.
Google has an interesting solution for batch HTTP requests that could kinda be used in a way to batch RESTful requests but it's not the most intuitive. https://developers.google.com/drive/web/batch
My experience at least with using REST for APIs seems to agree with yours. REST APIs, like traditional OO programming, seem to only help in a small number of situations. I've seen some really complicated things in the name of "RESTful"ness, like crazy Accept headers for different versions of the API. And like you pointed out, each developer seems to have their own idea of what REST means.
Approaching the API design from the other direction seems better. What is HTTP offering you that is better than just using a socket? It's got a request/response thing with message framing, some handy out-of-band stuff with the headers, there's HTTPS support, it works directly with browsers, and sometimes you can even get it to work through a proxy. HTTP requests are also supported pretty easily (more easily than socket stuff maybe) in most languages.
Then, using features from HTTP where they make sense can be nice (maybe some of the status codes or ETags are useful?), but throwing the whole nebulous REST framework in there without considering how well it matches the problem or how it adds to the complexity of the solution is not a good idea.
The profile page is the resource (or a representation of the resource) identified by the URL (Uniform Resource Locator) used to access the profile page. This is true, pretty much by definition.
Whatever is designed as part of that page, and is also a resource, is a subresource.
> If you want to be really "RESTful", TYPICALLY (and I say typically because I think every developer has a different definition of REST, lol), your URLs only align to resources so joining resources means multiple calls.
URLs align to resources in that the fact that a URL is used to access something defines it as a resource. There is nothing in REST which defines resources as only the orthogonal entities in a data mode (e.g., the loose equivalent of entities in the base tables of a relational DB model.)
You certainly in many cases, for maximum flexibility, want your resources to include those kinds of things, but there is no reason -- at least none that has anything to do with REST -- for them to be limited to them.
That would be logical, yes.
> Do your storages even give you the option of updating them all together atomically?
Depends on your backend implementation. There's no reason a composite resource needs to support PUT at all, though (that's one of the reasons that you are likely to want the representation of the composite to include URLs for each component.)
There are probably good ways to solve most if not all of the problems people typically run into with REST APIs for web apps, but it could take a lot of experimentation to figure them out. It sure took us a while.
No that's not true at all. Your API design should not influence the user experience but the other way around and you're unlikely to change models should you have more optimal ways to presenting things.
On paper? Sure but I've never seen anything able to be split so nicely as you describe.
Seriously, what's a popular API used by developers that's actually truly REST? All I usually see is various levels of awkwardness as an RPC message is sorta split up into various bits spread throughout the HTTP request.
HTTP/1.0 provided the inspiration for REST, which was defined by Fielding in parallel with work on HTTP/1.1 which it informed. The web itself is very much REST, essentially being the defining instance of the architectural style.
> Plus it's not really an API as in easily consumed by a machine.
Yes, it actually is a REST API that is actually made to be, and regularly used as, an interface consumed as hypertext by machines who access requested content by locator, choose how to handle it by identified media type, identify and either directly act on or present user options to act on related content by hypermedia links, etc. Whether this is end-user software (browsers) or unattended software (Googlebot and other spiders), etc.
But for values of API that you know I'm referring to, where is one popular, truly REST API? Say, one that includes an SDK, if you need help with the definition. The fact that no one can really point out a good example means it's irrelevant to program writers.
Also, if you're saying the web is all REST essentially by definition, then so are these POST-only APIs, but they aren't. Or it's a useless tautology.
Plus I don't see any real difference in the web of HTTP1 vs 1.1, so that whole claim is suspect too. Perhaps you can elaborate exactly what HTTP1.1 added that really changed anything except some ease of use (host header, absolute URLs, keep alive).
OTOH, actual REST may well be the solution for other problems, and its a lot easier to talk about solutions if we use "REST" to refer to Representational State Transfer as defined by Fielding and let all things that aren't that get names that reflect what they are, whether its JSON-RPC-over-HTTP or something else.
Its a lot harder to talk about the merits of different approaches if a wide swath of unrelated approaches that are not similar except in not being SOAP+WSDL (or, possibly, in that plus also not being Fielding's Representational State Transfer) all get lumped together as "REST".