Misc Flashcards
HTTP Status Codes for REST API
200 - OK Status code for GET or HEAD
201 - Created Success Code for POST
204 - No Content Success Code for Delete
300 - External ID exists in more than one record
304 - The request content has not changed since a
specified data and time
400 - Bad Request. Could’t be understood. Error in
JSON/XML
401 - Session Id or OAuth token is invalid/expired
403 - Request refused. Check user permission
404 - Requested resource couldn’t be found
500 - Error with Force.com. Contact Salesforce support
What can the Chatter REST API access?
Feeds
Users, Groups, Followers and Files
What is different with Chatter REST API?
Supports applications built on Social data.
Pre-aggregation fo data from different objects
/chatter/users/me
Data automatically localized to the User’s time zone and language
Built-In Pagination
nextPageURL, currentPageURL
Structured for rendering on web sites and mobile devices
Easy object relationship traversal
Examples of Chatter REST API
Requesting a news feed. GET()
/services/data/v30/chatter/feeds/news/me/feed-items
Updating a user’s status. POST() provide update in req body
/services/data/v30/chatter/feeds/news/me/feed-items
@mention Include user id and text to mention in req body
/services/data/v30/chatter/feeds/news/me/feed-items/feeditemid/comments
Design Patterns when using SOAP API from multiple external applications.
- Wrapper class Contains generic logic for reuse. Includes methods for login and session management, query patterns, CRUD operations and exception handling. Does no contain application specific code.
- Delegator Class
Instantiates a wrapper class. Delegates or assigns tasks to other objects and methods. may not be reusable if it contains app specific logic - Helper Class
Provides additional functionality like logging (log4j) and data mapping. Store system-system map in a table or XML file and read at run time.
What are the types of XSS?
Reflective XSS
- Triggers off of a link
- Interactive
Stored XSS
- Persistent
- Triggers when the exploited page is viewed
DOM XSS
- Similar to Reflective XSS
- Attack is not embedded in the page
How are XSS attacks delivered?
Email
Pop-ups
Web Pages
When does Visualforce not perform automatic encoding?
escape = "false" includeScript inline javascript on* events like on click style="" helpTitle = "" bare html {!blah}
How does Visualforce protect against CSRF attacks?
It includes a CSRF token as part of the view state which is unique for a user and page.
HTTP Get requests are not CSRF safe. Do not use get parameters to perform DML operation. use form POST.