CommerceBuilder WebAPI. The current documentation mentions that it is mainly for future use, but developers can use the services now.
Are these services required for the the Store / Site to function?
2 scenarios below.
1) We have a client request to hide / disable the public API's. They don't want to make it "easy" for someone to scrape their catalog content. One way we thought was to change up the maps/routes on app start, but a cleaner approach would be to remove from web.config and bin. Thoughts/suggestions?
2) Along similar lines, we are building iOS and Android apps for another client that will hit their AbleCommerce site. We plan to use WebApi v2 and odata. From our past experience with trying to add WebAPIv2 services, the web application throws an exception onstart - somewhere from the Help documentation class. The current Commerce Builder WebAPI appears to reference the older WebAPI. (Apparently, the WebAPI v2 interface for that class contains new methods/overloads).
2a) Will CommerceBuilder WepAPI be updated to use the latest WebAPI stack anytime soon?
2b) Can we safely disable the CommerceBuilder WebAPI reference without affecting the behavior of the store. (Similar to #1 above)
Thanks for your help!
CommerceBulder WebAPI - Required or Not?
- SuperMindConsulting
- Ensign (ENS)
- Posts: 13
- Joined: Sun Jan 17, 2010 1:38 am
- Contact:
-
- Commodore (COMO)
- Posts: 436
- Joined: Tue May 07, 2013 1:59 pm
Re: CommerceBulder WebAPI - Required or Not?
This is anecdotal evidence, but I just tried removing the dll and commenting out the line in web.config from my test site, and everything else seemed to work fine.
What I do on my live site is restrict access to the api based on IP address range via applicationHost.config. I only allow access to IP addresses on our internal private IP address subnet (we are hosting AC on our own server).
For IIS 7.5, add the following to the c:\windows\system32\inetsrv\config\applicationHost.config file (at the bottom, just above the </configuration> line):
I did this by manually editing the file because the api path doesn't show up in the site's tree in IIS Manager.
What I do on my live site is restrict access to the api based on IP address range via applicationHost.config. I only allow access to IP addresses on our internal private IP address subnet (we are hosting AC on our own server).
For IIS 7.5, add the following to the c:\windows\system32\inetsrv\config\applicationHost.config file (at the bottom, just above the </configuration> line):
Code: Select all
<location path="[Your site name here without brackets]/Api">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="[Your subnet address here without brackets]" subnetMask="[Your subnet mask here without brackets]" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</location>
Jay
Re: CommerceBulder WebAPI - Required or Not?
We can't provide any time line on this.2a) Will CommerceBuilder WepAPI be updated to use the latest WebAPI stack anytime soon?
Yeah. WebAPI was future use and mostly to allow third party application have access on application. We haven't used API internally as of this point. You can safely disable it.2b) Can we safely disable the CommerceBuilder WebAPI reference without affecting the behavior of the store. (Similar to #1 above)