Using admin REST API on sync gateway

agillette · July 30, 2015, 3:55am

I thinking of using a server, that is local to sync gateway, to create certain types of documents. I wondering if I could use admin REST APIs to do that and if so, will the documents still be processed by my custom sync function?

I’m also considering another approach where the server will have a sync gateway user account.

Please advise on which approach would be best or maybe propose an alternate solution.

Thanks,

Adrian

ldoguin · July 30, 2015, 7:48am

Hi, You can absolutely to this. The REST API will send documents through the sync function.

andy · July 30, 2015, 11:50am

@agillette

Using the ADMIN API is probably the better solution. In this case any require methods you call in your sync function will return true, i.e.

requireUser
requireRole
requireAccess

Making sure this is valid for the docs your are writing as ADMIN is up to you.

If you were to use a super user account to access Sync Gateway from your server code, the require functions would probably not be usable as they are usually passed parameters taken from the document content, e.g. you might call requireUser(doc.owner) to ensure that only an authenticated user can write documents with their id in the owner property.

This would fail as you would be writing the doc having authenticated as the super user.

Andy

agillette · July 31, 2015, 3:41am

Thanks @andy and @ldoguin,

So both of you said it’s okay to use ADMIN API. But @andy also says that if I try to create a document as a super user, it’ll fail in the sync function when it encounters require statements.

So I’m still a little confused as to whether to use ADMIN API or create an “admin” account.

agillette · July 31, 2015, 5:08am

The other consideration I forgot to mention is that with using ADMIN API, I don’t have to create a session. But again if using ADMIN API will fail in the sync function, then this option is a non-starter.

Does anyone know if using ADMIN API uses some kind of super user account that be checked against either requireUser or requireRole?

adamf · July 31, 2015, 6:17am

I think you might be confusing the two scenarios Andy was describing - one was using the Sync Gateway Admin API, and one was using a ‘super user’ created specifically for your application.

When creating documents via the Admin API, it uses the Admin account, which bypasses requireUser/requireRole. So the create won’t fail based on any require statements in the sync function. The rest of the sync function (assigning channels, etc) will be processed as usual.
On the other hand, if you create your own ‘super user’ and use that user to write documents through the public API, you’ll run into the problems Andy described - something like requireUser(doc.owner) will fail unless the super user happens to be doc.owner

Based on your comments, it sounds like the Admin API is the way you want to go.

agillette · July 31, 2015, 6:20am

@adamf,

You da man!! Thanks for the clarification.

Topic		Replies	Views
Sync Gateway check if admin call(superuser) Sync Gateway	3	1193	April 14, 2018
Create Users and assign Channels using the Admin API Sync Gateway	4	63	September 15, 2024
Admin REST API GET error when using this config Sync Gateway	4	2562	September 14, 2015
Protect Admin REST API of SyncGateway Sync Gateway connections	2	713	March 30, 2021
Editing documents through the Sync Gateway without logging in as a user Sync Gateway	1	1539	May 9, 2016

Using admin REST API on sync gateway

Related topics