Using admin REST API on sync gateway


#1

I thinking of using a server, that is local to sync gateway, to create certain types of documents. I wondering if I could use admin REST APIs to do that and if so, will the documents still be processed by my custom sync function?

I’m also considering another approach where the server will have a sync gateway user account.

Please advise on which approach would be best or maybe propose an alternate solution.

Thanks,

Adrian


#2

Hi, You can absolutely to this. The REST API will send documents through the sync function.


#3

@agillette

Using the ADMIN API is probably the better solution. In this case any require methods you call in your sync function will return true, i.e.

requireUser
requireRole
requireAccess

Making sure this is valid for the docs your are writing as ADMIN is up to you.

If you were to use a super user account to access Sync Gateway from your server code, the require functions would probably not be usable as they are usually passed parameters taken from the document content, e.g. you might call requireUser(doc.owner) to ensure that only an authenticated user can write documents with their id in the owner property.

This would fail as you would be writing the doc having authenticated as the super user.

Andy


#4

Thanks @andy and @ldoguin,

So both of you said it’s okay to use ADMIN API. But @andy also says that if I try to create a document as a super user, it’ll fail in the sync function when it encounters require statements.

So I’m still a little confused as to whether to use ADMIN API or create an “admin” account.


Handling user account documents
#5

The other consideration I forgot to mention is that with using ADMIN API, I don’t have to create a session. But again if using ADMIN API will fail in the sync function, then this option is a non-starter.

Does anyone know if using ADMIN API uses some kind of super user account that be checked against either requireUser or requireRole?


#6

I think you might be confusing the two scenarios Andy was describing - one was using the Sync Gateway Admin API, and one was using a ‘super user’ created specifically for your application.

  1. When creating documents via the Admin API, it uses the Admin account, which bypasses requireUser/requireRole. So the create won’t fail based on any require statements in the sync function. The rest of the sync function (assigning channels, etc) will be processed as usual.
  2. On the other hand, if you create your own ‘super user’ and use that user to write documents through the public API, you’ll run into the problems Andy described - something like requireUser(doc.owner) will fail unless the super user happens to be doc.owner

Based on your comments, it sounds like the Admin API is the way you want to go.


Admin REST API GET error when using this config
#7

@adamf,

You da man!! Thanks for the clarification.