It would be more restful and more useful to be able to API POST add product with a JSON body

[herau]

What

• currently to add a product, we have to use query parameters
• From the wiki (http://en.wiki.openfoodfacts.org/API#Posting_a_new_product)
  • http://world.openfoodfacts.net/cgi/product_jqm2.pl?code=0048151623426&product_name=Maryland%20Choc%20Chip&quantity=230g&nutriment_energy=450&nutriment_energy_unit=kJ&nutrition_data_per=serving&ingredients_text=Fortified%20wheat%20flour%2C%20Chocolate%20chips%20%2825%25%29%2C%20Sugar%2C%20Palm%20oil%2C%20Golden%20syrup%2C%20Whey%20and%20whey%20derivatives%20%28Milk%29%2C%20Raising%20agents%2C%20Salt%2C%20Flavouring&traces=Milk%2C+Soya%2C+Nuts%2C+Wheat
• It would be more restful and more useful to be able to add product with a JSON body :-)

Part of

• API (Tracker) #5523

[stephanegigandet]

That's a very good idea.

[herau]

@stephanegigandet the Query 1 in the wiki http://en.wiki.openfoodfacts.org/API#WRITE_API_Documentation for posting a product doesn't work, even if with user_id and password query parameters off values.

Did i miss something else ?

[teolemon]

those are values for the server protection.
Use your personal credentials for user_id and pwd

[herau]

i took the same url with my credentials and i still had a 401 HTTP response:

http://world.openfoodfacts.net/cgi/product_jqm2.pl?code=0048151623426&product_name=Maryland%20Choc%20Chip&quantity=230g&nutriment_energy=450&nutriment_energy_unit=kJ&nutrition_data_per=serving&ingredients_text=Fortified%20wheat%20flour%2C%20Chocolate%20chips%20%2825%25%29%2C%20Sugar%2C%20Palm%20oil%2C%20Golden%20syrup%2C%20Whey%20and%20whey%20derivatives%20%28Milk%29%2C%20Raising%20agents%2C%20Salt%2C%20Flavouring&user_id=herauf&password=xxxx

[stephanegigandet]

In addition to the user_id and password fields, the openfoodfacts.net is protected by HTTP authentification, with user off and password off. This is to prevent it to be indexed.

Try this: http://off:[email protected]/cgi/product_jqm2.pl?code=0048151623426&product_name=Maryland%20Choc%20Chip&quantity=230g&nutriment_energy=450&nutriment_energy_unit=kJ&nutrition_data_per=serving&ingredients_text=Fortified%20wheat%20flour%2C%20Chocolate%20chips%20%2825%25%29%2C%20Sugar%2C%20Palm%20oil%2C%20Golden%20syrup%2C%20Whey%20and%20whey%20derivatives%20%28Milk%29%2C%20Raising%20agents%2C%20Salt%2C%20Flavouring

[herau]

Thanks @stephanegigandet, the basic Auth with off/off solve the 401 issue.

But the response of the request is:

{
  "status_verbose": "no code or invalid code",
  "status": 0
}

[herau]

@stephanegigandet in reality, the call works in HTTP GET :-)
Ok so my issue is still valid. This API should provide a POST entrypoint with a JSON body for add a new product

[aleene]

Why is a json-variant needed? I have to set things up in code anyway. What would be the advantage?

[herau]

In general terms GET is used when server returns data to the client and have not any impact on server whereas POST is used to create resource on server.

Generally in restful API, the POST method send the content in body with specified format which is described in content-type header for ex. application/json for json data.

The main advantage is that we can use restful client (in the android app for exemple).

[hangy]

A HTTP GET call should ideally not modify server state. There have been cases of web crawlers or web browser that pre-loaded pages simply deleting lots of items by calling "delete" links that were just GET links. :) One might even argue that a "logout" GET link is bad, because of how easy it is to force logout a user (by a redirect, iframe, ...). Also, W3C: https://www.w3.org/2001/tag/doc/whenToUseGet.html#checklist

[stephanegigandet]

To clarify the current state: the parameters can be sent either as GET parameters (in the query string, which is useful for demo / debugging purposes), or as POST parameters. When sent as POST parameters, they must be encoded as CGI form values, not as a JSON object.

We can add an alternate way to send the product data with a product_json parameter. Product code, user id, password etc. would still be passed as separate fields.