Claris has launched its FileMaker 19.5 version. This launch improves the platform's performance, security, and dependability. The latest version of FileMaker has various new features, one of which is its QRCode compatibility.

QR Code stands for Quick Response Code which can store a large amount of content. It contains information in two dimensions, horizontal and vertical. Any type of smartphone device can scan and understand QR codes, providing businesses with a fast and direct way to guide users to go to a specific web page or link.

What if you had an inventory database providing details of the product via an API and you wish to read the contents of the QR Code for all your items? FileMaker now has the ability to read the contents of the QR Code without using any plug-in or third-party code or scanner.

QRCode Feature in FileMaker 19.5

Consider a scenario where you have QR Code images stored in your FileMaker database and you would like to retrieve the details stored in it. For instance, a books inventory application where the QR Code images of books are stored in the FileMaker application. Now to retrieve and store the details in the application, you would either need a QR Code scanner and then manually enter data or you might need a plug-in to do this. With the release of FileMaker Pro 19.5.1, your job becomes much easier. In the new version, the function ReadQRCode()will do the job for you. It is easy to use and understand too.

In the example below, we are reading a QR code, which contains the URL of a book. This URL contains a purchase link of the book. We can fetch other details of the book as well, provided it is contained in the QR code. We need a container field to store the QR code image. The user can manually insert it or scan it from the FM Go application

The ReadQRCode script, using ReadQRCode() function, will set the URL in the respective field. This script can be called on button click or as an OnObjectModify script trigger for the container field.

We have given a ‘Go’ button to navigate to the URL read by the ReadQRCode() function.

It will redirect the user to the purchase page of the book that has its details and reviews.

Note that this function is supported on macOS, iOS 15, and iPadOS 15 devices.

MetaSys Software has a sizeable group of certified FileMaker specialists with the knowledge of versions 5 through 19. For over 20 years, our clients have enjoyed working with us. Among the systems, we have deployed and managed with FileMaker are cruise booking systems, inventory management systems, and project management systems. To know more about what we offer in FileMaker, contact us now!

React Query is the most performant and powerful data synchronization library for React. It performs functions such as server data fetching, caching, synchronizing, and modifying server states for React applications. While building a React app, developers can implement the data fetching feature in multiple ways, i.e., combinations of component-based states, react-redux, and react-hooks. These state-management solutions; however, mostly function well on the client side rather than on the server side. React Query is the best library for managing the server-side states.

How React Query Enhances App Performance

React Query makes it possible to replace several lines of complicated code from a React application with just a few lines of code. This makes application maintenance and the addition of new features on top of the existing ones easier. The user experience is more responsive and quicker than before. It also helps to increase memory performance from an application perspective.

React Query in Action

If we look at the code for React Query, at the root level of the project, it provides a “QueryClientProvider” as a wrapper that handles and manages global data-fetching and caching.

React Query provides multiple hooks that connect with its global state controller and returns a Promise object for fetching/caching the server-side data. It calls the API client method to fetch/update/delete/create server-side data and also manages server states such as data, error, failurecount, isError, isIdle, isLoading, isPreviousData, isFetchedAfterMount, isFetching, isStale, isSuccess, refetch, remove, status.

The useQuery hook has multiple options so developers can pass them to customize the hook to meet their project needs. It has the “enabled” option, a powerful option that actually provides multiple features such as-

• an option to run multiple queries in parallel or even synchronously i.e., on the basis of the previous query execution;
• turning the queries on or off based on the functionality;
• sorting and filtering features in the queries to help improve performance; and
• an option to wait for inputs from the user; you can disable the query for any of the use-case.

React Query allows developers to create custom hooks based on their project requirements using React Query hooks. This feature keeps the code more generalized.

It provides multiple fetching features such as:

• refetching the data on window focus;
• retrying the query if an error occurs; and
• fetching the data on updating or deleting of the records. With this, the list is always up to date after “update” and “delete” actions.

Every query has four main statuses – idle, loading, error, and success. Based on these, React Query returns the server-side states for handling each query. And with those states, developers can build a view. That means it displays the loading view until the loading state is enabled. It correctly handles errors based on error states. It displays the data or processes the data, then shows the normalized data depending on the successor states.

React Query also offers the best ways to handle data pagination. It provides infiniteQuery and mutationQuery options for paginating the data properly, depending on what the users require.

It also helps resolve issues arising out of asynchronous server-side data handling. Before React Query, developers had to write custom code for handling asynchronous server-side data. React Query has solved this issue. Additionally, it integrates well with the react-testing-library, providing appropriate code coverage too.

Today data security during financial transactions is super important and critical. The protection of sensitive user data should be a major priority for developers working on applications that use financial or personal information of the clients.

These days, many apps are accessed through multiple devices including desktops, laptops, mobile phones and tablets. Both web apps, and native apps can use web APIs for accessing data and providing services. This article addresses the topic of ensuring client security of a web API during the development phase. I will share my experience with using JSON web tokens (JWT) to ensure security of a representational state transfer (REST) web API.

There are a two simpler alternatives to JWT that I will briefly mention first:

1. Basic authentication:
   

   This method is very easy to implement. A username and password is passed and validated in a database to identify legitimate users. Since the username and password are sent as plain text, every request is very susceptible to cross-site request forgery (CSRF). The security can be improved somewhat by passing the details in the headers section of the web API instead of the URL, nevertheless this method is not very secure as it does not involve any encryption.

2. API keys:
   

   This technique is used to overcome the drawbacks of basic authentication. In this method, a unique key is assigned every time the user signs in indicating that the user is known. A user can use the same key to re-enter the system. The security issue with this method is that the key can easily be picked up during network transmission. Often, the key is passed as a query string in the URL, making it easier for someone to compromise the security of the web API.

JWT avoids the security flaws of the two simpler methods, by providing a bearer token authentication of the Web API. With this method, the user name and password validates, whether, the user exists in the system. Information about the validated user like name, email address and UserID can be fetched. These items are included in the ‘claim’. Claims are pieces of information about a user that have been packaged and signed into security tokens.

A JWT token consists of three parts, the header, the payload and the signature.

Header – Contains the type of token and signing algorithm used

Payload – Contains the issuer of the claim, the subject of the claim and the audience, which refers to the intended recipient of the claim. Other information can also be included, such as an expiry time of the token, or additional user information.

Signature –Contains the encoded header, encoded payload and a secret key

Implementation

To give you more details about JWT implementation, I’ll be going through the steps I took to implement JWT in my web API. First I created a web API project in .Net core 2.2. Next I installed two packages via npm of visual studio, using the following commands:

• Install-Package System.IdentityModel.Tokens.Jwt -Version 5.6.0
• Install-Package Microsoft.AspNetCore.Authentication.JwtBearer -Version 3.1.0

In the appsetting.json file, I added my JWT keys including the secret key, issuer, subject and audience as follows:

Next, I registered a JWT authentication schema by using the "AddAuthentication" method and specifying JwtBearerDefaults.AuthenticationScheme. in the ConfigureServices section of the start-up class.

I also added app.UseAuthentication() in the configure method of the startup class.

Next, I created a token controller in the web API. This token controller action GetApiToken took the two input parameters: Username and Password, and validated these details against the database. Once the user is validated, I generated a token using the secret key, claims information and signing credentials.

The generated token was then stored as an item in sessionStorage.

For all my web API requests, I used the following key in the header section of each Ajax web API  call request.

Finally, I applied the [Authorize] attribute to my controller to which I was calling the web API.

These were all the steps I required to implement JWT authentication in my Web API. The tokens are encrypted, so they are difficult to tamper with. They expire at specific intervals and are cryptographically signed using a cryptographic algorithm.

The final implementation step is to remove the generated token item which was stored in sessionStorage when a user logs out of the system.

MetaSys has extensive expertise in building secure web APIs for web applications. Our team has experience in building custom software solutions for clients across different industry verticals. Please feel free to contact us if you are in need of a partner to build a secure web API.  For more info, visit our website: https://development.ikf.in/metasys1/dot-net.