The State Changers meeting discussed solving a specific issue related to account selection. The issue was part of an API set-up querying accounts and tokens through Xano. The situation involved confusion around a 'for each' loop and a conditional where an item ID matched an input Account ID to edit a record. The participants offered a variety of solutions, first suggesting changing the way the accounts were being queried by looking for the account ID directly in all records.
Later discussions focused on reconstructing the get/post process. The team suggested dividing it into two jobs. The first job is to provide a list of accounts in the form of a 'get', and the second job, a 'post', is to confirm the user's account selection. Furthermore, they mentioned how the output of the query all records can be manipulated to change the returned shape, suggesting customization to ensure only one record comes back, resolving the issue of receiving the data as an array. The dialogue also touched on security concerns, mentioning that querying both the account ID and the user at the same time prevents what they termed 'insecure direct object reference' – ensuring the users can only access their own accounts. Subsequently, the participant should be able to update just the one that record. Towards the end of the meeting, clarity was obtained about the primary update and edit record, with sufficient information provided to continue the task. The platforms mentioned were Xano for backend, and Xamarin as a client.
(Source: Office Hours 1/11 )
