Live Updates - An Introduction
The SiteGurus Live-Update API helps you quickly build interactive, dynamic website layouts for Siteglide which live-update parts of their content when the user interacts with them.
How it works
See the URL Parameters Section for more details on choosing parameters to modify your content.
Thinking about Security
When using a single page to deliver multiple types of content, how do we prevent malicious users requesting content they should not have access to?
When using the API, you'll get the server to generate a public key which contains encrypted information about the exact Liquid layout you are intending to use and live-update. This includes for example:
- The path of the Liquid Partial
- The WebApp or Module ID
- The user ID which might be used to filter the items based on ownership.
The same server handles the requests and it will only accept valid public keys from which it can extract that same information. That means sensitive parameters which are stored inside the public key cannot be simply modified by a user who does not have direct access to the server.
PlatformOS cookies and user sessions are preserved by the requests, so secure zones will apply as normal within the Liquid files which are re-rendered. You will need to write code which respects secure zones logic as you normally would.
Mutating/ Editing Data
Note that this API currently uses GET requests only to fetch/read HTML and/or data. While it is possible for the agency developer to write server-side Liquid on the rendered layout which will write to the database, the API does not provide any of its own functionality for writing to the database (if you do need this kind of functionality- see Siteglide's WebApp and Module Forms). This is a very similar situation to visiting Siteglide pages via the browser.
Specialised Use Cases
Some parameters that we consider non-sensitive normally, like those which might be used to filter data could in some use cases be something you do not wish users to be able to modify. In this case, you can use our Enforcing Filters Guide to solve this problem.
creator_id URL parameters for security considerations regarding JSON data and filtering items by their owner respectively.
I'd like to use the Live Updates API - What should I read next?
Next, you may want to check out our Getting Started Guide.
You may also find useful: