Let's take a look at an example of an API that we expose from the Give & Get site (template).
We expose an endpoint that our (fictitious) delivery service uses to update our site when a giveaway has been delivered. The delivery service makes an API call to our site letting us know that a giveaway was delivered. When we receive such an API call, we update the status of the giveaway in the Giveaways collection to Delivered.
The code for our HTTP function looks like this:
We begin by importing a function to update a giveaway's status in the Giveaways collection, the HTTP responses that we use, and a function to decrypt IDs.
Then we declare an HTTP function that handles POST requests to the giveawayDelivered endpoint.
The delivery service will call this endpoint using a URL like this:
.../giveandget/_functions-dev/giveawayDelivered/{giveawayId}
Next, we start building the response options by adding the appropriate header.
After that, we get an encrypted giveaway ID from the request path.
We decrypt the ID using the function we imported above.
We use encrypted IDs to prevent anyone other than the delivery service from updating our site that a delivery has been made. Other users will be able to call our API, but they won't send us the proper IDs, so their calls will have no effect.
Finally, we update the status of the specified giveaway to be Delivered.
Assuming the update goes smoothly, we return a 200 OK response and a success flag. If there was some sort of problem we add the error information to the response object and send a 400 Bad Request response.