search

wordpress-mobile / WordPress-iOS

WordPress for iOS - Official repository
http://ios.wordpress.org/
GNU General Public License v2.0
3.69k stars 1.12k forks source link

Stats: Audit endpoint access #19876

Open staskus opened 1 year ago

staskus commented 1 year ago

It would be good to check through each endpoint request we're making from the various stats dashboard screens, to ensure that we definitely require each call we're making. Here are some example sets of requests captured using Charles Proxy, with some initial questions:

Week View:

/rest/v1.1/sites/123456789/stats/visits/?locale=en&date=2022-02-04&period=week&quantity=14&stat_fields=views%2Cvisitors%2Ccomments%2Clikes&unit=week
/rest/v1.1/sites/123456789/stats/top-authors//?locale=en&date=2022-02-04&max=10&period=week
/rest/v1.1/sites/123456789/stats/search-terms/?locale=en&date=2022-02-04&max=10&period=week
/rest/v1.1/sites/123456789/stats/top-posts/?locale=en&date=2022-02-04&max=10&period=week
/rest/v1.1/sites/123456789/stats/country-views/?locale=en&date=2022-02-04&max=0&period=week
/rest/v1.1/sites/123456789/stats/visits/?locale=en&date=2022-02-04&period=week&quantity=14&stat_fields=likes&unit=week
/rest/v1.1/sites/123456789/stats/referrers/?locale=en&date=2022-02-04&max=10&period=week
/rest/v1.1/sites/123456789/stats/clicks/?locale=en&date=2022-02-04&max=10&period=week
/rest/v1.1/sites/123456789/posts/?locale=en&after=2022-01-29T00%3A00%3A00Z&before=2022-02-04T09%3A37%3A57Z&fields=ID%2C%20title%2C%20URL&number=10
/rest/v1.1/sites/123456789/stats/file-downloads/?locale=en&date=2022-02-04&num=1&period=week
/rest/v1.1/sites/123456789/stats/video-plays/?locale=en&date=2022-02-04&max=10&period=week

Why is the posts list requested? Why does top-authors have a double slash? Is a parameter missing? Visits is requested twice, just with different stats_fields properties. But there's overlap, as they both request Likes. Do we need to make both these requests?

Insights

The only cards visible are Latest Post Summary, Today, All-Time, and Follower Totals.

Requests made when visiting tab:

/rest/v1.1/sites/123456789/posts/?locale=en&fields=ID%2C%20title%2C%20URL%2C%20discussion%2C%20like_count%2C%20date&number=1&order_by=date&type=post
/rest/v1.1/sites/123456789/stats/post/391?locale=en&fields=views
/rest/v1.1/sites/123456789/stats/post/391/?locale=en
/rest/v1.1/sites/123456789/stats//?locale=en&max=10
/rest/v1.1/sites/123456789/stats/followers/?locale=en&max=10&type=wpcom
/rest/v1.1/sites/123456789/stats/followers/?locale=en&max=10&type=email
/rest/v1.1/sites/123456789/stats/publicize/?locale=en&max=10
/rest/v1.1/sites/123456789/stats/insights/?locale=en&max=10
/rest/v1.1/sites/123456789/stats/summary/?locale=en&max=10
/rest/v1.1/sites/123456789/stats/comments/?locale=en&max=10
/rest/v1.1/sites/123456789/stats/tags/?locale=en&max=10
/rest/v1.1/sites/123456789/stats/streak/?locale=en&max=5000```

There are two different calls to post – one with views field and one without. Do we need both? Why does the stats// call have a double slash? Is a pararmeter missing?

staskus commented 1 year ago

Opening this from a draft issue in Stats Revamp v1. Might still be a relevant investigation.