With the launch of RAD Studio 12, RAD Server not only fully integrates the encoding Sqids library, but you can also use it in any other project through the new TSqidsEncoding class available in the System.NetEncoding.Sqids namespace.
Sqids is a small open-source library that can produce short, unique, random-looking IDs from numbers. The best way to think about it is like a decimal-to-hexadecimal converter, but with a few extra bells and whistles.
Sqids website
With the availability of this library on RAD Studio 12, you can encode and decode a number or an array of numbers using the blazing-fast Sqids algorithm natively in any platform, and not only that, because of the standardised nature of Sqids, it’s fully compatible with other programming languages as well. Check their website for available languages.
Table of Contents
How to use TSqidsEncoding
You just need to include the namespace System.NetEncoding.Sqids in your unit and initialise a new object. It’s recommended to use a customised alphabet and length. In that way, your IDs will be much more difficult to decode.
Let’s see a quick example:
1 2 3 4 5 6 7 8 9 10 |
procedure CreateSqids; begin var length := 10; var alphabet := 'JXx6Ue7jLqBk9cZmwA2szgdYNRP4lhOErDvQF1GTVIM3fao5t8WuSb0HyipKnC'; var sqids := TSqidsEncoding.Create(alphabet, length); var encoded := sqids.Encode(1034); // The encoded value will be '6GRy4cbTSV' var decodedSingle := sqids.DecodeSingle(encoded); // The decoded value will be an integer with the value: 1034 var decoded := sqids.Decode(encoded); // The decoded value will be and array with one value: 1034 lSqids.Free; end; |
With Sqids we can quickly encode a number or an array of numbers in a YouTube-like string that uses the characters and the length specified. TSqidEncoding contains multiple other methods allowing you much more flexibility, but conceptually it’s extremely easy and simple to use.
Integration with RAD Server
RAD Server has an integration to make Sqids availability a breeze. Using the TEMSDatasetResource you simply need to specify in the attributes the symbol # before the ID and RAD Server will do the rest.
Let’s imagine that we are publishing an endpoint for customers, and we want to use Sqids with the primary key CUST_NO. We would simply do as follows:
1 2 3 4 5 6 7 8 9 10 11 |
[ResourceName('Customers')] TCustomersResource = class(TDataModule) qryCustomers: TFDQuery; [ResourceSuffix('list', '/')] [ResourceSuffix('get', '/{#CUST_NO}')] [ResourceSuffix('put', '/{#CUST_NO}')] [ResourceSuffix('post', '/')] [ResourceSuffix('delete', '/{#CUST_NO}')] resCustomers: TEMSDataSetResource; FDConnection1: TFDConnection; end; |
It’s important to understand that RAD Server will only decode at a URI level, which means that the body of the response won’t be encoded. If you are developing the client application with RAD Studio you can define in the EMSProvider component the properties of your alphabet and length so the requests are automatically encoded as well. (check the demo project at the end of the page).
To customise the alphabet and length used by RAD Server you can find 2 new properties in EMSServer.ini.
1 2 3 4 5 6 7 |
[Server.Sqids] ;# The following options control URL parameters Sqids decoding ;# ;# Optional alphabet for Sqids decoding Alphabet= ;# Optional minimal hash length for Sqids decoding MinHashLength=0 |
In which context does it make sense to use Sqids?
When developing a REST API or having multiple services communicating with each other maybe we don’t want to make too obvious the IDs of our endpoints. Most of the time those are the primary key of a table and those endpoints are big candidates for harvesting data using bots. Another good practice where it is being used is to minimise potential security issues. Imagine that one of our endpoints is not properly secured due to a bug. Using incremental numeric IDs makes it easier to access data that shouldn’t be available. The reasons to obfuscate your IDs are multiple and with Sqids it is extremely simple and fast to do it.
Is it secure to use Sqids?
The nature of Sqids algorithm is to be fast, very fast. Because of this, it’s important to understand that Sqids is not an encryption mechanism and it’s not recommended to encode sensitive data like credit cards, pin numbers etc. Sqids follows the approach of security through obfuscation, simply making data not as obvious as simple numeric IDs, but someone with enough time and patience could eventually decode the IDs.
Are there any available examples?
Yes! We have created 2 projects available on GitHub.
Sqids Playground
In this FireMonkey project, you can play around with multiple parameters available and see the results in real-time. The default “Results” tab creates 1000 rows in a MemTable and you can see how fast is to encode those live. There are 2 extra tabs available to customise what you want to encode and decode based on the chosen alphabet and length. Press the buttons and have fun!
RAD Server integration
This other project is a ProjectGroup with a RAD Server and a VCL application. Analysing the code you will see how Sqids is being implemented in the communication with RAD Server and how you can automatically encode and decode your IDs. Because this project is connected to a database, you will need to define in the FDConnection the example employee.gdb database available on InterBase.
More Info
DocWiki info about TSqidsEncoding
Tutorial: Using Sqids Encoding
Sqids website
Design. Code. Compile. Deploy.
Start Free Trial Upgrade Today
Free Delphi Community Edition Free C++Builder Community Edition