Have an amazing solution built in RAD Studio? Let us know. Looking for discounts? Visit our Special Offers page!
DelphiNewsRAD ServerRAD Studio

Sqids: Integration with RAD Server and standalone library

squid

With the launch of RAD Studio 12, RAD Server not only fully integrates the encoding Sqids library, but you can also use it in any other project through the new TSqidsEncoding class available in the System.NetEncoding.Sqids namespace.

Sqids is a small open-source library that can produce short, unique, random-looking IDs from numbers. The best way to think about it is like a decimal-to-hexadecimal converter, but with a few extra bells and whistles.

Sqids website

With the availability of this library on RAD Studio 12, you can encode and decode a number or an array of numbers using the blazing-fast Sqids algorithm natively in any platform, and not only that, because of the standardised nature of Sqids, it’s fully compatible with other programming languages as well. Check their website for available languages. 

How to use TSqidsEncoding

You just need to include the namespace System.NetEncoding.Sqids in your unit and initialise a new object. It’s recommended to use a customised alphabet and length. In that way, your IDs will be much more difficult to decode.

Let’s see a quick example:

With Sqids we can quickly encode a number or an array of numbers in a YouTube-like string that uses the characters and the length specified. TSqidEncoding contains multiple other methods allowing you much more flexibility, but conceptually it’s extremely easy and simple to use.

Integration with RAD Server

RAD Server has an integration to make Sqids availability a breeze. Using the TEMSDatasetResource you simply need to specify in the attributes the symbol # before the ID and RAD Server will do the rest.

Let’s imagine that we are publishing an endpoint for customers, and we want to use Sqids with the primary key CUST_NO. We would simply do as follows:

It’s important to understand that RAD Server will only decode at a URI level, which means that the body of the response won’t be encoded. If you are developing the client application with RAD Studio you can define in the EMSProvider component the properties of your alphabet and length so the requests are automatically encoded as well. (check the demo project at the end of the page).

To customise the alphabet and length used by RAD Server you can find 2 new properties in EMSServer.ini.

In which context does it make sense to use Sqids?

When developing a REST API or having multiple services communicating with each other maybe we don’t want to make too obvious the IDs of our endpoints. Most of the time those are the primary key of a table and those endpoints are big candidates for harvesting data using bots. Another good practice where it is being used is to minimise potential security issues. Imagine that one of our endpoints is not properly secured due to a bug. Using incremental numeric IDs makes it easier to access data that shouldn’t be available. The reasons to obfuscate your IDs are multiple and with Sqids it is extremely simple and fast to do it.

Is it secure to use Sqids?

The nature of Sqids algorithm is to be fast, very fast. Because of this, it’s important to understand that Sqids is not an encryption mechanism and it’s not recommended to encode sensitive data like credit cards, pin numbers etc. Sqids follows the approach of security through obfuscation, simply making data not as obvious as simple numeric IDs, but someone with enough time and patience could eventually decode the IDs.

Are there any available examples?

Yes! We have created 2 projects available on GitHub.

Sqids Playground

In this FireMonkey project, you can play around with multiple parameters available and see the results in real-time. The default “Results” tab creates 1000 rows in a MemTable and you can see how fast is to encode those live. There are 2 extra tabs available to customise what you want to encode and decode based on the chosen alphabet and length. Press the buttons and have fun!

RAD Server integration

This other project is a ProjectGroup with a RAD Server and a VCL application. Analysing the code you will see how Sqids is being implemented in the communication with RAD Server and how you can automatically encode and decode your IDs. Because this project is connected to a database, you will need to define in the FDConnection the example employee.gdb database available on InterBase.

More Info

DocWiki info about TSqidsEncoding
Tutorial: Using Sqids Encoding
Sqids website

See What's New in 12.2 Athens See What's New in 12.2 Athens Dev Days of Summer 2-24

Reduce development time and get to market faster with RAD Studio, Delphi, or C++Builder.
Design. Code. Compile. Deploy.
Start Free Trial   Upgrade Today

   Free Delphi Community Edition   Free C++Builder Community Edition

About author

Pre-sales consultant engineer at Embarcadero inc.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IN THE ARTICLES