I will soon need to expose some functionality for some web apps, REST is my first choice:
http://www.gen-x-design.com/archives/cr ... -with-php/
Having read the above I am curious about the security implications and usability of this approach. Wouldn't this prompt users with an annoying login dialog? Would you have to capture this header response and authenticate programmatically in the consumer???
Cheers,
Alex
Exposing REST API
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Exposing REST API
Typically a good REST framework will support auto-discover, so you just instantiate a 'rest server' and pass it a model, no ugly controller logic like your article. REST does not implement any authentication of it's own, the typical course of action is the client should pass a key with each request. Your needs will vary. Maybe you want to allow 500 free hits, then charge... maybe they are paying $50 a month to simply have the key, etc.
You ask if your users will be "prompted" each time, I don't get it "what users" and what do you mean prompt? REST is communication between client & server. There is no user at the other end, just another computer.
You ask if your users will be "prompted" each time, I don't get it "what users" and what do you mean prompt? REST is communication between client & server. There is no user at the other end, just another computer.