Page 1 of 1
API style application.
Posted: Tue Apr 01, 2008 12:02 am
by tecktalkcm0391
I am trying to setup an application that goes AJAX request to get information from another server of mine... How can I set it up so that it sends:
The request type
The License Key
and creates a string that can the server with the API can validate, like a token or something, but that doesn't have to be entered on each client
Thanks!
Re: API style application.
Posted: Tue Apr 01, 2008 12:45 am
by Christopher
Ajax does standard POST or GET, so you would to the same thing you would do normally, but use an Ajax call.
Re: API style application.
Posted: Tue Apr 01, 2008 5:52 am
by timvw
Imho javascript should not, and probably is not, able to perform requests to different hosts...
Write a script that proxies the requests between client and otherserver...
Re: API style application.
Posted: Tue Apr 01, 2008 4:15 pm
by tecktalkcm0391
i know how to POST or GET via AJAX... it's mostly authorization:
Re: API style application.
Posted: Tue Apr 01, 2008 4:27 pm
by Christopher
To generate a unique string you can use the session ID (remember to regenerate) or create an id using functions like uniqud(), md5(), etc. Poke around the manual and you will find examples.
Re: API style application.
Posted: Fri Apr 04, 2008 2:55 pm
by tecktalkcm0391
Yeah, after the initial login, but I was trying to figure out someway, that all license codes can follow, to prevent an unauthorized person from attempting to login
say I was using GET:
the original login would be:
login.php?licensenumber=ABC1234&username=testing&password=demo
anyone could try to login...
but if the program generated a code, that was equivalent to one the PHP Code would, it could be authenticated:
login.php?licensenumber=ABC1234&auth=A1j8jdj8fASjfasd8ejflsadfj&username=testing&password=demo
or now that I'm writing this, would this even be needed...
I was just thinking of a way to aid in the prevention of people trying to hack
Re: API style application.
Posted: Fri Apr 04, 2008 3:25 pm
by Christopher
Generating a code and checking it on the next page is a way to prevent things like session fixation. It is certainly a reasonable thing to do on forms as well, for example.
Re: API style application.
Posted: Wed Apr 09, 2008 5:17 pm
by PrObLeM
don't forget to add a version to the query string that way you can build versioning into the api
Re: API style application.
Posted: Thu Apr 10, 2008 7:39 pm
by tecktalkcm0391
good idea, thanks!