Exposing REST API

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Exposing REST API

Post by alex.barylski »

I will soon need to expose some functionality for some web apps, REST is my first choice:

http://www.gen-x-design.com/archives/cr ... -with-php/

Having read the above I am curious about the security implications and usability of this approach. Wouldn't this prompt users with an annoying login dialog? Would you have to capture this header response and authenticate programmatically in the consumer???

Cheers,
Alex
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Re: Exposing REST API

Post by josh »

Typically a good REST framework will support auto-discover, so you just instantiate a 'rest server' and pass it a model, no ugly controller logic like your article. REST does not implement any authentication of it's own, the typical course of action is the client should pass a key with each request. Your needs will vary. Maybe you want to allow 500 free hits, then charge... maybe they are paying $50 a month to simply have the key, etc.

You ask if your users will be "prompted" each time, I don't get it "what users" and what do you mean prompt? REST is communication between client & server. There is no user at the other end, just another computer.
Post Reply