API style application.
Moderator: General Moderators
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
API style application.
I am trying to setup an application that goes AJAX request to get information from another server of mine... How can I set it up so that it sends:
The request type
The License Key
and creates a string that can the server with the API can validate, like a token or something, but that doesn't have to be entered on each client
Thanks!
The request type
The License Key
and creates a string that can the server with the API can validate, like a token or something, but that doesn't have to be entered on each client
Thanks!
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: API style application.
Ajax does standard POST or GET, so you would to the same thing you would do normally, but use an Ajax call.
(#10850)
Re: API style application.
Imho javascript should not, and probably is not, able to perform requests to different hosts...
Write a script that proxies the requests between client and otherserver...
Write a script that proxies the requests between client and otherserver...
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: API style application.
i know how to POST or GET via AJAX... it's mostly authorization:
- Attachments
-
- DEV.GIF (12.3 KiB) Viewed 1320 times
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: API style application.
To generate a unique string you can use the session ID (remember to regenerate) or create an id using functions like uniqud(), md5(), etc. Poke around the manual and you will find examples.
(#10850)
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: API style application.
Yeah, after the initial login, but I was trying to figure out someway, that all license codes can follow, to prevent an unauthorized person from attempting to login
say I was using GET:
the original login would be:
login.php?licensenumber=ABC1234&username=testing&password=demo
anyone could try to login...
but if the program generated a code, that was equivalent to one the PHP Code would, it could be authenticated:
login.php?licensenumber=ABC1234&auth=A1j8jdj8fASjfasd8ejflsadfj&username=testing&password=demo
or now that I'm writing this, would this even be needed...
I was just thinking of a way to aid in the prevention of people trying to hack
say I was using GET:
the original login would be:
login.php?licensenumber=ABC1234&username=testing&password=demo
anyone could try to login...
but if the program generated a code, that was equivalent to one the PHP Code would, it could be authenticated:
login.php?licensenumber=ABC1234&auth=A1j8jdj8fASjfasd8ejflsadfj&username=testing&password=demo
or now that I'm writing this, would this even be needed...
I was just thinking of a way to aid in the prevention of people trying to hack
- Christopher
- Site Administrator
- Posts: 13596
- Joined: Wed Aug 25, 2004 7:54 pm
- Location: New York, NY, US
Re: API style application.
Generating a code and checking it on the next page is a way to prevent things like session fixation. It is certainly a reasonable thing to do on forms as well, for example.
(#10850)
Re: API style application.
don't forget to add a version to the query string that way you can build versioning into the api
- tecktalkcm0391
- DevNet Resident
- Posts: 1030
- Joined: Fri May 26, 2006 9:25 am
- Location: Florida
Re: API style application.
good idea, thanks!