API style application.

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

API style application.

Post by tecktalkcm0391 »

I am trying to setup an application that goes AJAX request to get information from another server of mine... How can I set it up so that it sends:

The request type
The License Key
and creates a string that can the server with the API can validate, like a token or something, but that doesn't have to be entered on each client

Thanks!
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: API style application.

Post by Christopher »

Ajax does standard POST or GET, so you would to the same thing you would do normally, but use an Ajax call.
(#10850)
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Re: API style application.

Post by timvw »

Imho javascript should not, and probably is not, able to perform requests to different hosts...

Write a script that proxies the requests between client and otherserver...
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: API style application.

Post by tecktalkcm0391 »

i know how to POST or GET via AJAX... it's mostly authorization:
Attachments
DEV.GIF
DEV.GIF (12.3 KiB) Viewed 1320 times
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: API style application.

Post by Christopher »

To generate a unique string you can use the session ID (remember to regenerate) or create an id using functions like uniqud(), md5(), etc. Poke around the manual and you will find examples.
(#10850)
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: API style application.

Post by tecktalkcm0391 »

Yeah, after the initial login, but I was trying to figure out someway, that all license codes can follow, to prevent an unauthorized person from attempting to login

say I was using GET:

the original login would be:
login.php?licensenumber=ABC1234&username=testing&password=demo
anyone could try to login...

but if the program generated a code, that was equivalent to one the PHP Code would, it could be authenticated:
login.php?licensenumber=ABC1234&auth=A1j8jdj8fASjfasd8ejflsadfj&username=testing&password=demo

or now that I'm writing this, would this even be needed...
I was just thinking of a way to aid in the prevention of people trying to hack
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: API style application.

Post by Christopher »

Generating a code and checking it on the next page is a way to prevent things like session fixation. It is certainly a reasonable thing to do on forms as well, for example.
(#10850)
User avatar
PrObLeM
Forum Contributor
Posts: 418
Joined: Sun Mar 07, 2004 2:30 pm
Location: Mesa, AZ
Contact:

Re: API style application.

Post by PrObLeM »

don't forget to add a version to the query string that way you can build versioning into the api
User avatar
tecktalkcm0391
DevNet Resident
Posts: 1030
Joined: Fri May 26, 2006 9:25 am
Location: Florida

Re: API style application.

Post by tecktalkcm0391 »

good idea, thanks!
Post Reply