I hope someone could help with this:
I am working on a php project and I need to implement the authentication of the application as a Service. I need to do something like Google where offers a Service to login in other applications using Google's Authentication Service (for example trello.com allows visitors to login with their google account).
I would like to clarify my mind, because I have no idea how to start it. I am using Symfony2 framework and I'm trying to work RESTFully, but basically what I need is just an idea of what I have to do or investigate to carry this out.
As the symfony Ecosystem is big, take a look at the FOSRestBundle for creating the API. Then there is the NelmioApiDocBundle for easy documentation of your REST-API. For authenticating you should consider OAuth, so take a look at the FOSOAuthServerBundle. With all three combined you can create a great API.
Also read this article, about REST APIs with Symfony2: The Right Way
Related
We have an application developed with react and NodeJs and already implemented an MYOB cloud ERP integration to import data. Now we are planning to add a new ERP integration for Acumatica, in the developer document it was mentioned that the rest API is available but I can't find the cloud instance URL, everywhere it was mentioned as localhost only. So can anyone please help me to understand how to connect the Acumatica cloud to fetch details?
Note: I understand the authorization flow like Authorization Code but I'm confused with which URL to use for and I hope it should be a fixed one as it is a cloud URL
The Integration end points is a rather large topic. I am in the process of writing a blog post on it which is more or less a getting started blog on automating stuff and getting info via ReST. The blog itself is in the context of using these services via PowerShell but if you are able to follow along and get to the point of establishing postman examples of what you need to do you should be able to get to the same end result in any language.
You will want to explore The Web Services Endpoint screen in the integration module as this is where all the Contract Based Soap/ReST definitions are managed. You can even set up custom endpoint if you need.
Do you have access to the Acumatica Portal? The best way to get started is with some of the course work there.
Stand by and ill forward some information for you to get started.
Robert
The URL for the RestAPI is whatever is the site URL of your Acumatica instance. For example if your Acumatica is hosted in www.ManiMaran.com. To login to your API :
http://ManiMaran.com/entity/auth/login.
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I'm attempting to implement SSO and wanted to use Netsuite as an IdP. Now I know officially this isn't possible but I was wondering if it's even remotely possible to have something like this done (custom coded or anything like that)?
Unfortunately I am not the most knowledgeable person in regards to these things, please forgive my ignorance.
Thanks!
It really comes down to what NetSuite exposes for PingFederate to hook into. From a PingFederate perspective, if NetSuite exposes the ability to validate an existing user session by a 3rd Party or provides an API that can essentially authenticate a user you could create a custom IDP Adapter for PF that would handle this.
This is something that your Ping Account team can assist with if you're interested in getting some assistance.
HTH
--Ian (Note: I work for Ping)
I am making an ios app that requires a webservice. The webservice will be using an already-in-place and completely unchangeable (for my purposes) database that is handled by Django. I know how to set up the UI and develop apps in general, but how do I manage the backend side / client side for login? I noticed some people talking about TastyPie when I researched the topic but I am unsure about what exactly that entails. I've been using php for the rest of the service - would using TastyPie make me write it in some other language? Is TastyPie really necessary?
Furthermore, I saw someone say that one may just put a UIWebView and then take the cookie out of it when the login. Is that feasible? It sounds like the easiest option.
Thanks for any help!
Tastypie is just a Python Django framework to help developers write REST APIs easily.
Yes using Tastypie will make you write APIs in Python. Tastypie is not necessary to write REST APIs.
In your case since you can not change the database. I would suggest you to write REST API in Python Django and use django.auth login method after authenticating the credentials. login method will create the session key for you. You can send back that key in response and then pass that key to all the subsequent REST API calls. Do not use Tastypie for writing this API as Tastypie will require you to add some tables in the DB.
I will suggest AFNetworking as a library that is commonly used to communicate with REST services. There should be no need to change your existing server code. AFNetworking is on github.
There are also a ton of posts on StackOverflow about using AFNetworking. Pertaining to the specifics of logging in - look at this User Login With AFNetworking or search further.
I've implemented a web application with form and OpenID authentication, but in addition I want make my webapp RESTful. On the other hand requests to REST should be accesible only to authenticated users.
What is the best way to make my REST service secure?
Look at this example . I guess that solves your problem. A little google search yielded me to that page.