I'm setting up a website using CakePHP and a corresponding mobile application. At various times, I need the mobile application to post information to the website and have that information be stored in a database table. I've looked at RESTful APIs and how to use them in CakePHP but I'm not sure if that's what I want. Most of the information I've read seems to indicate that RESTful APIs are helpful for getting information from the server to the client, not vice versa.
Can somebody point me in the right direction for how to do this? Let me know if I was being ambiguous or you need more information. Thanks for the help.
Well, read again about RESTful webservices, try this section:
http://en.wikipedia.org/wiki/Representational_state_transfer#RESTful_web_APIs
You use the HTTP methods GET, PUT, POST, or DELETE to read, update, create or delete resources from your site. The RESTful page in the official CakePHP documentation explains that concept with examples pretty well.
Related
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I'm new to OAuth and I would really appreciate if someone could give me a hand with my problem. I need to create a simple web application for track expenses, with some basic actions (user must be able to create an account and log in, list expenses, edit them, etc) with a REST API for each one, and the trick is that I need to be able to pass credentials to both the webpage and the API. So, after some research I've found some examples using Digest Authentication and HMAC Authentication but lot of posts also mentioned OAuth as an alternative approach, so my question is, given this scenario, would be proper to use OAuth? I mean, as far as I understand OAuth is suitable when you want to share resources with other application, which I'm not doing for this project; besides that, when you try to access the shared resource it appears a page requesting permission for the foreign application, would that page appear at some point in my application? (maybe after the login?)
Thanks in advance guys
In your current scenario it does not make sense to use OAuth. It's not what OAuth is designed for.
If your application ecosystem is going to have multiple webapps running on a single SSO (like google) then it is very helpful to have OAuth.
Suggestion: Decide based on your business/operation plan and implement accordingly.
Note: If you plan to have 10 apps in the span of the next 5 years but only have one app now it does not make sense to spend time to implement complex protocols like OAuth right now. Scale as you grow.
I am making an ios app that requires a webservice. The webservice will be using an already-in-place and completely unchangeable (for my purposes) database that is handled by Django. I know how to set up the UI and develop apps in general, but how do I manage the backend side / client side for login? I noticed some people talking about TastyPie when I researched the topic but I am unsure about what exactly that entails. I've been using php for the rest of the service - would using TastyPie make me write it in some other language? Is TastyPie really necessary?
Furthermore, I saw someone say that one may just put a UIWebView and then take the cookie out of it when the login. Is that feasible? It sounds like the easiest option.
Thanks for any help!
Tastypie is just a Python Django framework to help developers write REST APIs easily.
Yes using Tastypie will make you write APIs in Python. Tastypie is not necessary to write REST APIs.
In your case since you can not change the database. I would suggest you to write REST API in Python Django and use django.auth login method after authenticating the credentials. login method will create the session key for you. You can send back that key in response and then pass that key to all the subsequent REST API calls. Do not use Tastypie for writing this API as Tastypie will require you to add some tables in the DB.
I will suggest AFNetworking as a library that is commonly used to communicate with REST services. There should be no need to change your existing server code. AFNetworking is on github.
There are also a ton of posts on StackOverflow about using AFNetworking. Pertaining to the specifics of logging in - look at this User Login With AFNetworking or search further.
Ok before you jump to some conclusion like I'm looking for a free lunch or something of the sort, read the description entirely.
I have experience only in making small simple apps in PHP, Java and ASP.NET. I had no idea what GET, SET etc exactly are and what REST services are. To try to use the Twitter API, I did some reading and got to know (I might be wrong here, because this is what I THINK that I know..) that you can make a GET request like this one:
http://api.twitter.com/1/statuses/user_timeline.json
Using, say, cURL (I haven't tried it yet), and you get a JSON object returned which contains the statuses on your timeline in a certain format. And I verified this from here
But I don't understand how does Twitter know that it is ME and return only MY data? Where am I sending my account details?
What I want is for the use to come to my website, click a button to give my application the permission to access his/her Tweets and I do some processing in PHP and display the output. But I don't know where do I start from?
I am not asking you to give me bread, I'm asking you to tell me what should I do to learn to fish?
All tutorial I have been following till now have been sort of spoon fed where they say things like 'Download this php file from our site, include it in your source file, use this method to do this and that method to do that.'
This one is a change for me, so does anyone have any pointers? Is there any reading that I should do or approach that I must follow to learn that I'm doing wrong?
EDIT : I know there are 3rd party libraries out there and it might be easier to learn to use those, but I want to have an idea of how the people who made those did it.
To use Twitter (at least its REST API), you had better to read tutorials about the following things :
REST architecture because it is how Twitter communicates with your application.
HTTP requests. Useful for Authentication of requests (HTTP headers), kinds of HTTP requests (GET and POST for the Twitter API) and return codes of requests.
OAuth which is the protocol used by Twitter for authenticating requests.
Format of datas returned by Twitter after the requests. Most of the time it is JSON but it can also be like in a URL query string (for OAuth authentications). You are lucky because before there were XML and Atom (for RSS feeds) too.
And of course the Twitter Documentation to know how they use all that stuff, how they know that is YOU with THIS application (request authentications) and to know the objects manipulated by the API (mainly tweets, users and timelines).
Good luck for it !
I've never used an API and was wondering how you use them... I would like to use facebook, twitter and vimeo's api,
Can someone explain the basics of using them, how do i access them and use them etc.
Please and thanks
Neil
How to use an API depends on the API. Usually the API creator has documentation on how to use their specific API.
Mostly, things work like the following:
You register to get a developer key. Then, you send requests to the service via HTTP (for example Twitter is using REST, which requires you to send XML or JSON to a specific http-URL providing your key). You get an answer from the service, which you must then parse and react to accordingly (for example filling a list with contacts, etc.).
Most of the time this all comes down to:
Create an XML or JSON document that describes the call parameters
Send the document to an URL using GET, POST or other request methods
Get the server's response
Parse and evaluate the response
The specific ways to use the API, especially performing authentication, can be found on the service's developer pages.
The best way to start if you want to use an API is to read it's documentation, find some tutorials and code examples. This is always/usually published by the one offering an API.
Good luck :)