I have a question regarding http requests. I have a web service with api endpoint at the sub-domain of one website but the api is actually used by two websites.
Basically we have website1.com and website2.com and the api server is located at api.website1.com so when website1 is using the api then the request is sent to it's own subdomain. But when the website2 is using the api it is sending request to api.website1.com which is fully external request.
Would it speed up the requests if I clone api server to the subdomain of website2 or there will be no difference in terms of connection speed?
All else being equal, it makes no difference.
If the sites were hosted on different computers and your change meant that an API would move to the same computer as the site that was making requests to it, then you would reduce the amount of network use which would speed things up.
Related
We use cloudflare access to make web applications on the local server available to external users.
In that case, http requests from the external api will pass through the cloudflare proxy once, but will they be blocked at that time?
I would like to use the switchbot api's webhook, but I am not receiving any notification. I would like to make this happen.
For single page application, so many websites are using (Or wish to use) api for their application and generally api domain is set some differenet from current one.
for ex: if domain name is "domain.com"
then api domain name is "api.domain.com".
so for fetching data we call the api from the "domain.com", then it connect to "api.domain.com", then "api.domain.com" creates a DB connection and returns responses.
I think is will be fast if we just do it on "domain.com"., because first we established a connection with "api" then api communicate to Database.
So i want to understand why are using api is better way in order to performance of a web application.
Thanks
Splitting them across two hostnames allows them to be split across two computers. This can help with scaling.
It allows different web servers to be used (e.g. you might have a server optimised for serving up static file to serving up a SPA while the API that provides its data is written using Node.js or Servlets).
It allows cookies to be limited to one of the two systems (e.g. so the cookie that identifies a user to the API isn't sent in every request to load an image from the static server).
It limits the points where the two codebases have to touch, making it easier to develop them independently. (e.g. by two different teams or with consideration for the API to be used by a client other than the SPA).
This helps in proper code managemment.
By creating an API, it can be used from a portal front-end, mobile devices and various services.
I also think it's easier to create services in the same domain for single page applications. However, if the project gets bigger, it is easier to handle things with an API.
We have a centralised CRM that manages tickets from customers, this service is secured with a ssl certificate. To help speed up ticket handling I wrote and tested code that would:
Create a ticket from a client
Edit the ticket on our CRM
Make posts from CRM to client's Joomla site with a AJAX post.
Everything works perfectly on our test server as all services were over http.
Working case:
CRM browser (http) -> CRM (handle ticket and click save) which in effect is CRM browser (http)AJAX -> client's Joomla (http) site. Works
BUT our production CRM is https which means that I cannot save, as this is:
CRM browser (https) -> CRM (handle ticket and click save) which in effect is CRM browser (https)AJAX -> client's Joomla (http) site. Does Not Work due to CORS
I have read many articles and I cannot find a definitive approach to working around this issue.
One idea I've had is to use PHP sockets. The process would be to AJAX https post to our CRM backend and then use socket communication to the http Joomla site.
Should I use PHP socket communication or is there a work around to use AJAX from a https site to a http site?
I tested this answer and it gave me exactly what I needed.
PHP CURL & HTTPS
However, I'd still like to know if sockets is a good approach.
I have a PHP app that needs to talk to a service which has a API that produces XML responses to HTTP requests. If this service was on a separate server I would normally use a HTTP client like Guzzle to create and consume, requests and responses.
But my service will be (for the time being) on the same server. In this scenario is making HTTP requests in this fashion still my best option? Will all my requests to the API leave the server which will add latency which could be avoided?
Yes - use Guzzle/HTTP. If you need to scale later you'll be able to take advantage of the network easily. Latency won't be an issue - the traffic won't leave the box.
I only want my client application to access my server side API (JSON, but it could be any protocol), but even using an authentication system, is there any way I could prevent third parties from reverse engineering the client and getting access to this API?
If you are connecting to an API via a clients machine, I think in theory there is nothing you can do to keep them from monitoring there own http connections. However, if the client interface is a website, then the website will act as a proxy for your API. This means that unless they get root access on your server, they can't see your API. but if someone gets root access on your server you will probably have much bigger problems than someone finding your API.
on a side note, relatively few people now how to track their own http connections, much less have the desire and know-how to take advantage of it.