I need a background process to be an API over a URL.
For example, the url http://www.msite.com/myapi.php will read incoming protocol and reply.
What is the best way to accomplish this scenario?
Should I just treat this as a regular web page?
What are the pros/cons for using a web page url as an API?
You should implement this as REST service. Check this URL out.
You need to create a proper controller (in case you use MVC approach) and implement proper methods corresponding to your API (HTTP request methods are very important topic here).
Just to illustrate, I allowed myself to paste code from URL I embedded here:
GET request to /api/users – List all users
GET request to /api/users/1 – List info for user with ID of 1
POST request to /api/users – Create a new user
PUT request to /api/users/1 – Update user with ID of 1
DELETE request to /api/users/1 – Delete user with ID of 1
Just to notice, you can also use different approach like XML-RPC or SOAP.
Related
one of my vendor he is asking a posting page where he can send some varaibles from his portal which is in asp.net.
My website is in php. what posting page i should be providing him and how to fetch whatever he is sending.
You may disable the CSRF validation (if you have any) to achieve this task.
However the standard way is to create webservice to achieve this goal.
The best and easiest API to implement is RESTful.
Here is reference to that:
How to create a simple REST API in PHP
Creating a simple REST API in PHP
It doesn't matter what language the vendor use or what you use...
He need to you to specify him what is your script URL that you allow him and expect POST request from him to do what he need.
If it's from his server side (for example in PHP we use curl),
so he need to use asp.net way to post request...
maybe this will help him how to do it
How to make HTTP POST web request
If he doing those request from client side (ajax),
so he can use jQuery http://api.jquery.com/jquery.ajax/
and in your side to allow in the php script the "access control allow origin"
see:
how to bypass Access-Control-Allow-Origin?
How can I "link" a person's youtube account to an account on my website? I am trying to get Analytics from videos, how much money they have made, etc. I know i am supposed to be using the YouTube Analytics API, but I see tons of different documentation and it gets SO confusing. Are there any PHP libraries I can use to get this data and to link the user's account to my web application? I am also confused on where I get an OAuth Key.
Here are some sites i have looked at:
1) Site One
2) Site Two
On site two, I looked at the examples, but nothing really helped me understand even how to start.
A lot of the relevant info you'll need can be found in this document:
https://developers.google.com/youtube/analytics/authentication
Basically, it outlines the following 4 steps:
1) Register your web app in the Google Cloud Console
This is needed so you can get a client secret and client ID, which your server-side PHP code will need in order to do the oAuth flow (and get the right scope to be able to query analytics data for the user that's authenticating). See here for more info on how to do this:
https://developers.google.com/youtube/analytics/registering_an_application
The most important things to do as your register your app are to turn on the YouTube Analytics API and create a new client ID for your web application.
2) When a user visits your page, you'll need some way (i.e. a login button, for example) to trigger the start of the oAuth flow. When this is triggered, you'll want to redirect the browser to this URL:
https://accounts.google.com/o/oauth2/auth?client_id=[YOUR CLIENT ID]&redirect_uri=[THE URL YOU WANT THE USER TO BE DIRECTED TO AFTER AUTHENTICATION]&scope=https://www.googleapis.com/auth/yt-analytics.readonly&response_type=code&access_type=offline
This will present them with a window asking them if they want to give permission to your app to read their analytics. Note that the client id parameter is the same that you received when you registered your app in step 1. That registration process also will require you to set the allowed redirect URIs, so here you must pass one you set in the registration.
3) The redirect URL will be requested, from step two, by Google's servers with a "code" parameter attched. So when it is requested, it should immediately do a POST to another URL (i.e. with cURL or something similar), that looks like this:
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=[CODE THAT CAME IN AS A GET PARAMETER] &client_id=[YOUR CLIENT ID]&client_secret=[YOUR CLIENT SECRET]&redirect_uri=[THE REGISTERED REDIRECT URI]&grant_type=authorization_code
If you do it as a POST with cURL, then the response will be a JSON packet that has an access token and a refresh token.
4) Your php page can store these both (in your DB, for example), note that the user should be treated as logged in at this point, and you can use the access token in the header of all API requests send to the analytics API.
https://developers.google.com/youtube/analytics/authentication#OAuth2_Calling_a_Google_API
IT'll expire in an hour, so with each request you should be checking its age (i.e. when you stored it in the DB, you could store the expiry time, for example), and when you're getting close you can use the refresh token to get a new access token.
https://developers.google.com/youtube/analytics/authentication#OAuth2_Refreshing_a_Token
You can now redirect them to wherever your app needs them to be to start interfacing with the API.
Seems like a lot? It can be, but once you get the paradigm down it's pretty simple. And you asked about a client for PHP, and thankfully there is one:
https://github.com/google/google-api-php-client
It's got simple handlers for the whole oAuth2 flow, and also has a YouTube analytics service object that sets the access token automatically for you as it's making its various calls.
I am wanting to build an API first RESTful application in PHP. I have never attempted to do this so I have some questions about how to handle PUT and DELETE
So for an example if I have a API endpoint that updates a User profile, should I make it accept BOTH a POST and PUT Request?
If I was building a Client for my API as a Desktop app or iOS app, etc it would be easy to send a PUT request to my API but I plan to have a Web based app for my API as well.
So on my web based app, I would have an HTML Form to Update a User profile, this would then be sent as a POST as HTML Forms do not allow PUT requests.
Could someone with more experience with this explain the best way to handle my example scenario?
Would the proper way be to send my Form as a POST to my PHP script, then my PHP script would make a proper PUT request to my PHP API with cURL?
You can absolutely also do PUT requests from browsers, but you need javascript.
Generally I would say a good way to think about it, is as follows:
First build a great REST api that follows all the rules. Only once you are at that point, think about the workarounds you need to make it work in other contexts. Submitting an HTML form is a valid thing to need a workaround for.
However, since 'POST' is completely open for interpretation, and has little rules associated, one option would be to create a single resource (or url) on your server that handles all the POST requests coming from browsers. (something like /browserpost).
You could always add a hidden <input> field with name="url" that specifies which resource was actually intended to be updated, and an <input> with name="method" value="PUT" for the intention.
You will need to add CSRF protection anyway, so I feel this would be a solid way to deal with this this. 1 endpoint to specifically 'proxy' html-based form submissions and internally do the appropriate mappings to the correct REST services.
I would use GET POST PUT DELETE as they are described in HTTP. That's restful (in my opinion). As regular browser forms does not support this I would send the data via AJAX.
If you really need to use browser forms, maybe because javascript is not enabled, then using POST requests with a param like ?method sounds like a suitable solution - although I don't like it.
i created an application with some models, after that, i used ACL and created some ACOs to protect my Application.
Now i wanted to add a RESTful API to my application, so i edited routes.php with something like that
Router::mapResources('routes');
Router::parseExtensions();
this also works fine, for example going to http://localhost/myapp/routes.json gives me a json object of my routes if i'm already logged in
shure, somebody cannot do a login with a web-form when he is using my API, so i want to know if it is possible to send the regular login informations with the request using REST Auth Basic (or Digest) and use the working ACL in my App to authenticate and show the result object (or if its wrong, send the right header)
any ideas?
if something is unclear, PLEASE leave a comment
i used the newest cake php version 1.3.3
If you look at other API based services, usually they use token to identify user. For example if there is username matt and he has token 123456, you can give him access to url http://localhost/myapp/123456/routes.json. Then, in your controller, you can authenticate the user by using token.
http digest authentication is possible when javascript is used to handle the authentication process, non-javascript clients default to having the standard popup.
Probably they won't mind though.
Info found at http://www.peej.co.uk/articles/http-auth-with-html-forms.html :
The main reason people walk away from
using HTTP authentication is that they
want control over the look of the
login form and most browsers display
an awful looking dialog box. So what
we need is a way for HTML forms to
pass HTTP auth data when it's
submitted. The HTML spec provides HTML
forms as a way to create queries and
to POST urlencoded data to a URL, but
can we subvert it?
It comes with a warning :)
Warning: The solution outlined in this
article is experimental and might be a
complete lie, be warned that your
mileage may/will vary.
I want to post entries in my blogspot blog using php. But i just cant do it. I read the googlr blogger documentation but i just cant understant.
Can someone please tell me in simple words how to create an entry in blogspot?
Using the Blogger API.
Quoted from the targeted URL:
The Blogger Data API allows client applications to view and update Blogger content in the form of Google Data API feeds. Your client application can use the Data API to create new blog posts, edit or delete existing posts, and query for posts that match particular criteria.
Step 1 - Generate your access token here - https://developers.google.com/oauthplayground/
Step 2 - Make a Post request using Step 3 at Oauth 2 playground at the to check the request headers and body and make sure that your sending the Post request in the same manner.
Step 3 - Now replicate the same Http Post request from your code ( having same headers and body parameters )
** there is no way to preauthorize someone for Blogger so you have no way to do Step 1 through your Code.
** Moreover the access token expires after sometime( may be an hour ). So you will have to refresh / regenerate it periodically and then use a new one in your code.