Jump to content


Photo

Best way to build a client api on top of an API


  • Please log in to reply
3 replies to this topic

#1 r0r0

r0r0

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 02 June 2014 - 09:54 AM

I have two questions, I was wondering what would be the best method to go about building client side API functions on top of a already built API eg. http://docs.whmcs.com/API:Functions

We would like to provide our clients access to API functions related to their accounts without giving them access to the whole Admin API where they can see a lot of our other client information.

 

The other question we have an API built using Basic HTTP Auth for API authenication (HTTPS). eg curl username:password http://api.etc.com) If so what would be the best way to secure this method?

 

 

 

Thank you

 



#2 gizmola

gizmola

    Advanced Member

  • Administrators
  • 4,067 posts
  • LocationLos Angeles, CA USA

Posted 02 June 2014 - 12:13 PM

I'm not sure I understand your questions.

 

If you have an API already, that you already secure using HTTP Auth, then what other security do you need?  

 

For segmenting API calls, typically you would add a "Role" relation to the user table.   If you already have a lot of users and don't expect any role granularity you can simplify this somewhat by only adding rows & relations for "Admin" users possibly.

 

A simple

 

if ($user->isAdmin()) {
  // Existing admin code
}

 

Could be added.

 

A second possibility would be to completely isolate the members api on a separate api subdomain ie. client.yoursite.com.    Although more of a hack, you could add an attribute to the existing user table like "isApiUser".  Then its a small change to your api access code to check for this attribute == 1, and disallow if they don't have it.

 

Your client.yoursite.com api would allow any user to login, regardless of the "isApiUser" attribute.



#3 r0r0

r0r0

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 02 June 2014 - 01:29 PM

Thank you, I'm starting to get a good idea of where to start.

 

To clarify, the API above is from a billing software we use (ioncubed) so it was diffcult to edit the API provided.

 

We wanted to provide our clients an API, while the API above is an Full Admin access API

 

1. For Example if you look at this particular method,

http://docs.whmcs.com/API:Get_Invoices

This command can be used to obtain all the invoices.

 

2. The API call shows you all of our client invoices (over 1000 clients). I wanted a way for a client "A" to be able to get all of their invoices without showing them invoices from Client "B", "C",etc

 

3. I wanted Client "A" to be able to use a similar call which in turn would show all of the invoices for the client ID related to that particular client.

 

I hope I'm making some sense.



#4 gizmola

gizmola

    Advanced Member

  • Administrators
  • 4,067 posts
  • LocationLos Angeles, CA USA

Posted 02 June 2014 - 06:47 PM

Without looking in any detail at the whmcs api, you should be able to do what you want by wrapping their API calls in your own api, where you in essence proxy the requests for them.  You  would of course still need a user table and possibly some related tables to contain the information that you'd need to proxy along to the whmcs.

 

You have the options of using a number of different client libraries to make the actual calls.  Guzzle and Httpful are two relatively recent php libraries that have become popular for making REST calls.  Guzzle, for example, was used by Amazon as the underlying core of their AWS PHP API v.2 client library.

 

You could also use the good old curl extension, although I'd advocate using Guzzle instead, with the curl adapter.

 

Since you're proxying calls from your server on behalf of your clients, you will need to insure that the proper filtration or parameters are sent by your client calls.

 

Other than that, it sounds like you will be providing a REST client yourself,  so all the rules of creating a good REST API are important.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Cheap Linux VPS from $5
SSD Storage, 30 day Guarantee
1 TB of BW, 100% Network Uptime

AlphaBit.com