Search the Community
Showing results for tags 'rest'.
-
I have never used cURL before and have hit a roadblock in my learning. I am trying to make a HTTP GET request to my Wowza server which uses the Rest API to return JSON results. I have authentication set to none on the server at the moment until I can get the script working. I have tested the code below with an external website and it works but, when I try to use it with the URL from the server with the Rest API it just times out. I can make the request in a browser fine, just not from the code. What am I missing or not doing correctly? $ch = curl_init("http://IP_TO_SERVER:8087/v2/servers/_defaultServer_/vhosts/_defaultVHost_/applications/live/instances/_definst_/incomingstreams/ncopeland"); // such as http://example.com/example.xml curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, 0); $data = curl_exec($ch); curl_close($ch); print $data; The response should be this. { "serverName": "_defaultServer_", "sourceIp": "ncopeland", "isPTZEnabled": false, "applicationInstance": "_definst_", "name": "ncopeland", "isRecordingSet": false, "isStreamManagerStream": true, "isPublishedToVOD": false, "isConnected": true, "ptzPollingInterval": 2000 } -Thanks!
-
Hi all, I currently have a web app (php my first once actually) that accesses a MySql database. How I was handling the login was like this: This user enters the username and pw which gets sent to a stored procedure. If they successfully are validated I output a record (contains userid, first name and if they are logged in or not) and I set two session variables, 1 that stores a boolean if they are logged in (1 if they are, 0 if they are not) and the other stores the user id of that user (so I can use later to make sure they only get their data). I then check these session variables to 1.Make sure they are logged in and 2. Make sure they are only requesting their data (userid) I'm now going to be working on an Android app and make all the data access stuff a rest api that both the app and the website can consume. I modified the login stored procedure so it now will return a token as well. The token is generated on the DB(a hashed value of a couple of fields concatenated). When they log in successfully the token generated is stored in a user token table.(one user, one token) The table also stores a token_expire timestamp. Every time they log in a new token is created(and token_expire is updated). If they try to do something after the token expired (based on the token_expire field) then it should redirect them to login so a new token can be created. When I do the Android app, dealing with this and storing this token on the client is easy and there are many ways to store it (I was thinking storing it in a local sqlite table, shared_prefs (prob not the best way) etc..) and I would just parse through the json result. So keeping track of the token is easy with the app but my problem comes in with the PHP web site. So I'm faced with two issues: Issue 1. Right now I have a php form (with login and password fields) and it posts to a login process page which calls the stored procedure and if all is good redirects them to a dashboard page. Now if I use rest the post action would be something like: api/users/login instead of loginprocess.php correct? But then the api just spits out json and I'm not sure how to hand the result from the api to the php code. As when I change the post action I just get a white page with the json result string. So I need help knowing what to do once the api returns the result. Does this have to be called differently than a normal form submit? Do I just have the form submit call a js funcation that makes the call to the page and parses the result? Similar to something like this but instead of passing the cookie passing the login information? $opts = array('http' => array('header'=> 'Cookie: ' . $_SERVER['HTTP_COOKIE']."\r\n")); $context = stream_context_create($opts); session_write_close(); // unlock the file $contents = file_get_contents(url, false, $context); Issue 2. Once this token is generated in MySQL and sent back to the api, I need to pass it back to the PHP(related to #1) but How do I store it so that other pages of the site can send it when it requests the data? I know it has to be sent in the header in future requests and that's not my issue. My issue is where do I store the token on the web client so that other pages can use it? Should I store it in a client cookie? (but then doesn't this go against rest?) Store it in local storage? I'm pretty new to PHP and REST (was a classic ASP guy and just getting back into this stuff. This project is the first personal project for myself to learn this stuff and get the rust out) so I'm just trying to figure out the best way. I do not want to use sessions as that violates REST. I also do not want to use oauth or any 3rd party solution. I have been reading a lot about this but I'm still unclear as to how to go about these changes to the web version of the app and have it function properly. This is what my rest login api looks like so far (I know this will have to change but I'm stuck here with it): function loginUser() { global $app; $req = $app->request(); $paramUsername = $req->params('username'); $paramPassword = $req->params('password'); $sql = "CALL checkPassword(:username,:password)"; try { $dbCon = getConnection(); $stmt = $dbCon->prepare($sql); $stmt->bindParam("username", $paramUsername); $stmt->bindParam("password", $paramPassword); $stmt->execute(); $result = $stmt->fetchAll(); $loggedin=$result[0]["loggedin"]; $uid= $result[0]["uid"]; $fname=$result[0]["firstname"]; $token=$result[0]["token"]; $response["uid"]=$uid; $response["loggedin"]=$loggedin; $response["firstname"]=$fname; $response["token"]=$token; echo json_encode($response); $dbCon = null; } catch(PDOException $e) { echo '{"error":{"text":'. $e->getMessage() .'}}'; } } Which returns: {"uid":"100","loggedin":"1","firstname":"John","token":"f0165d67221563bef150018276f4f77b7bd1e1763223e"} Here is what the form looks like calling the api currently: <form id="login" method="post" action="webservices/api/users/login"> <input class="my-class" style="width:20em" type="email" name="username" required> <input class="my-class" style="width:20em" type="password" name="password" required> <button type="submit" id="SubmitButton" name="submit" "></button> </form> Can anyone recommend the best way to deal with these two issues? Any help would be appreciated. Oh I should mention I'm using slim to help with the rest api's. TIA
-
I am trying to send a file through Rest Webservices using php and i was able to send the file through email but i'm having problems with the webservices, it only receives an empty file. <?php ini_set('display_errors', 1); error_reporting(E_ALL); if($_POST) { //check if its an ajax request, exit if not if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) AND strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) != 'xmlhttprequest') { $output = json_encode(array( //create JSON data 'type'=>'error', 'text' => 'Sorry Request must be Ajax POST' )); die($output); //exit script outputting json data } //Sanitize input data using PHP filter_var(). $user_name = filter_var($_POST["user_name"], FILTER_SANITIZE_STRING); $user_company = filter_var($_POST["user_company"], FILTER_SANITIZE_STRING); $user_email = filter_var($_POST["user_email"], FILTER_SANITIZE_EMAIL); $country_code = filter_var($_POST["country_code"], FILTER_SANITIZE_NUMBER_INT); $phone_number = filter_var($_POST["phone_number"], FILTER_SANITIZE_NUMBER_INT); $message = filter_var($_POST["msg"], FILTER_SANITIZE_STRING); $to_email = $user_email; //Recipient email, Replace with own email here $from_email = 'jveleztorres@wovenware.com'; //From email address (eg: no-reply@YOUR-DOMAIN.com) //additional php validation if(strlen($user_name)<4){ // If length is less than 4 it will output JSON error. $output = json_encode(array('type'=>'error', 'text' => 'Name is too short or empty!'.realpath(sys_get_temp_dir()."\\".basename($_FILES['file_attach']['tmp_name'])))); die($output); } if(strlen($user_company)<2){ // If length is less than 4 it will output JSON error. $output = json_encode(array('type'=>'error', 'text' => 'Company Name is too short or empty!')); die($output); } if(!filter_var($user_email, FILTER_VALIDATE_EMAIL)){ //email validation $output = json_encode(array('type'=>'error', 'text' => 'Please enter a valid email!')); die($output); } if(!filter_var($country_code, FILTER_VALIDATE_INT)){ //check for valid numbers in country code field $output = json_encode(array('type'=>'error', 'text' => 'Enter only digits in country code')); die($output); } if(!filter_var($phone_number, FILTER_SANITIZE_NUMBER_FLOAT)){ //check for valid numbers in phone number field $output = json_encode(array('type'=>'error', 'text' => 'Enter only digits in phone number')); die($output); } if(strlen($phone_number) != 7){ // Phone number can contain 4 characters $output = json_encode(array('type'=>'error', 'text' => 'Must only contain 7 numbers without including country code')); die($output); } if(strlen($message)<3){ //check emtpy message $output = json_encode(array('type'=>'error', 'text' => 'Too short message! Please enter something.')); die($output); } if(isset($_FILES['file_attach'])) //check uploaded file { //get file details we need $file_tmp_name = $_FILES['file_attach']['tmp_name']; $file_name = $_FILES['file_attach']['name']; $file_size = $_FILES['file_attach']['size']; $file_type = $_FILES['file_attach']['type']; $file_error = $_FILES['file_attach']['error']; //exit script and output error if we encounter any if($file_error>0) { $mymsg = array( 1=>"The uploaded file exceeds the upload_max_filesize directive in php.ini", 2=>"The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form", 3=>"The uploaded file was only partially uploaded", 4=>"No file was uploaded", 6=>"Missing a temporary folder" ); $output = json_encode(array('type'=>'error', 'text' => $mymsg[$file_error])); die($output); } } //read from the uploaded file & base64_encode content for the mail $convertIt = $_FILES['file_attach']['type']; $whatIWant1 = substr($convertIt, strpos($convertIt, "/") + 1); if($whatIWant1 === "octet-stream"){ $whatIWant = "zip"; } else{ $whatIWant = $whatIWant1; } //email body with attachment $message_body = "Message: ".$message."<br/>"."Contractor".$user_name."<br/>"."Company:".$user_company."<br/>"."Email : ".$user_email."<br/>"."Phone Number : (".$country_code.") ". $phone_number."<br/>"."Access Bonita to initiate Invoice Approval process" ; $handle = $_FILES["file_attach"]["name"]; $uploadfile1 = "C:/Users/hrivera/Documents/".basename($_FILES['file_attach']['name']); $handle =fopen($uploadfile1,"r"); $uploadfile = tempnam(sys_get_temp_dir(), sha1($_FILES['file_attach']['name'])); if (move_uploaded_file($_FILES['file_attach']['tmp_name'], $uploadfile)) { require 'PHPMailerAutoload.php'; $mail = new PHPMailer; $mail->SMTPDebug = 3; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'smtp.gmail.com'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = ''; // SMTP username $mail->Password = ''; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to $mail->From = ''; $mail->addAddress(''); $mail->addAttachment($uploadfile, $user_company.' Invoice.'.$whatIWant); // Add attachments $mail->isHTML(true); // Set email format to HTML $mail->Subject = $user_company.' Invoice Approval Requested'; $mail->Body = $message_body; $mail->AltBody = ', Thank you and have a nice day'; if(!$mail->send()) { echo 'Message could not be sent.'; echo 'Mailer Error: ' . $mail->ErrorInfo; } else { echo 'Message has been sent'; } } //Login to bonitasoft by using REST API function httpRequest($host, $port, $method, $path, $params) { $paramStr = ""; if ($method == "GET" || $method == "POST" ) { foreach ($params as $name => $val) { $paramStr .= $name . "="; $paramStr .= $val; $paramStr .= "&"; } } // Assign defaults to $method and $port, if needed if (empty($method)) { $method = "GET"; } $method = strtoupper($method); if (empty($port)) { $port = 8081; // Default HTTP port } // Create the connection $sock = fsockopen($host, $port); if (!$sock) { echo "Error! Couldn't open the file."; } else { if ($method == "GET") { $path .= "?" . $data; } //Necessary header fputs($sock, "$method $path HTTP/1.1\r\n"); fputs($sock, "Host: $host\r\n"); fputs($sock, "Content-type: application/x-www-form-urlencoded\r\n"); if ($method == "PUT") { fputs($sock, "Content-length: " . strlen($params) . "\r\n"); }elseif ($method == "POST") { fputs($sock, "Content-length: " . strlen($paramStr) . "\r\n"); } fputs($sock, "Connection: close\r\n\r\n"); if ($method == "PUT") { fputs($sock, $params); } elseif ($method == "POST") { fputs($sock, $paramStr); } // Buffer the result $result = ""; do { $temp = fgets($sock,1024); $result .= $temp; }while($temp !=""); fclose($sock); return $result; } } //Call to Function that logs into bonitasoft $resp = httpRequest("localhost", 8081, "POST", "/bonita/loginservice", array("username" => "walter.bates", "password" => "bpm")); $string = $resp; echo $resp; //Gets JSESSIONID preg_match("/Set-Cookie: (.*?) Path/",$string, $display); //Process to Start Case with variables $data = array("processDefinitionId"=>"5623733440372144264", "variables" => array(array("name" => "contractorComment", "value" => "$message"),array("name" => "contractorName", "value" => "$user_name"),array("name" => "contractorCompanyName", "value" => "$user_company"),array("name" => "contractorEmail", "value" => "$user_email"),array("name" => "contractorPhone", "value" => "("."$country_code".") "."$phone_number"))); $options = array( "http" => array( "method" => "POST", "header"=> "POST /bonita/API/bpm/case/ HTTP/1.1\r\n". "Host: localhost\r\n". "Cookie: ". $display[1]."\r\n". "Content-Type: application/json\r\n" . "Accept: application/json\r\n". "Cache-Control: no-cache\r\n". "Pragma: no-cache\r\n". "Connection: close\r\n\r\n", "content" => json_encode($data) ) ); $url = "http://localhost:8081/bonita/API/bpm/case/"; $context = stream_context_create( $options ); $result = file_get_contents( $url, false, $context ); $response = json_decode($result); echo print_r($response); preg_match('/"rootCaseId":"(.*?)",/',$result, $case_id); //Process to Attach Document to case //problem lies here $data1 = array("caseId"=> "$case_id[1]","file"=>realpath(sys_get_temp_dir()."\\".basename(sha1($_FILES['file_attach']['name']))),"name"=> "doc_Invoice", "fileName"=>"Invoice.pdf","description" => "Invoice"); echo json_encode($data1); switch (json_last_error()) { case JSON_ERROR_NONE: echo ' - No errors'; break; case JSON_ERROR_DEPTH: echo ' - Maximum stack depth exceeded'; break; case JSON_ERROR_STATE_MISMATCH: echo ' - Underflow or the modes mismatch'; break; case JSON_ERROR_CTRL_CHAR: echo ' - Unexpected control character found'; break; case JSON_ERROR_SYNTAX: echo ' - Syntax error, malformed JSON'; break; case JSON_ERROR_UTF8: echo ' - Malformed UTF-8 characters, possibly incorrectly encoded'; break; default: echo ' - Unknown error'; break; } $options1 = array( "http" => array( "method" => "POST", "header"=> "POST /bonita/API/bpm/case/ HTTP/1.1\r\n". "Host: localhost\r\n". "Cookie: ". $display[1]."\r\n". "Content-Type: application/json\r\n" . "Accept: application/json\r\n". "Cache-Control: no-cache\r\n". "Pragma: no-cache\r\n". "Connection: close\r\n\r\n", "content" => json_encode($data1) ) ); $url1 = "http://localhost:8081/bonita/API/bpm/caseDocument"; $context1 = stream_context_create($options1); $result1 = file_get_contents($url1, false, $context1); $response1 = json_decode($result1) ; echo print_r($response1); } ?>
-
- php
- file upload
-
(and 3 more)
Tagged with:
-
Dear pals, I need to implement the REST service which explain in Simple-rest. I create a file with name xyz.php with code <?php if(isset($_POST['type']) && (isset($_POST['id']))) { $type = $_POST['type']?$_POST['type']:"undefined"; $id = $_POST['id']?$_POST['id']:"undefined"; //echo "val is :".$type." id is ".$id; } else { $type = "table"; $id = 2; } ?> <?php require_once("wp-load.php");?> <?php //get_header(); wp_head(); ?> <?php if($type=="chart" && $id!="undefined") { $kk_chart = get_html_4_chart(intval($id)); echo $kk_chart; } if($type=="table" && $id!="undefined") { $kk_table = get_html_4_table(intval($id)); echo $kk_table; } wp_footer(); ?> in root folder work fine . But i need to make it in a controller method. So I create a folder named "services" in root of WP and create a controller with name "chart" and write code as include_once("../wp-load.php"); wp_head(); wp_footer(); class Controllers_Chart extends RestController { public function get() { //$this->response = array('TestResponse' => 'I am GET response. Variables sent are - ' . http_build_query($this->request['params'])); //$this->responseStatus = 200; $kk_chart = get_html_4_chart(2); return $kk_chart; } } I just include the relevant get() method only . But I got some unexpected error like Warning: include(Translation/Entry.php): failed to open stream: No such file or directory in C:\wamp\www\wp-oscar\services\index.php on line 22 Warning: include(): Failed opening 'Translation/Entry.php' for inclusion (include_path='C:\wamp\www\wp-oscar\services;.;C:\php\pear') in C:\wamp\www\wp-oscar\services\index.php on line 22 alot of warning like this and a Fatal error as Fatal error: Call to a member function set_filenames() on a non-object in C:\wamp\www\wp-oscar\wp-content\plugins\wp-business-intelligence-lite\functions\functions.php on line 174 please advise me a method to call WordPress Business Intelligence intelligence as a REST service . Waiting your reply Thanks, Anes
-
Dear pals, I am newbie in RESTful services . I need to call a GET Verb in Server . I know 2 methods 1. Ajax Call we can write it as $.ajax({ url: url, dataType: "html", type: 'GET', data: "id="+id+"&type="+type, success: function(data){ //$("#content").html(data); alert(data); $('table #sample-boxed-2-pagination th a').each(function(){ //this.href = this.href.replace(sub_url, main_url); var value = this.href.split('?'); //alert(value[0]); if(value[0]!=sub_url) { this.href = this.href.replace(value[0], sub_url); } }); } }); }); But I know it's not working in Cross domain scenario . Please advise a method to work same in all domains . 2. Using file_get_contents() function like $response = file_get_contents('https://kkl.com/graph/call?parm1=9'); I know I can call POST verb using cURL as $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://localhost/simple_rest_master/test"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); $data = array( 'username' => 'foo', 'password' => 'bar' ); curl_setopt($ch, CURLOPT_POSTFIELDS, $data); $contents = curl_exec($ch); curl_close($ch); echo $contents; // manipulate response Do you can advise the syntax of GET call using cURL ? Waiting your fast reply Thanks, Anes
-
Dear pals, I really love your REST based library , from URL :https://github.com/deepeshmalviya/simple-rest simple and understandable . But I need an authentication mechanism in it. I plan to use api for User based access . I need to take data we must use GET method . Passing username/password as GET (or even as POST) is not safe . Do you can suggest a good solution for this library . I am waiting for your fast reply. Thanks, Anes
-
I have a drop down form that the user selects to change the number of items shown per page <form id="pagesize" action="<?php $_SERVER['HTTP_HOST'] . $_SERVER['SCRIPT_NAME']; ?>" method="get"> <select class="paginate" name="caption" onchange="this.form.submit()"$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']; ?> <option caption=4 value=4>4</option> <option caption=5 value=5>5</option> <option caption=10 value=10>10</option> <option caption=25 value=25>25</option> </select> </form> the problem is that whenever someone perform a get request on the page the POST data disappears. Does anyone know any way in which we can solve this. We can post to the page fine, the print_r of post shows this when we head to the page: Array '/Search_form/search_results.php?photograpgher_id=1&photographer=x&image=x&Submit=Search&page=1' its only when we do a get request on the page we have a problem as the post data does not follow through with the get request we only get the this array '/Search_form/search_results.php?caption=5' but it should be '/Search_form/search_results.php?photograpgher_id=1&photographer=x&image=x&Submit=Search&page=1?caption=5' as I have type this in manually and works fine any help would be appreciated
-
Hi, I need some help in sending files as a response to a POST request. I have written a PHP RESt API which is already receiving files with POST requests, however i want to send back a zip file(or multiple files) in response to this request. Any help in this regard? Thanks.
- 5 replies
-
- post request
- rest
-
(and 1 more)
Tagged with:
-
Hello everyone, Hope we all had a great NYE and Christmas . Anyway - I'm seriously stuck - yet motivated to get an API on my site. I am hoping a few of you can point me in the right direction based on my issues listed below. I've tried to provide as much information as possible so you can see what I have tried and where I am comming from . As a side note - any section I have doubts about what I am saying I have also put a ? next to the heading or text. And please do correct me if I an wrong anywhere. Background I am attempting to make a PHP based RESTful API hosted on https://api.mydomain.com/1.0/ which would interact with a mySQL database and/or file storage. The API once out of BETA would power the service itself - much like Twitter and be accessible externally through oAuth 2.0 connections. Initially I wish to only support JSON and not XML. PHP MySQL JSON oAuth 2.0 References These are the existing APIs I have been using as references when deciding how to construct the calls for my API. http://developer.linkedin.com/apis https://dev.twitter.com/ https://developers.f.../reference/api/ oAUth Library I will be using one of these two oAuth libraries: https://github.com/fkooman/php-oauth https://github.com/b...uth2-server-php RESTful Operations as CRUD From my understanding I have four HTTP methods at my disposal whic translate something like this (HTTP = CRUD = SQL): POST = CREATE = INSERT GET = READ = SELECT PUT = UPDATE (Modify) = UPDATE DELETE = DELETE = DELETE Example URL(s)/URI(s) So these are a few example calls I want to be able to make to test and trial this: https://api.mydomain.com/1.0/me (NB: me = current logged in user/user authenticated through oAuth) POST = ? GET = Get informaiton on current user, such as full name, age, etc PUT = Update information on current user, such as full name, age, etc DELETE = Delete current user https://api.mydomain.com/1.0/johndoe POST = Create a new user 'johndoe' ? GET = This would return data on a specific user - in this case 'johndoe'. PUT = ? DELETE = ? https://api.mydomain...es/254855781571 (NB: Every file uploaded is given a unique number and this number is stored in a mySQL database which stores information against the file such permissions and a log of access.) POST = Upload file GET = Get file and display or download PUT = Change permisisons DELETE = Delete file Sample of https://api.mydomain.com/1.0/me So this is a sample of output from /me Much like Facebook does now I wish to use 'fields' to refine and join queries. Sample of https://api.mydomain...e?fields=groups So this is a sample of output from /me I understand that 'fields' could be acieved through https://api.mydomain.com/1.0/me/groups but this would not allow me todo https://api.mydomain...s=groups,gender I hope and intend to support both https://api.mydomain.com/1.0/me/groups and https://api.mydomain...s=groups,gender style calls. Detecting (Capture) RESTful Operations Server-Side ? The next few sections are broken down a fair bit in seperate headings. Obviously on the server-side (https://api.mydomain.com/1.0/) I need a file at index.php which handles/captures the calls made to the URL. Now my understanding is that the oAuth library will generate and managed the 'access token'. Further my site (internally) should be able to use any API call without an 'access token' or will it need one itself? So, anyway, start from the beginning . What does the code look like the captures the calls made? And how does it handle the 'access token' in terms of knowing it needs one or not. So as far as I can gather part of the code would need to determine the functuion (me, johndoe, etc) then the action (CRUD) and the informaiton that goes with it if needed by certain CRUD functions. How would that code then process the function etc? What code do I write to return user info etc as per the examples in the sections above? Making the Call - Client/Developer Side ? Finally what code does a developer use to call the API and get the data in a $variable as json. Again always assuming PHP. End As you can see I have tried to put a fair bit of thought and work into the post in a bid to show what i do understand and get some structured answers to help me out. But if anything makes nosense or needs clarification please ask and I'll do my best to clarify what I have written. More specific questions on how to do the 'fields' may follow later if I cannot figure it out. Thanks guys and gals. I'm off to implement one of those oAuth libraries now AussieRhods
-
I have a company that needs php tweaking. (My previous programmer couldn't be found anymore) The client e-mailed me this "Basically what we need is for you to provide us with an http rest API where we will provide the tracking code and in return you will return to us a JSON object with the status of the delivery As an example: TRACKING CODE: ABCDEFGHIJ URL: http://mydomain.com/track.php?code=ABCDEFGHIJ METHOD: GET RESPONSE: {"status":2} where 2 is the code for the status shipment which is defined by 1 - GOOD 2 - BETTER 3 - BEST" How and where do I place this? What's "HTTP REST API" and "return to us a JSON object" It's all gibberish to me! Some web guru answer me pls? Thanks in advance!
-
I'm working on my first PHP REST service and have read many good tutorials online, but there are a few issues I'm having trouble with being a REST newb. Any thoughts on any of these appreciated! 1) Sending a user id securely for a GET request: The REST service is going to be invoked via jQuery AJAX and use JSON as input and output. One function we have is to retrieve some user preferences for a given user id. For testing, I've just been sending an integer user_id as part of the JSON input object. But is this not secure? Should the raw user id be sent as part of the URI request, e.g. http://testing.com/myservice/4234 ? Should encryption be used on the user id before invoking the service? 2) URL mapping: As of now I'm using the filename has part of the URL when calling the REST service from AJAX, e.g. http://testing.com/m...user_prefs.php. However, in most examples online, I see there is no filename, e.g. http://testing.com/myservice. Is the purpose for this security? The server I'm working on is lighttpd, not Apache, so it does not support .htaccess to re-route a URL. It uses the Zend framework (which I am brand new to) so I don't know if that makes it any harder or easier. Thanks for any thoughts...
-
Hi, I'm having trouble accessing the Toggl Reporting API. I wondered whether anyone has experience accessing this or similar REST based services? I get the error message 'api token not valid', although I have tried several api tokens that are definitely valid, and also tried encoding the token with base 64 (as suggested to access via http basic auth). I wanted to check whether there are any obvious errors in the code? I'm using cURL as suggested in the documentation but don't have much experience with this. header('Content-type: application/json'); $token = "[myapitoken]";//my api token function get_data($url) { $ch = curl_init(); $timeout = 5; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPGET, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_USERPWD, $token.':api_token'); $data = curl_exec($ch); curl_close($ch); return $data; } $returned_content = get_data("https://toggl.com/reports/api/v2/weekly?&workspace_id=282507&since=2013-05-19&until=2013-08-20&user_agent=[user agent]");//user agent here var_dump($returned_content);