Cobra23 Posted November 25, 2015 Share Posted November 25, 2015 Hi Guys, I'm new to this API and JSON stuff so bare with me. Is there any source code available that allows me to start off building an admin panel on site A where users can't get the source code from the site once they log into site A admin panel. I heard that JSON can do this. Also is there a simple Secure API source code that allows site A to show content on site B (another domain)? I don't want to use iFrames as i want to be able to edit the content on site A for site B to automatically be changed when it's saved. Also another site (site C) to have their own content thats different to site B. What i'm really looking for is the full source codes with steps by steps on how to change this the way i want to change it. I've searched online for 2 weeks now and am still struggling to find anything and how to implement it. Even with REST. Can you please advice me on this with any helpful solutions. I hope this is clear enough. Thanks Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/ Share on other sites More sharing options...
requinix Posted November 25, 2015 Share Posted November 25, 2015 This isn't the kind of stuff where you can copy some code you find online and have it up and running in an afternoon. It involves actual learning. And time spent learning. Are you willing to do that? Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527154 Share on other sites More sharing options...
Cobra23 Posted November 25, 2015 Author Share Posted November 25, 2015 (edited) Thats why i'm here. I know it's going to be implementing bits by bits of different programming languages and was hoping to see if there is a quick solution for each of those parts that will help me on my way to what I want to do. As I have said, I'm new to API's and JSON. I was really hoping to be guided on how I can go about this with any quick solution to generate the codes if possible (which would be a bonus but unlikely). I also want to see what is the best options for each one especially the kind of API's to use as well as if JSON is the right secure solution for this project or if there are other choices that would be recommended. Just to note that my main skills are html, php, css, javascript, sql. Edited November 25, 2015 by Cobra23 Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527172 Share on other sites More sharing options...
Jacques1 Posted November 26, 2015 Share Posted November 26, 2015 There is no quick solution and no step-by-step guide. You'll actually have to write the code yourself. I'm also not sure why you're so obsessed with JSON. That's just a data format, it doesn't do anything. Whether you use JSON or XML or whatever is an implementation detail and completely irrelevant at this point. You can worry about it later. I'd approach this problem top down. That is, you first need to know what you want. Since your initial description is very vague, I'm not sure if that's the case. The next step is to come up with a sensible high-level architecture. Who provides data for whom? And finally you take care of the implementation. You seem to have it backwards. You're throwing around buzzwords like “REST” or “JSON”, but there's no clear goal beyond “site B shows content from site A” (which applies to roughly 99% of the WWW). And some parts of your description don't really make sense. You've said you don't want your admin users to see your code. What code? And why would they see it? Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527185 Share on other sites More sharing options...
QuickOldCar Posted November 26, 2015 Share Posted November 26, 2015 Am going to write a summarized version how can make an api with what you asked. Make a directory named api, in apache config create a new virtualhost for it Replace the word domain to yours and be sure to restart apache <VirtualHost *:80> ServerName api.domain.com DocumentRoot /var/www/api <Directory /var/www/api> Options +Indexes allow from all </Directory> </VirtualHost> If want ssl get a certificate and also add this, save your cert under ssl directory <VirtualHost api.domain.com:443> ServerName api.domain.com DocumentRoot /var/www/api <Directory /var/www/api> Options +Indexes allow from all </Directory> SSLEngine on SSLCertificateKeyFile /etc/apache2/ssl/api.domain.com.key SSLCertificateFile /etc/apache2/ssl/api.domain.com.cert SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown </VirtualHost> Create an index file in the api directory, this will be used as your api front door (api.domain.com) The api will use REST and GET parameters or w/e CRUD design you come up with You should have a cms, user accounts. Create a system that generates public and private keys and ability to create new ones, save keys to a database each users account. Create a form that users can allow or deny ip's or domains,subdomains, save those to a database under that user or even script/service specific each users account. The client would connect over a http request They would be using GET parameters in the url Designate what script to access, the public or private key can determine or limit what that clients actions can perform...such as CREATE,EDIT,DELETE for private keys, the format type of the output, any other parameters needed. Obtain the clients ip $remote_ip = $_SERVER['REMOTE_ADDR']; if (strstr($remote_ip, ', ')) { $ips = explode(', ', $remote_ip); $remote_ip = $ips[0]; } Can do a query using the supplied access key to associate to that user and their allowed ip's or domains. Is the key valid? if not deny them, if so you now know the user If want to check a domain, can use gethostbyaddr and discover their domain. Is the ip or domain not in their allowed list or in a disallow list? if so deny them Can place any additional checks you want into this, such as a credits system, suspended,banned and so on. You would hold all the data in an array, doing checks as you go along, if is an error then deny access, can show whatever messages desire in the output. Through the api you can use various header fields You can do multiple format outputs as a GET parameter, setting json as default if does not exist in url Here is an example how I do mine: //check format if (isset($_GET['format']) && trim($_GET['format']) != '') { $format = trim($_GET['format']); } else { $format = "json"; } $format_array = array( "json", "xml", "html", "iframe" ); if (!in_array($format, $format_array)) { $errors['format'] = "Improper format used"; $format = "json"; } I incorporate a few switches, one to determine which script to include depending the service required via url Another switch would be to determine the header type for output switch ($format) { case 'json': header('Content-Type: application/json; charset=utf-8'); echo json_encode(array( 'data' => $array ),true); break; case 'xml': header('Content-Type: text/xml; charset=utf-8'); //build your xml document and tree structure break; case 'html': //create html document and data break; case 'iframe': //show iframe content break; } If all checks passed the appropriate script would be included, should not allow any other domain to access it unless was allowed by that user. Tracking and usage can be added by a simple hit counter if all the checks passed and actually used. Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527187 Share on other sites More sharing options...
QuickOldCar Posted November 26, 2015 Share Posted November 26, 2015 I wrote this post over as my first one got lost due to browser opening a new tab, was not happy about that. I mentioned oauth which you may want to look into. Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527188 Share on other sites More sharing options...
Adam Posted December 12, 2015 Share Posted December 12, 2015 I wrote this post over as my first one got lost due to browser opening a new tab, was not happy about that. Ouch Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527852 Share on other sites More sharing options...
ignace Posted December 13, 2015 Share Posted December 13, 2015 There's no need to re-invent the wheel: APIgility provides an API out-of-the-box. RESTler transforms your classes into REST objects. DREST does the same thing but for Doctrine entities. If you use Symfony, you can add the SyliusResourceBundle which is similar to DREST as it provides CRUD for Doctrine entities. Quote Link to comment https://forums.phpfreaks.com/topic/299578-secure-api-and-json-to-show-content-on-another-domain/#findComment-1527874 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.