Jump to content

Recommended Posts

I am working on a REST application which is intended to be used with various CMS’s (Drupal, WordPress, etc).  Each CMS installation passes a unique GUID in the header to identify the organization so that the organization's individual data is utilized.  I’ve since realized I need some basic way to identify the individual user for at least two reasons:

  1. The API provides a help desk where individual users can ask questions and get responses (not real time).
  2. There is some need for user access/privileges (I suppose this could be CMS side if necessary).

Instead of inputting users both into the API as well as the CMS, the organization should be responsible for entry only through the CMS.  They will add users as appropriate for the given CMS and then another page on the CMS will list all the CMS users and provide a way to set whether they are authorized to access the API as well as their access level.

The remaining of this post is kind of what I am thinking, but I am open to change.

  1. When the CMS gives a user access to the API for the first time, a cURL request is made to the API and a unique key is returned and the CMS will save it as being associated with the given user.  Note sure if this should be an incrementing number on a per organization basis or another GUID, and if a GUID whether it should be passed along with the organization’s GUID or replace it.  Also, not positive, but thinking that user data (name, email, etc) should not be given to the API as it might be difficult to keep them synchronized.
  2. If a user’s access level is changed on the CMS or their access is removed, the user’s GUID is passed to the API and the work is done on the API.  If the user is removed, they are not deleted from the API’s database but just tagged as deleted.
  3. Before performing step 1, the CMS should first perform a query requesting all users who are tagged as deleted and is responsible to determine whether a new user should be added or an existing user should be reinstated.  Alternatively, I can make the API responsible for doing so, but then it would need to have stored various data to identify whether the user was previously instated which might result in the synchronization issue I described in step 1.

Any comments, potential pitfalls, or recommendations would be appreciated.

Link to comment
https://forums.phpfreaks.com/topic/309182-extending-crm-user-functionality/
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.