CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Questions about the REST interface again
Pages: [1]

Author Topic: Questions about the REST interface again  (Read 2105 times)

acrosman

  • Guest
Questions about the REST interface again
January 11, 2009, 03:30:52 pm
Wes asked me a couple questions about the REST interface, which got me back to working on the interface some more.  I have a question about how a detail should be handled.

During a previous discussion we agreed that for version 2.2 we would setup the interface so that server would have a key set in the configuration file to enable the REST interface, and each would have a secret key to access the API as themselves.  Lobo added the needed user field to the database, and I updated the REST interface code to enable to the use of those keys.  However, I didn't add an ability to create that key, which causes an obvious problem.

There are two or three ways that I can see to resolve this, and I wanted input about what made sense.

The first would be to add it to the web interface somewhere, but I suspect at this late date the core team isn't going to be thrilled about that idea.

Second, we update the REST interfaces authenticate function (which is now largely unneeded except for certain backward compatibility features and one or two rare conditions), so that when a user without a key authenticates a key is generated for them.  This would only require changing 3 lines of code to uncomment two lines, and comment out one.  I think this is the way I'm inclined to go, but there may be good reasons not to do it.

Third, a new function could be added that would generate the key.  I'm not sure this really gains much, but I figured I'd put it out there.

Thoughts?
Aaron

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Questions about the REST interface again
January 11, 2009, 05:30:15 pm

For now, i would go with option 2

option 1 is not too hard to implement, so we can do that also (i.e introduce it in the Edit/new screen only). If you think this is useful and should be in there, please file an issue and we'll add it for the next 2.2 alpha (might not make it for the release this week). Another option might be to  generate an api key automatically (similar to the way we do the hash column) and dont give the user the option of doing so. This makes the key a bit more random and we display the key in the "view contact" screen

lobo




A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Questions about the REST interface again
January 12, 2009, 11:19:09 pm
Hi,

I think that's really important that we are able to limit what contacts have a key, cause once he got one, he can do pretty much everything on civicrm, even without a password (that should be addressed in a next version I suppose to have the same ACL on the rest interface than on the web interface).

Again, don't see any reason to have more than a user or two having a need to access the rest interface anyway (ie. only remote pgm/servers needs to do that). A wiki page explaining the UPDATE query to run is IMO good enough, or a simple php cli pgm (there is a nice wrapper now for that, contact me if you need an example).

Designwise, why hacking the authenticate method and change its meaning ? If you really want to go that road, create a new generatekey method instead of twisting the feature provided by a rather well understood and standard method.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion »
  • APIs and Hooks (Moderator: Donald Lobo) »
  • Questions about the REST interface again

This forum was archived on 2017-11-26.