SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Enthusiast
    Join Date
    Sep 2006
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Account based SOAP API??

    I am building an API in php for an application we've developed at work so that 3rd party vendors can use instead of the web based system. Now I have the basics in place, and all is great; however I want to have some authentication method. So each vendor can use the API but they have to authenticate against the SoapServer some how so I know a) what methods to allow them access to, and b) what data to retrieve.

    I am drawing blanks :-p

    Any help would be greatttllyyy appreciated.
    Thanks,
    Josh Team

  2. #2
    SitePoint Wizard HarryR's Avatar
    Join Date
    Dec 2004
    Location
    London, UK
    Posts
    1,376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    1) Use HTTP authentication
    2) Make every method require an "authentication token" and a login method which generates these.

  3. #3
    SitePoint Addict
    Join Date
    Oct 2006
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've been thinking about adding web service transactions to my web application also. I plan to have login / logout transactions. The login transaction will return a session ID that will be a required parameter for all secure transactions. This mimics what the application currently does for human users.

    mikem

  4. #4
    SitePoint Enthusiast
    Join Date
    Sep 2006
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wish there was some decent examples of this, or documentation :-p Not really sure how to enforce security tokens against the method calls..


    But I am a SOAP newbie

  5. #5
    SitePoint Wizard HarryR's Avatar
    Join Date
    Dec 2004
    Location
    London, UK
    Posts
    1,376
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mikemckinney View Post
    I've been thinking about adding web service transactions to my web application also. I plan to have login / logout transactions. The login transaction will return a session ID that will be a required parameter for all secure transactions. This mimics what the application currently does for human users.

    mikem
    I did something similar for a project I was working on at work. Basically it was transaction based login/logout which handled multi-stage database commits etc. which would be a very handy feature...

    Anyway, with some sort of session tracking you can atleast offer a debug service to see which methods people have been calling and error return codes etc.

  6. #6
    SitePoint Addict
    Join Date
    Oct 2006
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The way to enforce security tokens against transactions is with a session (just like you would with a human interface). For the human interface, my application stores the session ID in a cookie. This cookie (containing the session ID) is sent as part of each transaction sent from the user's browser.

    For my web service transaction, the session ID is a parameter in the transaction. This is like including the session ID as part of the human interface URL.

    The login transaction is not a secure transaction. It contains a user ID and password. If the user ID / password combination is valid, the response contains a session ID.

    For secure transactions, the content includes the session ID as a parameter. If the session ID is not valid, the server responds with an error.

    Of course, all of the transactions should flow over an encrypted (HTTPS) connection.

    mikem

  7. #7
    SitePoint Enthusiast
    Join Date
    Sep 2006
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Forgive my stupidity, but I am not sure how to Write To/Read From the Soap Transaction Parameters...

    I have googled, but with no avail.

  8. #8
    SitePoint Addict
    Join Date
    Oct 2006
    Posts
    210
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There are several SOAP libraries available for PHP. These include NuSOAP, PEAR::SOAP, and the Zend SOAP extension. These libraries will create and break down SOAP messages for you. They make it easy to write a SOAP server or client. You might find the following an informative read:

    http://devzone.zend.com/node/view/id/689

    mikem

  9. #9
    SitePoint Enthusiast
    Join Date
    Sep 2006
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So I read the articles, thanks! It really did help, and I realize now just how behind the curve php is with handling soap headers on the server side

    You pretty much have to capture everything passed into the PHP request and parse it out using XPath of some sort.

    So yay, got it to work but the way the soap headers work you have to pass in a namespace on the client side (at least in php), which seems backwards to me.. why would the client dictate a namespace?? shouldn't the service or wsdl?

    Secondly I bought a book "PRO PHP XML and Web Services" pretty good so far, but I really fail to see when you should use like SimpleXML (my personal fav), XMLReader, or DOMDocument... anyone share some light?

    Thanks,
    Josh Team

  10. #10
    Worship the Krome kromey's Avatar
    Join Date
    Sep 2006
    Location
    Fairbanks, AK
    Posts
    1,621
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    My take on SimpleXML vs. XMLReader vs. DOMDocument vs. whatever else is one primarily of personal preference, although PHP version may affect that (e.g. XMLReader is unavailable for PHP versions prior to 5).

    Personally, I use (and love) SimpleXML for, well, its simplicity. Which is truly "best" or even which is "better" is a debate with no true objective answer - everyone has their preferences, so use whatever you prefer. The only real answer is to ensure that whatever you pick, pick something that has the functionality you need.
    PHP questions? RTFM
    MySQL questions? RTFM


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •