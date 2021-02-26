Advice on API development

Hi,

I would like to develop some API to give access to a software I’m working on.

The software structure is the following:

I’ve got some clients and for each of them I use separated databases, each client has access to a private area as administrator but also each client can create some regular user profiles and they can also access their private area.

Each website has his subdomain for example:

site1.website.com
site2.website.con

And I use the first part of the subdomain to load the right database for each subdomain.

What is the best way to create an api that can deal with each website? Many thanks

Well ideally you have one API that is independent of the subdomains. You would issue an API key or use something like OAuth to authorize access to a website’s domain resources (DB etc). Based on the key or token, that will tell you which site it is for and what they can (or cannot) do.

In other words, your token/key determines the user which determines what that user can access. Aka User Permissions.

Now if you are wanting to do something more complex like site1.website.com/api, then that would be something that might be handled by rewriting the URL and having it pass site1 to the API to let it know it can only deal with site1’s resources. But I would probably steer clear of this for the time being. I would setup an API on something like… api.website.com that will take a key/token and use that to determine what resources it needs to access.

Of course I am just spinning stuff off the top of my head but having the one API that takes all requests and uses it to determine the site resources to access based on the key/token/user would be easy to manage, update and possibly add on to as services grow.

It seems, you need routing functionality to parse URL and check what is the current subdomain.And of course you need htaccess to redirect your requests to single bootstrap-script.