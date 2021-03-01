Advice on API development

Hi,

I would like to develop some API to give access to a software I’m working on.

The software structure is the following:

I’ve got some clients and for each of them I use separated databases, each client has access to a private area as administrator but also each client can create some regular user profiles and they can also access their private area.

Each website has his subdomain for example:

site1.website.com
site2.website.con

And I use the first part of the subdomain to load the right database for each subdomain.

What is the best way to create an api that can deal with each website? Many thanks

Well ideally you have one API that is independent of the subdomains. You would issue an API key or use something like OAuth to authorize access to a website’s domain resources (DB etc). Based on the key or token, that will tell you which site it is for and what they can (or cannot) do.

In other words, your token/key determines the user which determines what that user can access. Aka User Permissions.

Now if you are wanting to do something more complex like site1.website.com/api, then that would be something that might be handled by rewriting the URL and having it pass site1 to the API to let it know it can only deal with site1’s resources. But I would probably steer clear of this for the time being. I would setup an API on something like… api.website.com that will take a key/token and use that to determine what resources it needs to access.

Of course I am just spinning stuff off the top of my head but having the one API that takes all requests and uses it to determine the site resources to access based on the key/token/user would be easy to manage, update and possibly add on to as services grow.

It seems, you need routing functionality to parse URL and check what is the current subdomain.And of course you need htaccess to redirect your requests to single bootstrap-script.

Hi @Martyr2 thanks for tour answer. Sorry I’ve never developed an API and this is a learning courve for me. If I understood then I can create a general API like api.website.com then I can create a general database where I can store all the subdomains and for each f them an unique API key that helps to identify the sobdomain and therefore to which database the API should connect is it correct?

Correct. You can associate an API key or token with a user or with a domain, an application or a service. You decide how that key works, but it is essentially an identifier of who is using the service, but also a key that can point to which service (aka domain in your case) they are trying to access. You could even say that an API key belongs to vince and vince is the owner of site1.website.com, so access site1.website.com.

But of course that is not the only way. You can issue keys or token specifically for a given website domain and in the database just associate the key with the ID of the domain and you are on your way.

ID | Domain            | Key
-----------------------------------------
1  | site1.website.com | AHRGFN736G734hGH
2  | site2.website.com | BHTTFN739G938pjH

Now this is a limited example above, but you can assign keys to a given user who is then assigned to a given domain.