Search

Just a quick question If I want to add an entry by url, shouldn't it look something like this:

symphony/api/entries/users/?format=json&method=post&auth-token=4336xxxx&'fields[fb_id]'=abc

Thanks for the help!

Pardon my question, but how are you guys using this API? I'm really curious of how can it be useful.

Thanks!

Hey there vladG I currently use it for a facebook app, it makes it easy to just programm php independently from symphony and then use symphony as a storage interface to retrieve and post data. Since I am also using Flash it kind of makes it less complicated...

Cheers

Just a quick question If I want to add an entry by url, shouldn't it look something like this:

Nope, you can't create an entry by making a GET request. You must send a POST.

Pardon my question, but how are you guys using this API? I'm really curious of how can it be useful.

I created the extension for a similar use: we had one Symphony instance acting as a "master" data store, and many other "satellite" sites running off it. These sites consumed data from the master instance using Dynamic XML data sources using the REST API. It was much quicker to do this than create pages/datasources on the master site to expose the desired XML.

Another use, as ChriZ suggests, was for off-site apps that need to consume and submit data.

I have a security question: without HTTP Secure (HTTP + SSL/TLS), could the authorisation token be sniffed when the request is sent across the web from one site to another even though the API would only be used from Symphony itself and not frontend links/JavaScript?

Yes, sure. When travelling the web, it's simply a (sniffable) HTTP request, no matter where it comes from.

Thanks for confirming. So it's preferable to either not go across the web (e.g. both Symphony installations on the same machine), or to use HTTPS...

Yes, I would say so.

@anybody, FYI: When using SSL, an HTTP request is sent after the encryption has been established.

  1. Derive hostname (and port if present) from from URL.
  2. Connect with to host.
  3. Check certificate (it must be 'signed' by known authority, apply specifically to correct IP address and port, and be current).
  4. The browser and server exchange cryptographic data and the browser receives a private key.
  5. The HTTP request is made, encrypted with established cryptography.
  6. HTTP response is received. Also encrypted.

HTTP is an 'Application Layer' protocol, it is carried on top of the secure layer. According the SSL specification, drawn up by Netscape, dictates that no application layer data may be transmitted until a secure connection is established

(http://answers.google.com/answers/threadview/id/758002.html)

@michael-e: meaning URL parameters (such as the auth token) are encrypted, which a quick search earlier also seemed to suggest. Thanks again.

Both of my installations are on the same VPS, so I'll probably edit the `/etc/hosts' file of that machine for the relevant vhost so that the request doesn't leave the machine.

meaning URL parameters (such as the auth token) are encrypted

Exactly.

so I'll probably edit the `/etc/hosts' file of that machine for the relevant vhost so that the request doesn't leave the machine.

Sounds like a good idea!

I'm having a job getting the Apache URL rewrite converted to my webserver's rewriting format (Hiawatha - work on this in progress, thanks @phoque).

But in the meantime I'm trying to check that the API itself is working by using a manually rewritten URL. I've set my rewrite rules to put anything that begins with extensions/rest_api straight through as it is for testing.

What should a rewritten URL for the entries plugin look like? Based on the documenation and URL rewrite rule, I have:

http://domain.com/extensions/rest_api/handler.php?url=/entries/photos&auth-token=xxxxxxxx

But this gives 'Page Not found'.

When accessing http://domain.com/extensions/rest_api/handler.php without the plugin/section portions of the URL or URL parameters I get XML:

<response result="error" code="404">
    <error>Plugin 'REST_' does not exist.</error>
</response>

So I know handler.php is being requested/processed.

To summarise my previous, rather rambly post: what rewritten URL does the entries plugin expect (given a section handle of photos)?

Is it:

/extensions/rest_api/handler.php?url=/entries/photos&auth-token=xxxxxxxx

If that's correct, then something else isn't working.

Off the top of my head I simply can't remember, but looking through the code briefly the above looks correct. Have you definitely got a Symphony page of type index in your install?

Have you definitely got a Symphony page of type index in your install?

I have now, and am getting XML. :-) Thanks!

Hiawatha rewrite rule also working.

Ace. I can't remember why there has to be an index page present, but it was a Symphony limitation I hit. Perhaps that should go into the README... but I can't remember the reason sufficiently to explain it. Let's put it down to magic.

Hey Nick, Way earlier in the thread you were talking about how it would be easy to set up a tailored API with pages and custom events. I'm planning a little project along those lines and getting the data out will be easy, but I'm not as familiar with creating custom events.

Do you have any tips or sections of code in existing extensions that would give someone new to custom events an idea how to save PUT and POST requests to particular sections? Specifically, I'm interested in sending & saving JSON for use with JS libraries like Backbone and Ember.

Thanks for any pointers you might have!

Is it possible to alter the add entries PHP in the REST_API to post multiple entries in one webhook instance? I have an external form on another site which has a number of delegate names and details I wish to collect into a central Symphony install?

Is it just a case of the post data having fields[0][name], fields[1][name] etc?

I have auth-token setup and what not... but the post data will be variable.

The reason for wanting to alter the post data before it gets to the restful service is that the post field names aren't consistent.

I need to marry up the post field data with entry field data before the injestion of data takes place.

Any pointers?

EDIT

Nicks reply here really helped me out, so I'm doing it this way instead now thanks.

Hi Nick,

For some reason the multi entries does not work when only sending file fields:

<input name="fields[0][image]" type="file" />
<input name="fields[1][image]" type="file" />

But works fine when including some text fields as well:

<input name="fields[0][image]" type="file" />
<input name="fields[1][image]" type="file" />
<input name="fields[0][description]" type="text" />
<input name="fields[1][description]" type="text" />

Any idea why this may be happening?

Cheers.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.3-5.6 or 7.0-7.3
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.5 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details