Simple Applications Access API

Simple Applications Access API

$4.99

Out of stock

Category:

Description

This is a Simple Applications Access API Generator. With this tool, you can create Applications and the necessary properties.

Applications Access – Data Model

The Simple Applications Access offers small database where you can keep the keys that will authenticate your APIs. It is not intended to be used on the broad public. You could deploy it on your local host, for example. Nevertheless, a DEMO version is deployed on https://programtom.com/Applications_Access/.

It has Simple model fields

  1. User Friendly Name
  2. GUID – (auto generated) globally unique identifier
  3. Secret for verifying requests

The secret must never participate in any request. An additional pair, derived by using is the way to authenticate and verify requests. Demo Code Snippets will be available soon.

PHP Version – Package Files

.htaccess
admin\.htaccess
admin\com\programtom\admin\dao\BannedIpDao.php
admin\com\programtom\admin\dao\createDB.php
admin\com\programtom\admin\dao\DB.php
admin\com\programtom\admin\dao\LoginsDao.php
admin\com\programtom\admin\dao\QueryResult.php
admin\com\programtom\admin\dao\UserDao.php
admin\com\programtom\admin\dao\UserDaoExt.php
admin\com\programtom\admin\model\BannedIp.php
admin\com\programtom\admin\model\Logins.php
admin\com\programtom\admin\model\User.php
appLocalizations.php
com\programtom\Applications_Access\dao\createDB.php
com\programtom\Applications_Access\dao\DB.php
com\programtom\Applications_Access\dao\QueryResult.php
com\programtom\Applications_Access\dao\SomeApplicationDao.php
com\programtom\Applications_Access\dao\Util.php
com\programtom\Applications_Access\model\SomeApplication.php
constants.php
drawer.php
fest.json
index.php
isLogged.php
lang\en.json
lang\en.php
loadingBody.php
login.php
loginBody.php
logout.php
main.php
mainBody.php
register.php
registerBody.php
RemoteAddress.php
res\192.png
res\512.png
someApplication\addedit.php
someApplication\deletestuff.php
someApplication\index.php
sw.js
template.php
TermsAndConditions.php
TermsAndConditionsBody.php

Files that you need to change

You’ll probably need to update the following files:

  • .htaccess. Access to hidden models to the models and to the data administration should be visible only to your IP address
  • DB.php – The app uses simple SQLite Database. You’ll most likely need to update the path to the file. The Database will be created when you execute the createDB.php script

Applications Access – Authentication

Any functionality theoretically could be wrapped up in a separate application. Many of these applications may have similar characteristics. So, the main idea of the GUID field – to associate – to what functionality of the whole app – the module is storing data. The secret should never be shared – to anyone – not in charge of the concrete app. It is the key to derive authenticated requests from.

Client Server App – Request

Here is a Simple Example of a curl POST HTTP Request to a service (callMyFunction.php):

function myFunction($param1, $param2) {
$appGUID = “my_guid_of_an_app”;
$secretForVerifingRequests = “b54321723-1234-3333-5431-1627444234d9”;//should be secret and app specific

$ch = curl_init();

curl_setopt($ch, CURLOPT_URL, ‘https://myinternalhost.com/my_internal_module/myFunction.php’);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

curl_setopt($ch, CURLOPT_SSL_VERIFYSTATUS, 0);

curl_setopt($ch, CURLOPT_VERBOSE, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 0);

$params = [];
$params[‘appGUID’] = $appGUID;
$params[‘requestTimestamp’] = “” . time();
$params[‘verifyRequest’] = hash(‘sha512’, $params[‘requestTimestamp’] . $secretForVerifingRequests);
$params[‘customID’] = hash(‘sha512’, $param1. $param2);

curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));

$response = curl_exec($ch);
return json_decode($response);
}

Server Side Handling

myFunction.php:

if ($_SERVER[‘REQUEST_METHOD’] === ‘POST’) {

$appGUID = filter_input(INPUT_POST, ‘appGUID’);
$requestTimestamp = filter_input(INPUT_POST, ‘requestTimestamp’);
$verifyRequest = filter_input(INPUT_POST, ‘verifyRequest’);
$customID = filter_input(INPUT_POST, ‘customID’);

// Because the same functionality may be available to multiple apps – app selection should be applied

$apps = $appDao->filter(‘GUID’, $appGUID, 1, 0, ”)->list;

if (sizeof($apps) > 0) {

$vvv = hash(‘sha512’, $requestTimestamp . $apps[0]->secretForVerifyingRequests);

if ($vvv === $verifyRequest) {

// — search for the $customID or execute any logic needed – with any additional parameters passed with the request

}  }  }

Related products

Leave a Reply

Your email address will not be published. Required fields are marked *