You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by Aaron Hiniker <hi...@gmail.com> on 2009/06/05 21:10:44 UTC
Question regarding wrapping OS RESTful API from our existing XML API
First off, this is my first post to this list and not sure if this is the
appropriate place to post this question—if one of the other lists is more
appropriate, let me know.
We have an application that exposes an XML API into some of our core
services that 3rd parties use to build front-end websites and flash apps
with.
We are using Shindig to expose social networking features through this XML
API. Our initial thoughts are to expose a wrapper to the OpenSocial RESTful
API, in a manner like:
<api>
.. some other API stuff ..
<opensocial>
<restful resource=”/people/{guid}/@friends” method=”GET”
format=”JSON”>
<![CDATA[… json encoded REQUEST body if applicable …
]]>
</restful>
<restful resource=”/people/{guid}/@self” method=”GET”
format=”JSON”>
<![CDATA[… json encoded REQUEST body if applicable …
]]>
</restful>
</opensocial>
</api>
<api>
.. some other API stuff ..
<opensocial>
<restful resource=”/people/{guid}/@friends” method=”GET”
format=”JSON”>
<![CDATA[… json encoded RESPONSE body if applicable …
]]>
</restful>
<restful resource=”/people/{guid}/@self” method=”GET”
format=”JSON”>
<![CDATA[… json encoded RESPONSE body if applicable …
]]>
</restful>
</opensocial>
</api>
Our API is already tracking the userId (ie, the VIEWER in OS terms). We
want to take in these XML tags and perform REST calls within the server
itself, passing in the raw request body, and returning the raw response body
through this XML api.
One question: how do we associate the VIEWER to the RESTful calls in this
manner? Does this **have** to happen through an OAuth access token?
I have been researching OAuth and believe that one solution would be to
create a single access token that is associated with our XML API calls, and
when we register users, we automatically create an OAuth access entry for
the user and our XML API. Going that route, we can intercept these RESTful
calls coming in from our XML API, lookup the user’s token based on the API’s
session, and make a behind-the-scenes local REST call passing this looked-up
token for each request, and then dump the response back through the XML.
I’m fairly new to OS and OAuth, so I might be overlooking some important
details in this implementation but would greatly appreciate any help in
determining the best way to “wrap” OS RESTful calls from our existing XML
API that currently manages our userbase.
Thanks,
Aaron
Re: Question regarding wrapping OS RESTful API from our existing XML
API
Posted by Louis Ryan <lr...@google.com>.
Aaron
As you suggest below you need some mechanism to convert your APIs user
credential into one Shindig can understand. One option available if you have
your own Shindig implementation is create your own AuthenticationHandler
implementation that recognizes whatever security mechanism your own API uses
and create an implementation of SecurityToken from it. Then your API
endpoint can just forward it along to Shindig.
-Louis
On Fri, Jun 5, 2009 at 12:10 PM, Aaron Hiniker <hi...@gmail.com> wrote:
> First off, this is my first post to this list and not sure if this is the
> appropriate place to post this question—if one of the other lists is more
> appropriate, let me know.
>
>
>
> We have an application that exposes an XML API into some of our core
> services that 3rd parties use to build front-end websites and flash apps
> with.
>
>
>
> We are using Shindig to expose social networking features through this XML
> API. Our initial thoughts are to expose a wrapper to the OpenSocial
> RESTful
> API, in a manner like:
>
>
>
> <api>
>
> .. some other API stuff ..
>
>
>
> <opensocial>
>
> <restful resource=”/people/{guid}/@friends” method=”GET”
> format=”JSON”>
>
> <![CDATA[… json encoded REQUEST body if applicable …
> ]]>
>
> </restful>
>
>
>
> <restful resource=”/people/{guid}/@self” method=”GET”
> format=”JSON”>
>
> <![CDATA[… json encoded REQUEST body if applicable …
> ]]>
>
> </restful>
>
> </opensocial>
>
> </api>
>
>
>
>
>
> <api>
>
> .. some other API stuff ..
>
>
>
> <opensocial>
>
> <restful resource=”/people/{guid}/@friends” method=”GET”
> format=”JSON”>
>
> <![CDATA[… json encoded RESPONSE body if applicable …
> ]]>
>
> </restful>
>
>
>
> <restful resource=”/people/{guid}/@self” method=”GET”
> format=”JSON”>
>
> <![CDATA[… json encoded RESPONSE body if applicable …
> ]]>
>
> </restful>
>
> </opensocial>
>
> </api>
>
>
>
>
>
> Our API is already tracking the userId (ie, the VIEWER in OS terms). We
> want to take in these XML tags and perform REST calls within the server
> itself, passing in the raw request body, and returning the raw response
> body
> through this XML api.
>
>
>
> One question: how do we associate the VIEWER to the RESTful calls in this
> manner? Does this **have** to happen through an OAuth access token?
>
>
>
> I have been researching OAuth and believe that one solution would be to
> create a single access token that is associated with our XML API calls, and
> when we register users, we automatically create an OAuth access entry for
> the user and our XML API. Going that route, we can intercept these RESTful
> calls coming in from our XML API, lookup the user’s token based on the
> API’s
> session, and make a behind-the-scenes local REST call passing this
> looked-up
> token for each request, and then dump the response back through the XML.
>
>
>
> I’m fairly new to OS and OAuth, so I might be overlooking some important
> details in this implementation but would greatly appreciate any help in
> determining the best way to “wrap” OS RESTful calls from our existing XML
> API that currently manages our userbase.
>
>
>
> Thanks,
>
>
>
> Aaron
>