REST with authentication

Bishu · June 2, 2020, 3:44am

I have created a custom REST to get balance
$API_ACTIONS[“getBalance”] = function(Request $request, Response &$response) {
$username= Param(“username”, Route(1)); // Get parameter from $_GET or $_POST
if ($username!== NULL)
WriteJson(ExecuteRow(“SELECT closingbalance FROM balance WHERE id = '” . AdjustSql($username) . “'”, ));
};

How can my client access this resource with his username and password without using login form.
it has to be access through api only

login url = /api/login/?username=myusername&password=mypassword
the login url return true .

how can I combined this 2 url to access my custom REST by my client with authentication.
#I have read the REST API in help file but unable to do it.

arbei · June 2, 2020, 12:28pm

In your action you may check if IsloggedIn().

Bishu · June 2, 2020, 2:35pm

arbei wrote:

In your action you may check if IsloggedIn().

How can I combine the 2 url api
1)login url = /api/login/?username=myusername&password=mypassword
2)access the data url = /api/getBalance/521485

is it good to put the username and password in the same url as
/api/getBalance/myusername/mypassword/521485

If I put the username and password in the url.
what will be the code for login
$API_ACTIONS[“getBalance”] = function(Request $request, Response &$response) {
$login = ##Code for Login##
if($login){

}
};

arbei · June 3, 2020, 3:01am

There is no such API, but you can add your own action, see the topic REST API in the help file.

Bishu · June 3, 2020, 4:29am

Thanks
now i have write the code as -
It is working but I want to know whether it is secure to use in API or not.

$API_ACTIONS[“getBalance”] = function(Request $request, Response &$response) {
$username = RemoveXss(Param(“username”, Route(1)));
$password = RemoveXss(Param(“password”, Route(2)));
if ($username !== NULL && $password !== NULL){
global $Security;
ValidApiRequest();
$autologin = $Security->validateUser($username, $password, TRUE);
if($autologin){
WriteJson(ExecuteRow(“SELECT closingbalance FROM balance WHERE id = '” . AdjustSql($username) . “'”, ));
}
else{
echo “Authentication Fail”;
}
$Security->logoutUser();
}
};

arbei · June 3, 2020, 6:17am

Your code looks OK, but you may consider:

if (ValidApiRequest()) { … your code … }
Return JSON if user is invalid (since you return JSON when the user is valid).

REST with authentication

If I put the username and password in the url. what will be the code for login $API_ACTIONS[“getBalance”] = function(Request $request, Response &$response) { $login = ##Code for Login## if($login){

If I put the username and password in the url.
what will be the code for login
$API_ACTIONS[“getBalance”] = function(Request $request, Response &$response) {
$login = ##Code for Login##
if($login){