Modify Phil Sturgeon's REST Server Controller to work with API keys

[eluser]ssunil[/eluser]
Hi All,

I am trying to modify Phil Sturgeon's REST controller to work around API keys. Each user in the system gets a unique key which allows for access to their protected resource.

Phil Sturgeon's Library has method for Basic and Digest Based Authentication, but not to work around API keys. I want the client application to send API secret key as header and that the REST Controller only return data based on the valid key.

Any help on how this could be done would be appreciated.

Thanks

Sunil

[eluser]Phil Sturgeon[/eluser]
It has supported API keys for a few months now dude. I never got around to documenting it much, as it was just done on client request, but you can turn it on in the config. An example DB is provided.

Key restriction, method throttling and key-based permissions are all supported out of the box.

Use v2.2 if you are on CI 1.7.2 or CI 2.0 (BEFORE the PHP 5 only changes) or use v2.3 if you are using the very latest CI 2.0.

The key stuff works exactly how you are trying to work. You can even modify the name of the HTTP header it responds too

[eluser]ssunil[/eluser]
Thanks Phil for the quick reply. I turned on the key validation now

A few more questions

How can modify the client so that it only considers requests signed by the API key and not all requests and modify the server controller so that it servers records only matching the signed key ID.

Any code examples you can share would be really helpful

Sunil

[eluser]ssunil[/eluser]
I guess I was looking into the older version of REST Controller. The new version has the option to generate key. I will try and modify the _prepare_auth() function to check for keys as against login.

Will post progress here.

Sunil