Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion To REST or not
To REST or not
  • El Forum
    Guest
  •  
#1
03-03-2010, 05:39 AM

[eluser]Sammi[/eluser]
Hi,

First I would like to welcome myself to the CodeIgniter forums. Me and my colleges are starting a CodeIgniter project and we are quite exited about finally digging into this framework. We use ExpressionEngine a lot and since EE2 is codeignited we thought it was time to dig in.

However our current project is CodeIgniter only and we are trying to make a design decision regarding it. The project is basically a public API to an event system (calendar). Anonymous users can read data, registered user can read/write.

We have been looking into creating a RESTful API but I am having doubts. Especially because of PUT/DELETE support missing from some browsers. Will that be a problem if we need to create a jQuery only clients that interact with the API?

Also, do you know of any samples that we could look at where POST, PUT and DELETE require authentication but GET does not?

The REST service we have been implementing requires authentication for the whole thing. If we use different controllers for all but GET, then we break the urls. Right?

Best,
Sammi
  • El Forum
    Guest
  •  
#2
03-03-2010, 06:36 AM

[eluser]Phil Sturgeon[/eluser]
Have you seen my REST work? It does not specify authentication for specific HTTP verbs, but it could easily be modified to do so.
  • El Forum
    Guest
  •  
#3
03-03-2010, 07:40 AM

[eluser]Sammi[/eluser]
Hi,

yes I have seen your work and I love it. We are actually using it now. Thank you very much!

We altered it to ignore authentication if the request was a GET. Possibly that is all we really need.

But what do you think about jQuery clients? Would the have to relay their calls to our API through your REST client to support PUT and DELETE for an example? What about digest authentication for javascript only clients? Maybe that is not possible.

Best,
Sammi
  • El Forum
    Guest
  •  
#4
03-03-2010, 07:48 AM

[eluser]Phil Sturgeon[/eluser]
If you are interfacing purely with JavaScript stuff then I would just use GET/POST and ignore PUT and DELETe. This is something that Twitter do quite a lot.

As for securing your API yet still having it open to JavaScript, god knows! I would just proxy this through a PHP file which gives you more control over who is accessing what.




Theme © iAndrew 2016 - Forum software by © MyBB