Backend API for external requests #31
Replies: 3 comments 2 replies
-
Currently, the remote module API is just public on the site (provided you have an auth token, which is just the PHPSESSID in your browser). See here for some of the APIs and their behaviours that you have available for modules at the moment. Most of these already have functions in the module API to interact easily. As for APIs for modifying transactions, that might be quite a bit of work as there would need to be some kind of token system to access the API preventing random people from accessing your API and wrecking your database. As a general rule, anything that causes permanent changes to the site needs verification. I could possibly add a system to the admin panel. Perhaps a new class of extension could be API applications with tokens granted? If you are aware of the GitHub developer tokens system, it could work something like that. Basically, you request a dev token from the admin panel and keep it a secret. Then, you use it to access some priviledged API. Thoughts? |
Beta Was this translation helpful? Give feedback.
-
@ethanv2 so, I've been working a bit with node.js, express, passport, etc, and building my own bank, and when I did my API in the route/request handler, I simply call checkAuthenticated() before processing the API request. Perhaps that's all you would need to do as well? Just a thought. |
Beta Was this translation helpful? Give feedback.
-
I have placed this on the TODO list and will begin working on it shortly. |
Beta Was this translation helpful? Give feedback.
-
Would love to see an API/backend request system that can interact with the bank to add/modify/delete transactions.
This would come in very handy for integrating the bank with browser plugin's or separate webserver. Like, if I make a spoof purchase on amazn, and I could somehow have my 'purchase' instantly appear in the bank, that would be downright brilliant.
How hard would it be? How much work would be needed to code it? Would it be a "post" to a certain file of dsjas and feeding it with credentials + action + options?
Most important features would be (for me):
Bonus/not necessary but nice (for me):
Beta Was this translation helpful? Give feedback.
All reactions