How to write an Web Service API ?

akohan
akohan used Ask the Experts™
on

Hello group,

I'm about to write a Web App but at the same time I need to embed (if I'm right) a Web Service in it so that I can send and receive information to front-end through XML.

Where from can I start learning this? Any online tutorial or sample that I can learn from?

Thanks,
ak

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
If your front has the capability of handling https and you have a genuine certificate (rather than a self-certified one) then you could pass the XML more or less directly to your front end.

If your front end is just using http then I would generate the XML, encrypt it, send it over and decrypt it on the receiving machine. There is a question in progress at the minute here http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_26295578.html which shows how to deal with the encryption and talks about HTTPS as well.

In essence, build up your XML, either manually or using SimpleXML, encrypt it, send it decrypt it and use SimpleXML to read the data back. Make sure that your item names do NOT contain spaces or dashes as they will not translate back into PHP variables (see this question for reference http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Jquery/Q_26302214.html )

More on SimpleXML at http://php.net/simpleXml
I should have added - make the receiving function "fussy". It should be a series of tests that the incoming data MUST pass or else it simply stops. For instance, if you are doing an API then your XML should always have a field called something like "command" to indicate what the attached data is for. Let us say that your XML  looks like this

<api>
    <command>
        UPDATE
    </command>
    <data>
        var1=1&var2=6
    </data>
</api>


Then I would be looking at the following tests.

1. Is the unencrypted data proper XML? If not then die

2. <api> should only ever have two children (command and data). If it has not got 2 then die

3. "command" only ever has (say) four values. If the received data does not match then die

4. The data segment only contains certain characters. If anything else turns up then die.

5. Maybe you expect data from only known IP addresses. Check the IP address this came from.

and so on.
Most Valuable Expert 2011
Top Expert 2016
Commented:
A really good example of a RESTful API is the Yahoo Geocoder.
http://developer.yahoo.com/maps/rest/V1/geocode.html

The RESTful design pattern places all of the arguments in the URL string.  You see this sort of thing all the time in web pages, and in fact the entire WWW is a RESTful design.  Your web service script takes the information in the $_GET array and uses it to create the response, which can be XML, JSON, CSV, plain text, etc.  

Each REST call is atomic - there are no login/logout sequences.  You might choose HTTPS and some kind of API-Key authentication if you really wanted to.

Try these URLs to see how this works.  Note that testing the RESTful web service is a simple as typing the arguments into the browser address bar.

http://www.laprbass.com/RAY_REST_get_last_name.php
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Fred
http://www.laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Richard

Without too much effort you can transform this design to use different API keys for different client data models, to return an XML string, or look up information in a data base, etc.

Best regards, ~Ray
<?php // RAY_REST_get_last_name.php
error_reporting(E_ALL);


// DEMONSTRATE HOW A RESTFUL WEB SERVICE WORKS
// CALLING EXAMPLE:
// file_get_contents('http://laprbass.com/RAY_REST_get_last_name.php?key=ABC&name=Ray');


// OUR 'DATA MODEL'
$dataModel = array
( 'Brian'   => 'Portlock'
, 'Ray'     => 'Paseur'
, 'Richard' => 'Quadling'
)
;

// TEST THE API KEY
$key = FALSE;
if (isset($_GET["key"])) $key = $_GET["key"];
if ($key !== 'ABC') die('BOGUS API KEY');

// LOOK UP THE LAST NAME
$name="?";
if (isset($_GET["name"])) $name = $_GET["name"];
if (array_key_exists($name, $dataModel))
{
    die("$dataModel[$name]");
}
else die('UNKNOWN');

Open in new window

Author

Commented:

I'm studying what you guys have shared with me and will get back to you soon,

regards,
ak

Author

Commented:

Thanks!
Most Valuable Expert 2011
Top Expert 2016

Commented:
Thanks for the points -- glad I could help, ~Ray

Author

Commented:

NO THANK YOU!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial