Tuesday, September 24, 2013

Lite Help for Our API Server

Our API Server

Our API Server is a tool for create a REST service interface for our projects. The main objective of the project is the creation of a Standard Tool with supports for many existing projects, including Wordpress, Drupal or annother project. Also does not limit to Mysql data source, it can be widely extended with the use of plugins.
  • Creating APIs faster than any other system.
  • Modify URL request structure.
  • Make requests in any possible format (GET,POST,PUT,DELETE).
  • Making and versioning APIs.
  • Great graphical stats.
  • Logs for each API requests.
  • Utilization of plugins to extend server functionalities:
    • Five OUTPUTS plugins (XML, JSON , YAML, SERIALIZE, SIMPLE) or create your OWN.
    • Five ACTION plugins (MYSQL, ODBC, SQLITE, PRINTER, EXECUTE) or create your OWN.
    • Two security plugins (MYSQL, MANUAL) or create your OWN.
    • Five encryption plugins (MD5, WORDPRESS, PLAIN, DRUPAL, SHA1) or create your OWN.
  • Full Cache Support.
  • Exhaustive documentation (samples, howtos and tutorials included);

Table of contents



  • Apache2
    • mod_rewrite
  • PHP 5.3.x
    • php_sqlite


Just copy the project to the folder 'www' of Apache2.


The config of the projects is located on config.ini.
  • ROOT : URL where the project RUN.
  • USER : admin user of the Project.
  • PASS : pass for the USER.
    leave in blank both (USER and PASS) for public access.

User Interface

The user interface is basically an API editor where you can perform the following actions:


Add new APIs.


Edit a previously added API.


Delete created APIs.


Make an exact copy of any API.


Exports any API.


Logs and graphical stats for the API's requests.


Imports a APIs that have been previously exported.

How it works

  1. Mapped all API
  2. Upon receiving a request, if it matches the url mapped to the path, the class runs.
  3. It checks whether the mapping coincides with the method defined in the API.
  4. Security Checks.
  5. Executes the Action.
  6. Execute the Output.

Making an API

To create an API must provide certain information to the system, as the name, the description, the route… In short you need to implement a REST service in our web interface.

API Basic

In this section we define the basic parameters of the API, which described below:


Friendly name of the api that is creating


Description of the API does (be explicit).


Path to access its api. This path is relative to the main path. Important: The path must start with "/"
Path Example:
The following path are used by the server to manage the GUI and testing.
* [SERVER_ROOT]/simple/*
Important: Do not use any of the routes listed above.


Time in seconds that the system cache the result of the API Incomings Request. Can be used to limit the amount of new requests in a time.
Example Cache:
If you need that users can only make 60 requests in one hour then you must put the cache in 60 …


Method to be used in the request. The system supports all methods although you can specify whether to connect via GET, POST, PUT, DELETE.


Output to be used to print the data. By default the server comes with four output plugins JSON, XML, YAML y SERIALIZE.


List of dynamic parameters that must be provided by the user order to obtain an output.
Example Login:
If you add the parameter user_login as an argument, the route to be provide the user to access the service would be as follows:
where USER_SUPPLIED_VALUE is the value that the user must supply to get data.

API Source

In this section we define the source from which the data were taken. The type of data source is pluggeable and by default the server has 4 types of sources:


To access data from a server must meet the parameters Mysql Connection:
  1. host: Server path
  2. port: Server port (usually 3306 for mysql server)
  3. dbname: The database to which the connection will be established.
  4. user, pass: The credentials to connect to server.


The configuration to connect to a sqlite database is simpler, only requires a parameter:
  1. dbname: Address of the database to which the connection will be established.


To connect to an ODBC resource you need to set the following parameters:
  1. dsn: ODBC Resource.
  2. user, pass: The credentials to use the resource, if necessary.


The printer does not need additional configuration. Just print the text in the Action option.


Operative System Sentence for Execute.

API Action

The action is executed on the server to provide an output in the selected format.
For Example if you want to run a simple mysql action:
SELECT * FROM `wp_terms` LIMIT 30
In case the action need of additional parameters :
SELECT user_login,user_nicename,user_email,user_registered 
FROM `wp_users` WHERE user_login = :user_login LIMIT 30
In this case user_login should have been defined as an argument in the section API basic and shall be provided by the user in the request to the server, to be used in the execution of the action.
The action Printer printed in the output the data used in the field action in the selected format.
For Example if in the action field is written Test printer the result to the output in JSON format would:
[ "Test printer" ]
Both ODBC as sqlite actions are similar to the mysql action.

API Security

You can also add security to your REST Service. By default, the server includes three plugins for applying security:


The data source for credentials manually defined, to provide a simple authentication.
Example Route:
If in the field user is written user1 and pass write 1234 all users in the request MUST provide values user1 and 1234 and would be as follows in the API (this example for GET Method):


The data source for credentials, is a Mysql database. Of course you have to configure the connection parameters and define actions to execute, to obtain credentials (_user y _pass)
Example User and Password:
If you would like to select user_login from table wp_users would be as follows: ` SELECT user_login FROM wp_users WHERE user_login = :user_login `
If you would like to select user_pass from table wp_users would be as follows: ` SELECT user_pass FROM wp_users WHERE user_login = :user_login `
which would remain in the path of API:
In this case the user must provide wordpress credentials in the values​​ USER_VALUE and PASS_VALUE, while the security plugin is responsible for comparing the values ​​obtained with the execution of the security action, with the values ​​provided by the user and being equal continue the execution of the action that retrieves the print data, see API action for more information.


Without security.


The type of encryption complements and extends the security capabilities, the server includes 3 types of encryption MD5, WORDPRESS, PLAIN, DRUPAL, SHA1 and is used to compare the data extracted from the database with user-supplied.


To conclude this tutorial we leave this example which is included by default in the server:


  • [Name] : wp_user
  • [Description] : Get User Data from WordPress in JSON Format with WordPress Authentication
  • [Path] : /wp/user
  • [Cache] : 0;
  • [Method] : GET
  • [Output] : JSON
  • [Arguments] : user_login


  • [Type] : MYSQL
    • host : [localhost]
    • port : [3306]
    • dbname : wordpress_db
    • user : [wordpress_db_admin]
    • pass : [wordpress_db_pass]
  • [Action] :
    SELECT user_login,user_nicename,user_email,user_registered FROM wp_users 
    WHERE user_login = :user_login LIMIT 30


  • [Type] : MYSQL
    • host : [localhost]
    • port : [3306]
    • dbname : wordpress_db
    • user : [wordpress_db_admin]
    • pass : [wordpress_db_pass]
  • [User] :
    SELECT user_login FROM wp_users WHERE user_login = :user_login
  • [Password] :
    SELECT user_pass FROM wp_users WHERE user_login = :user_login
  • [Encryptation] : WORDPRESS
as a result the API request would be as follows:


Version 1.2
  • Add methods PUT and DELETE.
  • Add Logs for each API 's Request.
  • Add Graphical Stats.
Version 1.1
  • Help for Actions Sentence.
  • Refactorizing Store Method.
Version 1.0
  • Initial release.

Sources and Credits

We user the following files or proyects from 3rdparty:
  • Restler
  • Symfony
  • Boostrap-3.0.0
  • Jquery
  • Wordpress
  • Rickshaw
  • Fat-Free Framework


You Can Download the Project and the Updates HERE.

No comments:

Post a Comment