Web services only of authenticated users [C4::Service]
Hi to all, today, working on do a metsearch for Opac, I have found that web service basic API (C4::Service) could be used only from authenticated users. In fact with C4::Service->init(<permission to check>); it is mandatory to insert a permission that is checked in C4::Auth check_api_auth. The check is done on the user that is logged in the browers that does the request. If you do the request from the opac without be logged, the answer could be only: {"type":"auth","message":"failed"} We have a web service that work without authentication ,it is opac/svc/report. But it doesn't use C4::Service. I think it is an important topic to know if we want to use more a central web service infrastructure. Bye
Zeno Tajoli schreef op wo 04-03-2015 om 18:20 [+0100]:
today, working on do a metsearch for Opac, I have found that web service basic API (C4::Service) could be used only from authenticated users.
There are plans afoot[0] to design a new restful API. The current one is very inconsistent (some parts use XML, some use JSON, etc.) and it needs a ground-up redesign. I'd jump in on that noting these sorts of things. What's there now is staff client focussed, but I think it's important to think about use cases for the OPAC too. [0] http://wiki.koha-community.org/wiki/New_REST_API_RFC -- Robin Sheat Catalyst IT Ltd. ✆ +64 4 803 2204 GPG: 5FA7 4B49 1E4D CAA4 4C38 8505 77F5 B724 F871 3BDF
From a technical standpoint, the new Koha::Service class ( http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=12272) does allow authnotrequired to be passed. This doesn't resolve the API design problem, but does solve part of the issue.
2015-03-04 15:26 GMT-07:00 Robin Sheat <robin@catalyst.net.nz>:
Zeno Tajoli schreef op wo 04-03-2015 om 18:20 [+0100]:
today, working on do a metsearch for Opac, I have found that web service basic API (C4::Service) could be used only from authenticated users.
There are plans afoot[0] to design a new restful API. The current one is very inconsistent (some parts use XML, some use JSON, etc.) and it needs a ground-up redesign. I'd jump in on that noting these sorts of things. What's there now is staff client focussed, but I think it's important to think about use cases for the OPAC too.
[0] http://wiki.koha-community.org/wiki/New_REST_API_RFC -- Robin Sheat Catalyst IT Ltd. ✆ +64 4 803 2204 GPG: 5FA7 4B49 1E4D CAA4 4C38 8505 77F5 B724 F871 3BDF
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Jesse Weaver
participants (3)
-
Jesse -
Robin Sheat -
Zeno Tajoli