To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/DjX_BoHtCnYJ.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
application/vnd.joomla+json.v1;q=.1,
application/vnd.joomla.v3+json;q=.5, application/vnd.joomla.v2+json;q=1 I'm having a bit of difficulty going from the high level overview to a specific implementation.
First off there is the question of "how do you recognize an api request and route it"So you have a top level URL of:GET /apiPossibilties to route this include:A component, com_api, which using JRoute and Menu entrees. maps itself to /apiA plugin which detects the keyword and hijacks the connection.The CMS itself recognizes API and routes it.
OR, and here is my preference, scrap all the above as hacks and use the the model for JSite, JAdmin, JInstaller and create a new application, JSiteAPIJSiteAPI can sit in it's own directory, just like JAdmin - appropriately called api so calls to /api automatically load api/index.php
Just like a component can have a frontent or a backend or both, a component can have an api or not. A module be designated as an API module or a Site module or an Admin module.Once you do this, you can then leverage every existing Joomla framework - templates, plugins, session, authentication, and menu's.
Menu's solve the entire question about how to configure an api for external and internal use. You publish your api menu links and use Joomla built in security.Logon: alias logon, publicList Users: alias users, publicEdit User: alias users/edit, security assigned for only registered usersSave User: alias users/edit/save, security assigned for only registered usersAnonymous API calls will only see logon and users.After Logon, the same API link can show logon, users. editUsing the various menu generation tricks we use today to hide/show menu entrees depending on where in the site someone is, the users/edit/save uri will only be displayed as part of the reply from Edit User... note: while traditionally one doesn't think of invoking edit ans then save via an API - in terms of the CMS edit provides the function server side to lock the record while it is being edited - thus it is required before a Save can be performed.
I know some people may think the idea of using a template for an API response is silly, however templates have an important role to play with an api - they allow you to include boilerplate legalese - such as:GET /api/v1/userspseodo JSON response:{ 'source':'http://mydomain.com','apiuri':'/api/v1/','copyright':'copyright 2012 My Domain Company','notice':'This information may only be used for programatic interaction with the source website. This information may not be re-distributed in any manner.','commands':['logon':'/logon', 'showUsers':'/users', 'editUser':'/users/edit', 'saveUser':'/users/edit/save'],'users':['johnsmith':{'username':'johnsmith', 'name':'The Doctor', 'age':587, 'type':'Time Lord'}]}
All in all, this solves a number of questions such as:Q:As a site owner, how do I control which of these API actions are accessible?A:Edit the ApiMenu item and disable/restrict options as you want
Q:As a site owner, how do I add API actions which are missing?A:Edit the ApiMenu item and add an item through the normal meansQ: How do I provide legal protection for my content from being spidered and republishedA: Use a template which provides boilerplate legal noticesLooking over the docs, how version is handled is inconsistent. In some places version is specified as required, in others it is specified as required. Is there a difference between version, v, and apiVersion? I would assume not. Also I really don't like requiring a version number, while it is "good practice" most successful api's do not require a version number and will default to the latest version. As such, I'd move it from the path to the query parameters by default:
URI = scheme "://" authority "/" path [ "?" query ] [ "#" fragment ]I'd revise that toURI = scheme "://" authority "/" path ["?" ["apiVersion="version"&"] [ query ]][ "#" fragment ]And document aliases as:Name: apiVersionType: intAliases: version, vDescription: Optional in requests; required in responses. The desired version of the service API in a request or the actual version of the service API in a response. A service SHOULD switch to using the requested API version if it is able to do so, otherwise it MUST respond with a 400 Bad request status.Lastly, if it is optional, then placing it before the component entree point is problematic:GET /api/version1/somestringUsing JRoute with /api as the base uri, the above could be referring to:API version 1, component com_somestringcomponent com_version1, task somestringGET /api/version/sometaskUsing JRoute with /api as the base uri, the above should refer toAPI application, component com_version, task sometaskBut it will require a nasty bit of code to parse the second parameter into 2 parts[version and everything after version] - then test everything after version to ensure that there is something after version and it is an integer with no other charectors..[ie casting test4now as an integer will result in the integer 4, so it must be checked to ensure that no data was lost]
So for version 1 of the API, don't allow embedding the version in the path - suggest it to be in the query - then let the 'market' decide if moving it to the path is preferred and if so, where in the path to place it and how to jiggle it.IE /v1/api would be easier to handle in JRoute but not as elegant. /api/v1 would be more elegant and could be handled with either little routing logic or with a little mod_rewrite magic so that if there is no /vX in the uri a default /v0 is added./api/v1/users ==> users component/api/users ~rewite~ /api/v0/users ==> users componentIn short, punt on version in the URI until version 1.1 and let the active usage of it determine how it shall be handled.BTW if it is optional, MY personal preference would be to not use the URI to specify the version at all and instead handle it via HTTP media negotiation. IEAccept: application/json,application/vnd.joomla+json.v1;q=.1,
application/vnd.joomla.v3+json;q=.5, application/vnd.joomla.v2+json;q=1Or in english:Joomla API version 2 encoded as json is preferred[q=1]Joomla API version 3 encoded as json is acceptable[q=.5]Joomla API from any version encoded as json if the specific versions are not available[q=.1]application/json is the fallback if none of the above existSee http://developer.github.com/v3/media/ for a full fledged example.It moves all the versioning crud outside the URI and allows for lots of flexibility.Convenience fallbacks can be designated to specify versioning information in the Query, the Path, and/or the domain as developers decide what works best for them.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/UGws5mfnIDcJ.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
First off there is the question of "how do you recognize an api request and route it"So you have a top level URL of:GET /api
I assume you're talking about an implementation in Joomla 3.x, right? I tend to agree that adding a separate application would be the preferred approach, although I would tend call it JApi.
Just like a component can have a frontent or a backend or both, a component can have an api or not. A module be designated as an API module or a Site module or an Admin module.Once you do this, you can then leverage every existing Joomla framework - templates, plugins, session, authentication, and menu's.Agree that it needs to be modular so that access to particular content types can be enabled/disabled as required. For example, a site that publishes data on, say, city air pollution levels, might never want to provide access via the API to the regular Joomla CMS content types. How best to actually achieve that, I'm not really sure.
Minor point, but I don't see any reason for the API to have access to or use of session data. The API should be stateless, so sessions are not needed.
Menu's solve the entire question about how to configure an api for external and internal use. You publish your api menu links and use Joomla built in security.
I'm not sure I would want to couple the API to the menu system, but I'm open to argument. ;-)
However, I do think that having a separate view that is responsible for transforming the internal data representation into JSON is a good idea. By allowing that to be overridden it becomes trivially easy to support JSONP and considerably easier to support other output formats, such as XML or CSV, if someone wants to do that. Adding boilerplate to the JSON would then be done by simply adding a custom override of the view.
The server should not have to parse the URL base path in order to determine which version the client is asking for, so I think having the version number in the URL path is purely for human consumption. But I happen to think it is desirable (and the Apigee folks recommend it too) for a couple of reasons. Firstly, a change big enough to warrant a v2 release is likely going to need new code and being able to drop that new code into a separate sub-directory while continuing to support the older API is a clean and simple way to do that. Secondly, being able to paste a URL into a regular web browser to check the response is something developers do all the time, but it's harder if the API needs specially-crafted headers or a change in the URL in order to produce the same behaviour. And thirdly, it increases the visibility of the version to developers, making it just a little more likely that stuff will be upgraded over time.
Using HTTP headers is the "correct" way according to the RESTafarians, but I believe some clients can have difficulty adding HTTP headers to their requests so I think there needs to be a fallback mechanism. I would suggest that adding a v=1, or version=1 or apiVersion=1 (take your pick) into the query part of a request would allow the Accept header version to be overridden.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/Rf0vupkZtsgJ.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
Thanks for all your hard work on this very well thought out document. I have only one concern that jumped out at me. The requirement for ETags may run up against some known PCI compliance issues. I think that the web services architecture could be very useful to a number of e-commerce solutions, but not at the expense of PCI compliance which is mandatory for credit card transactions in the United States.I see that you've already pointed out that there is some need for greater clarification regarding the use of ETags. I humbly ask that you consider PCI compliance when sorting out the details. Thanks again so much, this looks really great.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/vnpuAmz3nKUJ.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
What I'm concerned about is if we stick with JSON and want to add an attribute to a resource the whole JSON structure is changed an will break all consuming clients? So for the long run XML may be much easier to maintain and extend?
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to joomla-dev-cm...@googlegroups.com.
To post to this group, send an email to joomla-...@googlegroups.com.
Visit this group at http://groups.google.com/group/joomla-dev-cms.
For more options, visit https://groups.google.com/groups/opt_out.
Hi,I tried your 'prove' of concept code.- Its nice but quite slow as it loads too many dependencies which are not needed for a RPC call. In a mobile application and ultra good server it still caused over 1800ms to receive the result. It mus be done under 300ms otherwise its useless or better said disappointing for users.
- "prevent caching' is missing
- I also miss some 'service' introspection. So its easier to adopt JS clients to the services without reading all the docs. This is how exposed PHP classes will enumerate their methods : www.pearls-media.com/joomla25/components/com_xas/xapp/index.php. This implementation is based on Dojo's SMD proposal, widely used in high-tec apps from IBM. You can also switch transport to JSONP by appending &callback=bla.
- More transport layers should be in the boat : JSON-RPC via POST for big calls, JSONP for small calls.
You can download our RPC server implementation here : http://www.pearls-media.com/com_xas_1.1.zip (site/xapp/lib/rpc). Its the best JSON-RPC implementation for PHP around :-) the service entry point is setup in site/xapp/index.php.If you consider migrating our RPC code, let us know. We're very glad to help as we're waiting for a proper RPC implementation for Joomla since 2005.Thanks, don't hesitate to contact me. I wanna see it rocking, not crouching :-)
Hi Chris,I've had a look at the link you posted and there's a few other questions that perhaps you can help me with regarding the development of the Joomla web API.Since Joomla is at a fairly early stage in the development of its web API, it is a very interesting case study for academic purposes. Because of this, there's a few questions that popped up, for instance:
- Has it ever been a concern to develop the Joomla web API using a "design for change" approach? By this I mean, being conscious that your web API will have to change in the future and therefore you took measures to minimize the impact it will have on clients.
- Are you are of the "semantic versioning" way of versioning software? Is this something you are using/will use in the Joomla web API? This semantic versioning also means that breaking changes (i.e. backwards incompatible) should be left for major releases (X.0.0) and minor and patch (0.X.0 and 0.0.X) should be backwards compatible. Is this a concern for the Joomla web API developers?
If you could have a go at answering these for me, I will most definitely be using your insights for my academic research!