php - seeking advise for a mobile client-server application strategy -


i'm seeking advice regarding following plan have future project of mine.

  • the big picture
    • i want produce mobile client (ios, android, windows phone, etc.) query (read/write) database website , display results.
    • plus several other features...

i know directly accessing database (bypassing web server) client bad idea on internet. think shared webhosting plans prohibit anyway. here intended solution...

  1. mobile client sends data webserver through api call.
  2. the webserver processes rest api call , queries database. webserver works middleware between mobile client , database server.
  3. the webserver receives results db queries , passes them mobile client.
  4. mobile client displays/manipulates data on client-side.

my experience apis limited consumption of twitter, instagram, , google shopping apis. experience, seems best transport data between mobile , webserver in json format.

now, here concerns...

  1. how can ensure logged-in users can use api? oauth solution?
  2. for rest api, better if restful?

the current environment of website on shared hosting php , mysql though i'm thinking of moving cloud-based services in future. i'm planning implement middleware using either codeigniter or cakephp or apify.

i appreciate if can critique plans above or present better alternatives ones have in head.

thanks in advance.

rest best architecture you're looking for. more restful get, better.

oauth authorization protocol, handles websites has authorization use credentials. authorization different authentication, although 1 can use authorization party ensure authentication.

the choice on oauth depends on services you're building on. example, if application based on twitter, makes sense use twitter oauth authentication.

if service provide own credentials, every user having own username/password stored you, oauth not best choice. on scenario, you'll need setup oauth client , oauth server, not necessary.

for own authentication, http digest auth choice: simple implement, lot of libraries support , it's secure enough cases.

avoid sessions , cookies in php. rest stateless , features full of client state on server.

if 1 day need expand service more servers, synchronizing sessions between them painful.

take care of cache headers expires, etag , last-modified. improve overall performance of api , can setup reverse proxy (a middleware between server , client) can cache things you.

public data on api should not require authentication. when caching authenticated data, can't share cache between different users. public data cache can shared.

both json , xml easy handle , manipulate. json better, xml is. see this answer more info differences on these formats.

take @ respect\rest, varnish , frapi. these great tools rest apis.


Comments

Post a Comment

Popular posts from this blog

java - Play! framework 2.0: How to display multiple image? -

i need display gallery of photos. here template: @(photos: list[photo]) @title = { <bold>gallery</bold> } @main(title,"photo"){ <ul class="thumbnails"> @for(photo <- photos) { <li class="span3"> <a href="#" class="thumbnail"> <img src="@photo.path" alt=""> </a> </li> } </ul> } and here controller method: public static result getphotos() { return ok(views.html.photo.gallery.render(photo.get())); } and here photo bean : @entity public class photo extends model { @id public long id; @required public string label; public string path; public photo(string path, string label) { this.path = path; this.label = label; } private static finder<long, photo> find = new finder<long, photo>( long.class, photo.class); public static list<phot...
Read more

gmail - Is there any documentation for read-only access to the Google Contacts API? -

i want read-only access user's google contacts. there stackoverflow member wanted this, , received following answer : yes, there is, use https://www.googleapis.com/auth/contacts.readonly scope , "view contacts". this exchange reference read-only access google contacts can find using google. simply using access token obtained attempt read usual google contacts api (i.e. https://www.google.com/m8/feeds ) fails insufficient permissions. similarly, using google contacts api on new target fails 404 errors (for example https://www.googleapis.com/auth/contacts.readonly/default/full ). is there documentation anywhere on how use api, or permissible way access google contacts api full read-write access?
Read more

php - Controller/JToolBar not working in Joomla 2.5 -

relevant code: jtoolbarhelper::custom('savecategories', 'save', '', 'save', false, false); ... <input type="hidden" name="controller" value="easyblogcontroller"> according can dig docs , own previous questions, should call savecategories() function in easyblogcontroller . i've tried setting value easyblog , easyblog.php (file name) current easyblogcontroller (class name). clicking on save button refreshes page. not redirect, echo or var_dump test code put in savecategories() function. var_dump ing jrequest::getvar('controller') , 'task' return correct values. creating controller object , using $controller->execute('task'); works. the values going depend on location of controller trying call, , have couple options here. typically there controller in base folder of component (likely components/com_easyblog) in file called controller.php , class name inside ...
Read more