Overview

Services is comprised of 2 components:

  • services: Modules which contain functions intended to be invoked from remote.
  • servers: Modules which provide a connection protocol, such as XMLRPC.

How to Authenticate with Sessions enabled

In order to authenticate to Services, you must first request an anonymous session id. You do this with the system.connect method.

Once you have an anonymous session id, then submit another xmlrpc request with the user.login method using three variables: anonymous session id, username, password.

If authentication is successful then the xmlrpc response will include a valid session id. The xmlrpc response will also include a whole bunch of information about the user and profile information.

If authentication fails, it may be for several reasons. The xmlrpc response should give you a clue to the reason.

Some services such as node.load now check a user's permissions before providing the data. If the user's permission is insufficient, an 'access denied' error is returned.

In order to authenticate, here is the general flow of services requests:

session = system.connect();
user = user.login(session, 'MyName');
node.save(session, mynode);

Hooks

services

  • hook_service(): This is where you map your services and methods to functions. You can provide help text and argument details for each method, to be used in the service browser.

servers

  • hook_server_info(): Specify information about your server.
  • hook_server(): Converts an incoming request into a Drupal function call and then converts the result back into the appropriate return format.

Comments

matslats’s picture

Thanks for the authentication advice.
Can you write a bit more, maybe providing an example connection/login script and setup information?
I'm finding system connect is failing on the server side.
Could it be permissions?
How do I debug the server side?

Also I'm concerned that using system.connect/user.login for every query will be a performance drag, but I don't know otherwise how to check if the client is already logged in, which is usually the case.

akkawi’s picture

hey, how do you recognize the user if he comes later back ? without sending the login information through the saved session id ?

you login with the session id ? or connect with session id ?