I'd like to make my REST APIs operate via HTTPS. Some searching around does not reveal any posts along these lines. Anyone doing this? Any configuration or whatnot required?

Pretty much all I know about using SSL is contained in my post here:
http://www.missingubercartmanual.com/Configuring-Your-Site-For-HTTPS-whe...

So... any tips, pointers, docs to be had?

Comments

bsenftner’s picture

Status: Active » Closed (fixed)

Apparently, nothing. Other than configuring the site with an SSL solution, such as described here http://crackingdrupal.com/blog/greggles/drupal-and-ssl-multiple-recipes-..., nothing changes in one's Services implementation or configuration.

lpeabody’s picture

I've had my site configured for HTTPS for a while and it's been working like a champ. However, my REST server setup via Services refuses to cooperate over HTTPS. I'm using Poster through Firefox, and whenever I attempt a connect or login via HTTPS (using POST) I get the message: "No response was received. Either the request could not be opened or the request timed out."

In fact, I get that message for any kind of request made over HTTPS. I'm logging in through the web browser of HTTPS just fine though. Any ideas?

lpeabody’s picture

Status: Closed (fixed) » Active
bsenftner’s picture

Did you get it working?

For my setup, I wanted the entire site to be SSL, and that is accomplished via placing the entire Drupal installation inside the SSL directory of my web stack. I'm using the Uniform Server, a pre-hardened for the web version of WAMP. Once Drupal was inside the SSL directory, it is only available via SSL, and the Services endpoints as well.

I'm not sure how one would have partial SSL for a Drupal Services API...

lpeabody’s picture

I use Secure Login to force HTTPS on web forms. Once you're logged in I have it setup so the entire site can only be navigated through HTTPS. I don't understand why I can't get any communication what-so-ever via HTTPS when running against the REST server though. I would think I could just do a straight-HTTPS session - (connect, login, everything) all in HTTPS... but I just don't get any responses.

bsenftner’s picture

Do you have the Services "debug mode" enabled? If so, do you see anything in your logs?

Make sure your constructing your API accessing URLs as "https://www.yoursite.com/" + "your API endpoint" + "your resource"

For example, to login you need to post to "https://www.yoursite.com/yourApiEndpoint/user/login"

Also, if you are trying to call your API from Flash, you need a crossdomain.xml file at the root of your Drupal site hosting the API. (I think that only if the calling flash is not the same domain, but not sure - I'm not a flash developer.)

marcingy’s picture

Status: Active » Closed (fixed)