Services offers the ability to control access via API keys. This requires
setting up a key on the remote server, and putting together a specially
crafted call on the requesting server. This document gives an example of how
to set this up in Drupal using the user.get service.
On the remote server:
1) Install Services, enable the Services, XMLRPC Server, System Service, and User Service
module. If you are using Services 6.x-2.x you will also need to enable the Key Authentication module.
2) When using API key authentication, services run as the anonymous user, so you will need to modify the anonymous user's permissions as necessary. For this example, you will need to give the anonymous user 'access services' (under services_module) and 'get own user data' (under user_services module). If you are using Services 6.x-2.x the 'access services' permission is no longer available. Use the per key 'method access' section mentioned in the next step.
3) Now you need to create an API key and give the key access to the methods you want it to use. Go to Administer->Site Building->Services->Keys->Create Key. Give the key a title and a domain. The domain can really be anything, but typically it will match the external domain which has permission to use this key. Next, under 'Method Access' check the specific methods you want this key to have access to. Note that if you activate additional service modules you will need to use Keys->List->Edit to add the additional methods to the key. Submit the form. You will now see your key listed. Take note of this key as you will need it in the code you are about to write.
4) Go to Administer->Site Building->Services->Settings and check 'Use Keys'. Submit the form. If you are using Services 6.x-2.x you may also need to choose 'Key authentication' from the drop down list labeled 'Authentication module'. All services calls are now required to include API key information.
On the requesting server:
Service calls using API keys require four parameters:
Timestamp - Current time in unix timestamp format.
Domain - The value you entered for domain above.
Nonce - A random value.
Hash - An sha256 hash of the timestamp, domain, nonce and remote method name delimited by semicolons and using the remote api key as the shared key.
Here is some example Drupal code which shows how this works.
<?php
$domain = 'my domain';
$timestamp = (string) time();
$nonce = user_password();
$hash = hash_hmac('sha256', $timestamp .';'.$domain .';'. $nonce .';'.'user.get', 'remote_api_key');
$xmlrpc_result = xmlrpc('http://remoteserver.com/services/xmlrpc', 'user.get', $hash, $domain, $timestamp, $nonce, 0);
if ($xmlrpc_result === FALSE) {
print '<pre>' . print_r(xmlrpc_error(), TRUE) . '<pre>';
}
else {
print '<pre>' . print_r($xmlrpc_result, TRUE) . '<pre>';
}
?>
Some notes:
1) The timestamp must be cast to a string or you will get an error that you are passing an argument of an incorrect type.
2) Drupal's user_password() function is a convenient way to generate a random string to use as the Nonce.
If this code runs successfully, then you should see the anonymous user's information printed. Otherwise you will see an error.
Comments
API key authentication using REST Server module
Moved to http://drupal.org/node/400212
need help
I need help with api key authentication... please... how should i do it?
user.get no longer exists
in 5.x-1.x-dev there is no longer a user.get method
Peter Lindstrom
LiquidCMS - Content Solution Experts
terminology
Can the wording be changed here please to talk not about the remote and requesting servers, but the server and client, or something clearer
Can't find 'access services' in 6.x-2.0-beta1 and 6.x-2.x-dev
Does this still work? Coz I can't find "access services" in either the permissions page or the services.module file in versions 6.x-2.0-beta1 and 6.x-2.x-dev.
How DO we allow anonymous access to services now?
Rather than a generic 'access
Rather than a generic 'access services', you will have to grant access to the service that the user will be using. For example, the node service. If you want remote login service, user service.
cant seem to get this to work
im using the code
and then when visiting my test1.php page it says
Fatal error: Call to undefined function user_password() in D:\xampp\htdocs\test2\test2.php on line 5
if i create a random string for $nonce
this is replaced in the main code.. then I get the following error
Fatal error: Call to undefined function xmlrpc() in D:\xampp\htdocs\test2\test2.php on line 8
anyone know what might be going on? am i missing an include or something that makes these functions avail?
XMLRPC Server
Have you added the "XMLRPC Server" module under "Services - servers"?
yea :( I think in the version
yea :( I think in the version of services that is out for 6.x2 or what ever has some changes..
If you are getting a function
If you are getting a function undefined for xmlrpc() then that is a Drupal problem, not a Services problem. Something is wrong with your installation.
Agreed. user_password() and
Agreed. user_password() and xmlrpc() are Drupal functions. If you are not executing the code from within Drupal (e.g. within a Devel execute PHP field /devel/php), you will not have access to those functions.
Also getting the same kind of
Also getting the same kind of error, did you find a solution for this?
Visit Goldlilys Media
you can also use this
you can also use this http://www.w3schools.com/PHP/func_misc_uniqid.asp
unidid creates a random value that can be passed if you do not have user_password() working for you..
are we having this module in
are we having this module in Drupal 7?
Hopefully have created a
Hopefully frank has created a sandbox project
http://drupal.org/sandbox/frankcarey/1246396