API Connections

George · November 8, 2018, 7:29pm

The API Data Source runs client side with App Connect and there is no point of adding oauth or other security features to it as they require secret keys that you don’t want public in your html code…

We will be adding API connectivity to Server Connect soon and there will be able to handle server side all the security you need

s.alpaslan · November 8, 2018, 7:31pm

you are powerfull team . thank you again

johnny.hajjar · November 14, 2018, 7:30am

Hi George, have u guys started working on the POST API connectivity? is it expected anytime soon ?

I have reviewed the the API data Source, and ATM unable to fulfil my requirements without a POST option. here is my scenario:

I need to make a post request with username and password from a form within wappler.
The response will return a token.
I will use this token by storing in sessions to make all further get Requests.

Unfortunately i was unable to achieve this without a post option app connect side or server connect side. :frowning.

I think it would be nice to have a post option even at client side, as security will not always be a concern, but off course having it at both ends would be perfect.

Kindest regards,
@George
Johnny Hajjar

s.alpaslan · November 14, 2018, 7:29am

Yeap I need to create bearer token .

Freddy_Blockchain · November 14, 2018, 9:27am

same here! Need to make a Post request first. / Bearer Token.

George · November 14, 2018, 10:14am

Yes we are working on it - hopefully we can make it for this weeks update.

It will contain two additional API components:

API Action - allowing you to just call an api with given data and headers
API Form - allowing you to make a regular form submit to an API url, much like the Server Connect Form but then submitting to external API

Freddy_Blockchain · November 14, 2018, 10:28am

Take your time! What we already got is alot, we even didnt discover 1% percent of whats everything possible with our existing API now!

AdrianoLuiz · November 14, 2018, 10:42am

I love Wappler and its components

s.alpaslan · November 20, 2018, 3:19pm

Hello @George
Are there any news about server side API extension ?
Can we use it in this week ? Because we cant create ‘bearer token’ server side .
I’m looking forward to your good news

Teodor · November 20, 2018, 3:22pm

Hi Serhat,
Please take a look at the docs here: API Connector components, how to use and connect REST/Curl API's

s.alpaslan · November 20, 2018, 3:38pm

Hello @Teodor,

Yeap this is so usefull but we need to create bearer token server side . I think this is client side . This is not secure process for bearer token . I want to handle it securly from server side . @George said that We will add this feature soon . I want to learn just will it add be this week ? Or soon ?

geoplugin · November 21, 2018, 10:02pm

I concur - to protect any client-side API request from being abused (by code sniffing), there are many instances where an encrypted token is needed to pass to the client API request that can only be generated server-side. I’m guessing this is what is called here the “bearer token”?
A simple example is in an API call to a cloud server for a video - these generally take the GET form of
nvb=timestamp (not valid before)
nva=timestamp (not valid after)
video_url=…
hash=hash of nvb/nva/video_url with a secret key shared between server and cloud

Just simple example, but many exist (my own including) - all requiring a server-side generation of the “bearer token” to pass to the requesting API for validation of authenticity

s.alpaslan · November 22, 2018, 8:46am

Yeap I cant use for my work without server side

Freddy_Blockchain · November 22, 2018, 9:22am

So now for example with wappler and API if you wanna use your bittrex, poloniex, binance exchange account API , the private API Key would be exposed on your project @s.alpaslan right?

s.alpaslan · November 22, 2018, 9:24am

We are voip provider and I have to get list cdr reports (call detail reports) , make call via API and all invoice process . All voip soft switchs work with bearer token .

Yeap same problem … I cant start with out server side . Because really securless

s.alpaslan · November 22, 2018, 9:31am

I dont worry because @george said that " We will be adding API connectivity to Server Connect soon and there will be able to handle server side all the security you need " … just wonder when it will be add . Because I want to start voip projects …

Wappler and Voip

Freddy_Blockchain · November 22, 2018, 9:40am

I‘m sure @georg and whole wappler team are able to solve that proper authentication via bearer/serverside. I‘m in the same boat, just didnt start using API as I guess I would stumple exactly with that security situation.

s.alpaslan · November 22, 2018, 9:44am

Do you know coin prediction API or news API… if you know you can share with us @Freddy_Blockchain

Because I always look coins
We can seperate this topic

psweb · November 22, 2018, 9:45am

I have to admit although I would love the Server Connect API integration as soon as possible I have been in the fortunate position where most of my API connect stuff is locked down behind admin pages, in other words I am mainly using API’s in situations where the person has to login to a backend of some sort first, and yes then my keys are exposed, however at least not to just the entire general public.

AdrianoLuiz · November 22, 2018, 2:04pm

Eu não estou usando ainda Server Connect API
because all I need now, need Server-side Authentication,