yup nearly ... the only thing i would do is not send in the
username/password as a URL param, instead use HTTP Basic Auth or some
other encoding mechanism, for example Amazon uses encryption key to do
the encoding over the wire to sign the request.
On 25/07/2013 15:26, Jason Allen wrote:
Using OpenBD to power Android apps.
I'm wanting to build an Android app, and I'm trying to figure out the
best way to allow the app access to OpenBD.
I have OpenBD running on CentOS 6.4
I have CFC's created that can return the data as JSON structures if
requested. I use the CFC's in AJAX/JSON requests.
I'm going to create a very basic API, which is essentially a
developerID (for the developer) and appID+appKey that will be used to
authenticate external apps (basically giving the app it's own
userID/password). While I don't have any 3rd parties creating apps, I
feel this method will give a reasonable path forward to giving a 3rd
party access in the future. I would essentially write each CFC to use
the developerID+AppKey+AppID as additional arguments, and much like a
password, the data would need to be correct in order to return a result.
Any interally built apps would get developerID of 1, and then each app
built would get it's own ID/Key.
To my understanding, to make this data available to an app, I just
need to allow for remote calls to the .CFC (from non-domain source),
setup https (for secure transactions), and configure the cfc call to
return data in JSON format.
As an example, here's an HTTPS url calling a login function via cfc.
If successful, it returns Success=1 and creates a session. If it
fails, returns Success=0. In theory, I believe I should be able to
code the app so that send this url using the data provided by the
user, and interprets the returned JSON code accordingly.
https://company.com/cfc/login.cfc?method=login&userID=#userID#&password=#password#&appID=#appID#&appkey#appKey#
Am I on the right track? Before I start dealing with an android
developer (or trying it on my own), I want to lock down how I'm going
to handle remote requests from external apps.
--
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
---
You received this message because you are subscribed to the Google Groups "Open BlueDragon" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
