Has anyone built an API with CFCs?

Posted on October 13, 2008, under ColdFusion, General, Projects.

Looking for a great way to build an API into our system using CFCs with an authentication method, etc.

If anyone has ideas, please shoot them over to me!

7 Replies to "Has anyone built an API with CFCs?"

gravatar

Shannon Hicks  on October 13, 2008

If you’re implementing a public API and need authentication, I suggest OAuth. There’s even sample CF code available.

http://oauth.net/

gravatar

todd sharp  on October 13, 2008

I’ve rolled my own before. Here’s a quick overview:

Have an authentication method.
First call to the auth method returns a ‘remote session token’.
Token is stored in the application scope (in a struct) since a REST style interface is not stateful (can not use session vars unless you keep passing cfid/cftoken back and forth).
Each subsequent calls require the remote session token
(check for it In your pseudo-constructor – outside of any function calls).

It’s pretty simple. Does that give you an idea of how to roll it, or do you need more explanation?

gravatar

Joshua Rountree  on October 13, 2008

I think elaborating is definitely a must. I’m not quite sure what you’re saying haha.

gravatar

Joshua Rountree  on October 13, 2008

I mean I get what you’re saying pretty much but how does it know which is the first call? This application requires a login/password to get into it by default. Should I assign them some sort of authentication key assigned to their account or something? Domain authorization? any of that?

gravatar

todd sharp  on October 13, 2008

If no one else answers I’ll try to put together a blog post within the next day or two.

gravatar

Shannon Hicks  on October 13, 2008

Really, oAuth takes care of all of that. It’s pretty easy to implement, has good documentation, and great community support. It is currently used by the likes of Twitter, Google, Yahoo, MySpace, SmugMug, etc.

There are oAuth libraries (Server and Client) for ColdFusion, ActionScript 3, Java, PHP, .NET and the other usual suspects.

You can always hop into the google group and ask questions.

gravatar

Hem Talreja  on October 14, 2008

Josh,

I have posted my SOA backend, there is user authentication as there is only one entry point into your application and each method can be secured or an open event.

http://www.hemtalreja.com/?cat=11

Let me know if you need help extending this functionality.

Leave a Comment