This shows you the differences between two versions of the page.
4thefile_api [2010/11/05 18:40] jay |
4thefile_api [2010/11/08 21:53] (current) jay |
||
---|---|---|---|
Line 2: | Line 2: | ||
The 4theFile API provides RESTful web services for use in integrating 4theFile with other web-based applications. The API has the following features: | The 4theFile API provides RESTful web services for use in integrating 4theFile with other web-based applications. The API has the following features: | ||
+ | |||
* all communication via HTTP or HTTPS | * all communication via HTTP or HTTPS | ||
* authentication via HTTP Basic auth | * authentication via HTTP Basic auth | ||
Line 62: | Line 63: | ||
If your web application's interface uses AJAX, you might be thinking that you can call the 4theFile API to get a 4theFile resource list in json format directly from inside the browser via XMLHttpRequest. There are 2 reasons why this isn't a good idea: | If your web application's interface uses AJAX, you might be thinking that you can call the 4theFile API to get a 4theFile resource list in json format directly from inside the browser via XMLHttpRequest. There are 2 reasons why this isn't a good idea: | ||
- | # your browser won't like it, because you're violating the "same origin" policy that helps prevent malicious cross-site scripting (XSS) attacks | + | - your browser probably won't allow it, because you're violating the "same origin" policy that helps prevent malicious cross-site scripting (XSS) attacks |
- | # you would need to provide access to your API credentials in the client-side javascript, thereby exposing them in the client-side source code | + | - you would need to provide access to your API credentials in the client-side javascript, thereby exposing them in the client-side source code |
- | so you'll need to provide your own ajax callback that in turn calls the 4theFile API (or provide a web proxy in the same origin as your server as described here http://developer.yahoo.com/javascript/howto-proxy.html) | + | So, you'll need to provide your own ajax callback that in turn calls the 4theFile API from the server, or else provide a web proxy in the same origin as your server as described here http://developer.yahoo.com/javascript/howto-proxy.html |
+ | Note: If you've read this far, you may be familiar with JSONP (an alternate solution to cross-domain ajax problems). We'd probably be willing to support JSONP as an alternative response format in the future if there's any demand for it. So if you'd like JSONP, [[tech_support_contacts | let us know]]. | ||