georgebkk Posted October 24, 2016 Share Posted October 24, 2016 While the REST API guide state that you can use the "key" parameter, there's actually nothing in the code to look for it, unless you run it from CGI (as of 4.1.16). You need to send a HTTP Basic Authorization header $('#action-button').click(function() { $.ajax({ url: 'http://csip.thaivisa.com/api/core/hello', beforeSend: function( xhr ) { xhr.setRequestHeader( "Authorization", "Basic " + window.btoa( unescape( encodeURIComponent( 'exxxxxxxxxxxxxxxxxxxxxxxxe' ) ) ) ); }, success: function( data ) { Debug.log( data ); } }); }); Link to comment Share on other sites More sharing options...
MADMAN32395 Posted October 24, 2016 Share Posted October 24, 2016 if its a bug, submit a ticket for it and they will fix and add to tracker. Link to comment Share on other sites More sharing options...
Management Charles Posted October 24, 2016 Management Share Posted October 24, 2016 Yes that is correct. If you are not running CGI mode you use the HTTP Auth header. Link to comment Share on other sites More sharing options...
Martin A. Posted October 24, 2016 Share Posted October 24, 2016 I have already reported this. Link to comment Share on other sites More sharing options...
Martin A. Posted October 25, 2016 Share Posted October 25, 2016 Response from IPS Support: Quote Yes, this is actually intentional - the problem is that some servers, when configured in CGI mode, do not support HTTP Authorization properly. In those instances, then the "key" parameter can be used. This, however, is less secure and has the chance to expose the API key which then opens the API up to abuse, if obtained. The API itself is not really designed to be used via AJAX - further, doing what you are doing will also expose the API key to those who should not have it. What I would recommend doing, in this instance, is point the AJAX call to a PHP file locally, and then have that PHP file perform the API request and return the results. Link to comment Share on other sites More sharing options...
georgebkk Posted October 25, 2016 Author Share Posted October 25, 2016 So how would we get a mobile app to connect to the api? As we cannot upload a php file to the server as that will also be accessible from the web? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.