I have a WordPress website with custom tables that I store data into that was entered by customers. The site owner wants to develop a barcode app that can access this data. When I need the data from these fields to display within the site, I request it from a PHP script running on the server that make calls like get_post_meta().
The owner has hired a mobile app consultant who believes that, if he just has the password to the account where the site is hosted, he can access all of these database fields from the app.
I'm not seeing how this is possible. My understanding is that a mobile app can only access a site by making HTTP requests to it. It has no way of running on the server and executing things like get_post_meta().
Am I missing something?
Thanks
I think you are missing something. Wordpress now has a rest api https://developer.wordpress.org/rest-api/ that can allow a mobile application get at data in your database by making http requests.
The developer will need to be able to enable the Rest Api, but if you give her the password, she will probably be able to do so. Typically this is done using a plugin like: WP Rest API which enables a set of default endpoints which includes post meta data and allows you to add other endpoints
Depending on how the custom tables are set up, they might not be automatically available to the Rest API. However, if you are able to access them using get_post_meta() then I would expect that they would be accessible to the Rest API as well, most likely by adding endpoints.
Related
Woocommerce provides an API here which in order to use it, you have to provide a consumer key and consumer secret with a relevant authorization schema. What I fail to grasp is that, shouldn't be there an API for unauthorized / guest users ? I mean, I just want to create a display page (frontend) of available products, but without the need of generating CK/CS. Also looking in a similar question here
it seems that you cannot avoid using the keys. But a second question comes up. The frontend is not supposed to use the keys, because then the e-shop becomes exposed to the client. So, even by generating these keys in order to access woocommerce api, how am I supposed to correctly use them ? Please help me understand the flow.
TLDR;
Do NOT use CK/CS in front end. It's only for use in a secure backend. The keys can be used to read/write anything from products to, orders to all customer related information.
Based on you questions, I suspect APIs might not be the best way to do what you're intending to do. If you do need APIs, chances are, you have two backend servers communicating with each other. APIs are usually meant for use by other applications. For example, a lot of Point of Sale systems utilize this WooCommerce API. You might want to look into extending the WooCommerce plugin itself and creating end points to get the information or perform actions you need.
If you are not familiar with secure Authenticated APIs, I would highly suggest you familiarize yourself with them as failure to secure the website can result in huge financial losses to sensitive personal information leakage of the site users since WooCommerce APIs, at the time of this writing, only allows you to set read or write permissions with full access to everything.
With that in mind I will attempt to answer all of your questions one by one and give an idea of how you should use it.
To Answer your questions
What I fail to grasp is that, shouldn't be there an API for
unauthorized / guest users ? I mean, I just want to create a display
page (frontend) of available products, but without the need of
generating CK/CS
I'm guessing your misconception is that you need to use separate keys for each user. API keys are not meant to give access for front-end users. The API keys generated by the WooCommerece plugin gives full read/write access to any user to view/modify any information including that of other customers. Its meant for admins. If you check the official WooCommerce API reference for retrieving a customer you'll notice that you get to provide an id here. And if you check the response it shows everything from addresses to contact information.
The frontend is not supposed to use the keys, because then the e-shop
becomes exposed to the client. So, even by generating these keys in
order to access woocommerce api, how am I supposed to correctly use
them ?
Its quite simple actually. You just need to get between the communication between the front-end users and the WooCommerce API. If the users needs to be provided information from the WooCommerce end point, you need to get it for them using the CK/CS.
This way, you confirm what information is allowed to view/modify by whom, and the user does not need to be authenticated.
WooCommerce Endpoints <---> Your secure backend service/middleware/controller <---> front-end user
One thing to note though, is that you need to be careful about the parameters a front-end user is able to change in the request to your server end-point that is consuming the WooCommerce API key. A customer should not be able to change the id that is requesting their info for example. Id should be retrieved from the backend from the secure authentication information coming from the front-end.
I'm wondering if it's possible to use the Wordpress RESTful API to push and pull data and information from/to other websites.
For example, could I make my own application/website, like a CMS, that would utilize the WP API to change content, images, etc on other websites? And if so, what would the basic process of setting that up look like?
New to this, so sorry for not being more specific!
The Answer is "Yes, Its possible"
The WordPress REST API provides API endpoints for WordPress data types that allow developers to interact with sites remotely by sending and receiving JSON objects. When you send content to or make a request to the API, the response will be returned in JSON. This enables developers to create, read and update WordPress content from client-side JavaScript or from external applications, even those written in languages beyond PHP.
Please check wordpress codex for more information.
hello so I have 2 wp installations with buddypress, I would like to pull the second site members remotely and display them on the first blog.
is there a way to use WP_User_Query with a different database ?
In most server configurations, external access to the database is not allowed, in order to increase security. Thus, direct access to the database is probably not an option.
But Wordpress has a API that is made for external access via HTTP. The API has a getUsers function that should help you.
There are several libraries that can help you make XML-RPC (the protocol of the Wordpress API) requests, see Which PHP RPC (XML or JSON) library have you successfully used? for an overview.
I want to use Webex API [www.webex.com] to create meeting from my site.
For that I need my own domain in the case of URL API in this way:
"https://yourWebExHostedName.webex.com/yourWebExHostedName/".
And in the case XML API, I need WebexID, SiteID, ParternerID.
Those are mentioned in this Webex official document.
https://developer.cisco.com/documents/4733862/4736679/URL+API+WBS+27+Ref+Guide.pdf
I want to say that these parameters are available in testing environment.
But I don't have my own domain to use this API in production environment.
So I want to know that it is possible to use this API in production environment without owning a domain.
Do you have any Idea? Have you faced such problem? I need urgent solution regarding that.
For the XML API, you can obtain those parameters from this page (you need to login or register first to be able to see the form):
https://developer.cisco.com/site/webex-developer/develop-test/try-webex-apis/
To test the API, all the requests would be made to the sandbox site https://apidemoeu.webex.com
No
You cam't go for production without Webexdomain. Because For recording of video,Host users's and Attendee user's it take space on server to stored all this data you need your web-ex hosting site.
I'm working on a Java console application that needs to go through all the e-mailaddresses in the frontend database in Tridion Outbound E-mail 2011 and change a certain extended field of that contact.
I've gone through the Subscription API documentation for clues on how to get a listing of all the e-mailaddresses, but I'm getting stuck there. Is there any clean way to do this through the API, without resorting to database queries?
It is not possible to get a list of Contacts using the Subscription API. It is meant primarily for working with single Contacts, who update their profile on your website.
For bulk management of Contacts, you should use Tridion.AudienceManagement.API on your Content Management server instead. The changes will then be synchronized to all of your websites.
You should not change anything directly in the database, as you will get issues with synchronization.