I
I
Ivan Vekov2020-04-20 18:43:14
PHP
Ivan Vekov, 2020-04-20 18:43:14

How to configure the API to a closed system?

Good afternoon, I'm thinking about the following question:

- We have:
1) The site is managed by our company. A regular site on apache + nginx + php that users visit, etc. [site.ru]
2) CRM system. Also on apache + nginx + php, but it cannot be accessed from the external network, although it has access. That is, you can ping site.ru from the crm.ru server, but ping crm.ru from site.ru will not work. [crm.ru]
3) A site operated by a third party that provides services to us. On what it works - it is not known and I think it is not very important. [site-2.ru]
4) Goals - [site-2.ru] wants to receive real-time API data from [crm.ru].

Here is the question - how can this be implemented, preferably without opening ports, networks, etc.?
The first thing that came to my mind was to deploy a socket service on [site.ru], which will be listening from [crm.ru]. But I'm really bad at sockets, and maybe that's not it at all.

In general, I ask for advice on the implementation of this goal.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
I
Ivan Shumov, 2020-04-20
@inoise

And in any way, in general. If you cannot change the site from the server side, then this means that only client-side changes are available to you, which will not be able to reach CRM. That's all. CRM will not send anything to the site because you are helpless from the server side.
In addition, you want an API from CRM, which means that at best you will need a VPN connection to CRM. Well, either take CRM to the public or open ports

D
Dmitry Belyaev, 2020-04-20
@bingo347

site-2.ru simply writes a new location in nginx, which requires a tls client certificate (available on the crm.ru side, this is necessary so that no one else can pull this location)
crm.ru pulls a post request for this location and discards there, site.ru data
updates in the interaction between site-2.ru and crm.ru are not needed at all

C
CityCat4, 2020-04-21
@CityCat4

If crm.ru is behind NAT, this means that without port forwarding, site-2.ru will not be able to initiate a connection to it in any way (well, from the word at all). Either it signals to site.ru so that crm.ru itself establishes a connection with site-2.ru, or you need to forward the port through which site-2.ru will send the command to crm.ru

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question