How to setup authorization in codeigniter rest full api?

I

Ilya Trusov2016-01-27 19:49:05

CodeIgniter

Ilya Trusov, 2016-01-27 19:49:05

Hello. Such situation. I use a library for rest full api. The config is as follows (removed comments for brevity):

<?php

defined('BASEPATH') OR exit('No direct script access allowed');

$config['force_https'] = FALSE;

$config['rest_default_format'] = 'json';

$config['rest_supported_formats'] = [
    'json',
    'array',
    'csv',
    'html',
    'jsonp',
    'php',
    'serialized',
    'xml',
];

$config['rest_status_field_name'] = 'status';

$config['rest_message_field_name'] = 'error';

$config['enable_emulate_request'] = TRUE;

$config['rest_realm'] = 'API';

$config['rest_auth'] = FALSE;

$config['auth_source'] = '';

$config['auth_library_class'] = '';
$config['auth_library_function'] = '';

$config['rest_valid_logins'] = [];

$config['rest_ip_whitelist_enabled'] = FALSE;

$config['rest_ip_whitelist'] = '';

$config['rest_ip_blacklist_enabled'] = FALSE;

$config['rest_ip_blacklist'] = '';

$config['rest_database_group'] = 'default';

$config['rest_keys_table'] = 'apps_api_keys';

$config['rest_enable_keys'] = TRUE;

$config['rest_key_column'] = 'key';

$config['rest_limits_method'] = 'ROUTED_URL';

$config['rest_key_length'] = 40;

$config['rest_key_name'] = 'X-API-KEY';

$config['rest_enable_logging'] = TRUE;

$config['rest_logs_table'] = 'apps_api_logs';

$config['rest_enable_access'] = TRUE;

$config['rest_access_table'] = 'apps_api_access';

$config['rest_logs_json_params'] = TRUE;

$config['rest_enable_limits'] = FALSE;

$config['rest_limits_table'] = 'apps_api_limits';

$config['rest_ignore_http_accept'] = FALSE;

$config['rest_ajax_only'] = FALSE;

$config['rest_language'] = 'english';

Now a question to authorization. How to log in using the key created in the database to access the API?
For example, when referring to the Key.php class (to create a key), the key is required, but if I send the key in the headers, it says that it does not exist. When referring simply to api controllers, no key is requested at all. What? I do not understand?
A few more oddities.
If I make the key private, the output is:

{"status":false,"error":"Invalid API key sckogwg0g8gosgwk8wgscw4kg000gc0w088w48s8"}

If the key is not private, then:

{"status":false,"error":"This API key does not have access to the requested controller"}

I sin that that lib does not know how to nest folders. For spread out the api classes into folders.
Thanks in advance. I hope there are still bearded men who use this antiquity.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

Ilya Trusov, 2016-01-27
@artgrosvil

In general, the problem was not reading the documentation.
The rest_enable_access parameter is responsible for using a table in the database where the api key and controller are written. If there is no entry to use in the database, then there will be an error "This API key does not have access to the requested controller".
As for the "Invalid API key" error, it occurs if the is_private_key = 1 parameter is set in the database.
It is not clear what exactly this parameter means. Whether that this key cannot be used at the moment or something else.