Answer the question
In order to leave comments, you need to log in
I
I
Ilya Trusov2016-01-27 19:49:05
Ilya Trusov, 2016-01-27 19:49:05
How to setup authorization in codeigniter rest full api?
Hello. Such situation. I use a library for rest full api. The config is as follows (removed comments for brevity):
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
$config['force_https'] = FALSE;
$config['rest_default_format'] = 'json';
$config['rest_supported_formats'] = [
'json',
'array',
'csv',
'html',
'jsonp',
'php',
'serialized',
'xml',
];
$config['rest_status_field_name'] = 'status';
$config['rest_message_field_name'] = 'error';
$config['enable_emulate_request'] = TRUE;
$config['rest_realm'] = 'API';
$config['rest_auth'] = FALSE;
$config['auth_source'] = '';
$config['auth_library_class'] = '';
$config['auth_library_function'] = '';
$config['rest_valid_logins'] = [];
$config['rest_ip_whitelist_enabled'] = FALSE;
$config['rest_ip_whitelist'] = '';
$config['rest_ip_blacklist_enabled'] = FALSE;
$config['rest_ip_blacklist'] = '';
$config['rest_database_group'] = 'default';
$config['rest_keys_table'] = 'apps_api_keys';
$config['rest_enable_keys'] = TRUE;
$config['rest_key_column'] = 'key';
$config['rest_limits_method'] = 'ROUTED_URL';
$config['rest_key_length'] = 40;
$config['rest_key_name'] = 'X-API-KEY';
$config['rest_enable_logging'] = TRUE;
$config['rest_logs_table'] = 'apps_api_logs';
$config['rest_enable_access'] = TRUE;
$config['rest_access_table'] = 'apps_api_access';
$config['rest_logs_json_params'] = TRUE;
$config['rest_enable_limits'] = FALSE;
$config['rest_limits_table'] = 'apps_api_limits';
$config['rest_ignore_http_accept'] = FALSE;
$config['rest_ajax_only'] = FALSE;
$config['rest_language'] = 'english';Now a question to authorization. How to log in using the key created in the database to access the API?
For example, when referring to the Key.php class (to create a key), the key is required, but if I send the key in the headers, it says that it does not exist. When referring simply to api controllers, no key is requested at all. What? I do not understand?
A few more oddities.
If I make the key private, the output is:
{"status":false,"error":"Invalid API key sckogwg0g8gosgwk8wgscw4kg000gc0w088w48s8"}If the key is not private, then:
{"status":false,"error":"This API key does not have access to the requested controller"}I sin that that lib does not know how to nest folders. For spread out the api classes into folders.
Thanks in advance. I hope there are still bearded men who use this antiquity.
1 answer(s)
@artgrosvil
I
Ilya Trusov, 2016-01-27 @artgrosvil
In general, the problem was not reading the documentation.
The rest_enable_access parameter is responsible for using a table in the database where the api key and controller are written. If there is no entry to use in the database, then there will be an error "This API key does not have access to the requested controller".
As for the "Invalid API key" error, it occurs if the is_private_key = 1 parameter is set in the database.
It is not clear what exactly this parameter means. Whether that this key cannot be used at the moment or something else.
Similar questions
A
S
M
A
anti1262020-04-10 02:29:38
The site does not start problems with the database, what's the problem?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question