Posted on 11-16-2013
I'm working on a series of simple scripts that help people deploy APIs from some of the most common data sources. I'm starting with a series of PHP scripts, and last week I did a private Google Spreadsheet to API demo, and this week I want to show how to secure access to the API by requiring an AppID and AppKey which will allow you to track on who has access to the API.
For this PHP implementation, I'm using the SLIM framework, which provides a dead simple REST framework you can use to deploy an API from a variety of data sources. To begin deploying an API from your Google Spreadsheet datastore, download the REST library and upload to your server that runs PHP.
Slim is pretty straightforward to work with, to add each API endpoint you just add a single PHP file under methods. For this how-to guide we are going to add a simple endpoint from our private spreadsheet products data store.
Before all of this works you need to have an oAuth token, which I created a simple script to handle:
I leave it to you to figure out where you want to store your oAuth tokens, and other goods. I use a config.php file, but can easily be done from database or other:
Next you just add an include reference in the index page for your slim implementation. Everything up until now was the same as the private Google Spreadsheet to API solution, but not on the index page we will wrap the entry point to the API, with a 3Scale API Management layer. 3Scale is free to sign up and you pay as you scale, so all it takes to get going is register for a 3Scale account and choose the base account, and under your account settings you will find your key to link this code to your account.
This API just uses ID, Name, Price and Description of the product, and queries by a simple query parameter. You can use this as a template for your own product database, adding and removing fields as you need, or completely retrofitting for any database table. That is it, now you have a simple product API that pulls a list of products from a private Google Spreadsheet data store.
There are any number of reasons you would want to secure an API driven from a private Google Spreadsheet file, to offer advanced search, filtering or just to track on who is accessing resources. This solution just uses 3Scale to secure the API interface, requiring an AppID and Appkey to use the API.
Hopefully that demonstrates a simple approach to securing an API that is driven from a private Google Spreadsheet file.
Disclosure: 3SCale is an API Evangelist Partner
comments powered by Disqus
Winning in the API Economy
|Download as PDF|
Latest Blog Posts
- Showcasing Your API Integrations With Other Platforms
- Increasing The Focus On APIs In Higher Education Is Important
- The New StrongLoop API Server Provides A Look At Future Of API Deployment
- Models For API Driven Startups Built Around Public Data
- Will You Add Me To API Evangelist And How To Spot The Cool Kids
- When I Remix APIs Using Swagger How Do I Deal With Authentication Across Multiple APIs
- It Takes A Team Of Evangelists To Raise An API
- Support For Only Two Creative Commons Licenses In The API Commons
- Machine Readable Terms of Service Didn't Read Applied To APIs Via APIs.json
- API Deployment For Non-Developers Using Zapier, Google Docs, and APISpark
- State of Hypermedia Today @ API Craft In Detroit
- Need A Formal API Standard For Your Government Agency? Fork 18Fs, And Make It Your Own!
- CORS Makes Your API Portable And Remix-able
- Chief Data Officer Needs To Make The Department Of Commerce Developer Portal The Center Of API Economy
- An API Definition As The Truth In The API Contract
- Look At Existing APIs In The Space Before Designing Your Own
- Libraries Hacked: UK Library API, Data And Technology Hacks
- Financial Data Aggregator Yodlee Looking For A Director of Developer Evangelism
- AutoDevBot Open Sources Their API Monitor
- Low Hanging Fruit For API Discovery In The Federal Government
- Looking At 77 Federal Government API Developer Portals And 190 APIs
- Applying APIs.json To API Discovery In The Federal Government
- The Power In API Discovery For APIs.json Will Be In The API URL Type
- Fixing The Machine Readability in API Commons
- Evolving How We Approach The API Lifecycle With APIMatic