0

I am developing an API for a social network website. This API will basically get all the requests from the users (get friend list, post a status update etc) and reply back if necessary.

We will implement OAuth 2.0 protocol for authentication. Consumer (our php project) has API id and secret.

Basic scenario:

  • Client wants to log in
  • API Consumer (php web project) takes this request, directs user to API
  • User send his/her user credentials to the api, gets the token.
  • User comes back to our website, pass token to the consumer.
  • Consumer goes to the api server, gets the access token.
  • Now consumer (php project) has access to user's private information.

Since this is a social network website, we want app developers to be able to use our API in the future.

I am not experienced in API-design. Does that flow make sense? I guess the simplest authentication would be accessing user information through php project. But we don't want to access database in php code. We will use ajax in client side and send a request to the API. And I believe there should be a better solution, what would you suggest?

ROMANIA_engineer
  • 54,432
  • 29
  • 203
  • 199
Shintzy
  • 3
  • 3

1 Answers1

0

Sure, API design is basically point where you need to choose technology. Either it can be PHP or .net or Java. I would prefer either PHP or .Net as we get lot of flexibility in it. API will return XML or Json depending upon the request. There are lot of CMS in php which can be helped. .net we have Service Stack to help you.

API's had to be fully independent from other world as well as within API method as well. If you are able to achieve this, then you will surely create a good architecture.

Nipun Ambastha
  • 2,553
  • 1
  • 16
  • 26