Nowadays, most web services offers some form of API-keys to access and update data programmatically. But there's usually a little catch: API-keys are full access and thus only usable from server to server. Some services has started to offer OAuth-access, but that involves some sort of authentication first.
In this example we have added two additional API-keys:
- One readonly (GET) key with access to /customers/** (meaning customers and all sub-urls). Only allowed from the jazzbank.com site.
- One update only (POST) key with access to a specific customers "notes" collection. Access from anywhere. Using this key, programmers can add note objects to this customer only.
The image below shows the dialog for creating the API-key for customers
Example code
After creating you secure API-key, set up a global AJAX filter:$.ajaxPrefilter(function( options ) {
if ( !options.beforeSend) {
options.beforeSend = function (xhr) {
xhr.setRequestHeader('x-apikey', '569a2b87566759cf4b984a50');
}
}
});
Now you can run database queries from your code to do cool stuff in your application. The example below fetches a contact list sorted by name in reverse order:
$.getJSON('https://rdb-simpledb.restdb.io/rest/customers?max=5&sort=name&dir=-1', function(data){
$.each(data, function(key, item){
$('#content').append(makeHtmlItem(item));
... more cool stuff here
});
});
We hope we have given you an idea of the flexibility of this approach to API-keys.
Read more in the docs here: https://restdb.io/docs/apikeys-and-cors
