Good point about the credentials. Proxy sounds like the way to go. I'd appreciate seeing the php code you have when you are ready to share it.
Thanks.
On Nov 3, 2014, at 6:37 AM, nitin arora wrote:
> I agree with Karen: due to the sensitive info and the Summon API terms of
> service it's important to avoid exposing your credentials - same reason
> nobody probably has or will offer a public proxy to the Summon API as
> mentioned in the embedded email from Oct. 26.
>
> On the other hand, you can create a local proxy/JSONP web service in your
> language of choice and call it from JS - taking care to try and limit
> access to your service to your own JS files, etc.
>
> I can share our (nclive.org) PHP Summon API caller function (if PHP is a
> language you use), but it'll be better in a week or so. Still missing code
> comments, special char. escaping, etc. It just returns the native Summon
> format (change to XML or JSON) so one would need to add the GET parts and
> having it return JSONP with a JSON header, etc. to turn it into a local
> JSONP web service that talks to Summon behind the scenes.
>
> In the meantime, maybe someone else on this list has a more ready-to-share
> option.
>
> thanks,
> Nitin
>
> On Mon, Nov 3, 2014 at 9:05 AM, Karen Coombs <[log in to unmask]>
> wrote:
>
>> I don't know what the Summon API uses to authenticate clients. It looks
>> from the Python code like a key and secret is involved. You should be care
>> about embedding these API credentials (key/secret) in a Javascript. This
>> makes them available for anyone copy and use.
>>
>> Karen
>>
>> On Sun, Nov 2, 2014 at 4:12 PM, Sara Amato <[log in to unmask]> wrote:
>>
>>> Has anyone constructed Summon API queries in javascript? (assuming that
>>> they can be constructed to use jsonp and avoid cross domain problems
>> …???)
>>>
>>>
>>>
>>> Subject:
>>>
>>>
>>> Re: Q: Summon API Service?
>>>
>>> From:
>>>
>>>
>>> Doug Chestnut <[log in to unmask]>
>>>
>>> Reply-To:
>>>
>>>
>>> Code for Libraries <[log in to unmask]>
>>>
>>> Date:
>>>
>>>
>>> Wed, 27 Oct 2010 11:56:04 -0400
>>>
>>> Content-Type:
>>>
>>>
>>> text/plain
>>>
>>> Parts/Attachments:
>>>
>>>
>>>
>>> text/plain (45 lines)
>>>
>>>
>>> Reply
>>>
>>> If it helps, here are a few lines in python that I use to make summon
>>> queries:
>>>
>>> def summonMkHeaders(querystring):
>>> summonAccessID = 'yourIDhere'
>>> summonSecretKey = 'yourSecretHere'
>>> summonAccept = "application/json"
>>> summonThedate = datetime.utcnow().strftime("%a, %d %b %Y
>>> %H:%M:%S GMT")
>>> summonQS = "&".join(sorted(querystring.split('&')))
>>> summonQS = urllib.unquote_plus(summonQS)
>>> summonIdString = summonAccept + "\n" + summonThedate +
>>> "\n" + summonHost + "\n" + summonPath + "\n" + summonQS + "\n"
>>> summonDigest =
>>> base64.encodestring(hmac.new(summonSecretKey, unicode(summonIdString),
>>> hashlib.sha1).digest())
>>> summonAuthstring = "Summon "+summonAccessID+';'+summonDigest
>>> summonAuthstring = summonAuthstring.replace('\n','')
>>> return
>>>
>>>
>> {'Accept':summonAccept,'x-summon-date':summonThedate,'Host':summonHost,'Authorization':summonAuthstring}
>>>
>>> --Doug
>>>
>>> On Tue, Oct 26, 2010 at 6:46 PM, Godmar Back <[log in to unmask]> wrote:
>>>> Hi,
>>>>
>>>> Unlike Link/360, Serials Solution's Summon API is extremely cumbersome
>> to
>>>> use - requiring, for instance, that requests be digitally signed. (*)
>>>>
>>>> Has anybody developed a proxy server for Summon that makes its API
>> public
>>>> (e.g. receives requests, signs them, forwards them to Summon, and
>> relays
>>> the
>>>> result back to a HTTP client?)
>>>>
>>>> Serials Solutions publishes some PHP5 and Ruby sample code in two API
>>>> libraries (**), but these don't appear to be fully fledged nor
>>>> easy-to-install solutions. (Easy to install here is defined as an
>>> average
>>>> systems librarian can download them, provide the API key, and have a
>>> running
>>>> solution in less time than it takes to install Wordpress.)
>>>>
>>>> Thanks!
>>>>
>>>> - Godmar
>>>>
>>>> (*) http://api.summon.serialssolutions.com/help/api/authentication
>>>> (**) http://api.summon.serialssolutions.com/help/api/code
>>>>
>>>
>>
>
>
>
> --
> Nitin Arora
> nitaro74 (at) gmail (dot) com
> "Hope always, expect never."
>
> humaneguitarist.org
> blog.humaneguitarist.org
|