LISTSERV 16.5 - CODE4LIB Archives

I don't know what the Summon API uses to authenticate clients. It looks
from the Python code like a key and secret is involved. You should be care
about embedding these API credentials (key/secret) in a Javascript. This
makes them available for anyone copy and use.

Karen

On Sun, Nov 2, 2014 at 4:12 PM, Sara Amato <[log in to unmask]> wrote:

> Has anyone constructed Summon API queries in javascript?  (assuming that
> they can be constructed to use jsonp and avoid cross domain problems …???)
>
>
>
> Subject:
>
>
> Re: Q: Summon API Service?
>
> From:
>
>
> Doug Chestnut <[log in to unmask]>
>
> Reply-To:
>
>
> Code for Libraries <[log in to unmask]>
>
> Date:
>
>
> Wed, 27 Oct 2010 11:56:04 -0400
>
> Content-Type:
>
>
> text/plain
>
> Parts/Attachments:
>
>
>
> text/plain (45 lines)
>
>
> Reply
>
> If it helps, here are a few lines in python that I use to make summon
> queries:
>
> def summonMkHeaders(querystring):
>             summonAccessID = 'yourIDhere'
>             summonSecretKey = 'yourSecretHere'
>             summonAccept = "application/json"
>             summonThedate = datetime.utcnow().strftime("%a, %d %b %Y
> %H:%M:%S GMT")
>             summonQS = "&".join(sorted(querystring.split('&')))
>             summonQS = urllib.unquote_plus(summonQS)
>             summonIdString = summonAccept + "\n" + summonThedate +
> "\n" + summonHost + "\n" + summonPath + "\n" + summonQS + "\n"
>             summonDigest =
> base64.encodestring(hmac.new(summonSecretKey, unicode(summonIdString),
> hashlib.sha1).digest())
>             summonAuthstring = "Summon "+summonAccessID+';'+summonDigest
>             summonAuthstring = summonAuthstring.replace('\n','')
>             return
>
> {'Accept':summonAccept,'x-summon-date':summonThedate,'Host':summonHost,'Authorization':summonAuthstring}
>
> --Doug
>
> On Tue, Oct 26, 2010 at 6:46 PM, Godmar Back <[log in to unmask]> wrote:
> > Hi,
> >
> > Unlike Link/360, Serials Solution's Summon API is extremely cumbersome to
> > use - requiring, for instance, that requests be digitally signed. (*)
> >
> > Has anybody developed a proxy server for Summon that makes its API public
> > (e.g. receives requests, signs them, forwards them to Summon, and relays
> the
> > result back to a HTTP client?)
> >
> > Serials Solutions publishes some PHP5 and Ruby sample code in two API
> > libraries (**), but these don't appear to be fully fledged nor
> > easy-to-install solutions.  (Easy to install here is defined as an
> average
> > systems librarian can download them, provide the API key, and have a
> running
> > solution in less time than it takes to install Wordpress.)
> >
> > Thanks!
> >
> >  - Godmar
> >
> > (*) http://api.summon.serialssolutions.com/help/api/authentication
> > (**) http://api.summon.serialssolutions.com/help/api/code
> >
>