I agree with Karen: due to the sensitive info and the Summon API terms of
service it's important to avoid exposing your credentials - same reason
nobody probably has or will offer a public proxy to the Summon API as
mentioned in the embedded email from Oct. 26.
On the other hand, you can create a local proxy/JSONP web service in your
language of choice and call it from JS - taking care to try and limit
access to your service to your own JS files, etc.
I can share our (nclive.org) PHP Summon API caller function (if PHP is a
language you use), but it'll be better in a week or so. Still missing code
comments, special char. escaping, etc. It just returns the native Summon
format (change to XML or JSON) so one would need to add the GET parts and
having it return JSONP with a JSON header, etc. to turn it into a local
JSONP web service that talks to Summon behind the scenes.
In the meantime, maybe someone else on this list has a more ready-to-share
option.
thanks,
Nitin
On Mon, Nov 3, 2014 at 9:05 AM, Karen Coombs <[log in to unmask]>
wrote:
> I don't know what the Summon API uses to authenticate clients. It looks
> from the Python code like a key and secret is involved. You should be care
> about embedding these API credentials (key/secret) in a Javascript. This
> makes them available for anyone copy and use.
>
> Karen
>
> On Sun, Nov 2, 2014 at 4:12 PM, Sara Amato <[log in to unmask]> wrote:
>
> > Has anyone constructed Summon API queries in javascript? (assuming that
> > they can be constructed to use jsonp and avoid cross domain problems
> …???)
> >
> >
> >
> > Subject:
> >
> >
> > Re: Q: Summon API Service?
> >
> > From:
> >
> >
> > Doug Chestnut <[log in to unmask]>
> >
> > Reply-To:
> >
> >
> > Code for Libraries <[log in to unmask]>
> >
> > Date:
> >
> >
> > Wed, 27 Oct 2010 11:56:04 -0400
> >
> > Content-Type:
> >
> >
> > text/plain
> >
> > Parts/Attachments:
> >
> >
> >
> > text/plain (45 lines)
> >
> >
> > Reply
> >
> > If it helps, here are a few lines in python that I use to make summon
> > queries:
> >
> > def summonMkHeaders(querystring):
> > summonAccessID = 'yourIDhere'
> > summonSecretKey = 'yourSecretHere'
> > summonAccept = "application/json"
> > summonThedate = datetime.utcnow().strftime("%a, %d %b %Y
> > %H:%M:%S GMT")
> > summonQS = "&".join(sorted(querystring.split('&')))
> > summonQS = urllib.unquote_plus(summonQS)
> > summonIdString = summonAccept + "\n" + summonThedate +
> > "\n" + summonHost + "\n" + summonPath + "\n" + summonQS + "\n"
> > summonDigest =
> > base64.encodestring(hmac.new(summonSecretKey, unicode(summonIdString),
> > hashlib.sha1).digest())
> > summonAuthstring = "Summon "+summonAccessID+';'+summonDigest
> > summonAuthstring = summonAuthstring.replace('\n','')
> > return
> >
> >
> {'Accept':summonAccept,'x-summon-date':summonThedate,'Host':summonHost,'Authorization':summonAuthstring}
> >
> > --Doug
> >
> > On Tue, Oct 26, 2010 at 6:46 PM, Godmar Back <[log in to unmask]> wrote:
> > > Hi,
> > >
> > > Unlike Link/360, Serials Solution's Summon API is extremely cumbersome
> to
> > > use - requiring, for instance, that requests be digitally signed. (*)
> > >
> > > Has anybody developed a proxy server for Summon that makes its API
> public
> > > (e.g. receives requests, signs them, forwards them to Summon, and
> relays
> > the
> > > result back to a HTTP client?)
> > >
> > > Serials Solutions publishes some PHP5 and Ruby sample code in two API
> > > libraries (**), but these don't appear to be fully fledged nor
> > > easy-to-install solutions. (Easy to install here is defined as an
> > average
> > > systems librarian can download them, provide the API key, and have a
> > running
> > > solution in less time than it takes to install Wordpress.)
> > >
> > > Thanks!
> > >
> > > - Godmar
> > >
> > > (*) http://api.summon.serialssolutions.com/help/api/authentication
> > > (**) http://api.summon.serialssolutions.com/help/api/code
> > >
> >
>
--
Nitin Arora
nitaro74 (at) gmail (dot) com
"Hope always, expect never."
humaneguitarist.org
blog.humaneguitarist.org
