How The Drupal Services Module Should Be Used
How the services module SHOULD be used
July 15, 2009 - James Andres
I'm embarrassed to say I haven't fully understood the services module, until now. I just found this great example of how the services module SHOULD be used. http://gregbosen.org/blog/drupal-services-php-xml-rpc-example and http://drupal.org/node/394364 Here's a summary in my own words:
- Web services should ALWAYS be accessed with a logged in user
- Create a special Drupal account just for web services, eg: a "services" or "amfphp" user.
- Create a special Drupal role called "Services" that your "services" user is a part of.
- Assign as little permissions as you can get away with to the Services role. This account should not be a "super-user" in case it becomes compromised.
- Now, for the fun part .... here's the CORRECT way to connect to your web services. It is a 2 step process:
- Call the system.connect service. This services exists ONLY to give you a session token. It will return a "sessid" parameter.
- Call the user.login service. Pass the "sessid" parameter you received from system.connect, in addition to the user name and password of your "services" user. user.login will return the UID of your "services" user, if successful.
- Finally, you are logged into Drupal as the services user! Call whatever services you want, don't forget to pass the "sessid" parameter each time.
Nonce's, and keys still apply. Learn more about those here: http://drupal.org/handbook/modules/services
On User Engagement, Digital Experience and the Intersection of Marketing & Technology.
Recent blog posts
- Latest work: Hotwheels.com
- Spotlight on Crowdsourcing
- We've joined the ranks of the Profit 100
- What is user engagement anyway? (part 2)
- Canucks Social Powered By Work at Play's DEQQ Platform
- Be our guest - Lunch & Learn, April 13th
- Fluid Web Typography - SXSWi 2010
- Spotlight on Augmented Reality
- What is user engagement anyway? (Part 1)
- 2009 Work at Play Website Retired