ActiveResource / Creating an API

Hi,

I am currently looking at creating an api for a new RESTful app built
using rails 2.0. The two solutions I have come across seems to be
ActiveResource and ActionWebServices.

Although there seems to be plenty of documentation for the older
ActionWebServices (both online and in books), this does not seem to be
the case for ActiveResource.

Does anyone know of any decent articles / screencasts / books that I
should be reading to get up to speed with this new gem or practical
examples on how people have used this to create an API in the past.

Thanks,
Scott

Here is the link to a screencast: RubyPlus How to develop ActiveResource client and server with …

Also Apress come out with a book Practical Rails Projects that has some material on ActiveResource.

Thanks for the links and book recommendation.

In rails 2.0, am I right in thinking the following?

- ActiveResource is used to connect an application to an excising REST
web service. (eg. I would use ActiveResource to connect my app to the
twitter web service)
- ActionWebServices should no longer be used in Rails 2.0.

Finally (please correct me if I am wrong), Everything I need to allow
people to connect to my app is already within the controllers respond_to
block, and all I need to do is add .xml on to the end of everything or
make a subdomain e.g. (api.mydomain.com) use the xml format?

One final question, providing all the above is correct?

What is the best way to restrict use of the xml format by using an API
key?

Thanks

Bala Paranj wrote:

Thanks for the links and book recommendation.

In rails 2.0, am I right in thinking the following?

  • ActiveResource is used to connect an application to an excising REST

web service. (eg. I would use ActiveResource to connect my app to the

twitter web service)

When you use Rails’ conventions, ActiveResource will just work out of the box and it makes inter-Rails app communication a breeze. Rails is all about convention over configuration and ActiveResource fits in the motto perfectly. If you want to use it with some other framework, you’ll have to make sure you implement the Rails conventions in that framework too.

Given that Twitter is a Rails app, it could well be that it’s possible to integrate your Rails app with it using ActiveResource. I don’t know what API they use.

You could also do some transformations on a non-ActiveResource webservice to convert its way of speaking into the ActiveResource way. The Rails Way website has a blog post on this:

http://therailsway.com/2007/9/3/using-activeresource-to-consume-web-services

  • ActionWebServices should no longer be used in Rails 2.0.

ActiveResource (so a RESTful API) is the preferred way of doing things in Rails 2. You can still use the old webservices classes, but it’s a seperate plugin. Nobody says you can’t use them anymore, they’re just not part of the core framework anymore.

Finally (please correct me if I am wrong), Everything I need to allow

people to connect to my app is already within the controllers respond_to

block, and all I need to do is add .xml on to the end of everything or

make a subdomain e.g. (api.mydomain.com) use the xml format?

One final question, providing all the above is correct?

What is the best way to restrict use of the xml format by using an API

key?

Why can’t you use http authentication? That’s kind of the Rails convention for authenticating, and that’s also how it’s implemented in the restful_authentication plugin.

If you really want to use the api key method, when a user requests and account, generate some hash and put it in a db field, then use that in your authentication method when the format requested is xml.

respond_to do |format|

format.xml do

go_do_api_key_checking_here

end

end

Best regards

Peter De Berdt

Thanks for the response peter, I think i'm up to speed now!!!
cheers,
scott

Peter De Berdt wrote:

ActiveResouce isn't apart of rails. It's just a convince library that
makes using a REST API super easy. It handles all the HTTP
communication and serialization work so you can just deal with native
ruby objects in AR type syntax.

Given the fact that it’s part of the Rails gem, I do consider it a part of Rails. That’s the same as saying ActiveRecord is not a part of Rails. It is. ActionWebservice isn’t a part of Rails (anymore).

Best regards

Peter De Berdt

Actually, rails is in the rails gem and active resource is in the
activeresource gem. Touche!

Peter De Berdt wrote:

Hi Bala,

Talking about your screencasts, did you know that based on the code
showed in: "Extended RESTful Authentication Rails 2.0 App", I can simply
go to: http://www.rubyplus.org/reset_password

Type in any password (the confirmation password doesn't even need to
match), and then I get logged in as a users called "kamauo" even if the
password reset fails.

Imagine if that user had a paid membership, well I have just stolen his
account. Imagine if on top of that I could change the account email,
poor old kamauo wouldn't even be able to ask to rechange the password.

And what if I could even get admin access to rubyplus.org? Hmmm...

Moreover in that same screencast, you create a change_password action
and view, and never get to try them out...

What's happening?

Looking forward for your answer on that issue,