Web API docs

Hi we have put up some documentation and an example on usage for the
Web API here:

http://dhis2.org/doc/snapshot/en/user/html/ch24.html

It is using the web api at the demo as reference:

http://apps.dhis2.org/demo/api

Please provide comments and point out weak spots. More docs to come later.

Lars

I have added an example for sending and reading messages, and an
example for authenticating and embedding reports from the Web API in
web pages:

http://dhis2.org/doc/snapshot/en/user/html/ch24.html

Reference web page here:

http://apps.dhis2.org/portal

Thanks Lars

Just to share my earlier mail to you with the world ...

If you are not happy about exposing the credentials on the web page
and you are using apache, you can also do something like this on the
server (requires proxy_http and
headers modules):

<Location /api/ >
       ProxyPass http://localhost/datawarehouse/api/
       ProxyPassReverse http://localhost/datawarehouse/api/
       # user guest:password base64 encoded
       RequestHeader set Authorization "Basic YWRtaW46ZGlzdHJpY3Q="
       Header unset Set-Cookie
</Location>

This causes all requests to /api/ on the server to be proxied to
http://guest:password@localhost/datawarehouse/api/charts/ without
asking or requiring any authentication.

(http://localhost/datawarehouse is proxied elsewhere to tomcat)

The Header unset is necessary to remove the session cookie on the response.

Not ideal (you would still want to protect this file on the server)
but better than having
the credentials in the html page.

Incidentally this is also a handy way to setup a guest access to dhis
in general if you wanted to make some things public to the world
without requiring user login.

BIG CAVEAT - the above might also allow anyone to POST without
authentication which is a bad thing. Haven't checked yet on how the
access controls around posting are currently implemented.

But you could easily just make things like charts available by
specifying Locations like /api/charts/ rather than exposing the whole
/api/.

Bob

···

On 21 March 2012 17:02, Lars Helge Øverland <larshelge@gmail.com> wrote:

I have added an example for sending and reading messages, and an
example for authenticating and embedding reports from the Web API in
web pages:

http://dhis2.org/doc/snapshot/en/user/html/ch24.html

Reference web page here:

http://apps.dhis2.org/portal

_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help : https://help.launchpad.net/ListHelp

Thanks Bob, this is very useful and smart.

I have added a paragraph to the installation doc chapter with a nginx
version of this. It allows requests for analysis related api resources
only and checks the http method. In nginx it was necessary to also
remove the Cookie http header which is sent with all requests to avoid
changing the currently logged in dhis user.

http://dhis2.org/doc/snapshot/en/implementer/html/ch08s02.html