ActiveResource / Creating an API

Hi,

I am currently looking at creating an api for a new RESTful app built
using rails 2.0. The two solutions I have come across seems to be
ActiveResource and ActionWebServices.

Although there seems to be plenty of documentation for the older
ActionWebServices (both online and in books), this does not seem to be
the case for ActiveResource.

Does anyone know of any decent articles / screencasts / books that I
should be reading to get up to speed with this new gem or practical
examples on how people have used this to create an API in the past.

Thanks,
Scott

Here is the link to a screencast: RubyPlus How to develop ActiveResource
client and server with … http://www.rubyplus.org/episodes/13Also
Apress
come out with a book Practical Rails Projects that has some material on
ActiveResource.

On Feb 5, 2008 7:01 AM, Scott A S [email protected]
wrote:

Hi,

Does anyone know of any decent articles / screencasts / books that I
should be reading to get up to speed with this new gem or practical
examples on how people have used this to create an API in the past.

Thanks,
Scott


http://www.rubyplus.org/
Free Ruby and Rails Screencasts

Thanks for the links and book recommendation.

In rails 2.0, am I right in thinking the following?

  • ActiveResource is used to connect an application to an excising REST
    web service. (eg. I would use ActiveResource to connect my app to the
    twitter web service)
  • ActionWebServices should no longer be used in Rails 2.0.

Finally (please correct me if I am wrong), Everything I need to allow
people to connect to my app is already within the controllers respond_to
block, and all I need to do is add .xml on to the end of everything or
make a subdomain e.g. (api.mydomain.com) use the xml format?

One final question, providing all the above is correct?

What is the best way to restrict use of the xml format by using an API
key?

Thanks

Bala P. wrote:

Here is the link to a screencast: RubyPlus How to develop ActiveResource
client and server with … http://www.rubyplus.org/episodes/13Also
Apress
come out with a book Practical Rails Projects that has some material on
ActiveResource.

On 06 Feb 2008, at 15:42, Scott A S wrote:

Thanks for the links and book recommendation.

In rails 2.0, am I right in thinking the following?

  • ActiveResource is used to connect an application to an excising
    REST
    web service. (eg. I would use ActiveResource to connect my app to the
    twitter web service)

When you use Rails’ conventions, ActiveResource will just work out of
the box and it makes inter-Rails app communication a breeze. Rails is
all about convention over configuration and ActiveResource fits in
the motto perfectly. If you want to use it with some other framework,
you’ll have to make sure you implement the Rails conventions in that
framework too.

Given that Twitter is a Rails app, it could well be that it’s
possible to integrate your Rails app with it using ActiveResource. I
don’t know what API they use.

You could also do some transformations on a non-ActiveResource
webservice to convert its way of speaking into the ActiveResource
way. The Rails Way website has a blog post on this:
http://therailsway.com/2007/9/3/using-activeresource-to-consume-web-
services

  • ActionWebServices should no longer be used in Rails 2.0.

ActiveResource (so a RESTful API) is the preferred way of doing
things in Rails 2. You can still use the old webservices classes, but
it’s a seperate plugin. Nobody says you can’t use them anymore,
they’re just not part of the core framework anymore.

Finally (please correct me if I am wrong), Everything I need to allow
people to connect to my app is already within the controllers
respond_to
block, and all I need to do is add .xml on to the end of everything or
make a subdomain e.g. (api.mydomain.com) use the xml format?

One final question, providing all the above is correct?

What is the best way to restrict use of the xml format by using an API
key?

Why can’t you use http authentication? That’s kind of the Rails
convention for authenticating, and that’s also how it’s implemented
in the restful_authentication plugin.

If you really want to use the api key method, when a user requests
and account, generate some hash and put it in a db field, then use
that in your authentication method when the format requested is xml.

respond_to do |format|

format.xml do
go_do_api_key_checking_here
end
end

Best regards

Peter De Berdt

ActiveResouce isn’t apart of rails. It’s just a convince library that
makes using a REST API super easy. It handles all the HTTP
communication and serialization work so you can just deal with native
ruby objects in AR type syntax.

On 06 Feb 2008, at 21:19, eggie5 wrote:

ActiveResouce isn’t apart of rails.

Given the fact that it’s part of the Rails gem, I do consider it a
part of Rails. That’s the same as saying ActiveRecord is not a part
of Rails. It is. ActionWebservice isn’t a part of Rails (anymore).

Best regards

Peter De Berdt

Thanks for the response peter, I think i’m up to speed now!!!
cheers,
scott

Peter De Berdt wrote:

On 06 Feb 2008, at 15:42, Scott A S wrote:

Thanks for the links and book recommendation.

In rails 2.0, am I right in thinking the following?

  • ActiveResource is used to connect an application to an excising
    REST
    web service. (eg. I would use ActiveResource to connect my app to the
    twitter web service)

When you use Rails’ conventions, ActiveResource will just work out of
the box and it makes inter-Rails app communication a breeze. Rails is
all about convention over configuration and ActiveResource fits in
the motto perfectly. If you want to use it with some other framework,
you’ll have to make sure you implement the Rails conventions in that
framework too.

Actually, rails is in the rails gem and active resource is in the
activeresource gem. Touche!

Peter De Berdt wrote:

On 06 Feb 2008, at 15:42, Scott A S wrote:

Why can’t you use http authentication? That’s kind of the Rails
convention for authenticating, and that’s also how it’s implemented
in the restful_authentication plugin.

If you really want to use the api key method, when a user requests
and account, generate some hash and put it in a db field, then use
that in your authentication method when the format requested is xml.

respond_to do |format|

format.xml do
go_do_api_key_checking_here
end
end

What should the api key check method look like?

It still tries to do the http auth on me.

Thanks

Hi Bala,

Talking about your screencasts, did you know that based on the code
showed in: “Extended RESTful Authentication Rails 2.0 App”, I can simply
go to: http://www.rubyplus.org/reset_password

Type in any password (the confirmation password doesn’t even need to
match), and then I get logged in as a users called “kamauo” even if the
password reset fails.

Imagine if that user had a paid membership, well I have just stolen his
account. Imagine if on top of that I could change the account email,
poor old kamauo wouldn’t even be able to ask to rechange the password.

And what if I could even get admin access to rubyplus.org? Hmmm…

Moreover in that same screencast, you create a change_password action
and view, and never get to try them out…

What’s happening?

Looking forward for your answer on that issue,