© 2015 X2Engine Inc.
Difference between revisions of "Web API Reference (Legacy)"
Line 17: | Line 17: | ||
#* Use a third-party hash generation tool. We recommend [http://www.miraclesalad.com/webtools/md5.php this one], because the string to be hashed is not submitted to any remote server, but is calculated with client-side javascript. | #* Use a third-party hash generation tool. We recommend [http://www.miraclesalad.com/webtools/md5.php this one], because the string to be hashed is not submitted to any remote server, but is calculated with client-side javascript. | ||
#* Log into the database and obtain the generated password hash from the entry in table x2_users (i.e. by navigating to it in PHPMyAdmin), or run <syntaxhighlight lang="mysql">SELECT `password` FROM `x2_users` WHERE `username`='api';</syntaxhighlight> | #* Log into the database and obtain the generated password hash from the entry in table x2_users (i.e. by navigating to it in PHPMyAdmin), or run <syntaxhighlight lang="mysql">SELECT `password` FROM `x2_users` WHERE `username`='api';</syntaxhighlight> | ||
− | #* If you have the PHP command line interface installed on your computer, obtain it with the command: | + | #* If you have the PHP command line interface installed on your computer, obtain it with the command: <tt>echo md5("</tt>''[password]''<tt>")."\n";</tt> |
− | <tt> | + | |
http://www.md5hashgenerator.com/ | http://www.md5hashgenerator.com/ | ||
− | + | An MD5 hash of that user's password should have been written to webLeadConfig.php | |
(see below for more available fields). Furthermore, for security, you must include a valid username as "authUser", and the encrypted password of that user as "authPassword" among the POST data variables. To obtain the encrypted password for a given user, see the password column of the users table in your database | (see below for more available fields). Furthermore, for security, you must include a valid username as "authUser", and the encrypted password of that user as "authPassword" among the POST data variables. To obtain the encrypted password for a given user, see the password column of the users table in your database |
Revision as of 18:18, 19 September 2012
Introduction
X2EngineCRM features a remote API for inserting, querying and deleting records. The API is accessed via POST requests to the API controller (see: ApiController) and thus, URLs (after the domain name and relative path to the document root) for calls to the API will begin with index.php/api/.
Usage
The post data variables should be named according to the column names of the model for which the API being called. When making API calls, the same validation rules as in normal use of the app also apply. In the case that the input does not pass validation, the API will respond with the validation errors.
Authenticating
Using the API requires authentication credentials for the web application in the form of the two post data fields authUser and authPassword, which contain the username of a user in the web application and the md5 hash of the password, respectively. Users who have installed X2EngineCRM at version 1.6.6 or later should have a user named "api" in their web application, created during the installation process and given a random password. The authentication details should be stored in webLeadConfig.php in the web root.
Manual Configuration
(For users who installed at versions earlier than 1.6.6 and have upgraded)
- Log in as admin
- Create a new user with username "api", and make sure its status is set to "inactive".
- Make note of the password that you enter for this user, and obtain the MD5 digest of it by one of the following means:
- Use a third-party hash generation tool. We recommend this one, because the string to be hashed is not submitted to any remote server, but is calculated with client-side javascript.
- Log into the database and obtain the generated password hash from the entry in table x2_users (i.e. by navigating to it in PHPMyAdmin), or run
SELECT `password` FROM `x2_users` WHERE `username`='api';
- If you have the PHP command line interface installed on your computer, obtain it with the command: echo md5("[password]")."\n";
http://www.md5hashgenerator.com/
An MD5 hash of that user's password should have been written to webLeadConfig.php (see below for more available fields). Furthermore, for security, you must include a valid username as "authUser", and the encrypted password of that user as "authPassword" among the POST data variables. To obtain the encrypted password for a given user, see the password column of the users table in your database