Drupal Services module: Getting the API key or kid of the requester

Home » Blogs » oliver's blog

The services_keyauth_get_kid() function.

I'm currently in the process of building a module to work with Analytics SEO. This module connects to Analytics SEO via the Services module. There has been some debate as to how to manage permissions. The 'correct' way is to log the user in and then use the usual Drupal access permissions system which would be great but I really don't like the way you submit the password in plain text.

My suggestion is to bind a user to the API key id (kid) although for a lot of people having a user per API key isn't needed or would be overkill - The services module works really well with anonymous calls, or key restricted function calls. But when different people are using the same functions with sensitive data there has to be a proper way of securing the data. The answer as I've suggested is to tie it all up with the API key or kid as it's stored in the database.

I spent several hours, trundling through Google and the module code itself before finally stumbling upon services_keyauth_get_kid(). Finally! I don't know why this was so hard to find, probably because it's quite easy to write your own function to query the database against the domain, but again I didn't want to do that because I was sure there would be some function that would do all of the security stuff for you:

services_keyauth_get_kid()

For those of you that are interested, I'm aiming to make this THE SEO module for Drupal. Yes there are other modules out there but they either don't do much, don't give ongoing analysis or are a pain to install. I'm pretty excited to be building this module because it will incorporate the best of both worlds: The awesome power of Analytics SEO with all its crawling, site audit to check all your pages, keyword and competitor analysis together with the advantages of being hooked right into your site e.g. to automatically analyse your page when you save it, suggest content changes and compare it against competitors, all in a well organised manner to make it quick to optimise your site.

Submitted by oliver on Mon, 04/04/2011 - 17:50

Post new comment

By submitting this form, you accept the Mollom privacy policy.

User login

Author of...

  • @Casablanca Looks like a great time last night. Sorry I couldn't make it :( 13 years 26 weeks ago
  • Our new homepage is live http://t.co/iwNX1tWZ 13 years 26 weeks ago
  • Can you help with conditionally setting the 'from' in mails sent with notifications/messaging modules #drupal http://t.co/ItE75IlW 13 years 27 weeks ago
  • My post about highjacking #Drupal menu items with 'drupal_get_form' callbacks for creating popups or #ahah goodness http://t.co/Pe9wSz6k 13 years 27 weeks ago
  • Oh the conflict within. An entire section of a #drupal site was built bespoke, do I add a bespoke subsection, or rewrite the entire section? 13 years 30 weeks ago
  • @psd It depends. Serving static pages means https has a larger relative impact. If there's a lot of processing, https is relatively small. 13 years 31 weeks ago
  • Just had a play with the #drupal Field collection module. goo.gl/p6sEn A really nice Drupal 7 implementation of the multigroup module. 13 years 31 weeks ago
  • @philhawksworth @a_alfredo When will scampcat have the descriptions pop up when you hover over the markers? 13 years 32 weeks ago
Oliver Polden