I'm wanting to build an Android app, and I'm trying to figure out the best way to allow the app access to my webserver.
I have OpenBD running on CentOS 6.4
I have CFC's created that can return the data as JSON structures if requested. I use the CFC's in AJAX/JSON requests.
I'm going to create a very basic API, which is essentially a developerID (for the developer) and appID+appKey that will be used to authenticate external apps (basically giving the app it's own userID/password). While I don't have any 3rd parties creating apps, I feel this method will give a reasonable path forward to giving a 3rd party access in the future. I would essentially write each CFC to use the developerID+AppKey+AppID as additional arguments, and much like a password, the data would need to be correct in order to return a result.
Any interally built apps would get developerID of 1, and then each app built would get it's own ID/Key.
To my understanding, to make this data available to an app, I just need to allow for remote calls to the .CFC (from non-domain source), setup https (for secure transactions), and configure the cfc call to return data in JSON format.
As an example, here's an HTTPS url calling a login function via cfc. If successful, it returns Success=1 and creates a session. If it fails, returns Success=0. In theory, I believe I should be able to code the app so that send this url using the data provided by the user, and interprets the returned JSON code accordingly.
https://company.com/cfc/login.cfc?m...sword=#password#&appID=#appID#&appkey#appKey#
Am I on the right track?
I have OpenBD running on CentOS 6.4
I have CFC's created that can return the data as JSON structures if requested. I use the CFC's in AJAX/JSON requests.
I'm going to create a very basic API, which is essentially a developerID (for the developer) and appID+appKey that will be used to authenticate external apps (basically giving the app it's own userID/password). While I don't have any 3rd parties creating apps, I feel this method will give a reasonable path forward to giving a 3rd party access in the future. I would essentially write each CFC to use the developerID+AppKey+AppID as additional arguments, and much like a password, the data would need to be correct in order to return a result.
Any interally built apps would get developerID of 1, and then each app built would get it's own ID/Key.
To my understanding, to make this data available to an app, I just need to allow for remote calls to the .CFC (from non-domain source), setup https (for secure transactions), and configure the cfc call to return data in JSON format.
As an example, here's an HTTPS url calling a login function via cfc. If successful, it returns Success=1 and creates a session. If it fails, returns Success=0. In theory, I believe I should be able to code the app so that send this url using the data provided by the user, and interprets the returned JSON code accordingly.
https://company.com/cfc/login.cfc?m...sword=#password#&appID=#appID#&appkey#appKey#
Am I on the right track?
