Jump to content

Create a API script


dam034

Recommended Posts

Dear users,

I want to create APIs for my MTASA Server, as FB apis o Google apis.

Example: without an HTTP autenthication, requesting GET http://server-ip:22005/api?what=userlist I want to retrieve (in JSON) the list of the connected users to my server, or requesting POST http://server-ip:22005/api with fields what=wheater&number=4 I want to execute setWeather(4) on my server.

Someone can help me how to create a resource which does this?

 

Thanks

  • Like 2
Link to comment
<!-- meta.xml -->
<html src="call.htm" />
<!-- call.htm -->
<*
   if (form["do"] == "setweather") then
      httpWrite(setWeather(form["weather"]) and "SUCCESS" or "FAILED")
   elseif (form["do"] == "getweather") then
      httpWrite(getWeather())
   end
*>

You should be able to GET/POST http://ip:port/(resourcename)/call.htm?do=setweather&weather=4 and it'll respond with either "SUCCESS" or "FAILED". However, this was written just using my memory, and haven't been tested.

Link to comment

HTTP Authentication can be disabled if you allow access to general.http in the ACLs for Default ACL. This, however, allows access to anyone to any part of the HTTP interface so you should either turn off anything that's restricted access, or don't disabled the HTTP authentication. You can always just add authentication within the URL (i.e. http://username:password@ip:port/api/call.htm)

I have no idea whether .htm or .html is required. You could try it without and let us know.

Link to comment
On 23/9/2017 at 11:08, MrTasty said:

HTTP Authentication can be disabled if you allow access to general.http in the ACLs for Default ACL. This, however, allows access to anyone to any part of the HTTP interface so you should either turn off anything that's restricted access, or don't disabled the HTTP authentication. You can always just add authentication within the URL (i.e. http://username:password@ip:port/api/call.htm)

Yes, I understand. How can I grant the HTTP access to anyone only to this recource, and set HTTP authentication to visit the others?

On 23/9/2017 at 11:08, MrTasty said:

I have no idea whether .htm or .html is required. You could try it without and let us know.

I want to remove the extension, can I? (e.g. http://server-ip:22005/myres/call?do=weather)

 

 

Thanks

Link to comment

Alright, I've checked the following:

  • The HTML file does not have to have .htm or .html at the end, you can remove it and it'll still work and process Lua correctly.
  • You can grant public access to a HTTP resource, by adding the following right in the Default ACLresource.(resourcename).http (this is an ACL right, not an object of an ACL group)
    • However, I would still advise you to just add an account for "remote", place it within an elevated ACL group, for example, RPC (or your own ACL group) and add the aforementioned right only to that ACL instead of making it public. Then just connect to the HTTP as follows: http://remote:(remoteaccountpassword)@(serverip):(serverhttpport)/(resourcename)/call?do=(whatever)
Edited by MrTasty
  • Thanks 1
Link to comment
51 minutes ago, MrTasty said:

The HTML file does not have to have .htm or .html at the end, you can remove it and it'll still work and process Lua correctly.

So I have to create a file with any extension (like json), and add it in meta.xml

<html src="api.json" />

Is it right?

51 minutes ago, MrTasty said:

You can grant public access to a HTTP resource, by adding the following right in the Default ACLresource.(resourcename).http (this is an ACL right, not an object of an ACL group)

However, I would still advise you to just add an account for "remote", place it within an elevated ACL group, for example, RPC (or your own ACL group) and add the aforementioned right only to that ACL instead of making it public. Then just connect to the HTTP as follows: http://remote:(remoteaccountpassword)@(serverip):(serverhttpport)/(resourcename)/call?do=(whatever)

 

So, if I understood right: I have to create an user in MTA console called "forapis" (or as I want), set its password and grant to the resource only the rights as I want to use in the API, avoiding security flaws. When I'll use php curl library to call the API, I'll call http://forapis:mypw@ip:port/resname/api?do=myaction. Did I understand well?

 

Thanks

Link to comment

You have to remove the extension from the file name, and correct the meta.xml too.

<html src="call" /> <!-- no file extension, since the actual file doesn't have it -->

And then place it in a resource such as "api". Then you access it like so: http://forapis:yourpw@ip:port/api/call?whateveryouwanthere

Edited by MrTasty
Link to comment
  • 7 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...