Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Customising the CMS

Creating a custom SOAP API


Reply

4 Posts   2884 Views

Avatar
HansR

3 March 2009 at 7:04pm Community Member, 140 Posts

Hi,

I have already previously asked about using SOAP to create a backend in relation to the e-commerce module (se [url=http://silverstripe.org/e-commerce-module-forum/show/254323]this thread[/url]. I see now that SOAP is mentioned under APIs in the list of features in Silverstripe 2.3.0 ([url=http://silverstripe.org/silverstripe-2-3-0-released-1000s-of-improvements/]here[/url]).

Is there any documentation about how one would create a new SOAP based API? So far I have seen none. There are a few basic items that I would need to know:
- How to create the access functions
- How to get data into and out of the database
- How to secure the SOAP API, i.e., make it HTTPS only and require authentication of some sort (possibly require HTTPS client authentication)

Hans

Avatar
Ingo

15 March 2009 at 8:09am Forum Moderator, 801 Posts

Its a wrapper around RestfulServer, see http://doc.silverstripe.com/doku.php?id=restfulserver.
I've improved documentation slighty (see http://doc.silverstripe.com/doku.php?id=soapmodelaccess),
but its still fairly crude...

Avatar
HansR

16 March 2009 at 3:11pm Community Member, 140 Posts

@Ingo

Thanks. You're doc updates are a start. So does this mean that you must have a REST API in order to have a SOAP backend?

I'd like to see more details about the security side of things. How do you restrict API access for data objects? How would you force all API accesses to use SSL?

Hans

Avatar
Ingo

17 March 2009 at 2:01am Forum Moderator, 801 Posts

Yes, you'll need to enable RESTful as well for the moment, I've filed a ticket to separate them a bit more cleanly: http://open.silverstripe.com/ticket/3727

> How do you restrict API access for data objects?
That should be in the RESTfulServer docs. Anything else you need?

> How to secure the SOAP API, i.e., make it HTTPS only
You have Director::forceSSL() at your disposal, which you could limit to match specific URLs only. Patches to make this configurable in the SOAP/REST servers are welcome :)