2.0: Defining Applications

Defining Applications

You are free to define one, two, three or... Actually, there is no limit. You theoretically have no limit in the amount of different applications that can access data of the api. Each application has its own api-keys that allow a request to show to which app it belongs.

After installing the module you will find "AppApi" as a new item under the "Setup" popup-menu in the header bar. Click on "Manage applications" and choose "Add", to create a new application.

My module provides three different ways to authenticate to the api:

• For scripts that run in your website's frontend, I would recommend to use ProcessWire's default PHP session authentication. If you are logged in, for example at your site's backend, you are logged in at your api's endpoints as well.
• If you want to access your api from an external server, to which you have full control to, you can use the single JWT authentication. It is important to consider, that anyone, that knows an authentication-key, can legitimately authenticate to your endpoints. I would recommend to use this method only, if you can store the key securely and nobody but you can see it.
• The best way to connect any kind of app to your endpoint is to enable double JWT authentication. Double JWT means, that an authenticated user gets a longer-living refresh-token and an access-token with only a short life. The access-token is used to legitimate any request. The request-token lets you get a new access-token, if the old one is expired. So, if anyone manages to intercept one of your requests and snatches a token, he can wreak havoc only temporarily until it expires.

So, choose wisely!

---

➡️ Continue with 2.1: Api-Keys
⬅️ Back to 1: Home, Installation & Quickstart