This topic is locked

Authentication Type for Mapping API Parameters to PHPRunner

8/25/2021 8:33:02 PM
PHPRunner General questions
K
klyle author

What type of API security is an using which provides Public Key Token and Secret Key ? How do those map to the PHPRunner Add REST API Connection options? Tnanks in Advance!

K
klyle author 8/26/2021

Sorry, I dropped a comma that might be important : the 3 parameters the API provides are Public Key, Token and Secret Key - there is also a username.

admin 8/30/2021

You need to rephrase your question or show us some screenshots, not easy to understand what exactly the question is.

HJB 8/31/2021

I guess the raised question deals around an answer whether or not PHPRunner provides 4 entry fields,
namely "Public Key, Token, Secret Key, Username" under "Add REST API" by default to be able to run
a "machine-to-machine" dialogue basically, with strong focus to API security, like eg.Oauth2 or something
else. As "machine-to-machine" dialogues require more security these days, the main question to answer
first here (I think) is to learn more about the supported "methods" by the API provider. Anyway, generally
I think, it can de done, yet fear it could be a stony path anyway until a working solution would be finally at
hand, especially then, if the API security requirements and methods are OUTSIDE of what PHPrunner is
providing by default as per:

REST API Connections

K
klyle author 8/31/2021

Thanks, Sergey. The app in question is Groundhogg.io

Here is what the API screen looks like, and the parameters I was trying to convey :

img alt

There are also two different routes given, the URLs for API v3 and APIv4.

It looks like something kind of OAuth-like.

I hope that clarifies, can you advise based on this?

A
acpan 9/1/2021

@klyle, wp-xxx-xxx is WordPress naming convention. it seems it is API for WordPress Plugin. The whole website talks about Wordpress, you may need a Wordpress website with the APP installed to work with that.

Groundhogg's API Keys
Search Groundhogg API Keys in their manual vs PHPR's API Key in the Manual

Groundhogg REST Call by API Keys accepts 2 params - token and public key for REST API Call. But PHPR's REST Call by API Key allows 1 auth param - API Key. PHPR can still customise the REST API where you can edit API and send custom params.

This looks like a basic REST API Call. Should try with plain PHP Curl or AJAX/Fetch API before trying PHPR, if it works, then pulling the data into PHPR will be easy. Since you are a customer, it should be easy to contact Groundhogg and ask for a plain API example without using their WordPress API (There could be a reason, all their listed API examples are only for wordpress) .

Groundhogg Basic authentication
This needs Your WordPress account's username and generate Groundhogg's App password from your WordPress as Basic Auth params. This is dependant on having a WordPress website and with Groundhogg' App installed in it.

The biggest issue is maybe the API only makes sense if you have their app installed in WordPress to work with the API Calls. In this case, your info provided is too brief to expect such extensive integration.

HJB 9/1/2021

Navigation: Using PHPRunner > Choose pages screen Export/Import pages

Maybe, I think, your requirement is realy simpler as we her ein the forum may think. Assuming that you seek a way to somehow nicely "administer"
the downloadable contacts list in the file format named "CSV, such files can be manually imported into a PHPRunner web application.

Same of course refers to any else downloadable information via your Groundhogg account in the form of CSV file format.

WORDPRESS and as well PHPRUNNER are speaking the very same language, named PHP. So, I disgagree with ACPAN on his comments that
an authentication oriented PHP code is the sole property of WORDPRESS or is making it mandatory to run a WORDPRESS website to be a must.

In order to be able to provide some directions to go, I think, you should stop to keep us in the dark of what your intention in regard to involve PHPRUNNER
really is, in other words, it just like said to outsource some manually downloadable information in CSV file format via your Groundhogg account into a
web application generated by PHPRUNNER? Or are you thinking into the dual way of information flow direction to let PHPRunner generated code interact
with Groundhoog on downloads as well as uploads (by letting a PHPRunner web application finally do the very same job like a WORDPRESS site)?

I fear, we would run in a circle all the time by guessing what your demand really is, so, some more information about what kind of information you are looking
for, e.g. manual import of downloaded CSV files to be OKAY (enough) or automated one-way REST API on everything being downloadable from Groundhogg
or even more, say, dual way oriented automation?

Finally, in regard to security level of Groundhogg API, it is NOT like Oauth at all, it's just about an obfuscated (publicly viewable) so called JWT (Jason Web Token)
they are using while in regard to security offered by PHPRunner, I again DISAGREE with ACPAN in full, simply because PHPRunner supports to insert such JWT
under SESSION KEYS as per screenshot below.

img alt

A
acpan 9/1/2021

totally irresponsible to suggest something that clealy not exist in their website. Just read the text below JWT in your screenshot. PHPRunner JWT is for inter-PHPunner App integration, and has never announced nor claimed to interwork with 3rd party apps as a feature, at least so far. You can't even send JWT from PHPR to 3rd party website based on their JWT specification.

Welcome back, Jumping Frog.

HJB 9/1/2021

"Jumping Frog" message to ACPAN: As JSON format based exchange is being just obfuscated by BASE64 encoding,
one needs to see to it that the "secret key" is not visible in public. In regard to publicly declaration "Jumping Frog" to an
irresponsible character,I leave it to the public to judge on things like that, no chance for oyu to succesfully "bite me" at all.

If JWT can be entered into PHPRunner, it means to me, the technology behind is supported. Whether or not same could
available externally too, is exactly the question by the user in regard to API levelled security.

Rather than to bark loudly, what is your PROPOSAL in the issue? Seems as if you are exalting yourself here in public to
appear by some competence which you don't own on the issue, so my advice is this:

Keep the ball as low as possible as defamation cannot seriously backfire any time from now, but we have a situation here
someone in the ecommerce arena seems to grab for vital code "free of charge" within this very self help forum.

If they are serious, better to send them directly to SUPPORT at hourly rates of $150 for two hours which is a gift rather than
to be an expenditure ..., just my two little cents on the issue.

"Jumping Frog" loves critics so much, hence I invite to bark more and even more louder than ever before. Thank you!

A
acpan 9/1/2021

just shut up or you will be easily kicked out by our host and can't jump forever.

you don't get to decide whoever ask a question should pay $150/2hr for a question, except the persons who ask, after they undertand what are the options and if they still need it. 'Sending" "them" who ask for help, to pay $150 to buy gift speaks so much about you.

HJB 9/1/2021

@Acpan: Sergey already suspended my account for 6 weeks earlier this year, say,
I would love if Sergey could block my account for another 6 weeks or forever, simply
because I don't want to kill my valuable time in this forum as other real projects, outside
PHP coded issues, by under support of generated code under PHPRunner matter and
are needing my full attention by now. In other words, regard your coding treasures to be
of value and competence, yet let me make MONEY by support of some "Jumping Frog"
knowledge base gained so far which is fully enough to serve on my issues.

HJB 9/1/2021

@admin - I can't find the DELETE button for my account, so,
please !!!! close my account immediately FOREVER. Thanx!