In order to use the Meride API, it is necessary to provide access credentials to the authorization server, which in response provides the codes to carry out various operations. Operation can be summarized in the following steps
authorization key access token [obviously the authorization key must be valid] access token in the header of HTTP requests, i.e. the Header, and makes calls to the service of interest.
The authorization key can be found on the Profile page of your Meride account. The first time you need this code you will find a code generation button on this page and activating it will generate a new code that will be immediately displayed on the screen and will remain visible on the page even during successive access.
Once you have this code, you will be asked for an access token by the authorization server at:
For example we can make an authorization request with the curl command
Gli Headers richiesti sono
Accept: ora è supportato soltanto il formato JSON, quindi si specificherà application/jsonauth-code: l'authorization keystate: un codice casuale che limita gli attacchi di tipo CSRF. Verrà restituito nella risposta. Deve essere restituita la stessa stringa inviata, altrimenti l'applicazione dovrebbe terminare il flusso delle operazioniYou will receive an answer similar to this:
{
"access_token":"abveyCV6uIeo0sDc6TYEa2Z5ssP2OAKPF5j3y5wSDA7ATBDQkskak95DsKw6bz",
"refresh_token":"H4G5ApRW8le6M7WfNHxXII8Dbfe1cfsNLjzbzhYysbu49SaMqyAY6ns8twvvCN",
"data_creazione":"2012-10-01 18:37:37",
"data_scadenza":null,
"state":"1234"
}
L'access_token ricevuto sarà inserito negli Headers HTTP delle nostre chiamate alle API, in modo da essere autorizzati a ricevere una risposta.
Implementazione dimostrativa delle API di Meride utilizzando il linguaggio PHP.
class Meride_API{
private $access_token = '';
private $refresh_token = '';
private $auth_code = '';
private $auth_url = 'http://API_DOMAIN/restauth/verify';
public function __construct($auth_code)
{
$this->auth_code = $auth_code;
$this->set_tokens();
}
private function valid_token()
{
// se c'รจ bisogno di generarne uno nuovo dopo la scadenza
return true;
}
private function refresh_token()
{
// richiede un nuovo auth token utilizzando il refresh_token
}
private function generate_state()
{
return rand(0, 999999);
}
private function set_tokens()
{
if(!empty($this->refresh_token) and !empty($this->access_token))
{
if(!$this->valid_token())
{
$this->refresh_token;
}
}
$state = $this->generate_state();
$headers = array(
'Accept: application/json',
'auth-code: '.$this->auth_code,
'state: '.$state,
);
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_URL, $this->auth_url);
$content = curl_exec($c);
curl_close($c);
$obj = json_decode($content);
if(isset($obj->errors))
{
throw new Exception(implode(",", $obj->errors));
}
if(!isset($obj->state))
{
throw new Exception("state not defined");
}
else
{
if($state != $obj->state)
{
throw new Exception("state not equal");
}
}
if(!isset($obj->access_token))
{
throw new Exception("No access-token");
}
else
{
$this->access_token = $obj->access_token;
}
if(isset($obj->refresh_token))
{
$this->refresh_token = $obj->refresh_token;
}
}
public function request($url, $headers = array(), $params = array())
{
$headers = array(
'Accept: application/json',
'Content-Type: application/json',
'access_token: '.$this->access_token,
);
$c = curl_init();
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_HTTPHEADER, $headers);
curl_setopt($c, CURLOPT_URL, $url);
$content = curl_exec($c);
curl_close($c);
$res = json_decode($content);
return $res;
}
}
Che posso poi utilizzare in questo modo:
$api = new Meride_API("ZtJaOVJ14NoeaxiT6lBNza9h8XhQBis5C15gNFeOiTSog18cczQCbQKyDRf70x");
$response = $api->request("http://API_DOMAIN/rest/embed.json");
echo '<pre>';
print_r($response);
echo '</pre>';