[TYPO3-v4] REST API to CORE Functions

[Francois Suter]

Hi,

> It only works with valid BE_USER, but we could define some actions which
> don't need auth, there are some defined in ajax.php:

It's a possibility.

The way I implemented it in my "remote_server" extension, a login and 
password are sent along with the request, so the receiving script does 
the authentication (as for any other BE user) and then processes the 
request.

Another possibility would be to be able to open a remote session with a 
login call that would return some kind of token, that is then passed 
with every further request.

> Anyway i'm interested which actions you have in mind getting from an
> installation, i have some ideas like

Personally, I don't have a precise idea. Anything could be possible as 
far as I'm concerned. To give an example where I use my "remote_server", 
we receive data from a third-party application. This data is then 
inserted into some local TYPO3 tables, using my "external_import" 
extension, which uses TCEmain for storage. This means that this 
transaction can only be accomplished if there's a valid BE user.

As Olivier mentioned it could really be anything. The main issue is to 
have a secure way of handling such calls, i.e. authenticating and having 
the proper rights. The transaction itself could be further secured by 
using public/private key pairs. The "caretaker" extension does this, but 
I haven't looked in details how it's done. It could be another source of 
inspiration.

I also know that Marcus (Krause) once said he was working on something 
similar, but I don't know what the status of this development.

Cheers

-- 

Francois Suter
Cobweb Development Sarl - http://www.cobweb.ch