The Enhanced API Admin Plugin
> Grab the latest release
> Download the language pack
> Go to the issue tracking site
> Browse all our Elgg plugins
Overview
The Enhanced API Admin plugin for Elgg is a polishing and extension of the API Admin plugin offered by the Elgg team.
The code has been checked and upgraded to the latest stable build of Elgg 1.8, the manifest format has been converted to the new style, and a couple of convenience features have been added, namely
- the ability to change the name (aka reference) of each set of API Keys
- the ability to regenerate the API keys without the need to delete and recreate the reference
The ability to revoke (delete) existing keys was present in the original plugin and complements the new additional functionality.
What is it for?
This plugin allows you to manage the API keys that are needed to connect to Elgg remotely through the Web Services framework, a very powerful tool that allows developers to expose Elgg functionality to other web sites and desktop applications, as well as doing integrations with other third-party software. If you are not using this feature of Elgg, you don't really need the Enhaced API Admin plugin.
When working with the Web Services framework, you may want to control access to the API metods that you expose via expose_function(). Perhaps you are exposing functions in order to integrate Elgg with another open source platform on the same server. In that case, you only want to allow that other application access to these methods. Another possibility is that you want to limit what external developers have access to your API. Or maybe you want to limit how many calls a developer can make against your API in a single day.
In all of these cases, you can use the API authentication mechanism to control access. Elgg provides two built-in methods to perform API authentication out of the box: key based and HMAC signature based.
The key based authentication option uses an approach similar to what Google, Flicker and Twitter do. It involves just a key to authenticate a client.
The HMAC signature based authentication method instead is similar to OAuth or what Amazon S3 offers. It involves both a public and a private key. This is the best approach if you want maximum protection against tampering and unwanted access, but be aware that it is much more complex to invoke and could put potential client developers off.
What the Enhanced API Admin plugin offers is a way to manage the keys needed for API authentication. Keys are always created in pairs (public and private) to support HMAC signatures, but if you want to use simple key based authentication all you have to do is use only the public key and ignore the private key.
More Info
- Screenshots — Check out images of the Enhanced API Admin plugin at work
- Installation — Five easy steps to get you started with the Enhanced API Admin plugin
- Downloads — Grab a copy of the latest release or browse the source code of Enhanced API Admin
- Translations — Where to find the translations for the UI of the Enhanced API Admin plugin
See also
- Issue Tracking for the Enhanced API Admin plugin
- The Elgg Web Services documentation