As part of the [Community hub] infrastructure, we need to define RPC calling conventions...

Moodle's APIs follow several principles that make them scalable annd flexible.

• They are "Just In Time discoverable" rather than all registered at runtime. This is a good optimization for HTTP's statelesness.
• Once an entry point is hit (a webpage in moodle, for instance) the module code author is in control. The framework doesn't limit what kinds of interactions can happen.

So we want to preserve those capabilities... Additionally, we want to make sure the RPC calls are safe, and cannot be exposed by accident.

Outline of a new mnet API

Calls can be exposed via the mnet API by

• Moodle core
• Moodle auth plugins
• Moodle enrol plugins
• Moodle modules

How the RPC calls are processed

The rpc layer expects one of several prefixes in the method name

• mod_
• auth_
• enrol_

For example and RPC call to mod_forum_dofoobar() rpc call triggers:

• load of mod/forum/lib.php
• check for function_exists("forum_mnet_dofoobar_enabled")
• if (forum_mnet_dofoobar_enabled())
• then invoke forum_mnet_dofoobar() with the parameters received...

mnet_ is an arbitrary prefix (could be rpc instead) that makes it clear that the function is for remote invocation. The _enabled() function must exist and return true for added security. make it really hard for a develper to expose something accidentally