Development:Web services: Difference between revisions

Latest revision as of 09:50, 4 February 2010

Introduction

This page described the Web Services module implemented for Moodle 2.0
The official discussion forum is here
The tracker issues are here: MDL-12886 and MDL-17135
This module is been implemented by Moodle HQ and DFWS Team.

The objective is to support multiple web service protocols (REST, SOAP, XML-RPC and AMF). Adding support for a new protocol should be relatively easy.

How it works

This following example would work but it will not be the unique way to access web services. Please have a look to the Development:External services security page for more details.

The client sends a username and password to the web service protocol server script.
The protocol server returns a session token for that user account (how this is sent depends on the protocol).
The client calls a particular web service function including the session token.
The protocol server uses the token to check that the web service session is still active.
The protocol server call the matching external function, located in a externallib.php file inside the relevant module.
The external function checks that the current user has_capability to do this operation.
The external function calls the matching Moodle core function (in lib.php usually).
The core function can return a result to the external function.
The external function will return a result to the protocol server.
The protocol server returns the result to the client.

Web description format

All functions that can be called via web services can be declared in a db/service.php file and can be defined in an externallib.php file somewhere. The description of the functions that can be called, and what parameters they require, are explained in the External Service description document.

Web services technical documentation

In order to facilitate a Moodle web service client implementation, every Moodle sites will provide a page listing all function descriptions. This page also gives some useful advice for any supported protocol. To call this page: your_moodle/webservice/wsdoc.php?protocol=soap

Authentication

Please have a look to the Development:External services security page

@@ Line 1: / Line 1: @@
-{{Template:Work in progress}}{{Moodle_2.0}}
+{{Moodle_2.0}}
-=Introduction=
+==Introduction==
 This page described the Web Services module implemented for Moodle 2.0<br>
-The tracker issue is here: MDL-12886<br>
+The official discussion [http://moodle.org/mod/forum/view.php?id=6971| forum is here]<br>
-This module is been implemented by the [http://blogs.dfwikilabs.org/moodle_ws/ DFWS Team] and Moodle.
+The tracker issues are here: MDL-12886 and MDL-17135<br>
+This module is been implemented by Moodle HQ and [http://blogs.dfwikilabs.org/moodle_ws/ DFWS Team].
-=Implementation=
+The objective is to support multiple web service protocols (REST, SOAP, XML-RPC and AMF). Adding support for a new protocol should be relatively easy.
-Web Services module has been conceived in a purpose to be ported on different Moodle version, and also on different project. It has also for purpose to support multiple web service protocols (REST, SOAP, XML-RPC and AMF). Adding a new protocol support should be relatively easy.
 == How it works ==
+This following example would work but it will not be the unique way to access web services. Please have a look to the [[Development:External services security]] page for more details.
 #The client sends a username and password to the web service protocol server script.
 #The protocol server returns a session token for that user account (how this is sent depends on the protocol).
-#The client calls a particular web service function (module name, function name, and function parameters), including the session token.
+#The client calls a particular web service function including the session token.
-#The protocol server uses the token to check that the session is still active.
+#The protocol server uses the token to check that the web service session is still active.
-#The protocol server call the matching external function, located in a external.php file inside the relevant module.
+#The protocol server call the matching external function, located in a externallib.php file inside the relevant module.
 #The external function checks that the current user has_capability to do this operation.
 #The external function calls the matching Moodle core function (in lib.php usually).
@@ Line 21: / Line 22: @@
 #The protocol server returns the result to the client.
-[[Image:Web_service_graph.jpg]]
+==Web description format==
-==phpDoc format==
+All functions that can be called via web services can be declared in a db/service.php file and can be defined in an externallib.php file somewhere. The description of the functions that can be called, and what parameters they require, are explained in the [https://docs.moodle.org/en/Development:Web_services_description External Service description document].
-All callable functions are declared into each external.php. Web service descriptions are defined into their respective phpDoc.
-==web services technical documentation==
+==Web services technical documentation==
-In order to facilitate a Moodle web service client implementation, we provide a page listing all function descriptions. We also give some useful advice for any supported protocol.
+In order to facilitate a Moodle web service client implementation, every Moodle sites will provide a page listing all function descriptions. This page also gives some useful advice for any supported protocol. To call this page: ''your_moodle/webservice/wsdoc.php?protocol=soap
+''
-=Authentication=
+==Authentication==
+Please have a look to the [[Development:External services security]] page
+==See also==
+* [[Development:External services security]]
+* [[Development:External services description]]
+* [[Development:Creating_a_web_service_and_a_web_service_function]]
+* [[Development:Creating a web service client]]
+* [[Web_Services]]
-Clients needing to use a web service will need a Moodle user account with the ''''moodle/site:usewebservices'''' capability enabled.   After the first login with username and password the session is retained with a token that gets passed with every web service request (until the session expires).
+[[Category:Web Services]]
-The Moodle administrator can control access to the site using the ''''Security -> Web services'''' page, which contains settings for:
-* enabling/disabling particular protocols (SOAP, REST, AMF, XMLRPC, ...)
-* configure protocol-specific settings (though we can't think of any such settings)
-* configure system-wide default settings (stored in config table):
-# IP whitelist
-# Anything else?
-* configure per-user settings (stored in user_preferences):
-# IP whitelist
-# Anything else?
-Each protocol will call a webservice authentication function before allowing access, which will:
-# Check that particular protocol is enabled for the system
-# Authenticate the user using username/password and normal auth plugins (internal, LDAP etc)
-# Check that the user has ''''moodle/site:usewebservices'''' at SYSTEM level.
-# Check the per-user restrictions, if there are any, else check the system settings
-# Create a session and return a token for the web service protocol to use.
-This is probably enough (an auth/webservice is not necessary).
-[[Image:Webserviceadmin.png]]

Documentation