Once a successful login return packet has been received and sessionid/kp3 have been extracted, every subsequent packet sent to the phpgroupware server must be preceded by an Authorization header. Here is a sample header:
POST /phpgroupware/xmlrpc.php HTTP/1.0 User-Agent: PHP XMLRPC 1.0 Host: my.local.host Authorization: Basic ZDgxNDIyZDRkYjg5NDEyNGNiMzZlMDhhZTdlYzAxZmY6NTU3YzkyYjBmNGE4ZDVlOTUzMzI2YmU2OTQyNjM3YjQ= Content-Type: text/xml Content-Length: 875 |
The longish string is a base64 encoding of the $sessionid . ':' . $kp3. For now this is our only supported authentication method. Additional methods would probably also affect the methodCalls. This is certainly open to discussion. Following is a typical request for some contact data:
<?xml version="1.0"?> <methodCall> <methodName>addressbook.boaddressbook.read_entries</methodName> <params> <param> <value><struct> <member><name>start</name> <value><string>1</string></value> </member> <member><name>limit</name> <value><string>5</string></value> </member> <member><name>fields</name> <value><struct> <member><name>n_given</name> <value><string>n_given</string></value> </member> <member><name>n_family</name> <value><string>n_family</string></value> </member> </struct></value> </member> <member><name>query</name> <value><string></string></value> </member> <member><name>filter</name> <value><string></string></value> </member> <member><name>sort</name> <value><string></string></value> </member> <member><name>order</name> <value><string></string></value> </member> </struct></value> </param> </params> </methodCall> |
Successful response:
<?xml version="1.0"?> <methodResponse> <params> <param> <value><struct> <member><name>0</name> <value><struct> <member><name>id</name> <value><string>1</string></value> </member> <member><name>lid</name> <value><string></string></value> </member> <member><name>tid</name> <value><string>n</string></value> </member> <member><name>owner</name> <value><string>500</string></value> </member> <member><name>access</name> <value><string>private</string></value> </member> <member><name>cat_id</name> <value><string>1</string></value> </member> <member><name>n_given</name> <value><string>Alan</string></value> </member> </struct></value> </member> <member><name>1</name> <value><struct> <member><name>id</name> <value><string>2</string></value> </member> <member><name>lid</name> <value><string></string></value> </member> <member><name>tid</name> <value><string>n</string></value> </member> <member><name>owner</name> <value><string>500</string></value> </member> <member><name>access</name> <value><string>private</string></value> </member> <member><name>cat_id</name> <value><string>1</string></value> </member> <member><name>n_given</name> <value><string>Andy</string></value> </member> </struct></value> </member> ... |
Unauthorized access attempt returns:
<methodResponse> <params> <param> <value><string>UNAUTHORIZED</string></value> </param> </params> </methodResponse> |