<HTML ><HEAD ><TITLE > phpGroupWare XML-RPC/SOAP Methodology </TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.64 "><LINK REL="NEXT" TITLE=" Business layer requests " HREF="phpgw_server-1.html"></HEAD ><BODY CLASS="ARTICLE" ><DIV CLASS="ARTICLE" ><DIV CLASS="TITLEPAGE" ><H1 CLASS="TITLE" ><A NAME="AEN2" >phpGroupWare XML-RPC/SOAP Methodology</A ></H1 ><H3 CLASS="AUTHOR" ><A NAME="AEN4" ></A ></H3 ><HR></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="AEN8" >System level requests</A ></H1 ><DIV CLASS="SECT2" ><H2 CLASS="SECT2" ><A NAME="AEN10" >Login and authentication</A ></H2 ><P > Authentication for user logins is handled internally no differently than for the typical phpGroupWare login via web browser. Server logins, added for XML-RPC and SOAP, are only slightly different. For either protocol, user and server login and authentication and subsequent requests are handled by their respective server apps, xmlrpc.php and soap.php. A server is identified by a custom HTTP header, without which a normal user login will be undertaken. </P ><P > A client or server sends the appropriate XML-RPC or SOAP packet containing host, user, and password information to the phpgw server. The server then assigns a sessionid and key, which is returned to the client in the appropriate format. </P ><P > Our current method for authenticating requests after successful login is via the Authorization: Basic HTTP header to be sent by the client or requesting server. The format of this header is a base64 encoding of the assigned sessionid and kp3 variables, seperated by a ':'. </P ><P > Further security may be obtained by using SSL on the client and server. In the future, we may encrypt/descrypt the data on either end, or at least provide this as an option. The sessionid and key variables will make this possible, and relatively secure. </P ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN16" >system.login</A ></H3 ><P > The first request a client will make is the system.login method. Here is a sample of a server login packet in XML-RPC: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><?xml version="1.0"?> <methodCall> <methodName>system.login</methodName> <params> <param> <value><struct> <member><name>server_name</name> <value><string>my.host.name</string></value> </member> <member><name>username</name> <value><string>bubba</string></value> </member> <member><name>password</name> <value><string>gump</string></value> </member> </struct></value> </param> </params> </methodCall> </PRE ></TD ></TR ></TABLE ><P > And the same in SOAP: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><?xml version="1.0"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:si="http://soapinterop.org/xsd" xmlns:ns6="http://soapinterop.org" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <ns6:system_login> <server_name xsi:type=":string">my.host.name</server_name> <username xsi:type=":string">bubba</username> <password xsi:type=":string">gump</password> </ns6:system_login> </SOAP-ENV:Body> </SOAP-ENV:Envelope> </PRE ></TD ></TR ></TABLE ><P > The same style of packet would be required for a user/client login. A successful login should yield the following reply: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><methodResponse> <params> <param> <value><struct> <member><name>sessionid</name> <value><string>cf5c5534307562fc57915608377db007</string></value> </member> <member><name>kp3</name> <value><string>2fe54daa11c8d52116788aa3f93cb70e</string></value> </member> </struct></value> </param> </params> </methodResponse> </PRE ></TD ></TR ></TABLE ><P > And a failed login: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><methodResponse> <params> <param> <value><struct> <member><name>GOAWAY</name> <value><string>XOXO</string></value> </member> </struct></value> </param> </params> </methodResponse> </PRE ></TD ></TR ></TABLE ><P > eqweqw </P ></DIV ><DIV CLASS="SECT3" ><H3 CLASS="SECT3" ><A NAME="AEN27" >system.logout</A ></H3 ><P > Logout: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><?xml version="1.0"?> <methodCall> <methodName>system.logout</methodName> <params> <param> <value><struct> <member><name>sessionid</name> <value><string>ea35cac53d2c12bd05caecd97304478a</string></value> </member> <member><name>kp3</name> <value><string>4f2b256e0da4e7cbbebaac9f1fc8ca4a</string></value> </member> </struct></value> </param> </params> </methodCall> </PRE ></TD ></TR ></TABLE ><P > Logout worked: </P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><PRE CLASS="PROGRAMLISTING" ><methodResponse> <params> <param> <value><struct> <member><name>GOODBYE</name> <value><string>XOXO</string></value> </member> </struct></value> </param> </params> </methodResponse> </PRE ></TD ></TR ></TABLE ></DIV ></DIV ></DIV ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="phpgw_server-1.html" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" > </TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Business layer requests</TD ></TR ></TABLE ></DIV ></BODY ></HTML >