Question regarding target url

Question

Question regarding target url

Closed this issue 11 years ago · 3 comments

in 'http://woo.localhost/c6db13944977ac5f7a8305bbfb06fd6a/?callback=?' what is the 'c6db13944977ac5f7a8305bbfb06fd6a'? is this a wordpress session?

Answer 1 · 2014-01-29T05:46:28.000Z

Hi,

In an earlier version of the api, it was attempted to conceal it behind an impossible to guess url, thus making scanning the site more difficult. However a lot of people had issues with this idea and the setup, and so generally, we don't bother.

The preferred method for accessing the api either raw site url, or directly to /wp-content/plugins/woocommerce-json-api/api.php

Some interesting issues crop up when posting to PHP from say a Rails app, or Desktop app in that the POST doesn't always work out right if you try using the WP-AJAX way. This is just probably because I am too dense/stupid to figure it out.

That is why accessing it was simplified.

The hash code was meant simply to have an unguesseable API URL to avoid API scanning.

Truth be told, for a production setup, you should rename api.php to some unguessable filename, put a redirect to a 404 when things are wrong and so forth...Those are things that would need to be done by hand I suppose.

Answer 2 · 2014-01-29T05:59:07.000Z

Hi,

Great! Thanks for your effort on this. Honestly I stumbled to your library
because woocommerce is really lacking json support. I hope this project
gathers a lot of contributions.

On Wed, Jan 29, 2014 at 1:46 PM, Jason Knight notifications@github.comwrote:

Hi,

In an earlier version of the api, it was attempted to conceal it behind an
impossible to guess url, thus making scanning the site more difficult.
However a lot of people had issues with this idea and the setup, and so
generally, we don't bother.

The preferred method for accessing the api either raw site url, or
directly to /wp-content/plugins/woocommerce-json-api/api.php

Some interesting issues crop up when posting to PHP from say a Rails app,
or Desktop app in that the POST doesn't always work out right if you try
using the WP-AJAX way. This is just probably because I am too dense/stupid
to figure it out.

That is why accessing it was simplified.

The hash code was meant simply to have an unguesseable API URL to avoid
API scanning.

Truth be told, for a production setup, you should rename api.php to some
unguessable filename, put a redirect to a 404 when things are wrong and so
forth...Those are things that would need to be done by hand I suppose.

Reply to this email directly or view it on GitHubhttps://github.com//issues/60#issuecomment-33558353
.

Val Allen Samonte
Interactive Developer

Answer 3 · 2014-01-30T08:01:28.000Z

Thanks for your input. I really hope people will start to contribute/make changes to the API. It already does 100% what I needed it to do, and more. Mostly I get feature requests, but any contribution that makes sense will be added if someone makes a pull request.