Can a PHP API script run PHP code returned from REST server?

I am working on building an REST API in PHP, I need to know if it's possible to to POST an array of methods/functions and params to my api script and have my code run the listed functions and print to the screen an array that the functions produced, example if a user sent a request to get a list of 5 photo url's it would post a PHP array with the 5 URLs in an array and then be able to use that array in the persons script who is using the API?

So basicly you post to a script with CURL a list, array of functions you want the API to run, the api returns an array of results but instead of formatting to JSON or XML it shows it on the screen as PHP array and then curl will let the user's code run the returned php array as real php in there script?

Sorry if this is confusing but it really seems that the bebo.com API works this exact way and possibly facebook API so I think this would work but could someone tell me? Possibly some examples of how to do it if it is possible, thanks

I have found that JSON-RPC is a fantastic solution for batching API requests. It is significantly simpler to put multiple API requests in a single JSON-RPC request than any XML solution I have seen (although only version 1.1 and higher of the spec supports this). Since it is all just JSON it works wonderfully regardless of what server-side (or client-side) language is consuming the results. The only problem I have found is that the spec is a little wonky if you want to implement all of the potential versions.

For safety, you should:

Strictly limit which PHP functions/methods anonymous users are allowed to call without authentication.
Use the PHP Reflection API to do initial validation of parameters. You can use reflection to do the following:
- Ensure a method exists and is public (return an HTTP 404 if it does not, 403 if the user is not authorized).
- Count the number of parameters a function or method accepts.
- Determine parameters are optional or required.
- Determine the names of parameters so they can be passed as a JSON object.
- If you use PHP 5.1+ you can examine the doc comments to determine what the the accepted data type is for each parameter.
Strictly validate parameters further inside each API call.

I think my post might of been slightly misunderstood by some of the others but I was thinking not to use JSON because I was thinking it was a javascript only thing, I forgot you can use it with php and other things, that does sound like a great idea, thank you for the tips

jasondavis 2010-01-02 06:08:59

I hear what you are saying. Too many people criticizing because you had the right idea but the wrong implementation. I figure that was _why_ you asked the question in the first place. Cheers!

Mike 2010-01-02 06:26:13

"Use the PHP Reflection API to do initial validation of parameters." I was lookat that link can you explain a little more clearer what that does?

jasondavis 2010-01-02 06:56:44

thanks for the help

jasondavis 2010-01-02 06:57:37

I edited my answer to ad some information on what the Reflection API can allow for when calling PHP functions/methods via JSON-RPC (or really any RPC service).

Mike 2010-01-02 07:20:39

ansaurus

tags:

views:

answers:

Can a PHP API script run PHP code returned from REST server?

related questions