I recently implemented an XML API that I intended to be used outside of a web browser. Much of the words others have written on the topic are ways to get a Javascript framework to use the authentication_token magic. Some others show the GET side and mention the DELETE but omit the PUT and POST methods.
Here are things I've learned:
- To ensure XML data is returned, use the correct HTTP header:
Accept: application/xml - Rails assumes that multipart forms and url-encoded forms are from browsers. You can't use them in a default Rails setup if you want to avoid the
authentication_tokencheck. - To
POSTorPUT, use a header ofContent-Type: application/xmland include XML data.
It is rather unfortunate that Rails assumes that the encoding ties into a browser. It should be possible to use any encoding so long as the XML data types in the headers are correct. This is probably a bug, but it might be that if you receive XML through an API, you should send XML too.
Example
curl --user user:password -H 'Accept: application/xml' \ -H 'Content-Type: application/xml' \ -X POST -d '<?xml version="1.0" encoding="UTF-8"?> <item> <name>foo</name> <description>bar</description> <price>100</price> </item>' http://localhost:3000/items/create
No comments:
Post a Comment