Article

Home » Server-side Coding » PHP & MySQL Tutorials » Build your own Web Service with PHP and XML-RPC

Build your own Web Service with PHP and XML-RPC

Page: 1 2 3 4 5 6 7

Wrap Up

As you've seen, using Keith Devens' XML-RPC code, it's pretty easy to create your own Web service. It makes an excellent starting place to come to grips with Web Services. Perhaps as "homework", you might want to try updating the client to allow visitors to choose how they want news items ordered (i.e. by author, title or date). And if you're feeling ambitious, perhaps you might even consider adding an interface to the client for INSERTing or UPDATEing news items.

If you've got big plans for Web Services, you may want to look at some of the other implementations, such as Userland's phpxmlrpc class, to optimise your code design. But you can definitely get by with Keith Devens' implementation, achieving the same end results as with any other solution.

There are one or two minor shortcomings in Keith's code that you should be aware of.

First, the XMLRPC_request() function used by a client removes the "knowledge" stored in the XML-RPC response of what type each variable is, which may lead extra coding for the client. For example, you might expect an array, but get back just a scalar (single valued) variable -- the client needs to deal with both circumstances.

Also, there's no extension for introspection, to allow other developers to see your API (i.e. what methods and parameters your server accepts). It shouldn't be too hard to add your own introspection though -- just use the array we defined in web_service_api.php.

Finally, there's only limited provision for debugging. If your only interface is the client, you can encounter a lot of headaches when it comes to working out what your XML-RPC server is doing. You'll probably want to think about generating some kind of log file for the server, using PHP's custom error handling -- have a look at this article to get started with custom error handlers.

But thanks to Keith Devens for some great code, and for getting us off to an excellent start!

There are a couple of issues we haven't looked at here: security and transaction processing.

If you'd like some fear and loathing, try this article. There are three main issues to be aware of in regard to security:

  1. How you authenticate XML-RPC clients. If you added the methods for INSERTing and UPDATEing the news above, you'll also need to find a way to authenticate the remote site and/or the users of that site. At the moment, how you do that is up to you. You might check the remote site using an IP-address or hostname. For remote users, one approach is to think of your XML-RPC server the same way as you'd check users against a database, and require a username and password combination before you llow access to sensitive methods, using a method purely for authentication. Ideally, if you're doing that, you'll encrypt the connection between client and server using SSL but that will require use of PHP's Curl functions to send and receive the data (you may need to re-write parts of the implementation you're using to do this).

  2. How will you control "denial of service" attacks? The more general question is: what happens when a client floods your server with requests and prevents it from responding to other clients?

  3. What controls do you place over publishing your API (introspection/WSDL) at the description layer? Is it a good idea to publish all methods for your XML-RPC server, so that everyone can "have a go"? How do you control who sees what? If your methods provide access to sensitive data that's usually kept safe behind your firewall, you need to think carefully.

In regard to transaction processing, what happens if you lose connection between client and server during an XML-RPC conversation? What mechanisms do you provide to handle retries (re-sending a request or response)? It may be that you can't afford to lose data for the Web Service you're running, in which case you need to consider some mechanism for queuing requests and responses. For an introduction to the principles of transaction processing, try this article.

Worries aside, you've now built your first Web Service and hopefully gained a good understanding of how the technology works. The question now is what to do with it? Publishing news is fine but it's been done before. What else is there? We'll look at that in the next section...

What can you do with XML-RPC?

This question's a bit like asking "what can I do with a Web page?" The only limit is your imagination. What you're capable of with XML-RPC and PHP in general is to extend your Website beyond the bounds of simply serving Web pages. Your site will be able to communicate data to any system you like, and by adopting and accepted standard, you provide an interface that other developers will be happy to work with.

Web Services in the broadest sense will make money for those who own "valuable data". For example, if you have direct access to currency exchange rates, you could use PHP and XML-RPC to deliver a currency converter to other Websites. But here are some other ideas and examples:

  • Provide an alternative client for updating your Website. Ever screamed in frustration as you typed a long message into an HTML textarea, clicked "Submit" -- and lost it all because your session timed out, or you lost connection to the Website? XML-RPC can:
    • provide you with an interface to update your site,
    • allow you to run a standard Windows client so you could save your input locally on your hard disk, and
    • update the Website when the time is right.

  • ez Systems have done exactly that, providing a Desktop Edition to their ezPublish content management system.

  • Correct spelling on your Website with Stuffed Dog's XML-RPC Spell Checker.

  • Distribute load and bandwidth use by running your database on one Web server, then have multiple servers providing the user interface, accessing the database over XML-RPC. For Massively Multiplayer Games like Planetarion, the possibilities are endless.

  • Get your PHP site talking to a CGI/Perl or ASP site using one of the many XML-RPC implementations, which allow you the option of preserving old code when you upgrade to PHP.

  • Make use of the Google Search Gateway, allowing search results to appear directly on your site.

  • POP your email from all over the place, then read it all from one XML-RPC source with xr2pop CGI server (OK -- Perl, not PHP -- but it's a nice example).

  • Get all kinds of news from News is Free using their XML-RPC Server.

The possibilities are endless...

If you liked this article, share the love:
Print-Friendly Version Suggest an Article

Sponsored Links

Rate This Article

  • 1
    Poor
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
    Great

Comment on This Article

Have something to say?

Post A Comment

You need to be a member of the SitePoint Forums to comment on this post. Sign Up

Already a member? Post using your SitePoint Forums account:

Topics

SitePoint Jobs

ยป We're Hiring!

SitePoint Newsletters

Get all the latest tips on Advanced Design and Layout by signing up to all of SitePoint’s informative newsletters.

HTML   Plain


View Our Privacy Policy
Sample Our Newsletter Archives

Follow SitePoint on...

Related Forum Discussions

Related Forum: PHP

  1. Accessing global variable within static method
  2. help me to fix this code,please
  3. Variable string in Value PHP5 Server 500 error
  4. trying to make changes in CMS remain
  5. Inserting javascript

Other Articles by Harry Fuecks

Harry Fuecks's other SitePoint Articles