I have now designed and implemented (in drupal 7) an API suitable for mutual credit sites to 'intertrade'. This means that exchanges can coordinate payments into and out of accounts nominated for the purpose of external trade. The API links up mutual credit exchanges into a mutual credit network of mutual credit exchanges. This is unlike normal money because each exchange, just like each user, must vacillate around zero balance within the network.
The hardest part was authentication. I was tempted to use the Services module for Drupal though having tried twice before it never seemed to be either completed or documented. Also I wondered if that would make it hard to implement, especially considering the lack of professionals in the sector.
People suggested I use Oauth to authenticate - it is nice and standard, there is even a Drupal module for it, and a drupal services extension for it. But to me it seemed inapropriate. I only wanted each client to log into one server, and Oauth is complicated and we have a shortage of experts in this field!
So in the end I made my own authorisation. Each new account on the server has to be approved by hand. Then the incoming requests are checked for api address, and a secret key, which changes regularly. This is good enough now. In mutual credit nothing is anonymous and all transactions can be rolled back. So saying, I might just not publish the server code.
I'm looking for comments on my API document and its presentation. This is the first time I've done this!
Comments