To be honest Brad when I created the post I didnt know what I needed I am really pleased to have got my head around classes, dictionaries and special URL handlers. The great thing is that it has been running all day today and appears to be working perfectly, and I have included lots of debug messages just in case.
To be honest I think Xojo Inc need to give some real thought to how special URLs work as at the moment I cant really see that they ever can because in effect everyone shares everything and I think the average user will get into a real mess very quickly and whats more could end up sharing information with others that they dont realise they are sharing.
Normally when you create an API system of some kind, you have an authentication mechanism (because you donāt want everyone to hit your server without registering first). There are a few different systems out there, and Iād be surprised if everyone could agree on what they wanted. Perhaps a better plan is for us to provide another HandleSpecialURL sample with an example of how to do this.
When Iāve done things like this in the past, Iāve used a login, a diffie-Hellman key exchange, and then return a token to the client app which they send with every request. Keys are set up to expire after set a period of time, but also time out if theyāre idle for a certain period. Internally, a hash of the token is used to keep track of the āstateā of each client. But in my experience there usually isnāt much state to keep.
I sort of agree with you Greg but also disagree in that I can see a lot of people using the facility to be able to create things where tokens etc cant be passed in and I think many users (like I did) will assume that each user is in a sandbox like the rest of the web app but this is not the case (ok it does say this in the docs but still confusing). Why could Xojo not have properties under the Special URL Handler event which are held in a sandbox with one of the settings for the sandbox is āUnique Refā which the developer would have to set each time they wanted to set or get the value of the property. The gotcha is that you have to remember to pass the unique ref to all the methods that you use which felt like going back to Turbo Basic days
Why not create a class that holds all of your variables and pass an instance of that to all your methods? No need for GUIDs or any special processing. I think you overcomplicated a very simple process.
Iām not saying that it couldnāt be, just that itās not how we designed the feature.
In most cases, the thing thatās accessing through the API or special urls is NOT a browser and therefore cookies would not work. You canāt rely on the IP address being the same between calls because some clients will come from environments with more than one IP, so you must create a token system of some kind and Iām not sure thatās something we can do for you without deciding what your whole API structure would be.
Tim you are probably 100% correct as I still have not get my head around classes yet (getting close though). I didnt realise you can pass an instance of a class to other methods, need to think about that as that has blown my mind a bit. I can see why this would be really cool, need to have a play and see how it works as that is a new one on me. Thanks.
Ah, I see what you are saying now, maybe best if the docs were tweaked and another example showing the developer that things are shared between requests, maybe also showing Tims recommendation about using the class between methods would be useful as I didnt realise you could do that and as he says, I have totally overcomplicated it. Thanks for the explanation.
I am really pleased to have got my head around classes, dictionaries and special URL handlers. The great thing is that it has been running all day today and appears to be working perfectly, and I have included lots of debug messages just in case.