XMLRPC stuff - gurus assemble!

Hi everybody. I’m trying to build a webservice interface between my desktop application and my server to automate e-mails and license activation and other things that will call funtions on the server…

I tried to do it will Thom McGrath’s classes - but they may be a couple of years old…
I dragged the classes onto a window and in the open event I tried

client1.RPCServer="http://www.prolevelguitar.com/wordpress/xmlrpc.php" Message1.MethodName="demo.sayHello" 'Message1.AddParam dim a as string=Client1.SendMessage
Which didn’t work…

However, we’re all on xojo now - is there any other way to do this xmlrpc stuff within xojo?
a snippet of code would be greatly appreciated :slight_smile:
Cheers,
Sean

My classes still work. They are used in Feedback for all its communication. What didn’t work about them?

actually I just discovered that they work amazingly :slight_smile:
Stupid me - I tried the example and altered everything to my values and viola!

We are thinking of adding a secure https to our server… do we need to add a password and username to get around that… if so, how would we do it?

Cheers Thom!

SSL and username+password are completely separate things. So it depends on which you need. Personally, I would do both. I would put SSL on the server to protect the communication from eavesdropping, and design my API to require a login.

The API should have a login method which returns a time sensitive token. Every other method must require that token, or it’ll be rejected. Include a method to extend the expiration of the token. Do not bind the token to a specific IP address. This way, the username and password does not need to be sent with every method, only the token, which of course can be revoked. Do not do this unless you have SSL though, as it would be very easy to steal the token without it.

If you cannot have SSL, you’d have to use a form of challenge-response on every method. Complicates the API a lot. Challenge-response is not mutually exclusive to SSL however, so you could do both for a supremely secure API.