I'm currently going over my options for a new website/mobile/api idea that I have. Basically I am going to create a new website(mvc 4) to handle a need, the data that will be displayed on the website will be pulled from an api(mvc 4) that I will also create.
The idea is than to create both mobile switchable content within the website as well as an actual windows phone/android/iOS downloadable app that will access the same api. Listed below are some of the questions that I am currently attempting to work through:
1. Is it best to host the api seperately from the website of the project, as in should it reside under a different domain name?
2. Is there a way to prevent random people from landing on the web address of the api, and if they do is there somewhat of a standard message about the api that most of you put on the default display page?
3. How are you all communicating with the api via ajax? Something like ajax call to a webmethod that than talkes to the api at the server side?
4. What is the best way to secure my api communications, as in restricting access?
1. Is it best to host the api seperately from the website of the project, as in should it reside under a different domain name?
>> it's depend of your budget and what do you want to propose.
>> if you self host the webAPI, it can be a good way, if the performance and exposition for methods is important.
>> futhermore, if you deploy a new version of your website, you don't impact the webAPI, it can be more convinient.
2. Is there a way to prevent random people from landing on the web address of the api, and if they do is there somewhat of a standard message about the api that most of you put on the default display page?
>> You need to add secure attribute as Membership to permit to select who can request each methods.
3. How are you all communicating with the api via ajax? Something like ajax call to a webmethod that than talkes to the api at the server side?
>> Ajax call webapi directly.
>> or you call old method with a jsonresult, the old method is inside a controller and this one call an action from another controller with >>webapi.
4. What is the best way to secure my api communications, as in restricting access?
Well I dont have complete control over the server that im hosting my website on, meaning I have a hosting planning through a company that allows me to have two domains. So I guess I really dont understand the whole selfhosting idea, I read about it but nothing
really explains where or how you go about doing it? My assumption is that it must be hosted within the file system of the server, which obviously the hosting company is not going to give me access to. Also, if I were able to self host, are mobile devices still
going to be able to access the api?
Midwest_Dev
Member
1 Points
14 Posts
Design and Hosting
Jan 27, 2013 03:36 AM|LINK
Hi,
I'm currently going over my options for a new website/mobile/api idea that I have. Basically I am going to create a new website(mvc 4) to handle a need, the data that will be displayed on the website will be pulled from an api(mvc 4) that I will also create. The idea is than to create both mobile switchable content within the website as well as an actual windows phone/android/iOS downloadable app that will access the same api. Listed below are some of the questions that I am currently attempting to work through:
1. Is it best to host the api seperately from the website of the project, as in should it reside under a different domain name?
2. Is there a way to prevent random people from landing on the web address of the api, and if they do is there somewhat of a standard message about the api that most of you put on the default display page?
3. How are you all communicating with the api via ajax? Something like ajax call to a webmethod that than talkes to the api at the server side?
4. What is the best way to secure my api communications, as in restricting access?
Thanks for any input.
myddoc
Member
49 Points
42 Posts
Re: Design and Hosting
Jan 27, 2013 08:46 AM|LINK
1. Is it best to host the api seperately from the website of the project, as in should it reside under a different domain name?
>> it's depend of your budget and what do you want to propose.
>> if you self host the webAPI, it can be a good way, if the performance and exposition for methods is important.
>> futhermore, if you deploy a new version of your website, you don't impact the webAPI, it can be more convinient.
2. Is there a way to prevent random people from landing on the web address of the api, and if they do is there somewhat of a standard message about the api that most of you put on the default display page?
>> You need to add secure attribute as Membership to permit to select who can request each methods.
3. How are you all communicating with the api via ajax? Something like ajax call to a webmethod that than talkes to the api at the server side?
>> Ajax call webapi directly.
>> or you call old method with a jsonresult, the old method is inside a controller and this one call an action from another controller with >>webapi.
4. What is the best way to secure my api communications, as in restricting access?
>> Membership
Midwest_Dev
Member
1 Points
14 Posts
Re: Design and Hosting
Jan 27, 2013 03:53 PM|LINK
Well I dont have complete control over the server that im hosting my website on, meaning I have a hosting planning through a company that allows me to have two domains. So I guess I really dont understand the whole selfhosting idea, I read about it but nothing really explains where or how you go about doing it? My assumption is that it must be hosted within the file system of the server, which obviously the hosting company is not going to give me access to. Also, if I were able to self host, are mobile devices still going to be able to access the api?
danroth27
Member
174 Points
40 Posts
Microsoft
Re: Design and Hosting
Jan 27, 2013 05:19 PM|LINK
You can find a tutorial on how to self host here:
http://www.asp.net/web-api/overview/hosting-aspnet-web-api/self-host-a-web-api
Senior Program Manager
ASP.NET