Closed Bug 404362 Opened 17 years ago Closed 17 years ago

Changes to serving API

Categories

(mozilla.org Graveyard :: Server Operations, task)

Product:
mozilla.org Graveyard
Component:
Server Operations
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: laura, Assigned: oremj)

References

Details

Anything inside https://addons.mozilla.org/api probably shouldn't be availably publicly. 1. We should serve this stuff via a different subdomain (api.addons.mozilla.org?) to avoid cross domain exploits. 2. Even so, I'd like not to see it available outside of the VPN until it's ready for public consumption (anticipated December)
Assignee: server-ops → oremj
If I set this up at api.addons.m.o do I need another instance of remora or can I just create a new vhost with /foo/api as the docroot?
I can't see why a vhost wouldn't work.
Seems like there is a need for another wildcard SSL certificate for *.addons.mozilla.org now that we have both facebook.addons.mozilla.org and api.addons.mozilla.org.
I think I'm a little unclear about the vhost. Should it just be a mimic the current vhost so that the api is accessible at https://api.addons.mozilla.org/api or does it need to be accessible at https://api.addons.mozilla.org?
That's a good question :) I think the latter looks cleaner but I don't know how much it's going to confuse cake.
Should probably go with api/ if we plan on using cake. The alternative is using the latter and using a rewrite so we don't confuse cake. Another alternative is to route things with api in the domain to the api controller... I think that's possible.
What action should I take? https://addons.mozilla.org/api <- is now forbidden.
Let's go for the simpler api.addons.mozilla.org -- we should be able to make that work like we did with facebook, right?
http://facebook.addons.mozilla.org isn't anything special. I think all that logic is done through facebook itself.
Damn, so for now let's set up api.addosn.mozilla.org/api and we will try to figure out if it's worth stripping /api off the end using routing magic or rewrites.
Bleh, okay, so we talked about this and services.addons.mozilla.org/api seemed to be coolest -- Laura you ok w/ that?
I have this set up at https://services.addons.mozilla.org/api/ looks like there is nothing to test yet, so we may have to reopen to iron out a few things once something is there.
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Depends on: 404656
Hmm...should be there now, but the api urls give me 403s...can we open this up internally at least? I know Mossop needs it for testing.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
I can either: * Open it up to everybody * Put HTTP auth on it
Why wouldn't we open it up to everybody?
We talked about this in the AMO meeting today. It would be nice to have some kind of limited beta in place to begin with to iron out any wrinkles. Basil was in favor of allowing access from a list of IPs if that's possible. The goal is of course to open it to everybody after a short period.
Well if you need to restrict it to begine with then an IP access list is easier for me than authentication.
Matthew, would you please create and internal VIP accessible via mpt-vpn? Please reassign to me when you are done.
Assignee: oremj → mrz
Status: REOPENED → NEW
oremj - this isn't any different than making any other vserver. Only difference is you're picking an address out of 10.2.72 instead.
Assignee: mrz → oremj
It's looking like auth is going to be a lot easier with our current set up than making it vpn only. Is using auth completely unacceptable?
(In reply to comment #20) > It's looking like auth is going to be a lot easier with our current set up than > making it vpn only. Is using auth completely unacceptable? Auth is actually preferable to me than VPN access, since I don't have VPN access to mpt.
I realized this has been public for quite a while, maybe a couple months, at https://addons.mozilla.org/en-US/firefox/api/addon/7/ Is there any use in hiding it now?
Blocks: 404024
What needs to be done to complete this bug?
I think the only problem remaining is that the AMO URL should be disabled and the services URL is still broken: https://services.addons.mozilla.org/en-US/firefox/api/addon/7/ We can disable the AMO URL via app config, but still unclear as to why the api is a 403 on the services vhost.
(In reply to comment #24) > I think the only problem remaining is that the AMO URL should be disabled and > the services URL is still broken: > https://services.addons.mozilla.org/en-US/firefox/api/addon/7/ > Anything with /api/ no longer 403s. > We can disable the AMO URL via app config, but still unclear as to why the api > is a 403 on the services vhost. >
Can I just clarify what the official URL for use should be. Comment 12 suggested it was https://services.addons.mozilla.org/api/ but that seems to redirect to https://addons.mozilla.org/en-US/firefox/api/... Currently what appears to be working is: https://services.addons.mozilla.org/%LOCALE%/%APP%/api/ Is that the correct url for me to hardcode into the app?
Yes, that URL is correct.
Can I close this or is there more to be done?
Fine by me. Dave?
Yep seems fine, I'll just file additional bugs if I hit any problems.
Status: NEW → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Product: mozilla.org → mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.