I am attempting to build my HMVC codeigniter install into an API centric HMVC (yeah I know!)
I have ion_auth as the authorisation system at the moment.
The way I have it set-up is
MODELS CONTROLLERS - API CONTROLLER - CONTROLLER VIEWS
With the API controller accepting JSON encoded inputs and sending JSON encoded outputs.
Now - it all works fine -> I can access the API by calling
controller/api and can pass it JSON and receive JSON back.
I then just call the controller/api from within my normal
My problem now comes with authorisation.
Nobody can access the API if they aren't logged in through Ion_auth (so it is secure) BUT
How do I then expose the API?
I presume I need to go down the
O Auth route but I have tied myself in a knot trying to get my head around how I can use O Auth for the API and not impact the performance of my application when accessed via my controller.
It is down to not understanding how O Auth works fully (I can implement it and understand the hand-shakes etc. but the nitty gritty) -> if I found some way of authenticating a user via O Auth (I mean a site user not an API user) how does this carry through to my controllers - is it stored in a session? Can I give my controllers Authorisations? (Do I need to)
OR - is there a way of doing this with Ion Auth that I haven't heard about?
I want my own application to be able to use it's own API, but do not know how to set up the authrosiation so the API can be consumed directly as well as locally by the application itself (when users are using the site)
Thanks in advance!