XML & Web Services With PHP
An Overview Ben Ramsey Zend/PHP Conference & Expo October 31, 2006
�Welcome
BenRamsey.com I work for
Art & Logic, Inc. Study Guide author
PHP 5 Certication
Fart around on #phpc
2
�Web Services
�What is a Web Service?
Public interface (API) Provides access to data and/or procedures On a remote/external system (usually) Often uses XML for data exchange
4
�Why XML?
Extensible Mark-up Language Flexible mark-up language Lightweight and easy to parse Communication between disparate systems
5
�Types of Web Services
XML-RPC SOAP REST
6
�XML-RPC
�What Is XML-RPC?
XML Remote Procedure Call Specication maintained at xmlrpc.com
(but no DTD, XSD, etc.)
Provides a means to call methods/
an XML response body
8
procedures on a remote server and make changes and/or retrieve data
POST with XML request body and receive
�Using XML-RPC
Most common implementation of XMLXML-RPC services RPC used today is that of blog ping services
Technorati, Flickr, others? Use PEAR::XML_RPC to access and create SOAP is its successor
9
�SOAP
10
�What Is SOAP?
Previously an acronym for Simple Object
Access Protocol
Version 1.2 of the W3C recommendation
dropped the acronym
SOAP is not simple! Specication maintained at w3.org
11
�What Is SOAP?
Provides a mechanism for various
messaging patterns
All messages sent in a SOAP envelope that
is an XML wrapper for data read and generated by the SOAP server
Most common message pattern is the
12
Remote Procedure Call (RPC) pattern
�SOAP In Short
SOAP provides a means to interact with a It is the natural successor of XML-RPC
13
remote system by sending it commands and getting a response
�Using SOAP
Send a message specifying an action to
take, including data for the action
Receive a return value from the action Most SOAP services provide a WSDL le
to describe the actions provided by the service
14
�WSDL
Web Services Description Language XML mark-up for describing the
functionality provided by a SOAP service
15
�16
�PHP 5 Makes It Easy to Access a SOAP Service
Example: Google SOAP Search API
17
�18
�Providing a Service
Create a class that contains public methods
for the SOAP server to use
Instantiate a SoapServer object using the
class (PHP 5 does not do this for you)
19
This is the service you want to provide
Optionally create and provide a WSDL le
�20
�21
�REST
22
�What is REST?
Representational State Transfer Term originated in 2000 in Roy Feldings
doctoral dissertation about the Web entitled Architectural Styles and the Design of Network-based Software Architectures
23
�Theory of REST
Focus on diversity of resources (nouns),
not actions (verbs)
Every resource is uniquely addressable All resources share the same constrained
interface for transfer of state (actions)
Must be stateless, cacheable, and layered
24
�Web As Prime Example
URIs uniquely address resources HTTP methods (GET, POST, HEAD, etc.)
and content types provide a constrained interface
All transactions are atomic HTTP provides cache control
25
�Relaxing REST
Any simple interface using XML over HTTP
(in response to GET requests)
That is also not RPC-based May use JSON,YAML, plain text, etc. instead
of XML
In most PHP applications, this is what we
mean when we say REST
26
�Consuming a Service
Send a GET request:
receiving XML)
http://search.yahooapis.com/WebSearchService/V1/ webSearch?appid=ramsey&query=PHP
Parse the response (with SimpleXML if
27
�28
�Providing a Service
No specic REST service library; the design
is up to you
Keep URLs simple and easy to understand Each URL (combined with its querystring
params) must uniquely identify the resource it requests
Return XML, JSON,YAML, etc. Use a library for generating these formats
29
�Consuming Web Services
30
� Access to content/data stores you could
not otherwise provide (zip codes, news, pictures, reviews, etc.)
Why Use Web Services?
Enhance site with a service that is not
service you provide (mash-ups)
31
feasible for you to provide (maps, search, products, etc.)
Combine these services into a seamless
� Google Yahoo! Amazon eBay Flickr del.icio.us etc.
What Services Are Available?
32
�Security Concerns
Regardless of the provider, do not trust the
validity of the data; it is tainted
Authentication schemes (HTTP Auth,
tokens, etc.)
33
Filter all incoming data
�Providing Web Services
34
�Why Provide a Service?
You have a service that benets your users
best if they can get to their data from outside the application their applications
You want others to use your data store in All the cool kids are doing it
35
�Which Service Is Right?
REST provides a unique resource identier
for all data in the system
SOAP does not but provides a means to
send/receive remote procedure calls
Many services provide multiple APIs Matter of preference
36
�Security Concerns
A Web Service accepts data from remote
applications/machines
Output as XML, JSON, etc. Escape output accordingly For authentication and sensitive data, force
the use of SSL
37
Filter all input
�Summary
38
�Further Reading
See my Web site for slides and links:
benramsey.com/archives/zendcon06-talk
39
