Dumb questions regarding Hsphere API

[tekiegreg]

Why not just publish all the WSDL's so that we don't have to keep asking you for permission? It's not like just anyone can access the web services themselves in question, or they'll get thrown with that same 403 that's been plagueing me lately

Also I'm floating the idea of building a mobile app to allow me to change some client settings right off my Droid phone while I'm on the road (a mobile Hsphere platform if you will). Seeing as I can't access the Web Services directly from the mobile without getting thrown, would there be any objection to me using a "proxy" web service hosted on my site that my Droid could access? Just wanted to make sure it was ok before I did anything. Thanks!

 

[Stephen]

There are some security issues to publishing the WSDLs in the past, some quite major. I am not 100% sure their status now, I am almost positive it was cleaned up, but when talking about CP control access, safety is always important.

As far as the API access via a control page, that would probably work, it would not even exactly have to be a proxy, you could just make a mobile optimized page that uses api links from that web server to feed commands into the API.

 

[tekiegreg]

There are some security issues to publishing the WSDLs in the past, some quite major. I am not 100% sure their status now, I am almost positive it was cleaned up, but when talking about CP control access, safety is always important.

As far as the API access via a control page, that would probably work, it would not even exactly have to be a proxy, you could just make a mobile optimized page that uses api links from that web server to feed commands into the API.

True, I would figure you would have more to worry about with me creating a proxy into an area I would otherwise get a 403 error than publishing a WSDL, that's why I was asking. Assuming hypothetically my code for this mobile app got into the wild (or with your permission I decided to release it myself).