Welcome to the SRP Forum! Please refer to the SRP Forum FAQ post if you have any questions regarding how the forum works.
Supporting https
We have OI listening on the default port of 80. The port is closed externally because the mobile/web apps actually call via a different port through to a webservices on the same box which then internally redirects to our endpoints.
I asked the other day if we could make our endpoints publically accessible and the basic response was "if we switch you to another port do you support https?"
It's a fair question but I'm a little grey in this area so can anybody tell me if there's anything we would need to do differently to meet this requirement? I feel like there isn't but I can't say categorically one way or the other.
Note, the existing publically accessible mobile/web endpoints do support https already, they're just not our endpoints.
I asked the other day if we could make our endpoints publically accessible and the basic response was "if we switch you to another port do you support https?"
It's a fair question but I'm a little grey in this area so can anybody tell me if there's anything we would need to do differently to meet this requirement? I feel like there isn't but I can't say categorically one way or the other.
Note, the existing publically accessible mobile/web endpoints do support https already, they're just not our endpoints.
Comments
That's pretty much what I was thinking though the person from whom the question came works in this area as a matter of course and for me it's more of an add on so I wondered what I was missing.
I see very little difference.
Just to clarify one thing... the theirs/ours equivalent isn't apples to apples. www.edgecreations.com.au/#/login actually points to a page within the JavaScript app on edgecreations.com.au as indicated by the #. The login button on the page actually sends a request to https://edgecreations.com.au/EdgeRESTServices/MainService/Login which would probably be a closer comparison to the edgecreations.com.au/api/login resource. Whoever manages the front end JavaScript application would either need to change it to send the login request to your API OR perhaps the requests are proxied through /EdgeRESTServices/MainService/Login and they would redirect the request to your API at the proxy on the back end. Either way, I don't see a major problem.
Keep in mind though that if they are proxying the requests the IP address of the visitor's request might be the IP address of the PROXY server . If your API isn't concerned with the visitors IP then this won't be an issue.
I was wondering what that was for. The EdgeRESTServices request is actually more familiar to me only because that's the type of request I had noticed being called during testing.
Neither the website nor the mobile app call our API directly though we designed our API with the expectation that they would. They instead call the EdgeRestServices which then manipulates as necessary and then those services call our API on the same box.
There is a webserver with IIS that hosts the EdgeRESTServices. The webserver has a mapped drive to the OI app server and the socketserver is launched on the webserver via the mapped drive.
It has all worked fine so far so we've left well enough alone but now we want to do other things that are independant of the existing web/mobile functionality so we need for our API to be exposed to the internet devoid of the EdgeRestServices intermediary.
I still don't see it as being that difficult but as Don said, it's not my area of expertise either.
Thanks gentlemen for both your input.
No, not recently. They're not exposed so I can't get to them anyway.
That's the point I need to prove before they'll open a port for me.
I can probably get there now I just needed to reinforce my understanding before pushing the point.