Json API & Advanced Html
This web-app engine allows API access by "json over http(s)".For most of the functions, you will use a simple http post with fields list and the response will be in json format.
Every transaction can use fixed API fields, also called "properties" or "attributes", for session management and security.
This engine also allows you to add your own Header & Body HTML code (useful for js manipulations and analysis).
All as described on the following lists:
Common API Properties
Send these fields on every transaction, according to your pre-plan architecture. None of this fields is mandatory, unless you set it beforehand.If you are not familiar enough with this material, please contact SYE software support team, before you start coding...
| Field Name | Description |
|---|---|
| SessionID | On html and API, the web engine is using HTTP Cookies to track sessions. Some server or mobile apps engines cannot use HTTP Cookies, therefor you will get the session id as a json field and also as a cookie. Simply pass this id string as a field if your system does not support HTTP Cookies. |
| ApiToken | For extra security and noise filtering, you can set a Token String on the web-app Main Configuration. Once implemented, every transaction that does not pass this field, will be filtered out with less CPU resources as possible. Too many calls without this field, will activate the self defense algorithms. |
| ApiClientIP | When working under a web UI server (like PHP / .NET), the engine cannot get the end client IP address. Therefor you can pass this IP using this field. |
| UI_Lang |
On projects with multi language installed, You can ask for UI language other then the default, by passing 3 letters code: ENG, HEB, RUS, ARA, SPA, FRA, HIN, CHI. Pass only one language at a time. Lang code (value) is case sensitive ! |
Let's talk about session management
In order to keep track on sessions, Hyper is using a standard HTTP session cookie (without "Expires" / "Age" attributes).When writing Mobile applications or Server 2 Server interfaces, you can use either "HyperSession" cookie OR "SessionID" field.
Both of them will work. Let's see some examples...
An API call from android app, without using HTTP cookies, should look like this:
Send:
DOMAIN/Login_json?ApiToken=123456&Leading_ID=myuser@gmail.com&password=9876
Recv: {"Login":"OK","Cookie":"A500F02A56F08549A70E40B7"}
Send: DOMAIN/Service_Ticket_json?ApiToken=123456&SessionID=A500F02A56F08549A70E40B7
Recv: {"Title":"ServiceTickets","RowCount":"1","Data":[ ...
Recv: {"Login":"OK","Cookie":"A500F02A56F08549A70E40B7"}
Send: DOMAIN/Service_Ticket_json?ApiToken=123456&SessionID=A500F02A56F08549A70E40B7
Recv: {"Title":"ServiceTickets","RowCount":"1","Data":[ ...
When you want to use http cookie in your Mobile app or Server 2 Server, just write a simple http cookie header, like this:
Cookie: HyperSession=A500F02A56F08549A70E40B7;
Of cource you can mix any other cookies in your buffer, you don't have to filter them out. For example, hyper will handle this input:
Cookie: CloudFlare=ijhaskhksghksdfhgkshdkghsdkghksdf;HyperSession=A500F02A56F08549A70E40B7;AnyOtherP2P=823642564725425;
Hybrid between Web-app pages and your own pages
You can mix between pages that you render (like in Word-Press, Wix etc) to the pages that Hyper's web-app render.Just use the cookie "HyperSession" (Browser side) and post the field "SessionID" (API side) with the same Session ID.
You need to pass the cookie to the browser on the pages that you render, ONLY IF these pages are for Registration OR Login !
e.g. Set-Cookie: HyperSession=A500F02A56F08549A70E40B7; HttpOnly; Secure
Advanced HTML Manipulation
If you wish to use "Google Analytics" or any other 3rd party service, with Hyper Web-App, you need to inject some JS code into page Header and Body.Use "Text Components for Modules" on hyper client app, to setup these HTML segments:
| Content ID | Usage Description |
|---|---|
| Page_Header_Code | Stream out any code just before the closure of the html header, just before </head> <body> . |
| Page_Body_Code | Stream out any code at the end of the html body, just before </body> </html> . |
When posting a form or refreshing the same page address, these contents will not be injected.
Add your custom CSS and JS files
You can add your own custom styling and scripts to the site, just by placing the following files on the HTTP folder:| Folder Name | Description |
|---|---|
| HTTP\Media |
Client media (logo, menu buttons, styling etc) is stored on this folder. You can change the image files in this folder and add your own. |
| HTTP\Media\CSS |
Client custom css for changing the HTML design. Create only the files you need. These are the possible file names:
Custom_LTR.css Custom_LTR_PC.css Custom_LTR_Mobile.css
Text direction by user language: LTR = Left to Right; RTL = Right to Left;Custom_RTL.css Custom_RTL_PC.css Custom_RTL_Mobile.css PC is the default; Mobile when browser details are from Android / iOS. |
| HTTP\Media\JS |
Client custom javascript for changing the HTML UI logics, OR adding animation etc. File name should be custom.js and you can loan any other js library from it. |
When planning your CSS, you can depend on page BODY Class, values can be 1 of 3: MobileDev / PersonalComp / PC_Frame.
For example: <body class="PersonalComp">
Host Web-App inside an IFrame
Call any html page with URL extension "Frame" to get the iFrame version of the web-app.e.g. DOMAIN/LoginFrame, DOMAIN/Forgot_PasswordFrame, DOMAIN/RealRegFrame ...
- The web-app will flag the current session as an IFrame, so any other page address will work under frame.
- When surfing from a mobile device, the web-app will NOT support IFrame, because it cannot work with the mobile.css
Field Name Structure and Letters Case
The whole API is NOT case sensitive, Except some specific points designed to be sensitive.We made consideration to balance between "Developer Experience" to CPU performance (when having DOS attack).
The case sensitive objects / fields are:
- Common API Properties: SessionID, ApiToken, UI_Lang.
- Boolean fields should be posted with 'yes' for TRUE, or any other string for FALSE.
- Json function names.
The fields names (the Original names of Hyper) are received and displayed according to the following rules:
- The received fields names in API are filtered and can contain only letters, digits and the char '_'. Any other chars will be removed.
-
The separated words will be compounded, by using the Camel-Case method (capital letters at the beginning of each new word).
For example: table field name "Last name" will be used as "LastName" in the API. -
The developer is allowed to post field names, without case sensitive and with spaces, for example: 'last Name' will be processed well.
The developer can explore the html version of each function, and learn which fields to use and how.
Nice trick to get a Function Fields list
To help developers, we allow to test most of the functions fields list. You will see internal fields (hidden) as well as public.On some of the functions, you need to post the field "json" = "help", on others you don't post any parameter.
Read each function documentary to know how to test it. For example, this is how it looks in postman...
