Question regarding wrapping OS RESTful API from our existing XML API

[Aaron Hiniker]

First off, this is my first post to this list and not sure if this is the
appropriate place to post this question—if one of the other lists is more
appropriate, let me know.



We have an application that exposes an XML API into some of our core
services that 3rd parties use to build front-end websites and flash apps
with.



We are using Shindig to expose social networking features through this XML
API.  Our initial thoughts are to expose a wrapper to the OpenSocial RESTful
API, in a manner like:



<api>

       .. some other API stuff ..



       <opensocial>

              <restful resource=”/people/{guid}/@friends” method=”GET”
format=”JSON”>

                     <![CDATA[… json encoded REQUEST body if applicable …
]]>

              </restful>



              <restful resource=”/people/{guid}/@self” method=”GET”
format=”JSON”>

                     <![CDATA[… json encoded REQUEST body if applicable …
]]>

              </restful>

       </opensocial>

</api>





<api>

       .. some other API stuff ..



       <opensocial>

              <restful resource=”/people/{guid}/@friends” method=”GET”
format=”JSON”>

                     <![CDATA[… json encoded RESPONSE body if applicable …
]]>

              </restful>



              <restful resource=”/people/{guid}/@self” method=”GET”
format=”JSON”>

                     <![CDATA[… json encoded RESPONSE body if applicable …
]]>

              </restful>

       </opensocial>

</api>





Our API is already tracking the userId (ie, the VIEWER in OS terms).  We
want to take in these XML tags and perform REST calls within the server
itself, passing in the raw request body, and returning the raw response body
through this XML api.



One question:  how do we associate the VIEWER to the RESTful calls in this
manner?  Does this **have** to happen through an OAuth access token?



I have been researching OAuth and believe that one solution would be to
create a single access token that is associated with our XML API calls, and
when we register users, we automatically create an OAuth access entry for
the user and our XML API.  Going that route, we can intercept these RESTful
calls coming in from our XML API, lookup the user’s token based on the API’s
session, and make a behind-the-scenes local REST call passing this looked-up
token for each request, and then dump the response back through the XML.



I’m fairly new to OS and OAuth, so I might be overlooking some important
details in this implementation but would greatly appreciate any help in
determining the best way to “wrap” OS RESTful calls from our existing XML
API that currently manages our userbase.



Thanks,



Aaron