Hey, Brian -
I'm basically in charge of our API stuff (wrote the IDL, docs, service
implementation, etc.), and would be happy to chime in on any questions
you have.
Brian Hammond wrote:
I'm assuming EverNote is running the PHP generated "server" since
their staging/testing web service box is running Apache.
Our service implementation is Java on Tomcat, but some of our static web
pages run out of a PHP server for historic reasons. All of the Thrift
goes through a single Java Servlet. Originally, this servlet was pretty
small, and we could have given out the source, but now it's all munged
up with code for logging, throttling, etc.
The HTTP service basically needs to take the binary contents of the HTTP
POST and then hand them over to the server skeleton for processing, and
then marshal the results back into the binary reply. To correctly
implement HTTP for portability, you need to buffer the reply so you can
give back a Content-Length header.
The basic implementation is really simple if you're running on a decent
HTTP server, but you will need to add a decent amount of exception
handling to deal with all of the mess you get from Internet connectivity
if you're opening this up to the world.
1) use SSL to encrypt user credentials
By using HTTP, we basically got HTTPS for free ... we offload it to our
Citrix load balancers, in fact, so our app servers just handle HTTP.
