Create a plugin to add my website functionalities on another website

Go To StackoverFlow.com

0

I have a website A with a database and a search engine of some object, user can create account on my website then add comment for these objects. I need to create an api with something like a plugin, it will result on having the seach engine on another website B.

I have planned to do like fb or twitter plugins : the dev who want to use my api will just need to add a line of js, and a line of html on website B, then it will load the plugin. But I'm wondering how to organize it.

Here it what I've guessed : I create a page on my website A, put the search engin on it. I create a js that will load this page whithin an iframe, on the dev's page (website B), under the div he added to have my plugin. Then I implement OAuth 2 (with a provider and so, so people can do post requests to alter my db), and people who is one the website B will have the ability to post comment on the objects of the search engine on website B.

Actually it seems to be the same as fb comment plugin process, but it seem too complicated to do all that stuff. Is it the right way? Can anyone detail the problems that I should face during implementation?

2012-04-05 17:27
by tahir
your question is extremely broad... please be more specific... what have you tried ? where are you stuck ? what browsers do you need to support ? how scalable is your db/website A (beware that any such system opens up your end to DDos) - Yahia 2012-04-07 21:00
Have you tried waving your hands instead of writing code - Incognito 2012-04-08 22:42
@Yahia any web browser (desktop not mobile) I've tried this : done a json api to access my data, protected or not (oauth2). And I want to know if it would be simple to provide a "out of the box" plugin for my search engine, instead of telling people to write something via the ap - tahir 2012-04-09 17:19
@Incognito what do you mean - tahir 2012-04-09 17:19
@tahir this sort of "plugin" would need to do some cross-domain-stuff which in turn in only possible via JSONP which itself is not a very secure thing... and depending on the browser/security settings this might or might not work! again: what exactly is your question - Yahia 2012-04-09 17:27


1

You need to develop a decent API which can return search result in JSON (and XML if you want to please everyone). That already would offer other developer the ability to use your site functionalities, that's mostly back end work tho. So they can develop their own widget.

To develop your own widget as a search widget you don't need that much, you just need either a set target (maybe a required element) or/and an initialization method (more flexibility for the dev) to which you pass a target.

Bind the search button, grab terms search, call your API and when you get your result display them or/and execute a custom callback pass the result as an argument, flexibility)

If you do your javascript well you can create a little API there too which facilitate the usage of your API via javascript. And then even easily port it to a jQuery plugin or something similar.

When serving JSON always remember to set your headers for your API to allow for crossdomain or go for jsonp instead.

2012-04-12 20:05
by GillesC


1

Your question implies an architectural direction, but the requirements are too broad for such a choice. I would narrow down your requirements first. OAuth 2.0 could potentially help satisfy your needs, but ask yourself at least the following:

  • What user data needs to be protected?
  • What 3rd-party data access is needed? What functionality?
  • If you go with OAuth 2.0, are you prepared to follow a spec which is still changing? Are you willing to be the authentication provider?
  • What server-side languages/platforms are acceptable?
  • What other security considerations are important to you? (Such as social sharing, level of 3rd-party app trust...)
  • How much are you willing to rely on 3rd-party tools? Or write your own?

I agree that modeling your design off FB or Twitter or Google is not a bad idea, as they have done this sort of thing.

You might have a look at the new book Getting Started with OAuth 2.0.

2012-04-13 14:11
by Will


0

Here are two simple ways of making custom search available to users.

The simplest option is to do what Google does - the search on your site would follow a simple, well defined API - so that

www.mysite.com/search?q=keyword1+keyword2

returns a list of results in HTML.

Then you'd tell your users to include a snippet of HTML:

<form action="http://www.mysite.com/search" method="get">
   <input name="q" type="text" value="Search">
</form>

That would do, though at this juncture you may want to improve things with better search options, a javascript wrapper for the search form, a JSON or XML format for the data returned, security, a better worked out API that takes all these into account.

Another way is to use javascript and provide the data with a callback facility, so the URL:

www.mysite.com/js-search?q=keyword1+keyword2&callback=someHandle

will return a javascript file containing JSON data and a call to "someHandle" when it is loaded. The developer using your API have to write their own way of making the request and the handler. Bear in mind that because of XSS, the queries would probably come from your partners' servers. The simplest is probably to make your own search offer simple and well-documented so others can exploit it.

2012-04-09 23:18
by boisvert


0

OAuth 2 could be helpful just if you would allow the website B to make POST request to the website A in background.

Instead if you want allow the users that visit the website B to post a comment then the iframe with a form that point to the website A is enough.

2012-04-13 23:09
by Francesco Terenzani


0

The easier bet, yet not necessarily the wisest, is to create some JS which calls on your website using JSONP.

iFrames are not W3C standard, try avoiding them if possible. Code a Javascript with some events that will do some JSONP calls into your own server and return the results in Javascript accordingly, so it would be able to interact with the page.

2012-04-14 04:30
by AbiusX
Ads