Web API Bridge Dot Org

Quickstart

The following instructions assume a compatible version of Linux that has Apache2 installed with PHP and MySQL modules installed.

Compatible Linux distribution versions

Distribution	Version
Ubuntu	14.04 LTS
Ubuntu	18.04 LTS

Steps

Step 1: Download the latest version of the Web API Bridge.

$ wget www.webapibridge.org/resources/downloads/WebAPIBridge-latest.tar.bz2

Step 2: Extract into a convenient location.

$ tar jxvf WebAPIBridge-latest.tar.bz2

Step 3: Install the Web API Bridge to your desired location, where [version] corresponds to the version extracted.

cd WebAPIBridge-[version]
sudo ./install.sh DOCUMENT_ROOT=/srv/WEB_API_BRIDGE
cd /srv/WEB_API_BRIDGE/WebAPIBridge
sudo apachectl configtest

If config test return 'Syntax OK' the proceed with the following:

sudo rm latest
sudo ln -sf [version] latest
sudo service apache2 restart

Step 4: Create an Apache configuration for an API server. Note: this will restart Apache.

$ sudo /srv/WEB_API_BRIDGE/WebAPIBridge/latest/webapibridge/bin/generate.sh www.example.com

Important
If you install under '/srv/', you may need to edit the '/etc/apache2/apache.conf' file to enable serving from that location. Find the section that looks like below, uncomment the section by removing the '#' characters, then restart Apache using 'sudo service apache2 restart'.

#{Directory /srv/}
#        Options Indexes FollowSymLinks
#        AllowOverride None
#        Require all granted
#{/Directory}

Step 5: Install Certbot.

Certbot may be used to automatically configure the API service with an SSL certificate.

sudo /srv/WEB_API_BRIDGE/WebAPIBridge/latest/webapibridge/libexec/install_certbot/install_certbot.sh
sudo apt-get install dnsutils

Running the 'run_certbot.sh' script will request a certificate for any configured API domains that do not yet have an SSL certificate.

sudo /srv/WEB_API_BRIDGE/WebAPIBridge/latest/webapibridge/libexec/run_certbot/run_certbot.sh /etc/apache2

Step 6: Give access to database.

The Web API Bridge only needs the EXECUTE permission. As the Web API Bridge is not an authentication or authorisation layer, it connects to the database using the credentials 'public' 'public'. However, if a remote database host is used, it is expected that the connection from the API server to the database will also be protected by using x509 certificates with client-side authentication, and also that the database server will restrict the IP addresses that may connect to it.

mysql> GRANT EXECUTE ON *.* TO 'public'@'IP ADDRESS' IDENTIFIED BY 'public';

By default, x509 certificates are expected to be located in the '/etc/mysql/ssl' directory, under a directory named the same as the database hostname. The Web API Bridge will use the appropriate certificates when connection to different database servers. For example:

/etc/mysql/ssl/db.example.com
/etc/mysql/ssl/db.example.com/client-cert.pem
/etc/mysql/ssl/db.example.com/client-key.pem
/etc/mysql/ssl/db.example.com/servera-ca.pem

For more information regarding configuring MySQL and generating self-signed x509 certificates refer to:
VMSetup.com

For more information regarding configuring databases to use the Web API Bridge refer to the 'Technical Documentation' page:
Technical Documentation