XML-RPC info
Resources
Suggested XML-RPM format
Voor de beveiliging worden een aantal maatregelen genomen:
- de XML-RPC interface gebeurd via HTTP (SSL beveiliging)
- in de aanvraag wordt “KlantNr” gespecificeerd, dit is het debiteurennummer in de database
- in de aanvraag wordt een “AuthNounce” code gestuurd, dit is een random getal van een bepaalde formaat/lengte
- in de aanvraag wordt een “AuthKey” code gestuurd, dit is de AuthNounce code vercijfert met een vaste sleutel die bij beide partijen bekend is.
- er wordt slecht 1 XML-RPC aanvraag per 3 seconden beantwoord (om Denial-of-Service attacks tegen te gaan)
- bij een authenticatiefout wordt 30 seconden lang niet geantwoord (om brute-force key hacking pogingen tegen te gaan)
requestPolis
query example
<?xml version="1.0"?>
<methodCall>
<methodName>ingosur.requestPolis</methodName>
<params>
<param>
<name>KlantNr</name> <value><int>...</int></value>
<name>AuthNounce</name> <value><int>12345</int></value>
<name>AuthKey</name> <value><int>54321</int></value>
<name>Ingangsdatum</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Looptijd</name> <value><int>...</int></value>
<name>Kenteken1</name> <value><string>...</string></value>
<name>Chassisnr1</name> <value><string>...</string></value>
<name>Categorie1</name> <value><string>...</string></value>
<name>Merk1</name> <value><string>...</string></value>
<name>Kenteken2</name> <value><string>...</string></value>
<name>Chassisnr2</name> <value><string>...</string></value>
<name>Categorie2</name> <value><string>...</string></value>
<name>Merk2</name> <value><string>...</string></value>
<name>Naam</name> <value><string>...</string></value>
<name>Adres</name> <value><string>...</string></value>
<name>Woonplaats</name> <value><string>...</string></value>
<name>Land</name> <value><string>...</string></value>
<name>Paspoortnummer</name> <value><string>...</string></value>
</param>
</params>
</methodCall>
response example
<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<name>KlantNr</name> <value><int>...</int></value>
<name>Polisnummer</name> <value><string>...</string></value>
<name>AanvraagTijd</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Betaald</name> <value><boolean>...</boolean></value>
<name>Ingetrokken</name> <value><boolean>...</boolean></value>
<name>PDFlink</name> <value><string>https://secure.ingosur.nl/online/printpdf.php?polisnr=224900000&KlantNr=123$AuthNounce=12345&AuthKey=54321</string></value>
<name>Ingangsdatum</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Einddatum</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Kenteken1</name> <value><string>...</string></value>
<name>Chassisnr1</name> <value><string>...</string></value>
<name>Merk1</name> <value><string>...</string></value>
<name>Kenteken2</name> <value><string>...</string></value>
<name>Chassisnr2</name> <value><string>...</string></value>
<name>Categorie</name> <value><string>...</string></value>
<name>Merk2</name> <value><string>...</string></value>
<name>Naam</name> <value><string>...</string></value>
<name>Adres</name> <value><string>...</string></value>
<name>Woonplaats</name> <value><string>...</string></value>
<name>Land</name> <value><string>...</string></value>
<name>Paspoortnummer</name> <value><string>...</string></value>
</param>
</params>
</methodResponse>
infoPolis
query example
<?xml version="1.0"?>
<methodCall>
<methodName>ingosur.infoPolis</methodName>
<params>
<param>
<name>KlantNr</name> <value><int>...</int></value>
<name>AuthNounce</name> <value><int>12345</int></value>
<name>AuthKey</name> <value><int>54321</int></value>
<name>Polisnummer</name> <value><string>...</string></value>
</param>
</params>
</methodCall>
response example
<?xml version="1.0"?>
<methodResponse>
<params>
<param>
<name>KlantNr</name> <value><int>...</int></value>
<name>Polisnummer</name> <value><string>...</string></value>
<name>AanvraagTijd</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Betaald</name> <value><boolean>...</boolean></value>
<name>Ingetrokken</name> <value><boolean>...</boolean></value>
<name>PDFlink</name> <value><string>https://secure.ingosur.nl/online/printpdf.php?polisnr=224900000&KlantNr=123$AuthNounce=12345&AuthKey=54321</string></value>
<name>Ingangsdatum</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Einddatum</name> <value><dateTime.iso8601>...</dateTime.iso8601></value>
<name>Kenteken1</name> <value><string>...</string></value>
<name>Chassisnr1</name> <value><string>...</string></value>
<name>Merk1</name> <value><string>...</string></value>
<name>Kenteken2</name> <value><string>...</string></value>
<name>Chassisnr2</name> <value><string>...</string></value>
<name>Categorie</name> <value><string>...</string></value>
<name>Merk2</name> <value><string>...</string></value>
<name>Naam</name> <value><string>...</string></value>
<name>Adres</name> <value><string>...</string></value>
<name>Woonplaats</name> <value><string>...</string></value>
<name>Land</name> <value><string>...</string></value>
<name>Paspoortnummer</name> <value><string>...</string></value>
</param>
</params>
</methodResponse>
Example of PHP implementation
This is a working example of XML-RPC in PHP.
Found this on: http://nl2.php.net/xmlrpc
clienttest.php
<?php
function do_call($host, $port, $request) {
$fp = fsockopen($host, $port, $errno, $errstr);
$query =
"POST /servertest.php HTTP/1.0\n".
"User_Agent: My Egg Client\n".
"Host: ".$host."\n".
"Content-Type: text/xml\n".
"Content-Length: ".strlen($request).
"\n\n".
$request."\n";
if (!fputs($fp, $query, strlen($query))) {
$errstr = "Write error";
return 0;
}
$contents = '';
while (!feof($fp)) {
$contents .= fgets($fp);
}
fclose($fp);
return $contents;
}
$host = 'www.networkconcepts.nl';
$port = 80;
$request = xmlrpc_encode_request('cycle', 'egg');
$response = do_call($host, $port, $request);
echo "\n\n<pre>\n$response\n</pre>\n\n"
?>
servertest.php
<?php
function lifecycle($method, $params) {
/*
$method = 'cycle', $params = (array of) request parameter(s); $data is
also passed from xmlrpc_server_call_method, if we had any data to pass.
*/
switch($params[0]) {
case 'egg':
$reply = 'All eggs will be birds one day.';
break;
default:
$reply = 'That must have been an otheregg';
}
return $reply;
}
$server = xmlrpc_server_create();
/* register the 'external' name and then the 'internal' name */
xmlrpc_server_register_method($server, "cycle", "lifecycle");
// no you don't need 'always on', and no $_POST doesn't work.
$request = $HTTP_RAW_POST_DATA;
/*
the parameters here are 'server, xml-string and user data'.
There's supposed to be an optional 'output options' array too,
but I can't get it working :( hence header() call
*/
$response = xmlrpc_server_call_method($server, $request, null);
header('Content-Type: text/xml');
print $response;
xmlrpc_server_destroy($server);
?>
The request sent
POST /servertest.php HTTP/1.0 User_Agent: My Egg Client Host: www.networkconcepts.nl Content-Type: text/xml Content-Length: 185 <?xml version="1.0" encoding="iso-8859-1"?> <methodCall> <methodName>cycle</methodName> <params> <param> <value> <string>egg</string> </value> </param> </params> </methodCall>
The response received
HTTP/1.1 200 OK Date: Fri, 25 Jan 2008 22:28:46 GMT Server: Apache/2.0.52 (CentOS) X-Powered-By: PHP/4.3.9 Content-Length: 190 Connection: close Content-Type: text/xml <?xml version="1.0" encoding="iso-8859-1"?> <methodResponse> <params> <param> <value> <string>All eggs will be birds one day.</string> </value> </param> </params> </methodResponse>
