A Remote Method may be called by any other Moxie system. It can be used to divide up a large system among a number of backend servers, or as a public API for 3rd parties. In order to call a Remote Method from MOX, the Remote statement is used.
It is common practice for Internet APIs to make use of API Keys for authentication. This approach allows a 3rd party to provide such a key to the called system as proof of authority to act on behalf of the user. Using an API Key provides the user with greater security than methods such as having the user provide his/her username and password to the 3rd party, or using a regular session key that would grant the 3rd party the same access as the user. Thus, the use of API Keys ensures that the user is only granting the 3rd party a limited set of rights based on what the API exposes.
In practice, setting up a Root Table named APIKey, where the Alias is the API Key to be issued, would allow for fast and easy authentication. There should be a Relationship established between this Table and the Login Table(s), such as MemTab.Person, likely with the API Key set as a Child, and a Ratio of 1-M. An extra Field named ThirdParty would allow the user to save the name of the 3rd party which they plan to give this API key to. This approach of a 1-M Relationship would allow a user to provide a separate API key to each 3rd party, allowing the user to revoke the access to one or more 3rd parties without affecting others. It would be paramount that the Alias of the API Key not be an auto-number; instead, setting the Alias using the MOX CUID function (part of the Value Statement) would provide a secure random key.
When a Remote Method is initiated, a copy of the Query specified by the InputQuery parameter by the Remote Caller will be in a Query Object named Input and it will be set as the Top Query. Any changes made to this Query will be discarded.
A second Query Object, named Output, initially blank, will be set as the Work Query and this becomes the result/return of the Remote Method. The data in this Query will be returned to the Remote Caller and will be placed into the Query specified by the OutputQuery parameter of the Remote statement.
The Request Query is accessible in the same manner as it is in a Public Method. Any URL Parameters passed as part of the URL string will be parsed and available in the Request Query. For more information about the Request Query see the applicable section under the Public Method topic.