Tim Bond
Longhorn PHP Conference - October 15, 2021
'Automating' comes from the roots 'auto-' meaning 'self-', and 'mating', meaning 'screwing'.
Image credit: XKCD "Automation", licensed Creative Commons Attribution-NonCommercial 2.5
Packet Capture
GET http://api.example.com/items
POST http://api.example.com/analytics
PUT http://api.example.com/scan/498044355635
POST http://api.example.com/analytics
GET /items
[
{
"title": "Bleach",
"upc": 498044355635,
"scanned": false
},
// more items
]
PUT /scan/nnn
{
"user_id": 1234,
"latitude": 30.3235,
"longitude": -97.7109
}
/user/123
/users
/docs
to find outRFC 2069 Digest Access Authentication Syntax
Hash1=MD5(username:realm:password) Hash2=MD5(method:digestURI) response=MD5(Hash1:nonce:Hash2)
👈 No access to Purchase API
GET /users/123
API_KEY = NWTPk4
APP_ID = wQrDfM
GET /users/123
API_KEY = NWTPk4
APP_ID = wQrDfM
HMAC = APvNwF
🔒
Example: concatenate:
API
Shared secret
Unauthenticated request
Secret token
API call ✅
Dynamic
Integrity
Check
API 1
API
Gateway
Authorization request
Auth token
App Auth request
App token
OAuth 2 service
App auth service
API calls
Registered
app info
Registered
user info
API 2
API 3
Key 3
Key 1
Key 2
<?php
$crawler = $client->get('https://www.example.com/log-in');
$crawler->filter('#email')->sendKeys('tim.bond');
$crawler->filter('#password')->sendKeys('test123');
$crawler->filter('#log-in')->click();
$client->waitForStaleness('#log-in');
$client->waitFor('#price')->filter('#price')->getText();