Shortening URLs from PHP with

I’ve been looking around for a really simple API that would be a nice place to get started using web services from PHP – and I realised that actually fits the bill really well. They have straightforward api docs on google code, and it’s also a pretty simple function!

Here’s a simple example, using PHP’s curl extension, of using the API to get a short URL, using PHP (you need an API key, but if you’re a registered user, you can log in and then find yours at

$ch = curl_init('');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

$result = curl_exec($ch);

Continue reading

Invalid Protected Resource URL in Pecl_Oauth

I had a funny (funny weird, not funny haha) problem the other day when working with pecl_oauth in PHP to talk to a service. I’d gone through all the handshaking steps, got the acces token and was ready to start talking to the service itself. However when I tried to call OAuth::fetch, I got an error message:

Fatal error: Uncaught exception 'OAuthException' with message 'Invalid protected resource url, unable to generate signature base string'

There are two things to notice about this. The first one is that I should be catching exceptions thrown by this code :) The second is that I could see nothing wrong with my url, http://api.local. It turned out, after some experimentation, that what is missing here is a trailing slash, and if I supply http://api.local/, everything works perfectly nicely! I’m unclear if this is intended functionality or not, but if you see this error message and you’re requesting a URL with no path info, make sure you have a trailing slash.

Using s3cmd To Manage Files on Amazon S3

Recently I moved some podcasts on to Amazon Simple Storage Service, or S3, which I know is great and easy to use, and I’ve used it with some wrappers, but never directly until now. It turns out, unsurprisingly, that S3 is great and easy to use :) I used s3cmd from s3tools – a collection of python scripts that made this really really easy. Even better, I’m an Ubuntu user so s3cmd is already packaged for me and I simply installed with:

sudo aptitude install s3cmd

Once installed, I found s3cmd --help was surprisingly helpful. To start with you need to set up an access key on AWS (Amazon Web Services) using your amazon user credentials, then supply this to s3cmd by using s3cmd --configure and following the prompts.

Continue reading

OAuth Google API for Unregistered Applications

It is pretty common when using OAuth for there to be a relationship between the provider and consumer; as a consumer you usually register with the provider to obtain a consumer key and consumer secret. Google’s APIs however do not require this. It is recommended that you register your application, however it is also possible to use OAuth without registering.

To make this work, when you sign your OAuth request Google will accept some default values for consumer key and secret – see their documentation on signing oauth requests. To do this, set both consumer key and secret to the value “anonymous”, and proceed as you normally would. The only difference so far as I can see is that the user will be shown a more cautious message when they are prompted to grant access to your application. Personally I think this is a great approach, particularly when prototyping ideas. Registering the applications though is simple and quick so I’d recommend registering for most applications once they get beyond concept stage.

Google Analytics Accounts API

I’m working with Google Analytics at the moment, to pull information about web traffic from analytics into another system. Google have excellent APIs and that makes this job much easier. I’m using pecl_oauth to authenticate users against their google accounts (see my post about using OAuth from PHP), but even after I have a valid google user, working out which analytics accounts they have access to and how to refer to them is a puzzle in itself, so I thought I’d share what I learned.These examples use pecl_http, since I have control of my platform and I find it easy to work with. I’ve tried to write this with explanations of the overall process in between the code snippets so hopefully this makes the process clear whether or not you will use exactly the same implementation.

Analytics Accounts

Your google account can have access to one or more analytics accounts. For example when I log in I have access to accounts which hold the data for,, and a few other things I’m involved with. Only actually belongs to me, the others are accounts created by someone else and which I have access to. The first challenge therefore is to work out which a user has access to – the best place to start is the reference page for the Management API, part of google’s own documentation. In a nutshell, we build up a URL like this, being increasingly specific by fleshing out the values in square brackets on subsequent calls:[accountID]/

First up then, is to get a list of accounts for our authorized user – I already have a valid oauth access token to use in this example Continue reading

Best Practices in API Design: Audio and Slides

Earlier in the year I gave a talk at PHP UK in London entitled “Best Practice for API Design”. I really enjoyed giving this talk, since I work so much with APIs and enjoy sharing my ideas. The audio is now online so if you missed the talk, feel free to have a listen. You can also see the slides (on slideshare) and also read the series of blog posts I wrote on this topic which originally inspired the talk.

Authenticating with OAuth from PHP

I’ve been looking into OAuth recently and really like what I see, so I started looking at actually starting to play with something that uses it (and isn’t twitter). In the pursuit of this, I spent some time walking through the process of how to actually authenticate using OAuth, as a client. I chose Yahoo!’s service, because they have some fabulous developer documentation and have a standard OAuth implementation. Although you don’t strictly need any special libraries to handle OAuth, that would be a bit like decoding XML with a regex, so I used the OAuth Package from PECL. For others (including me after I’ve slept), here’s an outline of the process.

Continue reading

Retrieving Product Attributes from Magento’s V2 API

I’ve been working with the API for Magento in recent weeks and I had a bit of a struggle explaining to the V2 API which attributes of a product I wanted to retrieve. Actually I had issues talking to the V2 API at all, but that’s a different post so I’ll skate over those for now. Instead I thought I’d share (or rather, record for the next time I have the same problem!) how to specify which attributes about a product to retrieve.

It actually wasn’t complicated but without V2 API documentation, it wasn’t at all clear what to feed in to get the result I was looking for. It turns out you can just pass an array of desired attributes, shown here with the info method from the product_catalog:

    // connect to soap server
    $client = new SoapClient('http://magentoinstall.local/api/v2_soap?wsdl=1');

    // log in
    $session = $client->login('user', 'pass');

    // product info
    $attributes = new stdclass();
    $attributes->attributes = array('product_title', 'description', 'short_description', 'price');
    $list = $client->catalogProductInfo($session, , NULL, $attributes);

There were two tricks – one was realising that I could pass that final (undocumented) argument, and the other was understanding how to format that. Hopefully anyone doing battle with the same thing will find this post and get over this little challenge much faster than I did :)

Accessing the Magento V2 API

Recently I’ve been working with Magento at work, and in particular with integrating with their API. Now, before I say anything more, I must say that I am always pleased when I see that these products do include some kind of API. The Magento one is a bit interesting, although there is some half-decent API documentation for the original API.

However they have then released a new version of the API, with very little documentation. So here are two calls – one to the v1 API and one to the v2 – which I hope will help illustrate the differences. The example I’ll give is the customer list functionality, including filtering the result set – because this was a total mystery when I started working with the v2 API!

    $options = array(
        "location" => 'http://magentoinstall.local/index.php/api/index/index/',
        "uri" => 'http://magentoinstall.local/api/'
    $client = new SoapClient(NULL, $options);

    $session = $client->login('user', 'pass');
    $list = $client->call($session, 'customer.list', array(array("customer_id" => "42")));

To make the same call with API version 2, we need to address the method in a different way, using the structure in the underlying code as the method name that we call, and CamelCasing those, like this:

   $client = new SoapClient('http:/magentoinstall.local/api/v2_soap?wsdl=1');

   $session = $client->login('user', 'pass');

    $filter = new StdClass();
    $filter->filter = array(array("key" => "customer_id", "value" => "42"));
    $list = $client->customerCustomerList($session, $filter);

I haven’t used either of the APIs a lot but once I was able to call the same method via both available services, I wanted to share the approach here in the hope that this would help someone else trying to solve the same problem. It is certainly not obvious from the documentation how to interact with the v2 API and I had some real puzzles getting the filtering working. These snippets are from my working code so I hope they are helpful to someone!