Assertfail

All Posts assertfail

View the Blog on GitHub wallymathieu

web api's

18 Jul 2009

Local procedure calls

Given the scripting nature of the web non-obfuscated javascript code presents itself to the technical user almost as a public API. You can try it out yourself by writing:

for (x in document){console.log(x);}

in your browser javascript console. For more persistent changes to a sites behavior tools like Greasemonkey can be used. Last.fm and Spotify have done some integration by releasing a Greasemonkey script for last.fm.

Remote procedure calls

By using fiddler or Firefox Firebug you can watch the client/server interaction (ajax calls made by a modern web app). The stateless nature of the web and ajax calls promotes a simple design of this “API”. This means that programming/scripting against your site can be easily done by, hopefully authorized, users.

Conclusion

Modern web applications have a natural interface for that might yield a plugin-like api unintended by the applications developers. If you’re developing/maintaining a web app, try searching for it on userscripts. If your app is used by a wide group of people, then you might be surprised with what you find.

Tags

  • javascript
  • greasemonkey
  • Comments or errors? Fork post and do a pull request on github