Developer basics

API types

Interaction between applications and the Platform is made available with the tools of server API and JS API. With the help of JS API methods billing and message sending are realized. Tools of server API realize the rest of the functionality of interaction of the server and applications: obtaining profile data, managing images and geo-data etc.

More detailed information about JS API you can get in JS API section.
More detailed information about the server API you can get in Server API section.

Gateway address

api.aplatform.ru

Main parameters of application launch

Parameters are sent in flashVars or in GET parameters of application.
  • oid — is an id of user profile, who launced an application.
  • sid — is an id of user session for making API queries
  • partner_url — is a domain of the current partner
  • fav_id — is an unrequired parameter, this is a user id, from the page “favorite applications” of whose this user launches an application.
  • auth_key — this is a key, required for user authentification on an external server (application server). With the help of the key correctness check for $app_id and $oid is performed.
  • extra — unrequired parameter in which additional data may be rendered.

Formation algorithm for auth_key

ksort($params);
$result = '';
foreach ($params as $key => $value){
    $result .= "$key=$value";
}
return md5($result . $secret_key);

Every time you run an application please check compatibility of oid and auth_key for correct authentification and also check correctness of the rest parameters.

Access levels

A very important feature of «Wamba» API is differentiation of methods according to access levels to user data. Since an application can get access not only to “public” information, but also to private one – we pay special attention to check of access authorization.

In the application settings an author must select a level of access to API. Depending on the level selected, a set of server API methods will be made available for the application. At the moment we distinguish five different levels:

  • 0 - Without access to API
    Applications which do not work with data of «Wamba» users.
  • 1 - General access
    It allows application to get public information about a user: information in profile fields, list of flags, blog entries, ads in “Fellow Travellers” section etc.
  • 2 - General access + Access to information about those who viewed user's profile.
    It allows application to see if it is installed by the user, make a record on the achievement board and also check a list of visitors of the user who launched the application. To make the methods of this group work sid needs to be sent.
  • 3 - General access + Right to access user's contacts
    It allows application to get access to user's contacts and also send messages on the part of the user. To make the methods of this group work sid needs to be sent.
  • 4 - General access + Rights to access notifications
    It allows to send users messages on behalf of “Application manager”.

Notice: all the methods regardless of an access level are divided into those for functioning of which sid needs to be sent, and those which work without sid. This actually means that an application may call some methods only if there is an authorized user. It is recommended to bear in mind that this parameter is obligatory, which is stated in description of each method.

Before installing an application a dialogue must be displayed in which a user must agree to allow the application to access user data of a corresponding level. In case application parameters are changed after installation, the dialogue is displayed for the second time with new access levels.