Search code examples
apiserveripaccess-tokenbearer-token

How to make API request with bearer token from anyone around the world?

I am a newbie in integrating APIs and so I am encountering some issues that need help.I have been working with Clash of Clans API for some weeks. I want to make a website where users can make request and get data from the server. **To use the API, a JSON Web Token is required and it needs to be passed as part of every request. The token is bound to rate limitations and specified IP addresses. ** What I have been doing is, create a token with my IP address, get the token and make request using it. Now, I want to take this a step forward but I have no idea how to take request from users around the world.

I thought of taking keyword from the user and making request from the server but don't know the step forward. Or maybe I should make requests using my server's address from my PC? Which I don't know how. I will appreciate it if someone could explain to me with this in layman's language and if possible through a reference. Thank you in advance.

Solution

  • There are many ways to design for Clash of Clans API architecture.

    I just to make a simple design base on quick review of Clash of Clans limitation. API_KEY can add IP address only when create API_KEY. It means can't update (add) user IP address after create API_KEY.

    enter image description here

    Step 0 : Create API_KEY

    Clash of Clans server only allow specified IPs and API_KEY for REST API call. You need to know your server IP v4 address(production purpose) and your IP address(debugging purpose)

    your IP address get from google search enter image description here

    After create key, you (developer), develop(or debugging) your API. This is created API KEY in CC server enter image description here

    This example, using Postman check API. enter image description here

    Step 1 : User login

    With his User ID and password. it will save into your server with hashed value. (It means not save password, save hashed data). it can verify but if leak to hacker much more safe. Use request API call(or service) to your server

    Step 2 : Your server forward API to CC server

    Server verify user is valid If valid user, server forward API call into Clash of Clans(CC) server by CC API with API_KEY(Bearer Token)

    Step 3 : CC server check correct API call

    CC server verify by compare called API_KEY/IP address with saved API_KEY/IP address

    Step 4 : CC server return API response to your server

    Your server received the server API call

    Step 5 : Your server return to user

    User received her request a service

    This API list

    You can test it from your home.

    enter image description here

    This is example API call via CC server's documentation enter image description here