1

I don't know what this method called : Reverse Proxy , Tunneling, Bypassing ?

Imagine, we have 3 website :

http://exampleapi.com - API or Service provider
http://example1.com - I bought the API for this Website from example.com
http://example2.com - My New website

1. I bought the API or Payment Gateway service for example1.com , the website don't have any content , forms, data. (Just to get the API)

2. Now, I want create tunnel between example2.com | example1.com | exampleapi.com. I mean, get all request from example2.com , send to example1.com and pass the data to exampleapi.com.

3. And after response, the exampleapi.com.com send data to example1.com and example2.com will receive it and showing to the user.

Faesal
  • 679
  • 6
  • 19
Jason
  • 15
  • 6
  • You may be overthinking proxy'ing/tunneling. Just a good old API call from example2 -> example1 -> exampleapi will do. Data will return from exampleapi.com -> example1.com -> example2.com. – zedfoxus May 04 '22 at 02:52
  • @zedfoxus is there any tutorial available for this? – Jason May 04 '22 at 02:56
  • https://stackoverflow.com/questions/4064444/returning-json-from-a-php-script is an example of how to output JSON. https://rapidapi.com/blog/how-to-use-an-api-with-php/ is an example how to call an API from PHP. If I have time, I can write an answer with some examples – zedfoxus May 04 '22 at 03:43
  • I have added an answer with some details on how you can have example2 -> get data from example1 -> which gets data from exampleapi. – zedfoxus May 04 '22 at 04:23

1 Answers1

1

Here's an example of how you can write your code. You can simulate this on a single site like I did. On my site, I created 3 folders:

  • example1
  • example2
  • exampleapi

Under each of them, I create an index.php file. Let's look at them.

yoursite.com/exampleapi/index.php

<?php
header("Content-Type: application/text");
echo 'Titanic vs. Iceberg';

The output of this is plaintext

Titanic vs. Iceberg

We'll call this API from example1.

yoursite.com/example1/index.php

This site's code will have it's own data and will pull data from exampleapi/index.php like so:

<?php

// call exampleapi
$url = 'https://yoursite.com/exampleapi/index.php';
$curl = curl_init($url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json'
]); 
$response = curl_exec($curl);
curl_close($curl);

// show data
header("Content-Type: application/json");
$data = [ 
    'name' => 'John',
    'age' => 25, 
    'data_from_exampleapi' => $response
];
echo json_encode($data);

Output of this code will be

{"name":"John","age":25,"data_from_exampleapi":"Titanic vs. Iceberg"}

We'll call this from example2.

yoursite.com/example2/index.php

This will be your webpage. I have simulated a call. When the button is pressed, PHP will send a request to example1/index.php. And that page will send a request to exampleapi/index.php, fetch the data, combine the fetched data with its own data and send it back to example2/index.php

<?php
function fetchInformation()
{
    $url = 'https://yoursite.com/example1/index.php';
    $curl = curl_init($url);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HTTPHEADER, [
        'Content-Type: application/json'
    ]); 
    $response = curl_exec($curl);
    curl_close($curl);

    return $response;
}
?>
<!doctype html>
<body>
    <form action="./" method="get">
        <p> 
            When you press this button, PHP will try to get data from
            example1/index.php and show information
            below
        </p>
        <input type="submit" value="Get data from API" name="mybutton" id="mybutton">
    </form>

    <?php
    // only if button is pressed, fetch information
    if ($_SERVER['REQUEST_METHOD'] === 'GET')
    {   
        if ( ! is_null($_REQUEST['mybutton']) )
        {   
            echo '<h3>Information received</h3>';
            $response = fetchInformation();
            echo '<p>' . $response . '</p>';
        }   
    }   
    ?>  
</body>

When you go to yoursite.com/example2/index.php, you'll see something like this:

enter image description here

When you press the button, example2/index.php -> calls example1/index.php -> calls exampleapi/index.php. Data goes in reverse and you'll see this kind of an output:

enter image description here

This shows you how you can use PHP one 1 page to call API on another page. If you are in control of that another page, you can tweak code to call API from yet-another-page.

zedfoxus
  • 35,121
  • 5
  • 64
  • 63
  • 1
    Thank you. 2 more question, can I use $_SERVER['HTTP_REFERER'] to accept the request only from example2.com ? so I don't want access to another website for using the API. Can I use MySQL database to store the exampleapi.com response to example1.com and send it to example2.com ? how can I apply this? – Jason May 04 '22 at 16:07
  • Of course! You can use referrer or IP or API key to ensure that no other website can use the API call. Yes, you can a database to store the API responses before sending the response forward. You can put closure to this question by accepting one of the answers, if they are acceptable, and then open another question regarding the database response. – zedfoxus May 04 '22 at 17:06