Overview
I am building an API which needs to allow for my server to essentially "push" new information to subscribers. I haven't been able to find any tutorials or examples of how this sort of ability is actually implemented (calling an arbitrary per-user-defiend callback with arguments).
Example
For example, PayPal has a callback called "IPN" (Instant Payment Notification). When a payment occurs on your account, PayPal calls this user-defined url of your choosing and passes it a bunch of data.
Details
I'm writing in PHP, storing to MySQL, and using Slim for routing, if that matters.
Questions
1 Assuming arguments come in over POST, how should a callback argument be formatted?
For example, here is how I would get a client_id
argument which was passed in to a route like mysite.com/api/v1/setClientId
global $app;
$json = json_decode($app->request()->getBody());
$client_id = $json->client_id;
I'd like to be able to say "add a callback
parameter as a url string". Would it be as simple as client_id
?
2 How can I get a stored callback string and call it?
I am certain this is not
header($callback_url);
3 How can I pass data to this callback? Assume I have the power to enforce a "standard" protocol on users of the API.
4 Are there any gotchas like XSS prevention or any security concerns to watch for? Like a dangerous URL being passed or called?
Strangely, this strikes me as pretty basic stuff, and considering how advanced some of my PHP has become, I'm surprised I haven't had to learn how to do this yet. But, also curiously, I can't find any tutorials on the subject. Maybe I'm using the wrong terminology.
How can you add a "callback" function to a webservice (in PHP)?