Applications written as Java applets, Flash or Javascript widgets often face security issues where they cannot talk to a data source which does not have the same domain name as the one where they get served from. For example, if you are going to host a flash widget on http://example.com, your flash securtiy settings will normally not let you talk to any data source that is not hosted on http://example.com.

There are workarounds using crossdomain files to solve someo of these problems. However, we do not support a crossdomain file for our freeapi.daylife.com domain that lets your widget read data from anywhere.

To work-around these security issues, you need a proxy that you can host on the same domain as your widget and that proxies all DayPI calls.

Read more below to learn how to use this proxy. The attached code in PHP has the following features:

• You provide a partial urelconded  DayPI URL in the request parameter of this API.  For e.g., if your API call is supposed to be:

http://freeapi.daylife.com/xmlrest/publicapi/4.8/search_getRelatedArticles?query=Barack%20Obama&
accesskey=8befa1cf0a7c0291613242235638a662&signature=82a0ad71c7180a36530c9f59daea6617

you provide the following value to the request parameter:

request=%2Fxmlrest%2Fpublicapi%2F4.8%2Fsearch_getRelatedArticles%3Fquery%3DBarack%2520Obama%26
accesskey%3D8befa1cf0a7c0291613242235638a662%26signature%3D82a0ad71c7180a36530c9f59daea6617

Idea is to take the portion of the DayPI URL beyond the domain name http://freaapi.daylife.com/ and urlencode it. If you host this PHP file in the document root of your server (say http://example.com), your widget will make the API call using the proxy as follows:

http://example.com/proxy.php?request=%2Fxmlrest%2Fpublicapi%2F4.8%2Fsearch_getRelatedArticles%3F
query%3DBarack%2520Obama%26accesskey%3D8befa1cf0a7c0291613242235638a662%26signature%3D82a0ad71c7180a36530c9f59daea6617

• The proxy handles theAPI authentication for you so that you don't have to worry about that in your flash or javascript code. In order to use the proxy, you need to type in your accesskey and shared secret on the top of the PHP code where they are defined. This also helps as you do not need to put your accesskey and shared secret in clear text in your widget code.

• If you are requesting json data, you can add a parameter __callbackto the proxy.php with a value of the function name that you want. The __callback parameter (__callback=function) wraps the JSON output text in parentheses and a function name of your choosing.

• The proxy gives you an easy way to make customizations with how you call the DayPI without having to worry about your widget code. For e.g., if you want  all your API calls to be source filtered, you can add that source filter in the DayPI call by changing the proxy code and not have to worry about changing the widget code.