Hey Andy,
Can you recommend any resources for learning how to do this?
This looks like a good article to get started with learning about RESTful
APIs:
https://www.sitepoint.com/developers-rest-api/
For authentication do I really need to go the whole OAuth 2 route or
> can API keys be enough?
OAuth 2 would probably be best if you're going to be allowing backwards and
forwards communication (for example, letting folk modify account
information) but if you're just using it to query transfer information, API
keys are probably fine (but you'd want to allow customers to rotate them
themselves in case of compromise).
Let's assume you have authenticated by whatever method. It's
> probably best if that be valid for the whole customer record, so
> something like this:
> GET
https://api.bitfolk.com/v1/guest
> …gives you a list of guests. But is that a
list of IDs, or a list of
> guest names?
If you're following REST, you'd want that to return a list of guests with
their individual ID and other details for that record, e.g.
{ id: 1, name: "James" }
Let's say it's a list of ID numbers.
> GET
https://api.bitfolk.com/v1/guest/1234/xfer
> gives you back JSON for the current and
predicted amounts in and out
> for the current accounting period as well as the period start and
> end times for guest id 1234?
Yeah, that's probably the best way to do it.
This is a big project for someone who has never done it before,
> unfortunately.
It entirely depends on what powers the customer panel or whether you're
building the API app specifically as a separate interface. Ruby on Rails
(the language I use) has a bare bones API mode and their documentation is
pretty good for getting you started.
I'm no expert on APIs, but happy to provide advice if you'd like it :-)
Cheers,
James