Hello,
We have developed a Windows 8 application (HTML/JS/CSS) to select and download 'add record' template info from a (2.7) Moodle database activity, store them on tablets (local DB, SQLite), use this data to present and complete the forms offline, then upload completed records later back to the database activity. Primarily this is being used by assessors to record marks with a running total score for practical (OSCE) exams.
Currently this is done with a custom php script placed in a directory on our local Moodle server - the application sends and receives data to/from Moodle just fine. The communication is carried out via an AJAX request from the application, choosing the relevant data and passing it using JSON objects.
Our main concern is security/encryption of passwords and data transmission. Currently a JSON script authenticates the user with Moodle, then we force a login time-out on the tablet so the user isn't left logged-on. What we would like to do is to communicate with Moodle through a web API to push/pull the data securely.
The developer who coded the app suggested the fuctionality needed is similar to Braintree's credit card payment procedure. Braintree provides users with a javascript library to encrypt the credit card information from the webpage form (frontend) and sends the data through AJAX request to their server. Their server then decrypts the data and uses it to do the transaction, then Braintree sends back a response for verification or failure of the transaction.
I've had a look at the Moodle API docs but didn't see anything explicitly covering this - but I'm not a webservice expert by any means. Is there an existing API that we could use or customise with our scripts to authenticate users and pass the necessary data through ajax requests?
Any advice would be welcome.
Regards, Gordon.