M/DB:X is accessed via a secure HTTP interface. The security layer adopts the approach used in Amazon's SimpleDB. If you're familiar with SimpleDB, you'll understand M/DB:X security.
All the M/DB:X HTTP requests follow a similar pattern. There are manadatory name/value pairs that must be included in every request, and Action-specific name/value pairs. All HTTP requests must be digitally signed. The M/DB:X-equivalent of SimpleDB's AWSAccessKeyId and AWSSecretKey are the MDBAccessKeyId and MDBSecretKey respectively. Use M/DB's portal to manage and maintain these identifiers.
The security layer used by M/DB:X is based on the mechanism used in Amazon SimpleDB. Most of the name/value pairs listed above will be familiar to anyone who has used SimpleDB. See the Amazon SimpleDB documentation for details of the signing mechanism for HTTP requests (Go to: Welcome > Using Amazon SimpleDB > Request Authentication > Authenticating REST Requests).
For example, an XPath query request would be structured as follows:
Action=XPathSelect &DocumentName=example &MDBAccessKeyId=rob &Signature=v7C0rlW10SivqjRlBWfWLx/5pKA &SignatureMethod=HmacSHA1 &SignatureVersion=2 &Timestamp=2009-06-14T13%3A19%3A41 &Version=2009-04-15 &XPath=%2F%2Fbar%5Bstarts-with%28%40owner%2C%27J%27%29%5D &db=mdbx
The signature in the example above was computed using an MDBSecretKey of 123456.
Note that it is very important that the name/value pairs in the request are correctly escaped and that the string to sign is created in exactly the correct name/value pair sequence. Consult the Amazon SimpleDB documentation for full details.
Note also that the structure of the Timestamp in M/DB:X is identical to that used in SimpleDB. Again, consult the SimpleDB documentation for details.
By default, M/DB:X responses will be formatted as XML. By adding the name/value pair OutputFormat=JSON, M/DB:X will generate JSON strings instead. For example:
Action=XPathSelect &DocumentName=example &MDBAccessKeyId=rob &OutputFormat=JSON &Signature=[computed signature] &SignatureMethod=HmacSHA1 &SignatureVersion=2 &Timestamp=2009-06-14T13%3A19%3A41 &Version=2009-04-15 &XPath=%2F%2Fbar%5Bstarts-with%28%40owner%2C%27J%27%29%5D &db=mdbx
If you are using the standard M/DB Virtual Appliance to host M/DB:X, you simply use the standard M/DB Endpoint URL, ie:
where xxx.xxx.xxx.xxx is the IP address or domain name of your M/DB server, eg
M/DB:X will accept GET or POST requests.