REST Beginner Question

Question

Question

Jimmy Christian · Jun 17, 2019

Hello,

I am taking some intro lessons in REST from the online courses. Below is a very simple code i wrote. But when i try to see the output by entering the url

http://localhost:57773/rest/coffeemakerapp/coffeemaker i get an error "

This page isn’t working

If the problem continues, contact the site owner.

HTTP ERROR 401

Thanks,

Jimmy

 Class demo.CoffeeMakerRestServer Extends %CSP.REST
{
XData UrlMap [ XMLNamespace = "http://www.intersystems.com/urlmap" ]
{
<Routes>
<Route Url="/coffeemaker" Method="GET" Call="GetCoffeeMakerInfo"/>
</Routes>
}

ClassMethod GetCoffeeMakerInfo() As %Status
{
Set tArr=[]
Do tArr.%PUSH({
"img": "txt",
"Name": "Best"
})
Write tArr.%ToJSON() 
Quit $$$OK
}
}

Discussion (7)0

Log in or sign up to continue

Evgeny Shvarov · Jun 17, 2019

Hi Jimmy!

401 means that Authenticated user is not authorized to reach the server.

To prove the fact you could grant the application a %ALL role (the second tab) and this should work then.

0 0

score 0 · Answer 1 · 2019-06-18T05:34:35-04:00

I would suggest that adding the %All role, though it would work, is a bit like crushing a nut with a sledgehammer. It effectively opens the door to any unwanted intruder to gain access the Cache/Ensemble/IRIS. For the purposes of a demo test application %All role will work however the deve;loper should be aware that there are more appropriate security mechanisms available to handle user authentication.

score 0 · Answer 2 · 2019-06-18T09:02:26-04:00

Hello Evgeny,

Yes this worked perfectly. I think i did select %ALL role, but did not click on assign but only SAVED it.

Thank you for all your help. But looks like at some point once i familiarize myself with this web and rest app build, i will need to learn more about security..

Thanks,

Jimmy Christian.

score 1 · Answer 3 · 2019-06-18T09:03:48-04:00

Jimmy Christian Jun 18, 2019 to Stephen Wilson

Thank you Stephen. I will check the link you provided for more understanding on REST.

1 0

score 0 · Answer 4 · 2019-10-13T07:46:57-04:00

Evgeny Shvarov Oct 13, 2019 to Stephen Wilson

The same video on Developers Youtube if it's more comfortable

0 0

score 0 · Answer 5 · 2019-06-18T08:59:18-04:00

Thank you Nigel for the suggestions. Agreed, but since this is just a standalone training env, and for now i only want to have a hands on REST development, i think assigning %All role should be fine to see the output of the code ! Security will be my next hands on once i am familiar with the REST architecture.

score 0 · Answer 6 · 2019-06-18T07:24:08-04:00

You could also try a tool like Postman to test service calls and authentication methods. If you tick the Password checkbox it enables Basic authentication (plain text username/password) is enabled. You can also use bearer tokens instead, which is a popular authentication scheme.

While authentication/authorization isn't really covered in great detail, REST and Relaxation is a good starting point for REST development and it comes with a video and source code.

You should also double-check your URL is correct and resource permissions are correct. You probably only need permissions on the ENSEMBLE namespace and there might be a resource that defines this. Your URL is probably something like http://yourserver/rest/coffeemakerapp/coffeemaker