Part III: Studying for IRIS Developer Professional Certification with the

Article

Yuri Marx · Apr 4 15m read

#Certification #InterSystems IRIS #InterSystems IRIS for Health

The "Ask Developer Community AI" tool is an excellent resource for studying for the certification. I asked it about each topic that will be covered in the test and the results are below.
Note: I classified each answer by the assertiveness that I consider as good, average and bad.

Note 2: The article has 4 parts, each one for an exam area.

3. Best practices: Data retrieval

3.1 Uses Python with InterSystems IRIS

[GOOD] Identifies Embedded Python capabilities in InterSystems IRIS
InterSystems IRIS offers Embedded Python capabilities that allow developers to integrate Python scripts directly into IRIS components such as services, operations, and custom functions. This feature provides several benefits:
1.    Access to Python Libraries: Developers can leverage popular Python libraries like pandas, NumPy, and requests for advanced data processing.
2.    Ease of Use: Python simplifies the implementation of complex logic.
3.    Efficient Interoperability: Developers can create services, operations, and transformations directly within IRIS, reducing the need for external tools [1].
Embedded Python in InterSystems IRIS allows for seamless integration between Python and ObjectScript, enabling developers to use the strengths of both languages. Python code can be written within InterSystems IRIS classes, and Python methods can be called from ObjectScript and vice versa. This tight integration allows for efficient data processing and application development [2][3][4].
For more detailed information on using Embedded Python, including examples and specific use cases, refer to the articles on “Streamlining Interoperability with Embedded Python in InterSystems IRIS” and “Introduction to Embedded Python” [1][4].

Sources
1.Streamlining Interoperability with Embedded Python in InterSystems IRIS
2.New in InterSystems IRIS 2022.1 | InterSystems IRIS Release Notes | InterSystems IRIS Data Platform 2024.3
3.New in InterSystems IRIS 2021.2 | InterSystems IRIS Release Notes | InterSystems IRIS Data Platform 2024.3
4.Introduction to Embedded Python | InterSystems IRIS Data Platform 2024.3

[GOOD] Describes features of different options for using Python with InterSystems IRIS (e.g., Embedded, Native API, etc.)

InterSystems IRIS offers several options for using Python, each with its own features and use cases:
1.    Embedded Python: This allows you to use Python side-by-side with ObjectScript, the native programming language of InterSystems IRIS. Python code is compiled into object code that runs on the server along with ObjectScript code, enabling tight integration. You can import and use Python packages within ObjectScript, and Python objects are treated as first-class citizens in ObjectScript and vice versa [1][2][3][4][5][6][7][8].
2.    Python External Server: This option allows ObjectScript code to generate a proxy object that controls a corresponding Python target object, enabling access to Python methods and properties as if using the Python object directly [5].
3.    Native SDK for Python: This lightweight interface allows you to access many InterSystems IRIS features directly from your Python application. You can call ObjectScript class methods or functions, generate proxy objects, and work with multidimensional global arrays (globals) from Python [1][5][9][8].
4.    Production EXtension (PEX): This framework allows you to use Python to develop custom components of an interoperability production, including adapters and business hosts. PEX is the standard way to interoperate with Python in productions [5][6].
5.    Python ODBC Bridge (pyodbc): This allows you to use ODBC to connect to InterSystems IRIS by implementing the DB API 2.0 specification, leveraging ODBC to access the underlying database [5].
Each of these options provides different levels of integration and capabilities, allowing you to choose the best approach based on your specific needs and familiarity with the languages involved.

Sources
1.Introduction to Embedded Python | InterSystems IRIS Data Platform 2024.3
2.Embedded python in InterSystems IRIS
3.Bridge the Gap Between ObjectScript and Embedded Python | Using Embedded Python | InterSystems IRIS Data Platform 2024.3
4.InterSystems Embedded Python in glance
5.Python (Tools/APIs) | InterSystems API Index | InterSystems IRIS Data Platform 2024.3
6.New in InterSystems IRIS 2022.1 | InterSystems IRIS Release Notes | InterSystems IRIS Data Platform 2024.3
7.Run Embedded Python | Using Embedded Python | InterSystems IRIS Data Platform 2024.3
8.Embedded Python Template
9.InterSystems IRIS 2021.2+ Python Examples (Embedded, Native APIs and Notebooks)

3.2 Connects to InterSystems IRIS

[AVERAGE] Configures JDBC/ODBC connections to InterSystems IRIS
To configure JDBC/ODBC connections to InterSystems IRIS, you can follow the steps provided in the relevant documentation:
1.    JDBC Connection:
o    Download the InterSystems JDBC driver, which is a fully compliant (JDBC 4.2), pure Java, type 4 JDBC driver.
o    Add the JDBC driver to your local CLASSPATH.
o    Use the following JDBC URL format to connect: jdbc:IRIS://ipAddress:superserverPort/namespace, where ipAddress is the IP address of the InterSystems IRIS instance, superserverPort is the port number, and namespace is the namespace on the instance.
o    For detailed steps, refer to the article on using the JDBC driver with InterSystems IRIS [1][2][3][4].
2.    ODBC Connection:
o    Define an ODBC data source on your operating system (Windows or UNIX).
o    Use the InterSystems ODBC driver to connect to InterSystems databases from external applications via ODBC.
o    For detailed steps, refer to the documentation on defining an ODBC data source and using the InterSystems ODBC driver [5].
For more detailed instructions and examples, you can refer to the specific sections in the documentation provided.
Sources
1.InterSystems IRIS Demo: JDBC and InterSystems Databases | InterSystems IRIS Data Platform 2024.3
2.JDBC for Relational Access | InterSystems IRIS Data Platform 2024.3
3.Java | InterSystems IRIS Data Platform 2024.3
4.Using the JDBC Driver | Using Java with InterSystems Software | InterSystems IRIS Data Platform 2024.3
5.Document Overview | Using the InterSystems ODBC Driver | InterSystems IRIS Data Platform 2024.3

3.3. Uses SQL with InterSystems IRIS

[GOOD] Differentiates between embedded SQL and dynamic SQL

Dynamic SQL and Embedded SQL are two different methods for executing SQL queries, each with its own characteristics and use cases.
Dynamic SQL:
•    Flexibility: Dynamic SQL allows you to construct and execute SQL statements at runtime. This is particularly useful when the structure of the query is not known in advance or needs to be adjusted based on user input or application logic [1][2].
•    Execution: Queries are prepared and executed at runtime, which means the compiler cannot check for errors at compile time. This allows for the creation of specialized queries in response to user input or other runtime conditions [1].
•    Performance: Initial execution of a Dynamic SQL query is slightly less efficient than Embedded SQL because it does not generate in-line code for queries. However, re-execution of both Dynamic SQL and Embedded SQL is substantially faster due to cached queries [1].
•    Security: Dynamic SQL can be vulnerable to SQL injection if user inputs are not handled correctly. Using parameterized queries (e.g., using the “?” placeholder) can mitigate this risk [3].
Embedded SQL:
•    Integration: Embedded SQL allows SQL statements to be embedded directly within ObjectScript code. This integration can make the code cleaner and more maintainable [4][2].
•    Performance: Embedded SQL is often noted for its performance because SQL instructions are inserted directly into the programming code. It is compiled at runtime, and changes to the database can be mirrored in the SQL code, avoiding possible inconsistencies [4][1].
•    Security: Embedded SQL inherently protects against SQL injection because it uses host variables for input and output, which securely binds parameters at compile time [3].
•    Consistency: Embedded SQL ensures consistency and security by integrating SQL queries within the application code, allowing for direct implementation of access controls [4].
In summary, Dynamic SQL offers flexibility and adaptability for runtime query construction, making it suitable for applications with complex or changing requirements. Embedded SQL, on the other hand, provides performance benefits and security for static queries, making it ideal for predefined query patterns and consistent database interactions [4][1][2][3].

Sources
1.Using Dynamic SQL | Using InterSystems SQL | InterSystems IRIS Data Platform 2024.3
2.Using Dynamic & Embedded SQL with InterSystems IRIS
3.Avoiding SQL Injection in InterSystems IRIS: The Case for Secure Query Practices
4.A look at Dynamic SQL and Embedded SQL

[AVERAGE] Leverages IRIS-specific SQL features (e.g., implicit join, JSON)

InterSystems IRIS SQL offers several specific features, including implicit joins and JSON support:
1. Implicit Joins (Arrow Syntax): This feature provides a shorthand extension to perform a left outer join on a column specified in a SELECT clause. It simplifies the syntax for joining tables based on a property reference or a child table reference [1].
2. JSON Support: InterSystems IRIS SQL supports JSON objects and arrays. You can use JSON literals, including strings, numbers, and special values like true, false, and null. JSON objects can contain nested objects or arrays, and you can manipulate these JSON structures using various methods such as %Set() and %Get() [2].

Sources
1.Using InterSystems SQL (Contents) | InterSystems IRIS Data Platform 2024.3

[AVERAGE] Interprets query plans
To interpret SQL query plans in InterSystems IRIS, you can use tools such as EXPLAIN or Show Plan. These tools generate a human-readable translation of the instructions created by the SQL compiler to access and return the data specified by the query. The EXPLAIN command can be used to generate an XML-formatted query plan and optionally include alternate query plans and SQL statistics. The Show Plan tool can be accessed through the Management Portal or the SQL Shell to display the execution plan for various SQL operations. For detailed steps on how to use these tools, refer to the relevant documentation [1][2][3].

[GOOD] Identifies automatically collected statistics via SQL Statement Index

To identify automatically collected statistics via the SQL Statement Index, you can use the SQL Performance Analysis Toolkit provided by InterSystems IRIS. This toolkit allows you to gather detailed performance statistics for specific SQL statements or groups of statements. The collected statistics include metrics such as execution count, total time, average time, and row count, which can be used to analyze and optimize query performance. You can activate and manage these statistics using methods from the %SYSTEM.SQL.PTools class or through the Management Portal [1][2][3].
Sources
1.SQL Performance Analysis Toolkit | Examine Query Performance | InterSystems IRIS Data Platform 2024.3
2.Analyze SQL Statements and Statistics | Examine Query Performance | InterSystems IRIS Data Platform 2024.3
3.APM – Monitoring SQL Query Performance

[AVERAGE] Evaluates strategies for table statistics gathering (e.g., import, tune, representative data)
To gather table statistics for query optimization, you can use several strategies:
1.    Tune Table Command: Use the TUNE TABLE SQL command or the $SYSTEM.SQL.Stats.Table ObjectScript API to collect statistics on your table’s data. This helps the SQL optimizer decide on efficient query plans by providing information such as the approximate number of rows in the table [1].
2.    Block-level Sampling: In InterSystems IRIS 2021.2, block-level sampling was introduced to reduce the overhead of collecting statistics. This method samples raw database blocks directly, which is more efficient than row-based sampling, especially for large tables [1].
3.    Automatic Tuning: Starting with InterSystems IRIS 2021.2, statistics can be automatically gathered when preparing a query against a table with no existing statistics. This uses block sampling to collect and save statistics for future queries [1].
4.    Exporting and Re-importing Statistics: You can export Tune Table statistics from a table and import them into another table. This is useful for modeling production systems in test environments, replicating production systems, or reverting to prior statistics. Use the $SYSTEM.SQL.Stats.Table.Export() and $SYSTEM.SQL.Stats.Table.Import() methods for this purpose [2].
5.    Manual Adjustments: After running TUNE TABLE, you can manually adjust the calculated statistics if the assumptions made by Tune Table result in suboptimal query performance. This includes setting values for ExtentSize, Selectivity, and Map Size explicitly [2].
For detailed steps on using these methods, please refer to the respective documentation on Tune Table and the $SYSTEM.SQL.Stats.Table API [1][2].

Sources
1.2021.2 SQL Feature Spotlight - Smart Sampling & Automation for Table Statistics
2.Table Statistics for Query Optimizer | Defining a High-Performance Schema | InterSystems IRIS Data Platform 2024.3

[GOOD] Evaluates SQL security strategies
To evaluate SQL security strategies in InterSystems IRIS, consider the following measures:
1.    SQL Privileges: Assign SQL privileges to users and roles to control access. Use the GRANT and REVOKE commands to manage these privileges. The CREATE ROLE and DROP ROLE commands can be used to manage sets of privileges. The system variables $username and $roles help identify the current user and their roles, respectively [1].
2.    Federated Authentication: Implement federated authentication to enhance security by integrating with external authentication providers [2].
3.    SQL Auditing: Enable SQL auditing to track and log SQL activities, which helps in monitoring and identifying any unauthorized access or anomalies [2].
4.    Defenses Against SQL Injection:
o    InterSystems SQL does not allow multiple SQL statements in a single request, preventing the use of semicolons (;) to add malicious commands.
o    Use object access for update processing and restrict SQL update processing for general users to prevent tampering.
o    Encrypt URL query strings in CSP to make it difficult to obtain clues for injection.
o    Grant database access to applications rather than users, and restrict users to read and write access only through the application [3].
These strategies collectively enhance the security of your SQL environment in InterSystems IRIS.

Sources
1.SQL Security | InterSystems IRIS Data Platform 2024.3
2.[Video] Navigating SQL Privileges and Security in InterSystems IRIS
3.Countermeasures against SQL injection

3.4 Creates REST services

[GOOD] Creates REST services and differentiates between implementation options

To create REST services in InterSystems IRIS, you have two main implementation options:
1.    Specification-first definition: This involves creating an OpenAPI 2.0 specification first and then using API management tools to generate the code for the REST interface. The components of a specification-first REST service include:
o    A specification class (subclass of %REST.Spec) containing the OpenAPI 2.0 specification.
o    A dispatch class (subclass of %CSP.REST) responsible for receiving HTTP requests and calling suitable methods in the implementation class.
o    An implementation class (subclass of %REST.Impl) defining the methods that implement the REST calls.
o    An InterSystems web application providing access to the REST service via the InterSystems Web Gateway.
2.    Manually coding the REST interface: This method involves creating a dispatch class and a web application without using a specification class. The dispatch class directly handles HTTP requests and routes them to the appropriate methods.
For detailed steps on creating REST services using either method, refer to the relevant sections in the documentation:
•    Specification-first definition: Creating and Editing REST Services
•    Manually coding REST services: Creating a REST Service Manually [1][2][3][4].

Sources
1.Introduction to Creating REST Services | Creating REST Services | InterSystems IRIS Data Platform 2024.3
2.Creating REST Services (Contents) | InterSystems IRIS Data Platform 2024.3
3.Creating and Editing REST Services | Creating REST Services | InterSystems IRIS Data Platform 2024.3
4.Creating a REST Service Manually | Creating REST Services | InterSystems IRIS Data Platform 2024.3

[AVERAGE] Describes API monitoring and control features available in InterSystems API Manager
InterSystems API Manager (IAM) provides several features for monitoring and controlling API traffic:
1.    Monitoring: IAM allows you to monitor all API traffic in a central location, helping you identify and solve issues. It provides insights into who is using your APIs, the most popular APIs, and those that may require rework. Metrics such as HTTP status codes, latency, and consumer information are tracked [1][2].
2.    Control: IAM enables you to control API traffic by throttling throughput, configuring allowable payload sizes, whitelisting or blacklisting IP addresses, and taking endpoints into maintenance mode. You can also restrict usage in various ways, from simple access restrictions to fine-tuning request payloads [1][3][2].
3.    Security: IAM protects your APIs with central security mechanisms like OAuth2.0 or Key Token Authentication, ensuring that your APIs are secure in one central place [3][2].
4.    Developer Onboarding: IAM provides a dedicated and customizable developer portal for onboarding internal and external developers, offering interactive API documentation to enhance the developer experience [1][3][2].
5.    Scalability: IAM can scale to meet API demands, delivering low-latency responses and handling multiple tens of thousands of requests per second. It supports load balancing and can be configured as a cluster of multiple nodes [1][2].
For more detailed information, you can refer to the InterSystems API Manager documentation [4][1][2].

Sources
1.Announcing the release of InterSystems API Manager
2.Introducing InterSystems API Manager
3.[November 21, 2019] Webinar: Introduction to InterSystems API Management
4.InterSystems API Manager (IAM) | InterSystems IRIS Data Platform 2024.3

[AVERAGE] Secures REST services
To secure REST services, you should use both authentication and encryption (SSL on the transport layer) to protect sensitive data [1]. You can use various forms of authentication with InterSystems IRIS data platform REST services, including HTTP authentication headers, web session authentication, and OAuth 2.0 authentication [2].
For securing individual REST API endpoints, you can use Basic Auth or JWT (OAuth 2.0) to verify credentials and ensure that users have the required permissions to access specific endpoints [3]. Additionally, you can specify privileges needed to access the service or specific endpoints by editing the OpenAPI XData block in the specification class and using the SECURITYRESOURCE parameter in the dispatch class [2].

Sources
1.Cache REST Services
2.Securing REST Services | Creating REST Services | InterSystems IRIS Data Platform 2024.3
3.Securing Individual REST API Endpoints

[AVERAGE] Documents REST Services

To document REST services in InterSystems IRIS, you can use the following methods:
1.    Using the /api/mgmnt Service: This service includes calls to discover REST services and generate documentation. For example, you can use the GET /api/mgmnt/v2/:namespace/:application call to get the OpenAPI 2.0 specification for a REST service, which can then be used with tools like Swagger UI to provide interactive documentation [1].
2.    Using the %REST.API Class: This class provides methods to discover REST services and generate documentation. For example, the GetAllRESTApps() method returns a list of REST services on the server, and the GetRESTApps(namespace, Output appList) method returns a list of REST services in a specific namespace [1].
3.    Providing Documentation for a REST Service: You can use the Swagger open-source framework to provide interactive documentation for your API based on the OpenAPI 2.0 specification. This involves using tools like Swagger UI to host and explore the documentation interactively [1].

Sources
1.Listing and Documenting REST APIs | Creating REST Services | InterSystems IRIS Data Platform 2024.3

Part III: Studying for IRIS Developer Professional Certification with the "Ask Developer Community AI"