#API

What about having your IRIS REST APIs scanned every push you did and being reported on possible vulnerabilities? This is what I am going to show you in this article.

Recently, we had the Security Contest with amazing applications and examples showing how to improve security on your IRIS solutions. One of such examples was the zap-api-scan-sample, made by me and my colleague Henrique Dias. Our application shows how to use the OWASP ZAP API scanner to perform security tests on your REST APIs OpenAPI definitions generated by IRIS.

Now, we did an improvement on such example, using ZAP GitHub Action

I have a website where I offer shipping services. I need to implement UPS API in my website. I already did all the basic tasks such as create my UPS developer account, download the packages... Now I want to start with the project but I don't have no idea about how to start. UPS doesn't give any instruction or example about that.

P.S: I have knowledge in the basic language such as HTML, JavaScript, PHP, CSS and MySQL...

Please can someone help me with that?

Hello,

I’m looking for a way to find out which category of portal a connector belongs to.
I looked at the class ‘Ens.Config.Production’ and ‘Ens.Config.Item’ but without success.

An idea about the ‘ObjectScript’ code to design?

Best Regards.

Good Day

I have http response comes with strange characters "ليس لديه الØ", but it's normal when i test in postman. Is there any method to read arabic.

Regards

Hi Team,

I want to consume(call) third-party API by passing JSON as a request from Iris.

Over the past year or so, my team (Application Services at InterSystems - tasked with building and maintaining many of our internal applications, and providing tools and best practices for other departmental applications) has embarked on a journey toward building Angular/REST-based user interfaces to existing applications originally built using CSP and/or Zen. This has presented an interesting challenge that may be familiar to many of you - building out new REST APIs to existing data models and business logic.

As part of this process, we've built a new framework for REST APIs, which has been

Hey Developers,

Watch the new video on InterSystems Developers YouTube:

⏯ Tell the World About Your REST APIs: The Benefits of a Centralized Developer Portal

Hello,

I'm hoping to get some feedback on the OAuth process flow for Payer-to-Payer authorization.  It doesn't seem that "Authorization Code Flow" is needed as there will not be a need for a login.  I am leaning towards recommending "Client Credentials Flow", but wanted to get some community feedback before making a decision. I prefer to follow what the standard will be if possible.  What would you recommend?  Thank you in advance for your input.

Hey Community

A new video is already on InterSystems Developers YouTube

⏯ Best Practices for InterSystems API Manager 
 

Hi community,

I'm going to publish several articles on how to perform actions that you can do in the web portal but via code.

Today.... Web Applications via code

I have a client that no longer wants to use sftp to transmit their data file to me.  Instead they want me to pick it up via a web service.

Email from client:

Here is the postman collection and mocking service to start your development. The API has only one URI parameter {id} for which you need to pass UniqueIdentifier(will let you know exact value later).

https://anypoint.mulesoft.com/mocking/api/v1/links/03a74865-d7fb-4318-a310-7ad2b95361f6/v1/receivables/{id}

attachments: ssrg-exp-api.postman_collection.json, IB006_Response.json

• The attachments the client provided can be found in the attached

Hello All,

I am exploring Ens.Alert to generate alerts for Server exceptions.

I noticed that in the business operation, if you have your code inside try/catch and if your catch doesn't explicitly invoke $$$systemerror then Ens.Alert is not invoked.

Similarly, in the Business process if you have <catchall> then Ens.Alert is not invoked on error.  How can I invoke Ens.Alert from <catchall> ? 

Another thing I noticed is, if I dont catch exceptions in BO and BP and have "Alert on error" ON for both, if there is an error in BO, 2 alerts are generated for same error,  one from BO and one from BP.

A concurrent session in IRIS:
SQL, Objects, REST, and GraphQL
 

Kazimir Malevich, "Athletes" (1932)
 

"But of course you don't understand! How can a person who has always traveled in a horse-drawn carriage understand the feelings and impressions of the express traveler or the pilot in the air?"

Kazimir Malevich (1916)

Introduction

We’ve already addressed the topic of why object/type representation is superior to SQL for implementing subject area models. And those conclusions and facts are as true now as they have ever been. So why should we take a step back and discuss technologies that drag abstractions back to the global level, where they had been in the pre-object and pre-type era? Why should we encourage the use of spaghetti code, which results in bugs that are hard to track down, and which relies only on virtuoso developer skills? 

There are several arguments in favor of transmitting data via SQL/REST/GraphQL-based APIs as opposed to representing them as types/objects:

Hey Developers,

Enjoy watching this new video on InterSystems Developers YouTube:

⏯ Demo of REST APIs defined in Swagger, built with InterSystems IRIS interfacing with a SQL backend

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

The second part discussed and showed in detail the steps needed to configure IAM to validate the access token present in the incoming request and forward the request to the backend if the validation

Hi Community,

Enjoy watching the new video on InterSystems Developers YouTube:

⏯ InterSystems API Manager: Gummy Bear Factories

Hi,

I have to create to a web socket client, but I'm unable to read any data from the server, after flushing the buffer. I have no access to the server, only two examples for the client, one in java and the other one in php:

java example:

socket = new Socket("192.168.0.1", 2003);

DataOutputStream out = new DataOutputStream(socket.getOutputStream());

out.writeUTF("aPassword");

out.writeInt(websiteId);

out.flush();

DataInputStream in = new DataInputStream(socket.getInputStream());

int orderId = in.readInt();

in.close();
out.close();
socket.close();

php:

$this->socket = socket_create(AF_INET, SOCK_STREAM, 0);

$

InterSystems API Management (IAM) - a new feature of the InterSystems IRIS Data Platform, enables you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure. In case you missed it, here is the link to the announcement. And here's an article explaining how to start working with IAM.

In this article, we would use InterSystems API Management to Load Balance an API.

In our case, we have 2 InterSystems IRIS instances with /api/atelier REST API that we want to publish for our clients.

There are many different reasons why we might want to do that, such as:

• Load balancing to spread the workload across servers
• Blue-green deployment: we have two servers, one "prod", other "dev" and we might want to switch between them
• Canary deployment: we might publish the new version only on one server and move 1% of clients there
• High availability configuration
• etc.

Hi Community!  Today I'd like to share with you a link to some exercises from a workshop about developing REST APIs and how to manage them using InterSystems API Manager.

It includes step by step exercises to:

• Developing REST APIs from OpenAPI specifications.
• Adding the created API in an interoperability production (optional).
• Basic API management in InterSystems API Manager (service, route, auth, consumers, rate limiting, etc.).
• Some other more complex scenarios in InterSystems API Manager like load balancing, or routing by header.

You will find it all here: https://openexchange.intersystems.c

Hello everyone,

i already asked this question in another post (https://community.intersystems.com/post/how-can-i-import-my-json-format…) and i'm sorry for creating a new post but i still didn't get an answer so i try it again.Now i know how to import my JSON formatted data from my API to my DocDB but now i have the problem that my JSON formatted data from my API is imported only to the %Doc  column and not to the columns that i created with my properties.

Hi Developers,

Please welcome the new video on InterSystems Developers YouTube:

⏯ Building REST API with InterSystems IRIS Docker Container in 5 Minutes

In the context of IKO (Iris Kubernetes Operator) the question of Service not redirecting dynamically to the correct Pod is still pending.
In production this can be dangerous since an overload (or any other simpler problem) can cause you to change the main Pod and leave the application inoperable until we intervene.

Intersystems support warned that this is still an issue of IKO, but there are some possibilities that I am studying.

To explore an idea I had, I would like the help of this Forum to answer the following question:

Is there a way, via the non-iterative command line, to detect whether the

I have been using the 

"in": "PATH"

parameter type for at least a year and was working fine for my GET requests.

Now, since this new version, it has stopped compiling. Does someone know why and what's the workaround to make a request like this work

/getmethod/getparam

Regards

Hi Community,

Enjoy watching the next video by @sween on InterSystems Developers YouTube:

⏯ Putting a match to FHIR with Postman Newman

Hey Developers,

Please welcome the new video by @sween on InterSystems Developers YouTube:

⏯ InterSystems IRIS Native Python API in AWS Lambda

Hey Intersystems Community,

I have a Problem with the Session Handling in .csp.

I wrote all my Web Services in .csp-Pages and do the work for example in the OnPreHttp Method for to get some data.

After that the Web Service response is in JSON.

I call These Web Services via fetch in my react Single Page application, also Many request parallel. The react App is Rolled out as index.html.
Everything Works Fine with the session Handling via Cookie.

But when the Session is invalid After some time for example Timeout or I Delete the cookie (Session) and Then change the page After That Time I make Some

I've run into an issue where job IDs are being retained through multiple calls. My team is doing a rewrite of our system that allows VB6 apps and web apps to directly interact with our Cache databases.

The new process has those applications calling into a WebAPI which then calls into the routines.

In one example of the issue we're having, the VB6 app calls into our api which then does the routine call.The Cache routine I'm working with has a load linetag that loads data into a temporary global called ^SORT($J).Upon completion, the process returns back through the api and the VB6 app.

Hi all,

a HealthConnect customer of ours came across with a question to use an external service via REST and OpenID within one of his HealthConnect  (2020.1) productions. The overal idea is to send data to the external system after receiving a baerer token to use for the communication between HealthConnect and this system.

Since I´ve never done such thing before I have an idea to solve this task but looking for a best practise way to do so.Using the RESt-Api of the external system is not the question here.

Hi Community!

We're pleased to invite you to the Online meetup with the winners of the InterSystems FHIR programming contest!

Date & Time: Friday, September 4, 2020 – 11:00 EDT

What awaits you at this virtual Meetup? 

• Our winners' bios.
• Short demos on their applications.
• A short interview with all the winners about the past contest. Plans for the next contests.