· Apr 24, 2020 2m read
REST for Tasks on my Status Report

I enjoy the challenge of being in a contest. Currently I participate in InterSystems IRIS with REST API Programming Contest. My idea for this contest was to create an app to help me keep track of tasks for my Status Reports. I started with the template provided by Evgeny Shvarov. I created a persistent class for Tasks and a REST Dispatch class. I defined my URL map and I even figured out how to test my REST app using Postman.

2 1
0 193

I have Mac OSX and Docker Desktop 2.2 (Engine 19.03).

I have a REST service running on my localhost (Mac) and I was trying to consume it from IRIS running in a Docker container.

If you try something like that don't use localhost as HTTP Server setting (using a Business Operation for example).

You have to use host.docker.internal.

3 2
0 231

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

5 1
0 847

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

4 0
0 859


Nowadays, there is a lot of applications that are using Open Authorization framework (OAuth) to access resources from all kinds of services in a secure, reliable and efficient manner. InterSystems IRIS is already compatible with OAuth 2.0 framework, in fact, there is a great article in the community regarding OAuth 2.0 and InterSystems IRIS in the following link here.

5 1
0 1.1K

Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.

In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.

Robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key. (C) Wikipedia.

0 2
0 518

InterSystems API Management (IAM) - a new feature of the InterSystems IRIS Data Platform, enables you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure. In case you missed it, here is the link to the announcement. And here's an article explaining how to start working with IAM.

In this article, we would use InterSystems API Management to Load Balance an API.

In our case, we have 2 InterSystems IRIS instances with /api/atelier REST API that we want to publish for our clients.

There are many different reasons why we might want to do that, such as:

  • Load balancing to spread the workload across servers
  • Blue-green deployment: we have two servers, one "prod", other "dev" and we might want to switch between them
  • Canary deployment: we might publish the new version only on one server and move 1% of clients there
  • High availability configuration
  • etc.
7 3
4 698

In this article, we will explore the development of an IRIS client for consuming RESTful API services that have been developed to the OData API standard.

We will be exploring a number of built-in IRIS libraries for making HTTP requests, reading and writing to JSON payloads, and seeing how we can use them in combination to build a generic client adaptor for OData. We will also explore the new JSON adapter for deserializing JSON into persistent objects.

4 3
2 891

Some time ago, InterSystems introduced the concept of %DynamicObjects.
This feature is a powerful tool that makes it very easy to convert any string of JSON text to objects and vice versa.
However, in the work that J2 Interactive is doing for our customers, there are a couple of things that "need some tweaking".

3 3
2 1.1K
· Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

4 5
1 590

There's a new and exciting enhancement to QEWD that has just been released - it's an additional layer of abstraction known as QEWD-Up. QEWD-Up hides away all the mechanics of QEWD itself, allowing you to focus on just your REST APIs and the code that implements them.

Additionally, and importantly, QEWD-Up simplifies the maintenance of your REST APIs, allowing you (and others) to quickly and easily understand their life-cycle and implementation.

3 3
4 723

In this article, I would show how you can upload and download files from InterSystems products via http.

The questions about working with files over http arise fairly often on community and I'm usually linking to my FileServer project which demonstrates file upload/download but I'd like to talk a bit more on how we can serve and receive files from InterSystems products.

7 3
4 2.3K

I already talked about GraphQL and the ways of using it in this article. Now I am going to tell you about the tasks I was facing and the results that I managed to achieve in the process of implementing GraphQL for InterSystems platforms.

What this article is about

  • Generation of an AST for a GraphQL request and its validation
  • Generation of documentation
  • Generation of a response in the JSON format
6 2
2 969

What if you could serialize/deserialize objects in whatever format: JSON, XML, CSV,...; attending different criteria: export/import some properties and not others, transform values in this or that way before exporting/importing,...; and all of this without having to change the class definition? Wouldn't that be great??

Well, perhaps it's a goal too ambitious to reach 100% but, exploring this idea, I've developed a bunch of classes that I thought it was good to share. If you want to test, change, modify or improve the code, or just take a look at it, you can do it here. There you'll find a more detailed explanation (see

Be aware, this is a proof of concept for myself done in spare times, sure it's not robust enough or it can be done much better... but, I was just playing...ok, I could just wait to the new JSON Adaptor (coming soon!) that sure is going to resolve much more scenarios in a cleaner way, but... meanwhile... :-) ...

9 4
4 2.1K
· Mar 14, 2018 10m read
REST Design and Development


For many in today's interoperability landscape, REST reigns supreme. With the overabundance of tools and approaches to REST API development, what tools do you choose and what do you need to plan for before writing any code?
This article focuses on design patterns and considerations that allow you to build highly robust, adaptive, and consistent REST APIs. Viable approaches to challenges of CORS support and authentication management will be discussed, along with various tips and tricks and best tools for all stages of REST API development. Learn about the open-source REST APIs available for InterSystems IRIS Data Platform and how they tackle the challenge of ever-increasing API complexity.
The article is a write-up for a recent webinar on the same topic.

6 5
5 2.6K

Some time ago I got a WRC case transferred where a customer asks for the availability of a raw DEFLATE compression/decompression function built-in Caché.

When we talk about DEFLATE we need to talk about Zlib as well, since Zlib is the de-facto standard free compression/decompression library developed in the mid-90s.

Zlib works on particular DEFLATE compression/decompression algorithm and the idea of encapsulation within a wrapper (gzip, zlib, etc.).

9 6
1 2.4K
· Dec 7, 2017 3m read
Asynchronous REST

In this article I'd like to discuss asynchronous REST and approaches to implementing it.

Why do we need asynchronous REST? Simply put - answering the request takes too much time. While most requests usually can be satisfied immediately, some can't. The reasons are varied:

  • You need to perform time-consuming calculations
  • Performing action actually takes time (for example container creation)
  • etc.

The solution to these problems is asynchronous REST. Asynchronous REST works by separating request and real response. Here's an example, let's consider the following simple async REST broker:

3 9
0 1.4K

This series of articles aims to address the following topics:

  • Creation of a web application based on REST pages;
  • Overview of some tools for tracing (debugging) HTTP requests;
  • Switching from hyperevents to... hyperevents;
  • Integration with jQuery File Upload;
  • Conversion of JSON from the {id:1,parentId:1} format to the {id:1,children:[{}]} format for tree visualization;
  • Integration with jQuery EasyUI (using datagrid and tree as examples);
  • Other topics.

5 1
1 904

Hello again and welcome to the Part 3 - Using the SQL API!

If you have been wondering about how to use SQL along with Frontier, you came to the right place. That's because since Frontier wraps the common Caché SQL API within it's own, you need to use the API provided from it. But you don't need to worry about its learning curve, because the Frontier SQL API is really simple.

2 0
0 606

a.k.a.. "The World of Widgets Returns!" or "Paternity leave damages Instructional Series momentum"

In our last lesson, we combined 2 separate classes to appear as the same property. We now have the ability to Update our Widget catalog, but what if we want to Create a Widget? Thankfully, we've already done 90% of what we need, just by implementing Edits

0 0
0 811
· Sep 6, 2017 4m read
Polling an External REST API with Ensemble


Before we begin, I'd like to mention that I am by no means an Ensemble expert, so take this with a grain of salt and please feel free to offer any suggestions for improvement. That being said, I have enjoyed working with Ensemble and wanted to share the approach I took to poll an external REST API for patient data in the hopes that it might help others with a similar goal.

2 5
0 1.4K