Representational state transfer (REST) is a software architectural style that defines a set of constraints to be used for creating Web services. Web services that conform to the REST architectural style, called RESTful Web services (RWS), provide interoperability between computer systems on the Internet. RESTful Web services allow the requesting systems to access and manipulate textual representations of Web resources by using a uniform and predefined set of stateless operations. Other kinds of Web services, such as SOAP Web services, expose their own arbitrary sets of operations.
Hello again! Welcome to the Part 2 - Handling payloads!
If you're new to this series, I'd recommend you to check out the Part 1 - Core concepts. You'll need a basic understanding about how Frontier works before continuing with the Part 2.
The first installment of this article series discussed how to read a big chunk of data from the raw body of an HTTP POST method and save it to a database as a stream property of a class. The second installment discussed how to send files and their names wrapped in a JSON format.
Now let’s look closer at the idea of sending large files in parts to the server. There are several approaches we can use to do this. This article discusses using the Transfer-Encoding header to indicate chunked transfer. The HTTP/1.1 specification introduced the Transfer-Encoding header, and the RFC 7230 section 4.1 described it, but it’s absent from the HTTP/2 specification.
For the benefit of those who want to use the Document Database (DocDB) capabilities within InterSystems IRIS, and specifically the REST API it provides, I put together a PostmanCollection that provides samples for several basic calls.
Being a programmer nowadays is basically the geek version of being a polyglot. Of course, most of us here, in the InterSystems Community, “speak ObjectScript”. Howeever, I believe this wasn’t the first language for many people. For instance, I had never heard about it prior to getting the appropriate training at Innovatium.
With this article, I would like to show you how easily and dynamically System Alerting and Monitoring(or SAM for short) can be configured. The use case could be that of a fast and agile CI/CD provisioning pipeline where you want to run your unit-tests but also stress-tests and you would want to quickly be able to see if those tests are successful or how they are stressing the systems and your application (the InterSystems IRIS backend SAM API is extendable for your APM implementation).
This post is a introduction of my open exchange iris-fhir-client application.
iris-fhir-client can connect to any open FHIR Server by using embedded python with the help of fhirpy Library. Get Resource information by terminal and by using CSP web application.
One of the most common needs of our clients is the creation of REST services that allow access to the information present in IRIS / HealthConnect. The advantage of these REST services is that it allows the development of custom user interfaces with the most current technologies taking advantage of the reliability and performance of IRIS in the back-end.
IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.
See the following link from OWASP for the definition of a CSRF attack:
Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.
In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.
Robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key. (C) Wikipedia.
In this article, we will learn how to set up a REST API for the IRIS Security Package. We will be able to create users, roles, add applications, etc... by simple HTTP requests as well as generate a client application in ObjectScript.
Imagine the scene. You are working happily at Widgets Direct, the internet's premier retailer of Widgets and Widget Accessories. Your boss has some devastating news, some customers might not be fully happy with their widgets, and we need a helpdesk application to track these complaints. To makes things interesting, he wants this with a very small code footprint and challenges you to deliver an application in less than 150 lines of code using InterSystems IRIS. Is this even possible?
I would like to take advantage of our topic on capture for Health Data Warehouses (on DC-FR) to show you how to quickly create HTTP SOAP and REST clients. IRIS, as well as applications available on Open Exchange offers solutions to generate them from a WSDL or a swagger specification.
SOAP client
Nothing could be easier than creating a SOAP client. All you need is the WSDL.A wizard is available from the IRIS Studio. It allows you to generate not only your classes for a web service client but also the “Business Services” and “Business Operations” if you want to consume them with the interoperability framework.
In the previous article, we discussed the development of business processes, which are part of the components required for system integration and serve as a production coordinator.
This quick guide shows how to serve HTTPS requests with InterSystems API Management. Advantage here is that you have your certs on one separated server and you don't need to configure each backend web-server separately.
Here's how:
1. Buy the domain name.
2. Adjust DNS records from your domain to the IAM IP address.
3. Generate HTTPS certificate and private key. I use Let's Encrypt - it's free.
I've mentioned the QEWD project in this group before: it's a Node.js-based platform for web, Native and REST applications which tightly integrates with Cache. It uses a somewhat different philosophy to the use of Node.js than the norm, and I've now published an article that explains this approach and the unique benefits that arise as a result.
It turns out that, integrated via QEWD, Cache is an ideal bed-fellow for Node.js. QEWD makes the integration of Cache and Node.js exceptionally fast, simple and intuitive to use, but also extremely powerful.
Using SOAP Web Services or REST API Resources, if you want to deliver strategic digital assets for your organization, SOA aproach is an excellent option. The InterSystems IRIS supports like a charm the SOA principles with Contract First technique to model services aligned with the business, and create the services from the service contracts (Open API or WSDL).
Quite a few enhancements have appeared over recent months in QEWD for easing and simplifying the creation of REST-based services. It's now even more slick and powerful, allowing you to very quickly create very high-performance, highly-scalable REST (and Web) services that make use of Cache.
I've therefore updated the training presentation deck (Part 31 on developing REST Services with QEWD). It describes all the new features with worked examples. See:
I was attempting to find a solution to grant clients anonymous access to certain API endpoints while securing others within my REST API. However, when defining a Web Application, you can only secure the entire application and not specific parts of it.
Hello again and welcome to the next tutorial on this series: Part 4 - Sharing data across router methods. Here we are going to learn how to share a object containing data that is available for read across every router methods.
You're required to complete at least the Part 1 before entering this one. Still, this is supposed to be a really short tutorial, since there isn't much to be said about data sharing.
I'm participating in the Developing with InterSystems Objects and SQL with Joel Solon. The course is very nice and I will share with you some tips I got during the training. Tips presented in the day 4:
By views
Open Exchange app.png)
.png)
