I was attempting to find a solution to grant clients anonymous access to certain API endpoints while securing others within my REST API. However, when defining a Web Application, you can only secure the entire application and not specific parts of it.

I scoured the community for answers but didn't find any exact solutions, except one recommendation to create two separate web applications, one secured and the other unsecured.However, in my opinion, this approach involves too much work and creates unnecessary maintenance overhead.

I am making a POST request to an API. In the case of an error, I don't know what parameters the response JSON will contain (they will change depending on the error). I am converting the response stream to an object but then I need a way to loop through all the properties and access their values. The following code is making the POST request, reading the response, and trying to add all the error messages to an array. But I can't iterate over the properties of the tProxy.errors object because it is a %ZEN.proxyObject. Is there a better way to do this?

Set tSC=..Adapter.Post(.tHttpResponse, ,

Hello Community,

I've enabled the JWT Authentication in my web application. I invoked the /login page to get the JWT and it creates an entry in %SYS.TokenAuth table. Is there any time span for the entries will rid out from the table automatically or It's  a manual process? Where can I find the JWT signature private/public key 

settings screenshot

web application

For the upcoming Python contest, I would like to make a small demo, on how to create a simple REST application using Python, which will use IRIS as a database. Using this tools

• FastAPI framework, high performance, easy to learn, fast to code, ready for production
• SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL
• Alembic is a lightweight database migration tool for usage with the SQLAlchemy Database Toolkit for Python.
• Uvicorn is an ASGI web server implementation for Python.

Hi, How can I get an instance of stream which is a successor of %Stream.Object in a method that handles a REST POST request?

#dim request as %CSP.Request = %request
 set content = request.Content

This returns a variable of type %CSP.Stream which is totally useless, because %CSP.Stream does not inherit from %Stream.Object

This question is about calling AWS REST APIs. Based on:

http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html

AWS requires REST clients to call their APIs using Signature Version 4 which in case you don't know what I am talking about is a pain in the neck.  Here comes the question:

Has anybody, by any chance implemented the v4 signing alg. in COS? If yes, would she or he have the kind heart to share?

Thanks,

Chris

Hello everyone!
I have manually created a REST-service that receives incoming HTTP-GET calls together with an URL-map. As shown below:

XData UrlMap [ XMLNamespace = "https://www.intersystems.com/urlmap" ]
{
<Routes>
<Route Url="/testGet" Method="GET" Call="Handler" />
</Routes>
}

ClassMethod Handler(req As %Stream.Object) As %Status
{
set Class = ##class(Ens.Request).%New()

set status = ##class(Ens.Director).CreateBusinessService("TestService", .instance)
set status = instance.OnProcessInput(Class, .response)

if $ISOBJECT(response)
{
         write response.%ToJSON()
}Quit $$$OK
}

Through the code above I

Introduction

We are in the age of the multiplatform economy and APIs are the "glue" in this digital scenario. Since they are so important, they are seen by developers as a service or product to be consumed. Therefore, usage experience is a crucial factor for its success.

In order to improve this experience, specification standards such as the OpenAPI Specification (OAS) are increasingly being adopted in the development of RESTFul APIs.

What is IRIS ApiPub?

IRIS ApiPub is an Open Source project whose main goal is to automatically publishRESTful APIs created with Intersystems IRIS technology, in

Developing a Full-Stack JavaScript web app with Caché requires you to bring together the right building blocks. In the previous part, we created a basic front-end React application. In the second part of this article series I will show how to choose the right back-end technology for your application. You will see Caché allows you to use many different approaches to link your front-end to your Caché server, depending on your application's needs. In this part we will set up a back-end with Node.js/QEWD and CSP/REST. In the next part we will enhance our basic web app and connect it to Caché using these technologies.

InterSystems FAQ rubric

The meaning of each timeout value is as follows.

1. [Server response timeout]

If IRIS/Caché processing (routine or query execution) does not finish within this set time, the browser will return an error.

For example, if this value is 60 seconds and it takes 90 seconds to execute a routine/method/query, an error will occur.

2. [Queued request timeout]

For each IRIS/Caché server configured in CSP/REST, you can limit the number of processes that can run CSP/REST concurrently.

For example, when the maximum number of server connections is 3 and if multiple pages that take several

Doing a new project with %JSON.Adaptor, unexpectedly realized that %JSON.Adaptor does not support export to native JSON. %JSONExport just outputs directly to the current device, and there are two more methods %JSONExportToString, and %JSONExportToStream.

In conjunction with generating REST from swagger specification, where any generated method accepts as a result %DynamicObject, which is good. 

I have multiple places in my REST where I have to return JSON for an object, but I have to modify the result a bit, just extend it with some other way.

And having this in my code, I don't like, and anyway

Still working on my first External REST API call, and I am struggling to find the exact answer I am looking for... I get a JSON response from my API call but I am not quite sure how to dynamically get the JSON response into the Ens.Response Object with its lists of Arrays that I have defined.

  set tSC = ..Adapter.SendFormDataArray(.tHTTPResposne,"POST",tHTTPRequest,,,tURL)

  set pResponse = ##class(User.REST.Epic.Msg.GetPatientLocationResponse).%New()

  set dynObject = {}.%FromJSON(tHTTPResposne.Data)

  set iter = dynObject.%GetIterator()

  while iter.%GetNext(.key,.value){

    $$$TRACE("key =

Hello everyone!
I need to build something that will receive a REST request. As of now I have tried my luck with using an EnsLib.HTTP.InboundAdapter. But i am not so sure how I am supposed to configure it to be able to receive the REST request together with the JSON body.
I have specified the OnProcessInput in the adapter so that it receives a GlobalCharacterStream. However, I have not had any good luck finding out to actually make the request to the EnsLib.HTTP.InboundAdapter. 
I would be really thankful if you could let me know if it is possible for an EnsLib.HTTP.InboundAdapter to actually

Hi,

I don't found how to get params send by a GET REST query (not in url but by request param).

this is config of the call in postman

I try to get %request.Data, doesn't work : Data is undefined

I try to get %request.GetCgiEnv("Data"), doesn't work, return ""

I do ZW %request and see that my parameter is present in cgi parameters, but I don't now how to access it.

I have tried many methods from super classes of %CSP.REST but I can't find a method I can override that will run after the %response object is created so I can set a header that is common to each implementation method.  It's one line of code in each method to set the header but it would like to make it super easy, simple and just have a method that runs on, before, after the implementation method to set this common header (we want to return the API version in each responses HTTP headers.

Any ideas?

I'm doing a REST service. A method has as body parameter a JSON corresponding to a class A.

In my production I have class A so that I retrieve the parameters using a dynamic object, such that:

Set body = ##class(%DynamicObject).%FromJSON(%request.Content)
Set myObjectA = ##class(A).%New()
Set myObjectA.Id = body.Id
Set myObjectA.Name = body.Name
Set myObjectA.Date = body.Date
Set myObjectA.Salary = body.Salary

I would like to know if I can avoid doing the manual mapping, doing a casting, since I am sure that FromJSON will return a class A. Something like this:

Set myObjectA =

I am working on my first REST operation to send a API Request to an internal server within our Network. I have finally got past the point of being able to connect using a SSL/TLS Configuration, but I am getting a ERROR <Ens>ErrHTTPStatus: Received non-OK status 403 from remote HTTP server: 'HTTP/1.1 403 Forbidden'.

I have tried using $$$TRACE within my operation to capture the different elements that are being sent to verify the Server, URL, SSL Configuration, and payload. Is there a way that I can see the entire RAW request message that is being sent to see why I might be getting a 403 error

FHIR has revolutionized the healthcare industry by providing a standardized data model for building healthcare applications and promoting data exchange between different healthcare systems. As the FHIR standard is based on modern API-driven approaches, making it more accessible to mobile and web developers. However, interacting with FHIR APIs can still be challenging especially when it comes to querying data using natural language.

Introducing the FHIR - AI and OpenAPI Chain application, a solution that allows users to interact with FHIR APIs using natural language queries. Built with OpenAI,

After installing IRIS 2023.1 on a live copy of our production machine our REST Service now consumes a CSP Session with every request. The request is handled as expected, but uses one of the 5 CSP Session per license. So after 25 requests, the license is used up. The Grace time always shows 0 and the session stay for very long. (Maybe the 900 Seconds timeout). 
On Caché 2018, we had the same settings for the Webapp and there, only a single Session was set for all requests. The Caché request didn't use any cookies. 
Here we also used $system.License.PublicWebAppUser() which I think is not

When manually coding REST services and using GET /api/mgmnt/v1/:namespace/spec/:application/ to return an OpenAPI spec, how do you specify supported properties (OpenAPI Properties in Use | Creating REST Services | InterSystems IRIS Data Platform 2021.1) like responses, definitions, and information in paths like summary and description?

GET /api/mgmnt/v1/:namespace/spec/:application/ | Creating REST Services | InterSystems IRIS Data Platform 2022.2

Using a very basic manual REST service that returns a JSON string I get a pretty basic spec that is not really helpful when it comes to documentation.

I have the following setup: REST broker calls inProc BO via BS. As BO initialization is time-consuming, I want to reuse the same BO during the CSP process lifetime.

I have tried the following approaches:

1. Set %session.Preserve to 1 (I would prefer not to use it as the BO object is not linked to a specific client)
2. Set $$$EnsInProcPersist to 1 (looked relevant)
3. Cached BS between calls

However, every time I call my REST endpoint, I get a new BO. Is there a way to cache inProc BOs in the CSP context?

To run the sample, import it into any interoperability-enabled namespace, start in.Production pro

Hi all,

 I'd like to start playing around with some simple Angular app with IRIS REST Api but I'd like to do so in the best way possible, did you have any best practices and/or VSCode setup to make life easier? 

Keep in mind I've never developed an Angular APP before, so also some simple example will be really useful.

Tnx.

Trying my first REST call operation to our internal EMR (Epic) server, and I am receiving "ERROR #6097: Error '<READ>Read+28^%Net.HttpRequest.1' while using TCP/IP device '9999'" when I attempt to test my operation. When I look up the General Error Messages for 6097 I am seeing...Error '%1' while using TCP/IP device $zu(189,1)='%2'. What does this mean? 

I am trying to connect to the server over port 443 which is HTTPS but I am not using an SSL Configuration. Could that be the issue? 

Is there a way to debug HTTP like their is with the ISCSOAP log?

REST API for Security Package

Hi community,

In this article, we will learn how to set up a REST API for the IRIS Security Package. We will be able to create users, roles, add applications, etc... by simple HTTP requests as well as generate a client application in ObjectScript.

Requirements

We need :

1. An IRIS instance (installation kit or docker).
2. ObjectScript package manager (ZPM).
3. (Optional) A second IRIS instance to generate an ObjectScript client.

We will use a set of existing applications and libraries on OpenExchange. The package manager (ZPM) will make their installations much easier.

I had attempted to create a REST Operation before but did not have success. As I am going through the Tutorials and Documentation everything references REST services, but I have a case where I want to create a REST Operation that makes Epic API calls against Interconnect. I have done SOAP operations before and we currently have one in our Production Namespace, but from what I understand SOAP has the wsdl which defines al the structures and etc, where REST does not. 

So how does one go about creating a REST Operation if Learning Tutorials and Documentation always talks about REST services?

I am playing around with trying to make an Epic REST API call from an operation, and from what I understood because the request has to be sent as POST, I need to send the request as JSON. However when I try taking the request and running %ToJSON against it for the payload to be created I am getting an error...

ERROR <Ens>ErrException: <METHOD NOT SUPPORTED>zgetPatientLocationByVisit+6^User.SCOTT.REST.APIOperation.1 *%ToJSON,osuwmc.Epic.Access.Request.GetPatientLocationByVisit2JsonRequest -- logged as '-' number - @' set tPayload = tRequest.%ToJSON()'

Reading the documentation I tried switching

Hi guys, 

I want to develop a web application in which a user can log in through the user credential of intersystems that is created in Management Portal for a specific role. How can I authenticate the user and get any token or login cookie through which user can call other apis

Hello Community!!

I just upload my lastest application "IRIS Api Tester" to the Open Exchange. 

It's a docker project with InterSystems IRIS + Newman that will allow you to test your Postman Collections in a quick and easy way..

It's ready to work out of the box, you just have to clone the repo: https://github.com/daniel-aguilar-garcia/irisapitester

Run the docker-compose file:

Open this url in your browser: 

http://localhost:52773/csp/user/index.html

Add some test to your Postman collection:

In this example I have added a global test for all the entries of the collection by adding a test in the

Hello Community!

I'm going to try to explain how to create test for Postman collections for use it with my app IRIS Api Tester.

Yet, What is Newman?:

Newman is a command-line tool that allows you to run Postman collections in an automated and scalable way. By creating tests in Newman, you can ensure the reliability and correctness of your API endpoints. In this article, we will explore how to create tests for Newman in Postman, along with practical examples to help you get started.

Once you have created your Postman Collection:

You're ready to start writing your test scripts:

Tests in Postman are

In this article, I will share the theme we presented at the Global Summit 2023, in the Tech Exchange room. Me and @Rochael Ribeiro 

In this opportunity, we talk about the following topics:

• Open Exchange Tools for Fast APIs
• Open API Specification
• Traditional versus Fast Api development
• Composite API (Interoperability)
• Spec-First or Api-First Approach 
• Api Governance & Monitoring
• Demo (video)

Open Exchange Tools for Fast APIs

As we are talking about fast modern APIs development (Rest / json) we will use two Intersystems Open Exchange tools:

The first is a framework for rapid development of