#REST API

I try to test our REST/JSON (POST) services,where queryparametres are in content as json and the answer in contet is also as json.

This is my testClient:

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Integrating frontend React applications with backend services like IRIS database via REST APIs can be a powerful way to build robust web applications. However, one common hurdle developers often encounter is the Cross-Origin Resource Sharing (CORS) issue, which can prevent the frontend from accessing resources on the backend due to security restrictions enforced by web browsers. In this article, we'll explore how to tackle CORS issues when integrating React web apps with IRIS backend services.

I've got a REST service that I can access via a browser. I can get it to take HTML tags as data and display it back to me (so I know the REST part is working). So if I send it this:

http://MyServer:57772/TestArea/rest/TestQuery?UUID=1&RTX=RTX123456&CareType=Palliative

First webinar on InterSystems API Management!

We are pleased to invite you to the upcoming webinar in Russian: Introduction to InterSystems API Management on November 21 at 10:00 Moscow time (GMT+3)!

As you might have heard, we recently introduced the InterSystems API Manager (IAM) - a new feature of the InterSystems IRIS Data Platform,
enabling you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure.

In this webinar I will highlight some of the many capabilities IAM allows you to leverage. InterSystems API Manager brings everything you need:

• to monitor your HTTP-based API traffic and understand who is using your APIs; what are your most popular APIs and which could require a rework.
• to control who is using your APIs and restrict usage in various ways. From simple access restrictions to throttling API traffic and fine-tuning request payloads, you have fine-grained control and can react quickly.
• to protect your APIs with central security mechanisms like OAuth2.0 or Key Token Authentication.
• to onboard third-party developers and provide them with a superb developer experience right from the start by providing a dedicated Developer Portal for their needs.
• to scale your API demands and deliver low-latency responses

There would be a live demo.

This webinar is for System Architects, Developers and DevOps Engineers.
Time: November 21 at 10:00 Moscow time (GMT+3)!

The language of the webinar is Russian.

Register!

Hi,

I'm using InterSystem Cache v2015.2.5 and I'm implementing a REST API and returning JSON.

Following the documentation I see examples like this

Set obj = {"destinations": ["London","Madrid","Tokyo"]}
Write obj.%ToJSON()

However, I have a compilation error

ERROR #1054: Invalid expression : '{"destinations":'

Is there something that needs to be enabled on Studio to allow this syntax?

Thank you,

Rui

Hi developers!

Observing the avalanche of AI-driven and vibe-coding developer tools that have been appearing lately almost every month with more and more exciting dev features, I was puzzled whether it is possible to leverage it with InterSystems IRIS. At least to build a frontend. And the answer - yes! At least with the approach I followed.

Here is my recipe to prompt the UI vs InterSystems IRIS Backend:

1. Have the REST API on the IRIS side, which reflects some Open API (swagger) spec.
2. Generate the UI with any vibe-coding tool (e.g., Lovable) and point the UI to the REST API endpoint.
3. Profit!

Here is the result of my own exercise - a 100% prompted UI vs IRIS REST API that allows to list, create, update delete entries of a persistent class (Open Exchange, frontend source, video):

What is the recipe in detail?

Preface

Before we begin, I'd like to mention that I am by no means an Ensemble expert, so take this with a grain of salt and please feel free to offer any suggestions for improvement. That being said, I have enjoyed working with Ensemble and wanted to share the approach I took to poll an external REST API for patient data in the hopes that it might help others with a similar goal.

Hello community,

in addition to HL7 V2 interfaces mediated via TCP/IP, we have been implementing more and more HS.FHIRServer.Interop.Service based services that are addressed via port 57772.
We would like to secure access to the Management Portal now and have come up with a procedure that I would like to discuss.

Referencing this post:

https://community.intersystems.com/post/producing-json-sql

I'm not sure how to actually interact with the result set I get from doing something like this. I want to return something like:

[{"field1":1, "field2":2}, {"field1":2, "field2":10}]

I'm finding it very difficult to get it in this format, since %Print appends a newline onto the end of the {} object it prints.

Here's the closest I've gotten:

Hi Developers!

Here're the technology bonuses for the Full Stack Contest that will give you extra points in the voting:

• InterSystems IRIS REST API Usage
• InterSystems Native API Usage
• InterSystems JDBC Usage
• Unit Testing
• ZPM Package deployment
• Docker container usage

See the details below.

Hello Community,

When handling a %CSP.REST API response for a custom endpoint, how can I capture or access the response content before it is written to the output buffer and sent through the Web Gateway to the UI?

Hello,

We would like some advice

We have developed a REST Operation

The code is:

Starting off with a working REST interface, I can access the CSP Application definition screen for the application (System > Security Management > Web Applications > Edit Web Application), and "turn off" the application by clearing the Enabled: [ x ] A