New post

#REST API

17

Representational state transfer (REST) is a software architectural style that defines a set of constraints to be used for creating Web services. Web services that conform to the REST architectural style, called RESTful Web services (RWS), provide interoperability between computer systems on the Internet. RESTful Web services allow the requesting systems to access and manipulate textual representations of Web resources by using a uniform and predefined set of stateless operations. Other kinds of Web services, such as SOAP Web services, expose their own arbitrary sets of operations.

Learn More.

I am working on an angular applications and build a web application (Rest API) on IRIS for health, the web application uses a password authentication and setup with the default csp session time out (15 minutes). If the user make an REST API call from the angular application after the session expired, it displays a login prompt...is that anyway that we can disable the login prompt and just simply return http status 401? When the angular application received the status 401, it can redirect to angular error page.

Thanks,

Hoi

0 5
0 440

For the upcoming Python contest, I would like to make a small demo, on how to create a simple REST application using Python, which will use IRIS as a database. Using this tools

  • FastAPI framework, high performance, easy to learn, fast to code, ready for production
  • SQLAlchemy is the Python SQL toolkit and Object Relational Mapper that gives application developers the full power and flexibility of SQL
  • Alembic is a lightweight database migration tool for usage with the SQLAlchemy Database Toolkit for Python.
  • Uvicorn is an ASGI web server implementation for Python.

Open Exchange app
5 5
2 492

Background:

This guideline provides an overview of how to design and implement a REST API interface for querying patient demographic data from an Electronic Patient Record (EPR) system using HealthConnect. The process involves sending a query request with the patient's identification number, retrieving the response from the EPR system, extracting the required patient demographic data from the HL7 message, and sending it as a JSON response to the supplier. The high-level process diagram is shown below (Screenshot 1).

4 5
1 153

We are using an F5 load balancer to route public traffic to our IS server. My goal is to block public access to the Management Portal, and only allow what we want to expose, such as REST/SOAP services. At the F5, they can block URL wildcards or specific ports, so those are our options.

Since the URLs for the web services are in the same path ([host]/csp/healthshare/[namespace]/*), I can't see any URL wildcards happening. That leads me to ports; is there a way to put services on a specific port for all services, and everything else stay on a standard web port?

0 5
0 405

Dear,

I'm trying to configure a new interface that reads HL7, transform them into FHIR messages and then send POST or PUT or DELETE depending on HL7 doc type.

1-I added an HL7 TCP service that reads ADTs messages

2a-Send ADTs to a process to transform them into SDA (using the following command: do ##class(HS.Gateway.HL7.HL7ToSDA3).GetSDA(request,.con))

2b-Extract the patient MRN and add it to the AdditionalInfo property (using the following request message class: HS.Message.XMLMessage)

1 5
0 222

Hello everyone!
I am wondering how I can retrieve multipart form-data from a request that is coming into my REST-service.
I am supposed to retrieve a string and a file. The file is being retrieved without issues, but the "testprofile" string is not being retrieved at all.
It just logs a an empty entry.
The request that is sent to my REST-service has the Content-Type: multipart/form-data
Thanks beforehand for the help! :)

Down below is the code I use right now to retrieve the string and file from Form-data Rest HTTP-request to my service.

0 5
0 768

I have a primary dispatch class that implements %CSP.REST.AccessCheck() for some high level access checks before the route table forwards the request to the implementation classes which also implement %CSP.REST.AccessCheck() for some lower level access checks. The idea is that we know where we are in the implementation class and what the user is trying to do, so it makes more sense to check some lower level items there rather than trying to parse out the request at the dispatch class.

0 5
0 100
Question
· Feb 20, 2019
Extend XData UrlMap

Hi all,

I'm wondering if is possible to extend the UrlMap.

I want to create a base class and one method will be in all extended classes, so I've tried to create the map route in parent class, and the specific methods in extended class. But it doesn't work.

I've create the method in parent class and I've wrote the map in extended class. It works, but I want to put it in base class to prevent forget this call.

Note: The base class extend to %CSP.RES

Best regards,

Francisco Lopez

1 5
1 762
Article
· Mar 14, 2018 10m read
REST Design and Development

Intro

For many in today's interoperability landscape, REST reigns supreme. With the overabundance of tools and approaches to REST API development, what tools do you choose and what do you need to plan for before writing any code?
This article focuses on design patterns and considerations that allow you to build highly robust, adaptive, and consistent REST APIs. Viable approaches to challenges of CORS support and authentication management will be discussed, along with various tips and tricks and best tools for all stages of REST API development. Learn about the open-source REST APIs available for InterSystems IRIS Data Platform and how they tackle the challenge of ever-increasing API complexity.
The article is a write-up for a recent webinar on the same topic.

6 5
6 3K
Article
· Jul 31, 2019 2m read
Anti CSRF Methods

IRIS provides us with anti login CSRF attack mitigation, however this is not the same as a CSRF attack, as login attacks only occur on the login form. There are currently no built-in tools to mitigate CSRF attacks on api calls and other forms, so this is a step in mitigating these attacks.

See the following link from OWASP for the definition of a CSRF attack:

https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)

Open Exchange app
4 5
1 746

Integrating frontend React applications with backend services like IRIS database via REST APIs can be a powerful way to build robust web applications. However, one common hurdle developers often encounter is the Cross-Origin Resource Sharing (CORS) issue, which can prevent the frontend from accessing resources on the backend due to security restrictions enforced by web browsers. In this article, we'll explore how to tackle CORS issues when integrating React web apps with IRIS backend services.

12 5
8 455

First webinar on InterSystems API Management!


We are pleased to invite you to the upcoming webinar in Russian: Introduction to InterSystems API Management on November 21 at 10:00 Moscow time (GMT+3)!

As you might have heard, we recently introduced the InterSystems API Manager (IAM) - a new feature of the InterSystems IRIS Data Platform,
enabling you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure.

In this webinar I will highlight some of the many capabilities IAM allows you to leverage. InterSystems API Manager brings everything you need:

  • to monitor your HTTP-based API traffic and understand who is using your APIs; what are your most popular APIs and which could require a rework.
  • to control who is using your APIs and restrict usage in various ways. From simple access restrictions to throttling API traffic and fine-tuning request payloads, you have fine-grained control and can react quickly.
  • to protect your APIs with central security mechanisms like OAuth2.0 or Key Token Authentication.
  • to onboard third-party developers and provide them with a superb developer experience right from the start by providing a dedicated Developer Portal for their needs.
  • to scale your API demands and deliver low-latency responses

There would be a live demo.

This webinar is for System Architects, Developers and DevOps Engineers.
Time: November 21 at 10:00 Moscow time (GMT+3)!

The language of the webinar is Russian.


Register!

0 5
0 372

Hi guys.

Recently, I get interest in FHIR in order to run for the IRIS for Health FHIR
contest. As a beginner on this topic, I've heard somewhat about it, but I didn't know how complex and powerful was FHIR. As pointed out by @Henrique.GonçalvesDias here, you can model several aspects of the patient history and other related entities.

Open Exchange app
4 5
0 354
Question
· Nov 19, 2018
JSON Syntax

Hi,

I'm using InterSystem Cache v2015.2.5 and I'm implementing a REST API and returning JSON.

Following the documentation I see examples like this

Set obj = {"destinations": ["London","Madrid","Tokyo"]}
Write obj.%ToJSON()

However, I have a compilation error

ERROR #1054: Invalid expression : '{"destinations":'

Is there something that needs to be enabled on Studio to allow this syntax?

Thank you,

Rui

0 5
0 533

Hi developers!

Observing the avalanche of AI-driven and vibe-coding developer tools that have been appearing lately almost every month with more and more exciting dev features, I was puzzled whether it is possible to leverage it with InterSystems IRIS. At least to build a frontend. And the answer - yes! At least with the approach I followed.

Here is my recipe to prompt the UI vs InterSystems IRIS Backend:

  1. Have the REST API on the IRIS side, which reflects some Open API (swagger) spec.
  2. Generate the UI with any vibe-coding tool (e.g., Lovable) and point the UI to the REST API endpoint.
  3. Profit!

Here is the result of my own exercise - a 100% prompted UI vs IRIS REST API that allows to list, create, update delete entries of a persistent class (Open Exchange, frontend source, video):

What is the recipe in detail?

Open Exchange app
5 5
1 115