#REST API

I enjoy the challenge of being in a contest. Currently I participate in InterSystems IRIS with REST API Programming Contest. My idea for this contest was to create an app to help me keep track of tasks for my Status Reports. I started with the template provided by Evgeny Shvarov. I created a persistent class for Tasks and a REST Dispatch class. I defined my URL map and I even figured out how to test my REST app using Postman.

Download MX into folder C:/mx (if Windows)

Create the REST application MX in IRIS namespace USER:

Hello all,

I'm new to the Intersystems development world and I've been trying to figure out how to make a REST API using ObjectScript. I found a tutorial that I've been following that has been great and I'm trying to translate what I've learned to live data.

InterSystems offers an API-design first approach.

You can check this post for more informations : https://community.intersystems.com/post/iris-api-explorer-application.

One practical thing about this approch and the OpenAPI specification is the definition of exchange objects.

I have Mac OSX and Docker Desktop 2.2 (Engine 19.03).

I have a REST service running on my localhost (Mac) and I was trying to consume it from IRIS running in a Docker container.

If you try something like that don't use localhost as HTTP Server setting (using a Business Operation for example).

You have to use host.docker.internal.

In this 3-part series of articles, is shown how you can use IAM to simply add security, according to OAuth 2.0 standards, to a previously unauthenticated service deployed in IRIS.

In the first part, was provided some OAuth 2.0 background together with some IRIS and IAM initial definitions and configurations in order to facilitate the understanding of the whole process of securing your services.

Hi Community!

Enjoy watching the new video on InterSystems Developers YouTube:

⏯ InterSystems IRIS and Node.js Overview

https://www.youtube.com/embed/e3txoPRzK_Q
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

Asymmetric cryptography is a cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. The generation of such keys depends on cryptographic algorithms based on mathematical problems to produce one-way functions. Effective security only requires keeping the private key private; the public key can be openly distributed without compromising security.

In such a system, any person can encrypt a message using the receiver's public key, but that encrypted message can only be decrypted with the receiver's private key.

Robust authentication is also possible. A sender can combine a message with a private key to create a short digital signature on the message. Anyone with the sender's corresponding public key can combine the same message and the supposed digital signature associated with it to verify whether the signature was valid, i.e. made by the owner of the corresponding private key. (C) Wikipedia.

Hi,

Working on integrating with O365 Sharepoint REST API. I would want to know if anyone can share their experience with integration with Sharepoint REST API and how they implemented security?

Thanks
Kiran Kumar

Hi Developers!

I stuck with one interesting problem.

For example, let's use this template repo. If you build this container A using docker-compose and then run the container it exposes REST-API which is available on:

localhost:52773/person/all

The question is how to make this REST-API accessible from another docker container B running on the same machine? E.g. with IRIS 2019.4 Community from this repo?

The problem is that for the second container localhost it's something which belongs to container B.

I think I need to set up a network between containers somehow. E.g. using docker-compose. But is there any simpler way?

Hello, Community!

This quick guide shows how to serve HTTPS requests with InterSystems API Management. Advantage here is that you have your certs on one separated server and you don't need to configure each backend web-server separately.

Here's how:

1. Buy the domain name.

2. Adjust DNS records from your domain to the IAM IP address.

3. Generate HTTPS certificate and private key. I use Let's Encrypt - it's free.

4. Start IAM if you didn't already.

5. Send this request to IAM:

Hi developers!

I just want to share with you the knowledge aka experience which could save you a few hours someday.

If you are building REST API with IRIS which contains more than 1 level of "/", e.g. '/patients/all' don't forget to add parameter 'recurse=1' into your deployment script in %Installer, otherwise all the second and higher entries won't work. And all the entries of level=1 will work.

/patients

- will work, but

/patients/all

- won't.

Here is an example of CSPApplicatoin section which fix the issue and which you may want to use in your %Installer class:

    <CSPApplication Url="${CSPAPP}"
      Recurse="1"
      Directory="${CSPAPPDIR}"
      Grant="${RESOURCE},%SQL"
      AuthenticationMethods="96"
      />

First webinar on InterSystems API Management!

We are pleased to invite you to the upcoming webinar in Russian: Introduction to InterSystems API Management on November 21 at 10:00 Moscow time (GMT+3)!

As you might have heard, we recently introduced the InterSystems API Manager (IAM) - a new feature of the InterSystems IRIS Data Platform,
enabling you to monitor, control and govern traffic to and from web-based APIs within your IT infrastructure.

In this webinar I will highlight some of the many capabilities IAM allows you to leverage. InterSystems API Manager brings everything you need:

• to monitor your HTTP-based API traffic and understand who is using your APIs; what are your most popular APIs and which could require a rework.
• to control who is using your APIs and restrict usage in various ways. From simple access restrictions to throttling API traffic and fine-tuning request payloads, you have fine-grained control and can react quickly.
• to protect your APIs with central security mechanisms like OAuth2.0 or Key Token Authentication.
• to onboard third-party developers and provide them with a superb developer experience right from the start by providing a dedicated Developer Portal for their needs.
• to scale your API demands and deliver low-latency responses

There would be a live demo.

This webinar is for System Architects, Developers and DevOps Engineers.
Time: November 21 at 10:00 Moscow time (GMT+3)!

The language of the webinar is Russian.

Register!