Implement a Custom API for a Façade REST Service
When you develop a mobile application, you usually start with the user interface layer first, and then you connect your application with another application by using REST web services. This approach works well for small or simple applications. When applications are bigger, and you want connect with multiple back-end services, you can inadvertently introduce performance and security issues.
It's a best practice to start building a façade API layer between the external back-end services and the user interface to reduce the number of calls to the back-end services whenever possible. For example, your mobile application can execute a single call to the façade API layer which handles the calls to other REST services, and consolidates all the incoming data in a single response to your mobile application.
Create a Complete Custom API
To create a complete custom API using Oracle Mobile Hub.
Click and select Development, and then APIs from the side menu. If an API was already created (whether in a Draft or a Published state), you'll see a list of APIs. If no custom APIs exist, then you'll see a page with the New API button. Click the API you already created, or click New API to get started.
Define Endpoints
You create resources to define the endpoints of your API. A resource is the crux of an API. It has a type, some data associated with it, a relationship to other resources, and contains one or more methods that act on it. A resource can be nearly anything: an image, a text file, a collection of other resources, a logical transaction, a procedure, etc.
When you create a method for a resource, a symbol for that method appears below the Methods link. You can immediately see which methods are defined for a resource if you need to examine a resource definition. Click an icon to go directly to that method definition.
You can clear the clutter to locate a resource more quickly by switching to Compact Mode (it's to the right of New Resource). The compact display hides the resource description, resource type, and path.
Add Methods to Your Resources
Methods are actions that can be performed on a resource. The Methods page shows you one method at a time. After at least two methods are defined, you can click on the icon for a method at the top of the page to see its details.
After you define methods for the resource, you can define the requests and responses for those methods.
Define a Request for the Method
Now that you've selected a method, define the request you're making of the service that you want to connect to. For instance, if you selected a POST
method, then now you can define what to create. You do this by adding parameters and a request body, which contains the description of the data to send to the service.
- Click Request to define a request.
- Click Add Parameter and select a parameter type: Query or
Header. Select Required if the parameter is required for
the method.
- Depending on the method you selected, click Add Media Type and define the method body. The body contains the data that you're sending to the server. For instance if you’re defining a
POST
method, you’ll need to define the item you’re creating, such as a new customer listing or service request. If you’re defining aGET
method, you don’t need to send a method body so you don’t need to specify a media type. - Click Add Media Type to add additional media types. If you decide that you don't want the method, then click X in the banner to delete it.
Define a Response for the Method
Depending on the request, you may or may not need a response. A response describes the process for returning results from the service. You might want to define a response that verifies that the data you requested was returned, or you might want a response that acknowledges whether or not the request was received. Defining a response is similar to defining a request. The main difference is that you'll need to select a status code to let you know the result of the connection.
POST
method of
the audits
resource was created with a status code of 201 indicating a new
resource was successfully created. The example also shows a return response format of
application/json
, a Location
header that was added, and
the message body containing mock
data:responses:
201:
description: |
The request has been fulfilled and resulted in a new resource
being created. The newly created resource can be referenced
by the URI(s)returned in the entity of the response, with the
most specific URI for the resource given by a Location header
field.
headers:
Location:
displayName: Location
description: |
Identifies the location of the newly created resource.
type: string
example: |
/20934
required: true
body:
application/json:
example: |
{
"id": 20934,
"title": "Lynn's Leaking Water Heater",
"contact": {
"name": "Lynn Adams",
"street": "45 O'Connor Street",
"city": "Ottawa",
"postalcode": "a1a1a1",
"username": "johnbeta"
},
"status": "New",
"driveTime": 30,
"priority": "high",
"notes": "My notes",
"createdon": "2014-01-20 23:15:03 EDT",
"imageLink": "storage/collections/2e029813-d1a9-4957-a69a-fbd0d74331d77/objects/6cdaa3a8-097e-49f7--9bd2-88966c45668f?user=lynn1014"
}
When you define your response, you can decide to test your endpoints or click Endpoints in the navigation bar to return to the main Resources page. From there, you can proceed to another page in the API Designer to create a root, resource types or traits, or add API documentation.
If you decide you don't want the method, then click X in the banner to delete it.
Create a REST Connector API
Use the REST Connector API wizard to create, configure, and test your connector API.
To get a basic working connector API, you can provide as little as a name for the connector API and a URL to the external service.
From there, you can:
-
Define rules to form specific requests or responses for the data that you want to access.
-
Configure client-side security policies for the service that you’re accessing.
-
Test the connection and test the results of calls made to the connection.
You must create a custom API and implementation to enable your applications to call the connector APIs, and generate the API and implementation automatically. If you want to do this manually, you have to create a custom API with the appropriate resources, and then implement the custom code.
Set Up a Basic Connector
You can create a functioning connector by completing the first two pages in the REST Connector API wizard.
-
Click and select Development, and then APIs from the side menu.
-
Click REST (if this is the first connector API to be created) or New Connector and from the drop-down list, select REST.
-
Identify your new REST connector API by providing the following:
-
API Display Name: The name as it will appear in the list of connector APIs.
-
API Name: The unique name for your connector API.
By default, this name is appended to the relative base URI as the resource name for the connector API. You can see the base URI below the API Name field.
Other than a new version of this connector API, no other connector API can have the same resource name.
-
Short Description: This description will be displayed on the Connectors page when this API is selected.
-
-
Click Create.
-
In the General page of the REST Connector API dialog box, set the timeout values:
-
HTTP Read Timeout: The maximum time (in milliseconds) that can be spent on waiting to read the data. If you don’t provide a value, the default value of 20 seconds is applied.
-
HTTP Connection Timeout: The time (in milliseconds) spent connecting to the remote URL. A value of 0mms means an infinite timeout is permitted.
The HTTP timeout values must be less than the
Network_HttpRequestTimeout
policy, which has a default value of 40,000 ms.Note:
If you have a mobile cloud administrator role in addition to your service developer role, you can open thepolicies.properties
file to see the value for the network policies for the current environment from the Administrator view. Otherwise, ask your mobile cloud administrator for the values.
-
-
Click Descriptor, and enter the connection information for the service.
If you provide a Swagger descriptor URL, the available resources are identified and displayed, and you can select which ones you want.
Note:
Only standard internet access ports 80 and 443 are supported. Connection to a service can't be made using a custom port. -
Click Save.
-
(Optional) Click Test, select authentication credentials, and make test calls to the service.
From there, you can further configure the connector in the following ways:
-
(If you have provided a descriptor on the Descriptor page) go to the Resources page, and select the methods for the exposed resources.
-
Define rules.
-
Set security policies.
To be sure your connector API configuration is valid, you should test it thoroughly (not just from the Connector API Test page) before publishing it. That is, you should also test the custom API (with its implementation) that uses this connector API. Essentially, if you’re ready to publish the connector API, you should also be ready to publish the custom API that calls it.
Set Rules
You set rules to define the interactions between your mobile app and a service. Rules provide a way for you to add default parameter values for all calls to resources on the service, calls to a specific proxy path, and calls for certain types of operations (verbs). This helps enforce consistent syntax of the URL string, saves the custom code developer from having to insert these values, and makes it possible to track the different calls through analytics.
You can create one or more rules. Each rule can have one or more parameters of type Query
and Header
.
If no rules are applied, all calls are passed through the proxy to the existing service.
The description of the rule that you just defined is shown in the Rule banner just above the Default Parameters section. For example, let's say the following values were provided:
-
Remote URL =
https://maps.googleapis.com/maps/api/directions
/json?origin=los+angeles&destination=seattle
-
Local URI =
myMapAPI
-
Rule with the following parameter:
Query:key:A3FAEAJ903022
-
GET
andPUT
HTTP methods
The rule description would read as follows:
For GET
to https://maps.googleapis.com/maps/api/directions/json?origin=los+angeles&destination=seattle
available at myMapAPI/directions
, Include Query:key=A3FAEAJ903022
.
If no rules were created, the description would read:
For ALL METHODS to https://maps.googleapis.com/maps/api/directions
available at myMapAPI
, No default parameters will be applied.
Now you have a base URI that maps to the existing service. Using our example:
mobile/connector/myMapAPI/directions/json?origin=los+angeles&destination=seattle
maps to https://maps.googleapis.com/maps/api/directions/json?origin=los+angeles&destination=seattle
Configure Security Policies and Override Properties
Every security policy has properties, called overrides, that you can configure. One reason to override a policy configuration property is to limit the number of policies that you have to maintain: rather than creating multiple policies with slightly varied configurations, you can use the same generic policy and override specific values to meet your requirements.
To select a security policy and set the policy overrides: