Integration Must-have – REST (2 of 3)
We present the integration tools – elements that you cannot do without in your daily work. Without them, using systems is much more difficult. Fortunately, enterprise service bus servers help you to connect different systems. Among them stands out the WSO2 Enterprise Integrator, an Open Source data bus with many integration options and over 250 connectors for external systems.
After Web Service , it’s time for the second article in the must-have series.
REST is a favorite way to integrate systems in the cloud, but you can successfully use it wherever you need a connection between systems.
The very name of REpresentational State Transfer doesn’t tell us much, but it’s worth getting to know because it’s very popular. REST is simple and universal. It uses other known protocols and does not require installing additional libraries or monitoring the version. It is similar to calling up pages in a browser, and in some cases can be viewed and tested in such a way.
REST consists of 6 rules that will help you determine if this is the right way to communicate.
6 REST rules
The first rule is to separate the client and server applications. Thanks to this, we can develop both parts separately. We can add functionality to the mobile application without worrying about the database or server structures. On the other hand, we can develop the server and database, add new functions without affecting our mobile client. This approach gives us the opportunity to independently build and develop both parts, thanks to which our organization will grow faster and more effectively.
REST API assumes that when called, they are independent and all data needed to process a given function is transferred each time. The REST concept assumes that the client application stores session data and controls the order in which each method is called. Each call contains a set of input data, as well as authorization data: API keys, access tokens or identifiers. Thanks to this approach, services are more reliable and easier to scale – they do not need memory and resources to store unnecessary data.
In REST API, we can use the tricks known from web browsers. The results of frequently called functions can be saved in a cache storage. Thanks to this, subsequent responses will be faster and the server will be much less loaded. Of course, we can define different result retention times for different queries.
The key to logically separating the client application from the server is a universal interface. REST API allows communication in one language, independent of the architecture and technology stack. The interface defines a fixed, standard way of communicating over HTTP, methods (GET, POST, PUT, etc.) and names in the URL. Input parameters can be passed even as part of the address path, and communication is done using JSON or, less frequently, XML.
The architecture of the entire system is divided into layers. Each layer has a specific functionality and is responsible for a different element. Thanks to the layers, we can wrap older systems that do not support new technologies and further call them through the REST API. Such system architecture allows for flexible shifting of systems, and even replacement of functionality by other elements of architecture.
Code on demand
Least known and only optional REST rule. It allows you to build clever applications in which the server transfers not only data, but also code fragments (for example, Java Script).
REST security is based on mechanisms known for securing web applications. The credentials are passed in HTTP headers. These can be JWT / OAuth2 access tokens, API keys or other information. We can also secure services with certificates and keys at the HTTPS protocol level. Depending on the scenario, the authentication information is checked locally or by dedicated authorization servers.
WSO2 Enterprise Integrator support
The WSO2 EI data bus has built-in support for REST API. It is an API element that directly implements the REST concept. In the API, we define the context (path) of the call, parameters and calling methods. Inside the API, we have access to a whole range of processing and additional WSO2 connectors, thanks to which we are able to build the target solution faster than in other products.
We can also use the dedicated WSO2 API Manager tool, which supports the entire API life process from the idea, through the prototype, to the implementation and maintenance of various versions. WSO2 APIM enables customer registration, subscription and call limit management.
I need to execute REST but don’t know where to start? What is URI, Verb, Context? What’s with tokens? Which is better API Key or JWT?
We have several years of experience in building and implementing integration. Let me know, we will help you for sure!