Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I have read all over the internet up and down about the differences in these three things and to me the waters seem incredibly muddy. I'm curious if anyone has any very clear way of explaining or identifying the differences between these three categories. Examples would be helpful.
I can read the differences all day, but nothing is computing with me. A Web Service and a Web API both do the same thing, I don't get it, and a REST API is just a type of Web API so how are these 3 different things?
A Web Service is a way to expose a system functionality in a machine-readable way over HTTP. The popular formats are SOAP, JSON or other XML schemas, but anything both sides understand will do.
A REST API is one architecture to design a Web Service, where resources are identified by URLs, and actions on them are identified by HTTP VERBS (GET, POST, DELETE, PUT etc.)
Web API is the Microsoft offering to implement a Web Service, REST or other. SOAP is not supported out of the box in Web API, but can be implemented.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 months ago.
This post was edited and submitted for review 8 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I'm working on an application which uses role-based access control to limit what users can do. I would like to support authentication using OpenID Connect with the major identity providers such as Google. I'm having a hard time figuring out how companies usually use Google as the IdP for their organization.
I was able to make the regular login flow work, but I have no idea how to get any kind of role or group membership information in the JSON Web Key I receive from Google's OAuth server. I'm quite confused by the whole landscape of Google's authentication since there is IAM and Identity Platform which seem to be doing the same things.
How do large companies use Google's authentication if they rely on groups or roles for access control?
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
We have a requirement to consume a External RESTful web service from UI5 application. We need to develop a complete Fiori app without using ODATA service published in gateway.
Kindly help me out in authenticating an external web service. Will this requirement is feasible to implement when considering the front end roles and back end roles?
It will be more helpful for me if you share the code snippet for performing/consuming CRUD operations on external services from UI5 application including authentication.
Regards
Phani Poorna
The authentication you are looking for is not something that you should build into your app, but should be provided by the infrastructure your application is running on. Your ID provider (e.g. R/3 or Active Directory), in which you login to, should provide your browser with the necessary tokens or cookies. The respective sub-systems should in turn decide to give you access based on the cookies, tokens or certificates that you bring along.
A bit like this:
Many Fiori apps are running on the same R/3 environment as the user logs into. As this is the same system, it is trusted by default. This is why you don't have to do much to get a decent response from your service. However, if you want to connect to an external system, you will have to put some IDP plumbing in place. This usually involves things such as establishing a trust between de IDP and the external service.
As mentioned, authorisation should not be part of your app, hence no code samples in this answer. I hope answer provides you with enough pointers to find a solution for your particular situation. This is a tough topic though, read up on it (there's lot of info on SCN and the help-section) and don't be shy to ask for help from a basis consultant if necessary.
Also, please don't step into the pitfall of building your own authentication (e.g. basic authentication or oAuth), as it is insecure by default. The reason for this is because your Javascript, including embedded algorithms and tokens are readable by anyone the has access to the app.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
What are the pros and cons of consuming web services within an HTML page via Javascript (JQuery)?
Browser (JS) -> Backend (REST)
versus
Browser (JS) -> MVC backend -> Web services backend (REST)
What is the best practice about handling authentication in the first case?
Web browsers only allow a page to issue AJAX queries to the domain from which the page originated. This prevents cross-site scripting, a nasty attack method.
If you control the domain, AJAX is very useful.
If you don't control the domain, you should setup a server which requests the data and serves it (either on page load, or through AJAX) to the desired subpage.
I would actually suggest not making a browser to backend call if there is authentication in the picture. Even if your backend supports CORS, you would have to tack on API security on top of it (something like OAUth)for user authentication and manage all of that (error handling, spoofing, etc) on the client. It would be easier if you just make that call from a middle tier application.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am new to web services programming. Recently I started learning web services but there I came across various specifications like:
REST
JAX-WS
JAX-RPC
etc.
Kindly update me that does these technologies occur in parallel or some are old versions and others are new versions of the same.
Also do I need to follow a hierarchy while learning these or I could start with any one randomly.
Thanks in advance
rest is a new way of implementing and describing web services via HTTP methods and URIs. Java helps with implementing such web services with jax-rs standard. REST services are often easy to interact with using browser, curl or any HTTP client. See StackOverflow API for an example.
jax-ws is similar to JAX-RS but provides standard way of implementing soap web services (older but also better recognizable in industry). SOAP is much more complex than REST, all messages are sent inside XML envelope, but the protocol is not restricted to HTTP and request-response.
jax-rpc is outdated and currently deprecated:
JAX-RPC 2.0 was renamed JAX-WS 2.0
REST: Representational State Transfer (REST) is a style of software architecture for distributed systems such as the World Wide Web.
http://en.wikipedia.org/wiki/Representational_state_transfer
Java API for XML Web Services (JAX-WS), is a set of APIs for creating web services in XML format (SOAP) mkyong.com/tutorials/jax-ws-tutorials/
JAX-RPC: Java APIs for XML-based Remote Procedure Call (JAX-RPC)
http://www.ibm.com/developerworks/library/ws-jaxrpc1/
As you notice from above descriptions, first one is a architecture and the rest are Jaa APIs.
You may start with REST then based on your requirement choose the API.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
Is there something like a directory, list, search engine, or index of RESTful WS in the web?
Edit:
What I am looking for is a list or a directory in the internet like this:
Yahoo: Maps Service, http://developer.yahoo.com/maps/rest/V1/geocode.html, http://local.yahooapis.com/MapsService/V1/geocode?appid=YD-9G7bey8_JXxQP6rxl.fBFGgCdNjoDMACQA--&street=701+First+Ave&city=Sunnyvale&state=CA
Flickr: Picture Service, http://www.flickr.com/services/api/request.rest.html
Amazon: Storage Service, http://developer.amazonwebservices.com/connect/entry.jspa?externalID=135
...
Just found what I have been looking for:
http://www.programmableweb.com/category/all/apis?data_format=21190
Cheers
Er
If you need a REST service for development, you can use the webservice on http://jsonplaceholder.typicode.com/
Where there are multiple JSON responses you can use for testing.
The OData site certainly has a certain list of services - all that return OData (OpenData) feeds, e.g. WCF Data Services
They have a list of OData producers which are all offering WCF REST services to consume.
Not exactly what you are looking for, but the yahoo YQL site exposes many web services and other websites as restful web services.
From the site:
The Yahoo! Query Language is an expressive SQL-like language that lets you query, filter, and join data across Web services. With YQL, apps run faster with fewer lines of code and a smaller network footprint.