On my server side the User Session is stored, so this information is shared among web api calls. Since the RESTful model should be 'stateless', does this mean my web api is not RESTful anymore?
EDIT: Would this mean it's not taking full advantage of the REST model and will not scale when having lots of Session stored?
Related
I am confused. Some say it is a Restful API and some say it is not.
How do we define a RESTful API? GET,PUT,POST and DELETE commands ?
Can I call any web application which is built using django Web framework a Restful API?
I am confused. Some say it is a Restful API and some say it is not.
Two different kinds of Django:
Django - a web application framework to rapidly develop web applications
Django REST Framework (DRF) - a powerful framework to create RESTful APIs.
Both framework are in Python.
How do we define a RESTful API? GET,PUT,POST and DELETE commands ?
You create an API on your backend application that defines its purpose. If you use DRF for example, and the URL of your API is yourdomain.com/customers/, you can have it to:
return all the customers information by implementing GET method
create a customer information by implementing POST method
... and so on
Can I call any web application which is built using django Web framework a Restful API?
You call it as backend
Django is a web framework to create web backend while REST (REpresentational State Transfer) is an architectural style for developing web services.
You can use django to create REST apis.
You can explore further here:
Django: https://www.djangoproject.com/
REST: https://youtu.be/llpr5924N7E
What I understood from the web is here:
It should have some commands like PUT, GET, POST and DELETE etc., commands
The URL of the API should be user/machine understandable
It should have OAuth secret key and token for each client to access from his
application.
The URL should be www.api.xyz.com. But I am not sure about it to have api in the URL. Can someone confirm it?
And few more constraints to be a RESTful API. Hope all these points are correct.
So I have currently been assigned to read about Web Services. I was going through the differences between REST, XML-RPC and SOAP and came across this particular link :
REST vs XML-RPC vs SOAP
It mentions this following, in terms of authentication and authorization
As for authentication and authorization, SOAP places the burden in the hands of the application developer. The REST methodology instead takes into account the fact that Web servers already have support for these tasks. Through the use of industry-standard certificates and a common identity management system, such as an LDAP server, developers can make the network layer do all the heavy lifting.
I was not able to understand this particular reference. Can some one explain how this happens in detail?
A web service is method or mechanism to communicate between different applications using open standard such as XML, WSDL, and SOAP. Using web service different device or program communicates over network
Type of WebService
SOAP Web Service
RESTFul Web Service
more information you can check :http://entityclass.in/rest/home.htm
Im developing a java web application which is deployed on a glassfish server. The web services are used to connect to user databases. Each user has a database. My question is, is there a way to keep track of the user? For example in servlets we use sessions in order to store some user specific data. Is there something similar to it in web services? It seems impractical to have to authenticate the username and password each time the user sends a request to a web service. Thanks.
Web services may also use sessions, however there are good reasons to keep them stateless:
it might be that the clients do not support sessions (cookies), e.g. if your clients are not browser based;
stateless services are easier to scale.
You do not have to use username+password for authentication. You may use JWT (or other kind of access tokens) to protect them.
Auth0 has got nice article on this topic:
https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/
I'm designing an architecture where the web interface is a client (developed using a front-end js framework) and all requests are routed to several webservices.
All communication will happen using standard HTTP responses and JSON entities.
Now I'm facing the authentication mechanism.
My service will, of course, have several users, and I need to restrict access to users' resources.
Users will 1) signin to the web client (/admin) and then 2) the client-side js will perform several AJAX requests on webservices on user behalf.
Should I create a persistent session between the client/server and then pass some reference alongside each request or authenticate each single request using a stateless approach? How could I authenticate the web-client requests for the current user without adding too much overhead or complexity to my system?
I'm looking at passport-local and passport-localapikey but it's not very clear to me if I should authorize my client or the user itself (meaning should I have only one pair of credentials for all users when performing web-service request or one pair per user?)
A simple example (explained I don't need to copy-paste code) would be very appreciated. At this stage I'd prefer the solution introducing less complexity but granting a good security in order to be able to set it up very quickly.
PS. I could also take into account creating a distinct service handling authentication in order to create a common API to be shared between client and server, but that seems a bit over-engineering to me.
Thanks,
If you're already using Express as a framework for Node.js, you can use it's built in session handling. It is capable of using any sort of session store including memory, redis, mongo, etc.
There's a good example here: http://blog.modulus.io/nodejs-and-express-sessions
what is meant by specifications for Restful web service.
I am new to Restful web services and I created a simple Rest web service with a 'Get' method/operation. The web service was created using jersey . I am asked for the specification for this web service and I am not sure what should be the correct answer.
It means you need to describe what calls are available and what type of objects they can receive or return. For some examples, have a look at the API documentation of major websites like the Twitter API Reference, Facebook Graph API, etc.