So, i've been reading a lot on SOA's lately and been trying to implement something useful. I have started with a simple blog, creating the RESTful API. So far, so good. It works perfectly. However, i'm starting to pull my hair off when writing the web interface that will consume the RESTful API. I don't know if i'm doing the right thing.
For example, the web interface has an admin panel. That admin panel makes HTTP requests to the API, through file_get_contents and stream options. Right now, the API is localhost, as well the web interface, but the whole process is a little slower. Is this right? Is this the proper way of implementing a SOA? Also, i'm dealing with little bits of duplicated code for validation. Where should i validate data? In the API or the web interface? What is the best approach?
Tips, tutorials and, specially, books are welcome. This is being implemented using Silex, built on top of Symfony components.
That's exactly how i do it. Although the connection with localhost might seem an overhead at first, it is a feature, since you're ready to deploy your web interface application anywhere and still consume your API, that might be anywhere. Of course, you would put some SSL over this.
As for Validation, you should validate on the API and return HTTP status codes for those situations (for example, "400 Bad Request" for invalid parameters). This way, any other client can interpret the response from the API and treat that to display how they want. In the case of your web interface, nice little error messages based on the HTTP status code.
What other problems are you facing? Also, as far as general SOA architecture is concerned, this book is very good.
Related
I have been looking for the answer for this question but it was a bit tough for me to come up with the query (question) itself. So if there is already good answer for the below question i would be very grateful for the link.
Let's assume I have an e-commerce web site and an API endpoint for future calls from mobile apps. My question is: should I duplicate logic for querying let's say product for product page on website or should I consider website as an API client and displaying product info by making CURL? request to API.
I suppose I should stick with last one. But I am concerned about making extra curl(TCP/IP) request within script. Will it be significantly slower for the overall response time? Are there any other "patterns" I am not aware of? Thank you.
Sites are on same server but API uses Phalcon PHP and website uses regular PHP
Duplication is definitely the wrong thing to do.
Technically, you have three options:
move the shared business logic to a separate repository and reuse it in both project as private composer package
use cURL/socket wrapper library to access the API (probably using Guzzle)
make public calls to the API using JS (preferably via fetch)
Each of these was drawbacks, so your choice would depend on which option hurts the less.
The shared library would have the best performance, but it would complicate the deployment process and there will be situations, when those applications (site and api) will have contradicting requirements. The problems are organizational.
Internally calling the API server over HTTP will make the site be a lot less responsive (since the TTFB will be a lot longer), but it would let you leave the API code completely unchanged.
Having it all in public comes with security and authorization problems. But, depending on how you expect the mobile API clients to be made, this could be seen as future-investment. But it will require substantial development time and someone who is skilled with javascript (maybe even with JS frameworks), since your website would have to be heavily altered. Most development-intensive option.
We are rolling out one of our services to another service provider in PHP. They have already built the client, it just sends data in a post (no xml/json etc). Our script then processes it and returns an xml string with the response. Also they will need a token authentication system. Because of the fact they are just using cURL to post raw data, I don't think I can use soap/rest/xml-rpc ... can anyone point me to any good tuts etc?
Cheers,
Oauth is a secure and easy to implement for security solution for tokens. And they have libraires for java, php, python, and pretty much any language you can think of.
Very strange (and backwards) they built a client without an existing service. but the important thing is to document the interface between your two systems, and adhere to it.
David Walsh explains a simple php web service that returns JSOn or XML.
http://davidwalsh.name/web-service-php-mysql-xml-json
I would like to test my web services (wsdl/soap/php) that is exposed to my clients. ihave test it with the browsers and it's good, but when my clients test it , they have the 400 bad request error.( they test with soapui). what are the tools that i can test my web services that it exposed to my clients ? How can i verify that my server apache responds very good to http calls ?
Thanks for your answers.
You are in an integration scenario: you've published an interface and some code over which you have no control is trying to use it.
Web Services, even simple ones, let along the full panoply of WS-* capabilities are notorious for subtle interoperability problems. These especially come from small version skew issues.
I see two fundamental philosophies here, I'm rather over-stating, to make the point:
You say: I publish this interface, with this WSDL, this version of the WS specs, I test it with this message and it works. You clients are responsible for creating a conformant request. I've given you a sample, it's up to to fit me. Your responsibilities are limited to producing clear working sample messages.
You take responsibility for conducting interoperability testing for some set of client technologies. You clearly can't test everything, but if you some key "customers" you get or build sample applications and make sure they work. You probably end up documenting "use these options when generating client code".
Either way I'd suggest you need to write test clients of your own, and as a Java developer I use JUnit for that. This get's me to step 1 above.
I am a complete newbie in this topic so please excuse me for my ignorance. Our company has a PHP based REST service created for consumption by an iPhone app. We make several POST calls to the REST API: www.mywebsite.com/api/rest and we send the method name and the parameters to the service. The service in turn returns a XML response which is GZip encoded. This is working fine.
I am assigned with a task to secure these call so that data that is getting passed to the service is not in plain text/is not visible using tools like Charles Proxy and other sniffing tools. In the past I have used some iPhone apps which also makes REST calls but they don't show up in such tools. I would like to know how to implement such a thing in a normal PHP based REST service so the data getting transmitted is not visible/ can be made secure.
I thought about using HTTPS but if we use HTTPS, I hear from others that the service/server will become slow and I am not too sure if the iPhone client will accept HTTPS calls.
Please advice.
Thanks in advance,
Senthil
It sounds like you're trying to secure the transport layer, and assuming that's the case then SSL/TLS is surely the way to go. Yes, chances are there will be some performance impact, but the security is probably worth it.
I have an existing PHP/MySQL website that relies hugely on form POSTs for things like signing up, logging in, searching etc. I now need to create a native iPhone app for it. The business requires a native app for marketing reasons, I can't get away with a mobile optimized website.
I'm looking for suggestions from someone who has already done this - how did you rewire your website to POST/GET data from the iPhone app? I'm guessing I'll have to send/receive data as XML, which is then parsed by the server and client. Is there anything simpler or any framework that can make this easier?
Thanks!
If you don't have some sort of webservices or API to connect through for the website I would make that my first priority. While you can scrape HTML and send POST requests, it can get quite messy FAST. I've created iPhone apps which talk with webservices through SOAP requests, and have built an iPhone interface to a site, which wasn't pretty. It is very doable, but it is also very frustrating if anything changes on the webpage.
If you are looking for a decent library to help you get started with POSTing against forms check out the ASIHTTPRequest library at http://allseeing-i.com/ASIHTTPRequest/. If you look at the site there is a 'How to Use It' page with 'Sending Data with POST or PUT Requests'. Otherwise you could just use NSURLRequest and NSURLConnection and handle everything yourself.
It depends a lot on what you are presenting. You may be able to put a lot of your php heavy interfaces into web pages. The web pages and all related resources would be local to, and formatted for the iPhone. You can look at PhoneGap for examples of how to host local web pages and communicate with the host application.
I have been writing an eBook reader. About half of the user interface is done through local html files. In my case there is no network access, but WebKit is the easiest way to style text.
As long as your application does not look like a web page, it is fine if it is a web page. That may simplify big chunks of server interaction, especially things like login that only happen once or rarely.
Jonathan,
I would recommend taking a look at the Apple provided SeismicXML sample app. It uses the NSXMLParser to parse XML in a asynchronous fashion which will be huge for your app. It also shows how to use a NSURLConnection to make the request off of the web. You can use the NSURLConnection (which is also asynchronous) for POST/GET requests.
As mentioned in another answer, the ASIHTTPRequest library from allseeing-i.com is an excellent library but all of the features you want can be done using the built in Apple APIs if needed for your business requirements.
Hope this helps!