I want to use Odata as a query builder in my api's hosted on aws lamda and exposed using AWS api gateway. On reading several aws documentation, I found that people have faced several issues with this earlier. Can someone please tell me about whether it's supported and if not what can be an alternative for the same?
Thanks in advance!
OData at its core is just REST relying on web standards and as such will be supported by web-standard compliant tech stack, so will work with AWS API Gateway and Lambdas.
However you have to ensure that you can pass custom headers and query parameters to your function, which used to be a bit tricky.
It used to be the case that you had to pass headers inside a request body as lambdas had only visibility to the request body: see this AWS technical documentation.
However since Sept 2017 you can setup lambda with proxy integration which will proxy request and response headers to and from your lambda verbatim.
HTH.
Related
Trying to figure out the differences. Can AWS Lambda act as an API or vice versa? Would I still need to setup an API if I wanted to use Lambda functions or can I use Lambda functions right from the get go?
AWS Lambda can be used to serve an API. You could use API Gateway for setting up the API, and the serving can be done via a Lambda. It is a nice pattern.
Ref: https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started-with-lambda-integration.html
And to your main question, I don't think you can directly configure an API in AWS Lambda service.
Alternatively, you can do it by setting a Function URL to your lambda.
It will require changes in how you receive input and send the output for the lambda and also has some limitations related to authentication. Still, it would be a more self-contained approach than the API Gateway integration if you need to expose your API publicly.
Lambda functions can now be accessed directly with a Function Url. They have minimal functionality when compared to Amazon API Gateway.
However, since the integration event is effective the same. It is very easy to go from Function Urls to API Gateway or ALB in the future if you require greater functionality.
I'm new to this api documentation era.
Vising this api documentation, I get to post and query data. I understand that's a demo api documentation with swagger.
But what happens with real world API documentation? do I have a documentation in demo.api.myawesome.com and actual api on api.myawesome. com using different data stores?
But again digging deeper, I got to find out that an api can be self documenting using swagger libraries. This seems like both api and documentation are using the same data store which can't be the case.
What am I missing here?
From the Swagger website:
Swagger is a set of rules (in other words, a specification) for a format describing REST APIs. The format is both machine-readable and human-readable. As a result, it can be used to share documentation among product managers, testers and developers, but can also be used by various tools to automate API-related processes.
So yes, it uses the same "back end" as the actual API. It's just visualizing it, allowing you to interact with it via the Swagger UI.
If you mean Swagger UI - the "try it out" button sends requests to the server specified by the host property in your spec. If host specifies your production server, requests will be sent to production; if it points to a sandbox, "try it out" will use the sandbox. You may have a version of the spec for internal use that points to production, and a public version that points to sandbox.
Note that Swagger supports authentication as a way to ensure that only authorized users (e.g. your actual customers with valid credentials or API keys) can make API calls.
You can omit host from the spec to disable the "try it out" functionality - this way you can still have the API docs, just without the interactive part.
I am working on one school project, And my task is to make a simple api gateway, which can placed between any of the 3rd party api and the end users, tha gateway can be used for defining usage limits of the api or to do some security analysis, I am totally new to this, I know the basic concept of API gateway, but don't know how do I implement it using JAVA.
Can anyone please give me some starting point where to start implementation of API gateway?
And what are the frameworks I should use and for what purpose?
Thanks,
Nixit Patel
In a nutshell, API gateway exposes public APIs, applies policies (authentication - typically via OAuth, throttling, adherence to the the defined API, caching, etc.) and then (if allowed) optionally applies transformation rules and forwards the call to the backend. Then, when the backend responds, gateway (after optionally applying transformation rules again) forwards the response to the original caller. Plus, there would typically be an API management solution around it providing subscriber portal, user management, analytics, etc.
So basically any web service framework would work as a quick DYI solution.
You can also use plugin model of an open-source load-balancer such as NGINX.
Or take an open-source API Gateway to learn from it - e.g. WSO2 API Manager (the easiest way to see it in action is the hosted version: WSO2 API Cloud)
After going trough this link on API versioning, i am trying to adapt the version through the headers and deploy it of AWS, but it looks like AWS does not support any custom verndor specific MIME types(link here)
Any idea how to achieve the versioning in this scenario where you do not have control over the MIME type...or any insights on how to do API versioning when using AWS?
My suggestion for cloud based service is "v1.api.mysite.com". It provides good flexibility. More details and reasoning here - http://timanovsky.wordpress.com/2013/01/28/api-versioning-scheme-for-cloud-rest-services/
I wanted to know how to can i protect a resource on a webserver using REST API.Like for example i want to access http://www.xyz.com/folder/impresource.doc but before accessing that i have to be authenticated. The thing is i am try to create a simple mobile client to authenticate with a rest service and then be able to access the resource.
I would appreciate a good example explaining how it can be done Thanks :)
It would be nice if i could get an example in php.
You implement a web service (be it REST, or be it SOAP) in some programming language (for example, Java or C#) running in some "container" (for example, IIS/.Net or Tomcat).
The layer below REST (for example, the C# code you're using to implement your IIS/.Net/SOAP web service, or the Java code in your .war) is the layer where you want to write any custom access code.
Alternatively, some vendors (for example, Amazon S3) have already done this for you:
http://aws.amazon.com/s3/faqs/
Other vendors (such as Microsoft) give you a way to use their authentication infrastructure with your web service:
Secure REST Service Microsoft Azure AppFabric
In java you can use a servlet filter, which will send an error code if it does not find an authentication object in the user session and if authenticated let the request handling proceed. A very popular implementation of this approach is Spring security[http://static.springsource.org/spring-security/site/tutorial.html]