MarkLogic - CORS with REST API - api

I have a MarkLogic-based web application which pulls data from two sources, a document store and a triple store both hosted on my MarkLogic server. The app uses MarkLogic's built-in REST APIs to access these data stores. The document store's REST API is running on port 8003 and the triple store's REST API is on port 8007. The application is hosted on the modules database of the document store. Now, when I make a REST API call to pull triple data, I get an exception saying the 'access-control-allow-origin' header has not been set at the server side. I would like to know how I can set it up so I get 'access-control-allow-origin' as '*' in all responses from the REST API. I have read the documentation on xdmp:add-response-headers, but I'm not able to figure out where I can use it correctly. All help is much appreciated!
Thanks!

Why not keep the documents and triples in the same database? The ability to do that is one of MarkLogic's strengths.
The built-in REST API endpoints don't seem to support any mechanism for adding arbitrary response headers. However you should be able to add your own headers when writing a REST extension: https://docs.marklogic.com/guide/rest-dev/extensions
For the built-in endpoints you might consider routing requests through another app-server layer, or a transparent reverse proxy. Either way the goal would be to re-route requests so that the browser thinks both REST API instances are on the same server.

Related

what is the difference between web service and http and api?

i am taking a course in web data so i understand that when we want to retrive a webpage on a browser we do a request response cycle using a communication protocol like http or https and a web service is a piece of software which i dont know where it is stored or how it is accessed so we can make two applications from different architectures communicate using a serialization language like XML or JSON i dont know what is the difference between a web service and http they are both a way to connect 2 different computers together and what confused me the more is api which according to the research i did is something used to access web services.
Let's begin with defining all the terms in your question since it's a bit all over the place.
HTTP (Hypertext-Transport Protocol): Allows you to transfer data over the web. Your browser will perform a request using HTTP to your web service.
Service: Any software that performs a specific task. We are interested in a web service, which is typically invoked via HTTP, however this can be anything else such as a Linux signal.
For now, let's assume it listens on HTTP.
API (Application Programming Interface): An interface by which all clients of your software have to abide by to use it. For example, in our web service, we can dictate an API so requests follow some convention.
Let's put it all together now.
You're making a website that wants to calculate the sum of two numbers. First, users will go to http://yoursite.com, and then the browser will always do an HTTP request to the domain yoursite.com on port 80. This will hit either your hosting site or some backend server.
Here you have the option if you're using something like GitHub pages to serve static content or you have some server (i.e., serverd) that will load a file and serve it.
So now the web-browser did an HTTP request and your webpage should load with an index.html. The user can now click on buttons, and everything looks good until they press Calculate -- what happens now?
We want to offload the computation to our backend. We perform an HTTP request to our backend server. We can define an API, that is in our case an endpoint, so that the HTTP request can hit it and it'll return the sum of the two numbers.
How do we return the result? We need to represent the data somehow, and this can be done through a body payload that is encoded as either JSON or XML. Again, this is a serialization format and can encode it in various different ways. JSON is nice because you can parse it easily with JavaScript on the client side.
Great -- so now we got an entire site and it works! Now we can do an HTTP request from our browser straight to the backend according to our setup endpoint and it should fulfill our request. Notice how now we're using the API from the backend server from within our site.
Other keywords you can may run into: CORS, AJAX, Apache Server; good luck!

Publishing an API without any existing backend API for it

I linked some existing back-end APIs to the API Publisher.
Due to some reasons, I need to create an API without any existing back-end API for it in a specific route (for example in .../myAPI/ path). The API should do something and then return a response to user.
how can I do this using WSO2 API manager? Do I need to write a handler for it? Thanks for any help.

How to allow access to subset of API only when connected via my official frontend, using Nest.js?

I'm starting a Nest.js API, and a subset of my API is business critical. I don't want it accessible openly via HTTP(S), except if the request is coming from my website. Other APIs might instead by accessible with whatever third-party client.
Is there a way to achieve this using Nest.js?

Pros / cons browser querying front end server to query separate backend Vs directly query backend

I have a front end written in react and a backend API which connects to a db for getting data. They have been written separately and are different services.
The front end server has a bunch of routes that connect to the backend API and I'm wondering what are the pros / cons of having these routes instead of directly accessing the backend API?
An example of the structure:
Front end server serves index.html and browser.js.
Browser.js makes GET, POST, PUT requests to front end server.
Front end server takes these requests and then makes a GET, POST, PUT request to the backend API.
Alternative:
Front end server serves index.html and browser.js.
Browser.js makes GET, POST, PUT requests to backend API.
So what are the pros / cons of doing it either way? The prior developer before me told me they did it the first way to bypass CORS and obscure the IP address of the backend API. However that doesn't seem to me like it is worth the trouble considering all the extra code, tests, etc the front end server has to write and maintain, in addition to extra network hops. I'm wondering if I'm missing some other more crucial reason that my inexperience cannot see? (My gut says do it the second way). Note that we are in a microservices architecture .
Front end server takes these requests and then makes a GET, POST, PUT request to the backend API.
The pattern that you describe is called API Gateway and it has the following characteristics:
Benefits:
Insulates the clients from how the application is partitioned into microservices
Insulates the clients from the problem of determining the locations of service instances
Provides the optimal API for each client
Reduces the number of requests/roundtrips. For example, the API gateway enables clients to retrieve data from multiple services with a single round-trip. Fewer requests also means less overhead and improves the user experience. An API gateway is essential for mobile applications.
Simplifies the client by moving logic for calling multiple services from the client to API gateway
Translates from a “standard” public web-friendly API protocol to whatever protocols are used internally
Drawbacks:
Increased complexity - the API gateway is yet another moving part that must be developed, deployed and managed
Increased response time due to the additional network hop through the API gateway - however, for most applications the cost of an extra roundtrip is insignificant.
Conclusion: if you don't need the advantages that the API Gateway provides then you should not use it.

Create Azure Api App from Swagger meta data

I have created some APIs in API management layer, which are essentially proxies between the calling client and an underlying web api.
I did this by importing the swagger file of the underlying API, and then adding the newly created API to a Product, repeating this for each separate proxy that I needed. This means then that the underlying API could be called but not without the subscriber key of the product that the newly created API was attached to.
Is it possible to do something similar with API apps, i.e. creating API apps using just the swagger file from the underlying API in the azure portal, that act as proxies between the calling client and an underlying web api (as below)?
Do you mind expanding on why do you need to have API Apps acting as proxies?
I am not aware of such capability for API Apps specifically. There are Swagger-based code generation tools available, for example on http://swagger.io/open-source-integrations/. So perhaps you will be able to find something that would work for you.