Is there an official recommendation for sending data (e.g. auditing information such as ids, usernames, organizations, etc. making the request) as HTTP headers rather than in the body (FHIR message) of the request? Is this documented somewhere? In other words, is it OK to do this or is it frowned upon (or considered not in spec for a FHIR request)?
FHIR REST sits on top of HTTP, so you're free to do whatever HTTP allows. Technologies commonly used with FHIR such as OAuth depend on the use of HTTP headers and in some cases (e.g. sending Provenance with a resource) FHIR defines custom headers. Applications are free to define additional headers, but should be aware that - as with anything that is custom-defined - there will be a cost to getting other systems to support the headers and interoperate and such requirements may reduce the number of systems willing/able to communicate with you. Good practice is to raise the requirement on http://chat.fhir.org and see if there's a "standard" way to meet your need before inventing something custom.
Related
I am Spring Boot dev.
I develop RESTful web services.
One of my colleagues developed an API and it does two things on the basis of operation type.
If opType = Set, the api sets/unsets a flag at the backend and if opType = Get, the api gets the status of the flag.
Does this not break the architecture of REST APIs?
We have Post/Put to change some data at backend, either create or update.
And we have Get, to get the status of some thing from backend.
Now, I want to opinion of better developers!
Should this be allowed, like having multiples operations with one API call, or should we create multiple apis for each of the tasks.
Also, the front end devs in my team, don’t like integrating multiple apis somehow, suggesting that more the api calls, poorer user experience, customer will have.
Is this the normal practice among app developers?
Comments requested.
GET requests in REST are not supposed to change the state of the server, these are read operations, whereas PUT/POST do modifications to the state of the server in the most general sense.
So usually you should have two endpoints GET to read the state of the flag and put/post for creating and modifying the state.
Having said that there is nothing that can technically restrict you from implementing everything in one API, such an API won't adhere to REST conventions, that's true, but from the client-server communication standpoint (HTTP based usually), it's still perfectly doable.
Sure thing, the separation to two endpoints makes the API more clear, easier to debug and maintain the code. But besides being "restful" this can be treated as an opinionated claim.
I didn't really get the argument of integrating multiple APIs - in my understanding, the effort is the same, and even more clear to front-enders, but they might have their own arguments.
I've seen several other similar questions on Stack Overflow, but they're fairly old / potentially outdated so I'm wondering if there's any new packages or methods for making SOAP requests in Go. Thanks!
I think there are none.
To begin with, there are two documents describing soap—the so-called "SOAP Note" which is officially not a standard but is widely referred to as "SOAP 1.0", and another one, which is the standard and is commonly referred to as SOAP 1.1. They are not compatible even though they look superficially the same.
On the other hand, SOAP itself—as XML encoding of what
the client sends, and what the server responds with—is simple,
and in fact crafting a simple SOAP wrapper (to make client calls) and
unwrapper (to decapsulate server's responses) is simple.
I'd like to stress this: both SOAP standards do not actually deal with
HTTP as SOAP is explicitly defined to be transport-agnostic
(it hence suffers from the same problem the ReST paradigm does: everyone
thinks it's about HTTP), and the Go's standard library features excellent
support for HTTP, so the SOAP encoding/decoding layer appears to be rather
thin.
With these considerations, I, personally, did not even bother to start
depending on a 3rd-party package for SOAP in each of the cases I needed to
call something over SOAP and wrote the necessary code myself;
I've just checked that the last time I needed
to do SOAP 1.2 calls, the SOAP encoder/decoder ended up being 171 lines
of Go code (excluding tests).
So I'd say just roll your own.
Note though that it's all that simple only if your server does not require
something awry to use—for instance that dreaded WS-Security extension
which requires special formatting of XML to be sent,
calculating cryptographic hashes over it, digitally signing them
and all such stuff; there's just nothing to handle this in Go as of yet.
The same applies so WSDL specs or XSD schemas.
IIUC, there presently is no tools of sufficient quality which would generate
type hierarchies and SOAP endpoint client stubs for you given a WSDL
document or an XSD schema.
Lets say that we are creating a Ticket processing system. Say there are two distinct bounded contexts within this domain.
Cancelling a Ticket
Changing a Ticket
From what I understand, those two can be two different microservices, without having to know each other. What a ticket to a Cancel service could be completely different from what a ticket is to a Change service.
From a REST API design perspective, i have read a lot about using hypermedia and letting client discover resources by including relevant operations as links within the REST response (Stefan Tilkov's Talk). If thats true, when my Change Service returns a response, it makes sense to include a link to Cancel Service, which the client can use to perform cancel. How can I achieve this when Cancel and Change are two different microservices, which are not aware of each other? Or are my bounded contexts wrong?
Are we losing these hypermedia linking capabilities (or does it become harder) when use microservices in general?
Thanks
Kay
In HATEOAS URIs are discoverable (and not documented) so that they can be changed. That is, unless they are the very entry points into your system (Cool URIs, the only ones that can be hard-coded by clients) - and you shouldn't have too many of those if you want the ability to evolve the rest of your system's URI structure in the future. This is in fact one of the most useful features of REST.
For the remaining non-Cool URIs, they can be changed over time, and your API documentation should spell out the fact that they should be discovered at runtime through hypermedia traversal.
That being said, in your scenario that link would be a Cool URI, and not relative to the current API (because it may reside on a different machine/domain etc). Unless you're using some discovery tool, you're going to have to hardcode that link, and thus lose the benefit of discoverability.
Thrift sounds awesome but can't find some basic stuff I'm used to in RPC frameworks (as HttpServlet). Example of the things I can't find: session management, filtering, upload/download progress.
I understand that the missing stuff might be a management layer on top of Thrift. If so, any example of such a layer? Perhaps AOP (Aspect Oriented)?
I can't imagine such a layer that compiles to all languages and that's I'm missing. Taking session management as an example, there might be several clients that all need to do some authentication and pass the session_id upon each RPC. I would expect a similar API for all languages doing so.
Anyone knows of a a management layer for Thrift?
So thrift itself is not going to help you out a lot here.
I have had similar desires, and have a few suggestions:
1. Put your management objects into the IDL
Simply add an api token or common transfer data struct as a parameter to all of your service methods. Set it as parameter id 15 so that it will always be the last parameter, even if you add others in the middle.
As the first step in your handler you can validate/store/do whatever with the extra data.
This has the advantage that it is valid in any platform that thrift supports.
2. Use thrift over http
If you use http as your transport, you can include whatever data as you want as http headers, and the thrift content as the body.
This will often require a custom http client for every platform you use to inject the data, and a custom handler on the server to use the data, but neither of those are prohibitively difficult.
3. Hack the protocol
It is possible to create your own custom protocol that wraps another protocol and injects custom data. Take a look at how the multiplexed protocol works in the thrift library for most languages:
c# here. It sends the method name across the wire as service:method. The multiplexed processor unwraps this encoding and passes it on to the appropriate processor.
I have used a similar method to encode arbitrary key/value pairs (like http headers) inside the method name.
The downside to this is that you need to write a more complicated extension for each platform you will be using. Once. It varies a bit from language to language how this works, but it is generally simple enough once you figure it out once.
These are just a few ideas I have had, and I am sure there are others. The nice thing about thrift is how the individual components are decoupled from each other. If you have special needs you can swap any of them out as you need to to add specific functionality.
Our mobile application uses a REST API to communicate with our server.
At the beginning I wanted to keep it RESTful, and keep using good practices. But:
our API will never be public (only internal use)
the application is more and more complex, and the number of requests are growing a lot
I have observed that public API from big services are not really RESTful, because it's hard to respect all constraints.
So do you think instead of making 5 requests to retrieve some data, I can make only one request, then parse the json on the client side?
It breaks an important REST rule, but that would significantly improve performance on the mobile application?
Thanks
Being RESTful by itself provides almost no benefit. The benefits of REST come from its individual properties (statelessness, client-server, resource-based), but not from being completely RESTful (or from using that word). You can pick the most important properties of REST, implement them, and not do the rest (no pun intended).
For example you don't need good URLs and meaningful verbs for your internal API. They are aethetic, but do not help you be more productive. Example: SOAP-based web-services do away with some of the less important REST principles but keep some of the good ones. Webservices are are productive technology, which is what counts.
You should probably use a middleware package for your internal API based on some standard protocols like WS-* and SOAP. A web-services framework solves the RPC-part of your internal API. You don't need to create/parse URLs and you don't need to deal with serialization.