PostgreSQL as REST API Server without coding. Priya

Similar documents
A never-ending database migration

The power of PostgreSQL exposed with automatically generated API endpoints. Sylvain Verly Coderbunker 2016Postgres 中国用户大会 Postgres Conference China 20

ExtraHop 7.3 ExtraHop Trace REST API Guide

Writing REST APIs with OpenAPI and Swagger Ada

DIGIPASS Authentication for O2 Succendo

flask-jwt-simple Documentation

RESTful API Design APIs your consumers will love

Lab 5: Working with REST APIs

LOG8430: Architecture logicielle et conception avancée

To Kill a Monolith: Slaying the Demons of a Monolith with Node.js Microservices on CloudFoundry. Tony Erwin,

PostgREST Documentation

Canonical Identity Provider Documentation

DatabaseRESTAPI

LUCITY REST API INTRODUCTION AND CORE CONCEPTS

Nasuni Data API Nasuni Corporation Boston, MA

Usage of "OAuth2" policy action in CentraSite and Mediator

Siebel REST API Guide. Siebel Innovation Pack 2017, Rev. A November 2017

flask-jwt Documentation

Nasuni Data API Nasuni Corporation Boston, MA

RESTful API TLS/SSL. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104

Trunk Player Documentation

Enabling SAS Event Stream Processing Authentication

PostgREST Documentation

Which compute option is designed for the above scenario? A. OpenWhisk B. Containers C. Virtual Servers D. Cloud Foundry

Red Hat Quay 2.9 Deploy Red Hat Quay - Basic

Contents in Detail. Foreword by Xavier Noria

Integrating with ClearPass HTTP APIs

Integration Guide. LoginTC

I hate money. Release 1.0

Zumero for SQL Server: Client API

About 1. Chapter 1: Getting started with odata 2. Remarks 2. Examples 2. Installation or Setup 2. Odata- The Best way to Rest 2

EMS Platform Services Installation & Configuration Guides

Oracle Cloud Using the MailChimp Adapter. Release 17.3

PAS for OpenEdge Support for JWT and OAuth Samples -

ClickToCall SkypeTest Documentation

Welcome to Docker Birthday # Docker Birthday events (list available at Docker.Party) RSVPs 600 mentors Big thanks to our global partners:

Ruby in the Sky with Diamonds. August, 2014 Sao Paulo, Brazil

NetIQ Identity Manager Driver for REST Implementation Guide. February 2017

Using RESTfull services and remote SQL

NetIQ Identity Manager Driver for REST Implementation Guide. February 2018

Access Manager 4.4 Release Notes

Guides SDL Server Documentation Document current as of 05/24/ :13 PM.

IBM Security Access Manager Version June Development topics IBM

Hands-on Lab Session 9020 Working with JSON Web Token. Budi Darmawan, Bluemix Enablement

Salesforce IoT REST API Getting Started Guide

Red Hat Quay 2.9 Deploy Red Hat Quay on OpenShift

Working with Database Connections. Version: 18.1

DreamFactory Security Guide

Protect Your API with OAuth 2. Rob Allen

StorageGRID Webscale 11.0 Tenant Administrator Guide

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

AppScaler SSO Active Directory Guide

SAS Event Stream Processing 5.2: Visualizing Event Streams with Streamviewer

Coding Intro to APIs and REST

DIGIPASS Authentication for Cisco ASA 5500 Series

Data 101 Which DB, When. Joe Yong Azure SQL Data Warehouse, Program Management Microsoft Corp.

Serverless Architecture Hochskalierbare Anwendungen ohne Server. Sascha Möllering, Solutions Architect

Metasploit. Installation Guide Release 4.4

How to re-invent your IT Architecture. André Christ, Co-CEO LeanIX

Accessing your on-premises data from microservices running on IBM Bluemix

Securing ArcGIS Services

Introduction to SciTokens

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Backend Development. SWE 432, Fall Web Application Development

AEM Mobile: Setting up Google as an Identity Provider

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

IBM Db2 Open Data RESTful Support

CONFIGURING DIFFERENT APIS IN ARUBA 8.X

The SciTokens Authorization Model: JSON Web Tokens & OAuth

Oracle Cloud Using the Eventbrite Adapter. Release 17.3

Ingress Kubernetes Tutorial

TIBCO Cloud Integration Security Overview

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

DIGIPASS Authentication for F5 BIG-IP

Information Security. Gabriel Lawrence Director, IT Security UCSD

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

API Connect. Arnauld Desprets - Technical Sale

MySQL. The Right Database for GIS Sometimes

ArcGIS for Server: Administration and Security. Amr Wahba

Beginner s Guide to Cordova and Mobile Application Development

Log File Management Tool Deployment and User's Guide. Initializing the DBMS

Datashield, Opal & Tools loading data, connection instance and running 3rd party tools

DIGIPASS Authentication for Check Point VPN-1

Release Presentation. ODS Web Services Version Open Data Services Via Web Services. Release Date: 2014/09/30

IBM Security Access Manager Version 9.0 October Development topics IBM

Maximizing Your MarkLogic and Java Investments Scott A. Stafford, Principal Sales Engineer, MarkLogic

Kinto Documentation. Release Mozilla Services Da French Team

StreamSets Control Hub Installation Guide

Grandstream Networks, Inc. Captive Portal Authentication via Facebook

IBM Security Access Manager Version 9.0 October Product overview IBM

Patch Server for Jamf Pro Documentation

Mega-scale Postgres How to run 1,000,000 Postgres Databases

Windows Azure Mobile Services

Sophos Mobile Control Network Access Control interface guide. Product version: 7

MS Switch Access Policies (802.1X) Host Modes

TAXII 2.0 Specification Pre Draft

Datto Disaster Tracking

Connexion Documentation

Sigox APIs beginners API HOW TO. External Use, version 1.3

Transcription:

PostgreSQL as REST API Server without coding Priya Ranjan @ranjanprj

API Future of Application Development APIs are prerequisite for innovation Microservices provide APIs in a bounded context Existing APIs combined in unexpected ways bring enormous value In the future APIs would come together around your context to provide value UI/UX are simply the face on top of APIs Possibilities are endless with AI, ML APIs

API Development Currently APIs Nginx/Apache/Caddy - SSL Exposing REST API (Authorization, Security, Data Privacy, OpenAPI 2.0) Development in NodeJS, Python, Java, Golang etc DATA SCIENCE GEO SOCIAL FINANCIAL IDENTITY TRANSACTIONAL TRACKING PostgreSQL DB Schema

PostgreSQL API Development with PostgREST APIs Nginx/Apache/Caddy - SSL PostgREST ( Automatic OpenAPI 2.0 ) Automatic API Generation PostgreSQL DB Schema - Authorization, Security, Data Privacy, Roles, Extensions, SQL Function, FDW DATA SCIENCE GEO SOCIAL FINANCIAL IDENTITY TRANSACTIONAL TRACKING

PostgreSQL API Development Platform PostgreSQL has all the right mix of features as an API Dev Platform Data security Data integrity Data access logic Extension Mechanism FDW Standards Implementation Backward Compatibility Robust Production Deployment Awesome Community

PostgREST Your Schema as API Joe Nelson https://postgrest.com/ https://github.com/begriffs/postgrest

PostgREST Schematics PostgREST :: Schema -> HTTP -> SQL

PostgREST Simple Recipe Create Schema PostgREST needs an anonymous ROLE to read schema. Here we define such role called web_anon ROLE.

PostgREST Simple Recipe Setup PostgREST Download PostgREST binary for Linux, Windows, BSD Create file tutorial.conf db-uri = "postgres://postgres:mysecretpassword@localhost/postgres" db-schema = "api" db-anon-role = "web_anon" Run./postgrest tutorial.conf

PostgREST Simple Recipe Run PostgREST

PostgREST Simple Recipe REST API Ready OpenAPI Specification at the root url Access table using /table_name, permission applied

PostgREST Simple Recipe Limit Auth We are allowing web_anon role read access to table todos to. Hence anyone can see all the todos, but not update it. This way you can restrict at granular level whatever access you want for your web_anon role. curl http://localhost:3000/todos -X POST \ -H "Content-Type: application/json" \ -d '{"task": "do bad thing"} Response is 401 Unauthorized: { "hint": null, "details": null, "code": "42501", "message": "permission denied for relation todos"

PostgREST Simple Recipe Create Auth Role

PostgREST Simple Example Sign Tokens Create a password of 32 Chars and sign it at https://jwt.io or service Eg mysupersecretpasswordpleasekeep Switches to this role on Authentication

PostgREST Simple Example Register Secret In tutorial.conf add jwt-secret = mysupersecretpasswordpleasekeep

PostgREST Schematics For Table TODOS READ - GET /todos?select=id,done,task,due&id=gt.10&order=due SELECT id,done,task,due FROM todos WHERE id > 10 ORDER BY due CREATE - POST / todos Content-Type : application/json { task : this is my new task } UPDATE - PATCH /todos?id=eq.10 Content-Type : application/json { done : 1} DELETE - DELETE /todos?id=eq.10 ***Ensure PATCH & DELETE is parameterized using proxy

PostgREST Simple Example Create Records

Showcase 1 Find Nearest Cab Uses GoogleMaps PostgreSQL Postgis PostgREST

Showcase 1 Find Nearest Cab

PostgREST Showcase 1 Create a location table with some data GET http://localhost:3000/geospatial_location_view?distance=lt.20 000&consumer_key=eq.'1234'&source_entity_id='1'&source_e ntity_type='user'&target_entity_type='asset' Find all within 20KM radius

Showcase 2 On-demand Carwash Company Uses - GoogleMaps PostgreSQL Postgis PostgREST Stripe Payment API call as Postgres function

Showcase 2

Showcase 2 SQL JS Different Schema Not exposed Directly by PostgREST

Showcase 2 SQL JS

PostgREST Showcase 2 SQL JS

PostgREST Showcase 2 SQL JS

Showcase 3 An Uber/Ola Clone Uses GoogleMaps PostgreSQL Postgis Postgrest Reuses same APIs of Showcase 2 No new API development required!!!

Showcase 3

Use cases Develop focused apps without developing REST API Expose existing PostgreSQL Schema as API Expose complex Extensions ( custom, Postgis ) Expose complex FDW as REST API Expose Views for creating live dashboard Schema as bounded context can act as Microservices Architecture Create a central API HUB Use PostgreSQL C speed JSON, Search, Geo, Indexing as APIs

Setting Up PostgREST Caveats PostgREST exposes database as is DELETE http://localhost:3000/my_table_name would delete entire table!!! PATCH http://localhost:3000/my_table_name Content-Type: Application/json { status : completed } would update for entire table!!! PostgREST must be behind a PROXY which checks for parameters in case of DELETE & PATCH

Setting Up PostgREST Alternatives PostGraphQL Nodejs A GraphQL API created by reflection over a PostgreSQL schema. prest Golang Serve a RESTful API from any PostgreSQL database Pgasus Golang Pgasus offers RESTful interface for PostgreSQL.

Conclusion PostgreSQL is complete solution for building API PostgREST makes it trivial to expose PostgreSQL as API server PostgREST must be behind proxy server such as Nginx Parameters for DELETE & PATCH must be checked at proxy level PostgREST is ideal for building small focused apps and POC PostgreSQL Extensions and FDW can be easily exposed as APIs Using different schema, you can support two versions of same API

Questions? Priya Ranjan @ranjanprj

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback