If we have a SPA App built with angularjs for example that use (REST API) web api service for it's requests is it ok or better qustion is should other mobile clients use same api for theirs request?
I would prefer having one API usable by multiple clients when possible so as to avoid having to duplicate code. The client should be responsible for making sure it can use your API (one API, multiple clients) rather than the API being responsible for making sure the clients can use it (multiple APIs for multiple clients).
Related
I have four services running within the same app on App Engine. I have a frontend SvelteKit application, and three backend services. If possible, I'd like to set up security in such a way that the backend services will only accept HTTP requests from the frontend application (which sends all API requests via its Node server).
Is there a way of doing this without spending a load of money on a Serverless VPC Access connector?
Ideally I want to keep these all within the same GCP project as well. So far the only solution I can come up with is to ship the services with a secret that they check against when receiving a request, but there must be a better way to do it.
Take a look at Identity Aware Proxy
Pay attention to the part of the above documentation that says
In order to make a resource publicly-accessible (while sibling resources are restricted), grant the IAP-secured Web App User role to allUsers or allAuthenticatedUsers.
Per your use case, your front-end application will be available to the public while your 3 backend services will only be available to the front-end application
Since your backend services are now secured (via IAP), you have to programmatically invoke them in your front end. See documentation on how to do that.
I'm building a REST APIs in Symfony2. The idea is to use these apis from a angular web app and a mobile app. Authentication is required to use the APIs.
I thought in the following possibilites:
Separate Symfony and angular in diferent projects:
The URLs under /api would use OAuth2 to authenticate user (FOSOAuthServerBundle). Both web and mobile app would need to use an access token.
Include angular inside Symfony: In the web app the users are authenticated using a symfony form, and therefore no need to protect the urls under /api with OAuth2. But how would authenticate users from the mobile app?
Please, any help is good!
In short, what I need is that the APIs can be used from two clients: web app and mobile app
Thanks!
I'm currently studying and suffering from the same problem and so far the best option I've seen is to keep the projects separate. If you include angularJS in your Symphony project, you will end up using resources that Symphony provides that you won't be able to replicate in the mobile structure. By detaching the server with the client completely, your Web App built only with Angular will be more similar to your mobile app, mimicking the stand-alone application mode.
Personally, I chose JWT Auth since it doesn't require 12 tables in your database, but using OAuth2 would have similar result.
Is always better to choose some solution that is already tested for many people and is used by them. So, I think is better you to use the OAuth technique, so you can consume your api from mobile, web and every other technology.
If you will join the API and WEBApp is up to you. because REST use no session and every call is a new call that you need to check and block or respond. I have an app that has an Codeigniter API and an AngularJS APP in the same project, but thoose does not share any exclusive thing as sessions.
I built e-commerce with FOSRestBundle, HWIOOauthBundle and FOSUserBundle
From server side, generate accesstoken and authenticate via api/login/ api/login_check/
write your security.yml routing access
From client side, call your api. It should render 200 or 403 HTTP_Code.
I am building a api on loopback. I was curious if loopback is a Baas or a mBaas framework. What I mean is will I face any problem if I would use it for my website builded in angularjs?
Will my api handle about 300req/s for all my requests?
Loopback is mostly a generalized Baas framework. One of it's use cases is web applications that uses angularjs. I actually do use loopback as a backend for a Angular.js webapp.
Yes mostly, but that depends on your business logic, your servers, databases, server load and a lot of other factors.
Loopback builds an http rest API that can get connected to databases or other rest or soap backends. It also has a few clients libraries, which includes plugin for angular resource. You can also write your own connectors or client library.
I have previously used
#app.route('/mypage/<int:myvariable>/')
to create rules for what should happen when users land on different urls on my website. I have done this on local machines that have been running on my own virtual servers.
Now I am learning to publish my first web app to Google App Engine. I have heard that I should be using Google Cloud Endpoints instead of the route decorator.
#endpoints...
I've read a few articles about endpoints and some of the benefits of endpoints that they list are:
Endpoints makes it easier to create a web backend for web clients and mobile clients
Endpoints free you from having to write wrappers to handle communication with App Engine
Even if I have read this I can't wrap my head around what this means. I don't understand it. Can you explain in non-technical terms with examples what the advantages of using #endpoints is compared to alternatives? The alternative that I am familiar with is #app.route.
Google Cloud Endpoints can be thought of as a subset of #app.route. They are intended to solve the API backend problem for mobile and javascript clients. They are not intended to serve web pages and other hypermedia. You can use the normal routing methods of your framework of choice to create a web service for your application but Google Cloud Endpoints takes care of a lot of boilerplate for you.
There are a lot of limitations with Google Cloud Endpointsso be sure to familiarize yourself with them before committing. For one, you cannot host Google Cloud Endpoints on a custom domain name. They are only accessible via <app_id>.appspot.com/_ah/api/*
Endpoints makes it easier to create a web backend for web clients and
mobile clients
What this means is that you can create one backend and then iOS, Android and Web-apps (via Javascript for example), can execute your API methods with specific client generated libraries.
This is convenient if you are building a backend that you want to be easily accessed via smartphones or through a web browser.
Endpoints free you from having to write wrappers to handle
communication with App Engine
With Endpoints you can generate client libraries (e.g. Android, iOS, Javascript) that you can then execute your API methods. You don't have to worry about writing a bunch of additional code to do that.
My Opinion:
I have never used Cloud Endpoints to make a web-app but it is very convenient if you are making a mobile app for iOS and Android because you can access your backend with both platforms.
One reason you might want to use Cloud Endpoints for a web-app instead of something else is because of Datastore. Datastore is the way Cloud Endpoints stores data. It is a NoSQL storage method which is kinda tricky to wrap your head around at first if you come from a relational database background, but once you get it, it makes a lot of sense.
I'm developing an Android app and am using Google App Engine as the back-end. I want to use Endpoints since it seems easy to set up and appears to make authentication easy, but I've seen that it doesn't support custom domains. I'd like to use a custom domain to allow users to log-in and make changes with a web client, though not through Endpoints.
What I want to know is what they mean when they say that custom domains aren't supported. Does that mean you can't use Endpoints at all in your project if you've set up a custom domain for it, or that you just can't make Endpoints API calls to a custom domain?
If it's the latter, I've written a utility class that both my Endpoints API class and servlets could call, so my web client doesn't need to interact with Endpoints at all, only the mobile clients do. I'd like Endpoints and the servlets to be part of the same project so they can both access the same data in the Datastore.
If anyone knows whether this is possible or if there's a better way of going about this, I'd appreciate it. Thanks.
I tried it out and found that it is possible to use Endpoints in a GAE project that uses a custom domain, so long as the custom domain is not used to call the Endpoints API. So when it says in the Endpoints documentation that custom domains are not supported, it simply means you can't make API calls to a custom domain, as I suspected.