Wednesday, September 25, 2013

Creating RESTful API's with the APEX Listener

In REST you model the resources, not the actions. So you define a GET /apex/oow13/hr/employees instead of a GET /apex/oow13/GetAllEmployees. With REST you have six methods (with the most common associated database actions: GET (select), HEAD (select), OPTIONS (to get a list of methods supported by the resource), PUT (merge or update), DELETE (delete), POST (insert).
You can manage the REST resources from either within SQL Developer or APEX. Within SQL Developer the resources are grouped into Modules (like PL/SQL packages) with a URI prefix (like /hr) and within that Resource Templates.
As an example you can define a GET request ( select * from emp where empno = :id ), then the URI Template of the resource will be something like employees/{id}. When you call the URL (like http://localhost:8888/apex/oow13/hr/employees/12345), this will result in a JSON string (or XML or CSV) containing the employee data of employee 12345.
Within a query you can use "special" columns - starting with a $ - that will return a hyperlink within the JSON object.
The listener supports CORS (Cross Origin Resource Sharing) for all public services. So you're not restricted to using URI's within the same domain and can create mashups using data from different domains. Protected resources are not CORS enabled by default, however you can specify a whitelist of origins that are allowed to call that service.
In SQL Developer you can also assign "Privileges" for mehods - so you can secure your DELETE operations from your SELECT operation. The autorization is implemented as an "oauth2" call. See the APEX Listener documentation for more details on that.
Post a Comment