I want to develop Mobile APP, how to provide RESTful API from backend service, How to authorize? Can it base on oauth2?
From the top off my head, I think you have to implement a custom REST EventHandler, add the new handler entry in the handlers-controller.xml file; for example with a name=“rest” and type=“request”. Then all your controller entries that will have to process REST request will be of type ‘rest’.
Forgot to mention that you can handle any sort of authorization in the handler, of course.
I’m just curious whether the mentioned improvement in the below article is being done or not (to have something like the expose=“true” for REST).
Well, generally speaking we do have internal discussions about whether or not we should implement a more generic mean to give access to specific services. In past customer implementions we have often used RPC to connect from an interface to the service engine in a very slick way. We also use REST-Services from time to time (and sometimes even SOAP). That being said, we have not really decided on this and it is not really high on our priority list at the moment.
That being said, it is very easy to expose a service, any service really, to the web using controller events. Since in most cases it is easier to work with JSON objects to post and receive data back from a restful service, you can easily accomplish the most of it by adding an entry like this:
<request-map uri="myServiceRequest"> <security https="true" auth="true"/> <event type="service" invoke="myService" /> <response name="success" type="request" value="json"/> <response name="error" type="request" value="json"/> </request-map>
Then you can access the service from the application via /control/myServiceRequest. You can adopt it to your own liking. Like mentioned, the information is passed to the service via JSON objec - all authentication is kept in place. Of course this does not really open yourself up to PUT or DELETE requests, but let’s be honest, most people are only interested in posting information against a single service and receiving a response back. The way described in the article you mentioned, just seemed really complicated to me.
We are making alot of use of this in our applications, so just have a lookout for value=“json” in controller.xml files.
Front end theme with angular
The method described by minifreak is also an easy way to do the same… in case you really need to add PUT and DELETE HTTP methods.