Outside the Garden Wall

There are web-services for many useful tasks. These include:

  1. Sending and receiving emails .. Mailgun
  2. Accessing social media status and profiles .. (Twitter, Facebook)
  3. Databases, such as Firebase and RdbHost
  4. Optimizing images .. TinyPng
  5. Minifying CSS .. cssminifier
  6. Fetching movie reviews .. OMDB
  7. Polls and other forms .. wufoo
  8. Credit card processing .. Stripe

Many tasks which traditionally have burdened server-side web programmers, with the need to install and debug server side tools before integrating into the web application, can be done more readily with web-services.

In some regards, web services are better; for example, when you use an email service, you get skilled support keeping your emails out of spam filters and black-lists.

APIS

RdbHost supports using third party web-services as part of your RdbHost app.

Generally, a web-service will involve a client-specific API key that needs to be stored privately, hidden from public view. For this reason, you can't just do a pure API call from browser-side JavaScript to the service-provider. RdbHost provides you a way to make API calls using keys that are privately stored in your account database.

Example

This example pulls recent posts from a Mastodon instance. It needs no key, but one could be included in the SELECT statement if necessary, pulled from a table on the server.

var q = " \
SELECT 'url', NULL, 'GET',  \  
            'https://mastodon.social/api/v1/timelines/public' \  
  UNION \  
SELECT 'field', 1, 'since_id', %(since_id)s::text   ";

Rdbhost.connect('www.rdbhost.com', 14);
var pr = Rdbhost.preauth()
         .query(q)
         .params({'since_id': 1000})
         .proxy('proxy')
         .get_data();

pr.then(function(d) {
    var jsn = d.result_sets[0].records.rows[0].result,
        statuses = JSON.parse(jsn.result);
    window.console.log(statuses.length + 
                             ' statuses were found');
})
.catch(function(err) {
    window.console.log(err.message);
});

The query itself pulls request parameters from the database, which are then submitted to the Mastodon server; the results of that call are delivered to the browser, appearing as the d parameter in the success callback. It is the proxy() method that makes this a proxied request; there are specific proxy modes, including 'email' and 'charge', but 'proxy' is the generic mode that is useful with most any web-service.

Yes, this is a fairly verbose way to represent an API call (a union of multiple select statements), but it enables you to include a wide diversity of web-service functionality in your RdbHost app, always in this all code in the browser RdbHost way.

White-listing

When you submit the query using the preauth role, the query gets white-listed and the mode 'proxy' gets white-listed with it. It can then only be run in that mode. A query that pulls an API key to submit to a third-party using the proxy feature cannot then be used to reveal that key to the browser.

Demos

There are demos, in unit-test form, at jsdemos.noservercoding.com

RdbHost Proxy Page
Demo-Tests (source)

comments powered by Disqus