REST Enabling Your Oracle Database

Jeff Smith
Jeff SmithDistinguished Product Manager at Oracle Corp
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Developing RESTful
Services
w/Oracle REST Data Services (ORDS) &
Oracle SQL Developer
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
whoami
 a tools geek since 2001
 blogs at thatjeffsmith.com tweets at @thatjeffsmith
 Product Manager for
 SQL Developer
 SQLcl
 SQL Developer Data Modeler
 Oracle REST Data Services
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
REST is Ubiquitous…What is REST?
Overview of ORDS (flexible, extensible, secure)
Automatic REST Feature for Tables: Examples
1
2
3
4
5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
REST…What is it and why should we care?
REST has become a foundational part of web application stacks
5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
REpresentational State Transfer (REST) is Everywhere
• REST is easy to grasp, easy to learn and easy to use
– Small uniform set of operations: GET, POST, PUT, DELETE etc that work similarly across all APIs
– Small set of uniform status codes: 200, 201, 404, 500, …
– URLs & hyperlinks encourage stateless behavior, easy to dive in and test out APIs
– Text based protocol with simple request/response model, easy to introspect and understand
– Accessible from any application platform or programming language
• Like HTTP, TCP & Unix, REST has become a foundational part of the computing world
6
REST APIs are the norm, and will continue to be for the foreseeable
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle REST Data Services (ORDS)
• ORDS Enables Developers With Database Skills to Develop REST and JSON
APIs for Oracle Database
– Just need SQL, PL/SQL, and Oracle Database knowledge
– Low code solution…
– …no need to learn Java!
• ORDS enables data access developers to
– Automatically generate REST APIs for basic functions on tables and views
• GET (query), PUT (insert), POST (update), etc.
– Write REST APIs that call custom SQL queries and PL/SQL procedures
7
So How Does ORDS Fit Into This?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
What is ORDS?
• Java JEE mid tier application, e.g., WebLogic, Tomcat, Glassfish
– Also supports “Standalone” mode for development via embedded Jetty
• For input, maps/binds URI to SQL and PL/SQL
• For output, transforms results to JSON and other formats
8
Oracle REST Data ServicesHTTP(S) client Oracle Database
SQLMap & BindURI
JSON Transform to JSON SQL Result Set
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• JavaScript Object Notation
– Derived from JS, but many languages have native support
• Lighter than XML
• Easy for humans to read/write
• Easy for machines to parse/generate
What is JSON? (JAY-sun)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Supports Multiple Oracle Data Stores
10
Oracle
REST Data Service
REST
Oracle NoSQL Database
Oracle Database 12c (Document Store)
Oracle Database (Relational)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Going from REST to the Database & Back
• Let’s review quickly how the Resource Collection Model works
• Sending data up to the database via ORDS and receiving data back relies on this model
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
The Resource Collection
A RESTful Design Pattern
12
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Resource Collection Pattern
• MASTER RESOURCE: called the Collection URI:
A Table (or View)
https://site.com/ords/hr/employees/
• DETAIL RESOURCE; called the Item URI:
A Record in Said Table (or View)
https://site.com/ords/hr/employees/:id (:id => Primary
Key)
13
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Example REST Resource
Resource has:
- tabular data
- nested data
- hyperlinks
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Ok, Let’s Get to the Good Stuff!
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
ORDS is THE REST Solution for Oracle Database
• Custom SQL and PL/SQL
– Data binding or OWA Toolkit (HTP.P)
• Auto Table Enablement
– CRUD + Bulk Load
• Auto PL/SQL Enablement (RPC)
– Full to and from JSON support
• Full SQL Scripting
– sqldev/sqlcl library via REST
• Predefined OS Command
– Initially used in DBAAS Monitor
• Native Java Code
– Get Info directly from JDBC properties
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
AUTO REST for Tables
Examples
17
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Auto enablement of RESTful request modules,
publishes these URI Handlers for Tables & Views
Requires ZERO code
• Table Metadata
• Get ( Select )
• Query ( Filtering )
• Insert
• Update
• Delete
• Bulk load
Auto Table/VIEW APIs/REST End Points
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
DECLARE
PRAGMA AUTONOMOUS_TRANSACTION;
BEGIN
ORDS.ENABLE_OBJECT(p_enabled => TRUE,
p_schema => 'HR',
p_object => 'DEPARTMENTS',
p_object_type => 'TABLE',
p_object_alias => 'depts',
p_auto_rest_auth => FALSE);
commit;
END;
GUI & PL/SQL APIs Available
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Retrieve the Collection Metadata
METHOD : GET
RESPONSE: 200 OK
• JSON
• Collection (Schema)
• Canonical
• Describes (Table)
Screenshots demonstrate REST calls using POSTMAN
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Retrieve the Collection (Table – All of the Rows)
21
200
JSON
METHOD : GET
RESPONSE: 200 OK
• JSON
• More?
• Next Page
• First Page
• Described By
• Self
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Retrieve a Detail Resource (Table – A Specific Row)
22
METHOD : GET /:PK
RESPONSE: 200 OK
• JSON
• Self
• Described By
• Collection
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Apply Predicates to Your Collection (Table – Where/Order)
METHOD : GET /?q={pred}
RESPONSE: 200 OK
• JSON
• More?
• Next Page
• First Page
• Described By
• Self
?q={"department_id": {
"$lt": 3}
}
…
WHERE DEPARTMENT_ID < 3
FULL Docs/Examples
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Add a Row
24
METHOD : POST
REQUEST BODY : JSON
RESPONSE: 201 Created
• Location (Header)
• JSON (Body)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Update a Row
25
METHOD : PUT /:PK
REQUEST BODY : JSON
RESPONSE: 200 OK
• Location (Header)
• JSON (Body)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Delete a Row
METHOD : DELETE /:ID
RESPONSE: 200 OK
• JSON (Body)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Batch Load
METHOD : POST /batchload
REQUEST BODY : CSV
RESPONSE: 200 OK
• Text (Body)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
A Quick Review…
DELETE
POST
GET
PUT
/some/collection/ ‘Read’ a Collection
/some/collection/:id ‘Update’ an Item
/some/collection/:id ‘Read’ an Item
/some/collection/ ‘Add’ an Item
/some/collection/:id ‘Delete’ an Item
GET
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Database Resources available via REST/ORDS
• AUTO REST Tables and Views – Available TODAY
• SQL & PL/SQL Code Blocks – Available TODAY
• AUTO RPC Store Procedures
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
• Execute via POST
• Pass parameters via BODY {JSON}
• Output returned as {JSON}
– REFCURSORs? Check!
– Complex types, SDO_GEOMETRY,
Intervals, Custom types? Check!
Auto-Publish URI’s for PL/SQL Programs
Remote Procedure Call (RPC)
AUTO Support for PL/SQL Programs
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Execute a Stored Procedure
METHOD : POST
REQUEST BODY : JSON
RESPONSE: 200 OK
• JSON (Body)
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
Oracle REST Data Services: RESTful Services
When AUTO is Not Enough
RESTful Services
• Execute any SQL or PL/SQL
• Module => Template(s) => Handler(s)
• PL/SQL API and GUI Support
• SECURE! Priv & Role Driven
• Supports OAUTH2
• Example (DOCS)
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
REST Development – in Oracle SQL Developer
Oracle SQL Developer version 4.2
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
REST Development – in Oracle SQL Developer
Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |
REST Development – CLI?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
ALL APIs and No APPS Makes REST a Boring Boy…
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Using Oracle JET with ORDS
Building rich web & mobile apps using REST APIs
37
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle JET & Oracle REST Data Services
• Both Oracle JET & Oracle REST Data Services comply with the Oracle REST
Standard, as do many other Oracle products that offer a REST API.
• The centrepiece of this standard is the Collection Resource Pattern we
discussed earlier
• Oracle JET provides rich functionality for interacting with REST Collections
• This makes it super-easy to wire JET UIs and ORDS APIs together
38
Meant to go together
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
<script type="text/javascript" language="javascript">
$(document).ready(function() {
$.getJSON("http://servername/ords/db/demo/emp",
function(data) {
$(data.items).each(function (index, value) {
$("#rpt").append(
'<tr>'
+ '<td class="text-center"><a href="form.html#'
+ value.empno + '">Edit</a></td>'
+ '<td class="text-right">' + value.empno +
'</td>'
+ '<td class="text-center">' + value.dname +
'</td>'
+ '<td class="text-left">' + value.ename +
'</td>'
+ '<td class="text-left">' + value.job +
'</td>'
+ '<td class="text-right">' + value.sal +
'</td>'
+ '<td class="text-right">' + value.sal_diff +
'</td>'
+ '<td class="text-right">' + value.comm + '</td>
+ '<td class="text-center">' + value.rank +
'</td>'
+ '</tr>');
});
});
});
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Powered by Oracle JET, ORDS, REST, and the Oracle Public Cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
REST API for the Database Itself
41
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
A customer asked for REST services that could be used to
• INSTALL Oracle
• CREATE DATABASE
PUT /database/ ?
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Take existing, internal APIs and ‘clean up’ for public consumption
• Consistent URIs for Cloud (across services) and On Premises
• Deploy via ORDS Updates
• ORDS Dev Calendar to Synch up with Cloud, Quarterly Updates
• Prioritize around Lifecyle Operations
• APIs will have Swagger style Oracle DOCs treatment
The Plan
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Lifecycle Is Critical – Automate Everything
Operational ‘Buckets’
• VM
• Database
• Backup & Recovery
• Instance Management
• Security
• Performance
• Features
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
The ‘Buckets’
Security
Instance
VM
DB
Backup
Perf
State(start, stop, status), Shape(current, change), Image(copy, move,
drop, snapshot…
Params(list, change), State(create, drop, clone, start, stop, relocate,
plug, unplug…)
Locations(list, update), Windows(list, update), Backups(list, details),
Backup(now, backup to trace)…
Sessions(List, Kill, Trace), Pools(Flush), Logging(Current, Switch),
Storage(tblspc-add, edit, list)
Auditing(Trails, ChangeSettings, Delete), User(list, create, drop, list
privs, grant/revoke priv), Roles(list, create, drop…)
AWR, ADDM, ASH, SQL Tuning Advisor, RTSM
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Automatic API Doc
Gen via Swagger
• Inventory REST API
• Descriptions
• Examples
• Test via Curl
• Oracle Docs Integration
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Securing REST APIs
47
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
ORDS is Flexible - Security
Caveats
• Almost all dev/demo/blog is done with security off & with HTTP
• Always, always, always secure REST services and run with HTTPS
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
First Party Authentication
• Oracle REST Data Services specific solution
• Only available to the author of the API, application must be deployed on
same origin as API
• https://example.com/api & https://example.com/app ✓
• https://api.example.com & https://app.example.com ✗
• User enters credentials in sign-in form, ORDS issues cookie, cookie is only
validated by ORDS if the request is determined to originate from the from
the same origin as the REST Service.
49
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
About OAuth 2.0
• IETF standard for securing access to REST APIs
• Comes in two forms:
• Two Legged - For Business to Business, server to server applications
• Example: Sync HR data between internal applications
• Three Legged - For Business to Consumer, app to end-user applications
• Example: Share subset of HR data with external benefits provider after
employee approves access.
• Third party registers client, issued credentials, uses credentials to acquire
access token, uses access token with request to prove authorization
50
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
External Authentication
• Comes in many flavors, for example:
• Oracle Access Manager - SSO cookie at Oracle OHS server level
authenticates users stored in Oracle Identity Manager
• ORDS does not perform authentication, just authorization.
• Usually relies on HTTP cookies, need to restrict CORS allowed Origins to
avoid CSRF
51
APEX Authentication too (read users from a db table)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Learn More
About Oracle REST Data Services
oracle.com/rest
@OracleREST @cdivilly
@krisrice @thatjeffsmith
1 of 52

More Related Content

What's hot(20)

Oracle RAC One Node 12c OverviewOracle RAC One Node 12c Overview
Oracle RAC One Node 12c Overview
Markus Michalewicz8K views
Oracle REST Data ServicesOracle REST Data Services
Oracle REST Data Services
Chris Muir3.8K views
APIAPI
API
Masters Academy548 views
What’s New in Oracle Database 19c - Part 1What’s New in Oracle Database 19c - Part 1
What’s New in Oracle Database 19c - Part 1
Satishbabu Gunukula1K views
Oracle 12c PDB insightsOracle 12c PDB insights
Oracle 12c PDB insights
Kirill Loifman2K views
Learn REST in 18 SlidesLearn REST in 18 Slides
Learn REST in 18 Slides
Suraj Gupta43.9K views

Similar to REST Enabling Your Oracle Database(20)

Oracle database 12c_and_DevOpsOracle database 12c_and_DevOps
Oracle database 12c_and_DevOps
Maria Colgan9.4K views
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Databasecentricapisonthecloudusingplsqlandnodejscon3153oow2016 160922021655
Getting value from IoT, Integration and Data Analytics276 views
MySQL Cluster as Transactional NoSQL (KVS)MySQL Cluster as Transactional NoSQL (KVS)
MySQL Cluster as Transactional NoSQL (KVS)
Ryusuke Kajiyama1.1K views
Introdução ao Oracle NoSQLIntrodução ao Oracle NoSQL
Introdução ao Oracle NoSQL
Bruno Borges1.3K views
Hacking oracle using metasploitHacking oracle using metasploit
Hacking oracle using metasploit
Alberto García Illera861 views
MySQL Document StoreMySQL Document Store
MySQL Document Store
Mario Beck614 views
RMOUG MySQL 5.7 New FeaturesRMOUG MySQL 5.7 New Features
RMOUG MySQL 5.7 New Features
Dave Stokes544 views
REST - Why, When and How? at AMIS25REST - Why, When and How? at AMIS25
REST - Why, When and How? at AMIS25
Jon Petter Hjulstad1.1K views

Recently uploaded(20)

Liqid: Composable CXL PreviewLiqid: Composable CXL Preview
Liqid: Composable CXL Preview
CXL Forum120 views

REST Enabling Your Oracle Database

  • 1. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Developing RESTful Services w/Oracle REST Data Services (ORDS) & Oracle SQL Developer
  • 2. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | whoami  a tools geek since 2001  blogs at thatjeffsmith.com tweets at @thatjeffsmith  Product Manager for  SQL Developer  SQLcl  SQL Developer Data Modeler  Oracle REST Data Services
  • 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Program Agenda REST is Ubiquitous…What is REST? Overview of ORDS (flexible, extensible, secure) Automatic REST Feature for Tables: Examples 1 2 3 4 5
  • 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | REST…What is it and why should we care? REST has become a foundational part of web application stacks 5
  • 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | REpresentational State Transfer (REST) is Everywhere • REST is easy to grasp, easy to learn and easy to use – Small uniform set of operations: GET, POST, PUT, DELETE etc that work similarly across all APIs – Small set of uniform status codes: 200, 201, 404, 500, … – URLs & hyperlinks encourage stateless behavior, easy to dive in and test out APIs – Text based protocol with simple request/response model, easy to introspect and understand – Accessible from any application platform or programming language • Like HTTP, TCP & Unix, REST has become a foundational part of the computing world 6 REST APIs are the norm, and will continue to be for the foreseeable
  • 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle REST Data Services (ORDS) • ORDS Enables Developers With Database Skills to Develop REST and JSON APIs for Oracle Database – Just need SQL, PL/SQL, and Oracle Database knowledge – Low code solution… – …no need to learn Java! • ORDS enables data access developers to – Automatically generate REST APIs for basic functions on tables and views • GET (query), PUT (insert), POST (update), etc. – Write REST APIs that call custom SQL queries and PL/SQL procedures 7 So How Does ORDS Fit Into This?
  • 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What is ORDS? • Java JEE mid tier application, e.g., WebLogic, Tomcat, Glassfish – Also supports “Standalone” mode for development via embedded Jetty • For input, maps/binds URI to SQL and PL/SQL • For output, transforms results to JSON and other formats 8 Oracle REST Data ServicesHTTP(S) client Oracle Database SQLMap & BindURI JSON Transform to JSON SQL Result Set
  • 9. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • JavaScript Object Notation – Derived from JS, but many languages have native support • Lighter than XML • Easy for humans to read/write • Easy for machines to parse/generate What is JSON? (JAY-sun)
  • 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Supports Multiple Oracle Data Stores 10 Oracle REST Data Service REST Oracle NoSQL Database Oracle Database 12c (Document Store) Oracle Database (Relational)
  • 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Going from REST to the Database & Back • Let’s review quickly how the Resource Collection Model works • Sending data up to the database via ORDS and receiving data back relies on this model
  • 12. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | The Resource Collection A RESTful Design Pattern 12
  • 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Resource Collection Pattern • MASTER RESOURCE: called the Collection URI: A Table (or View) https://site.com/ords/hr/employees/ • DETAIL RESOURCE; called the Item URI: A Record in Said Table (or View) https://site.com/ords/hr/employees/:id (:id => Primary Key) 13
  • 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Example REST Resource Resource has: - tabular data - nested data - hyperlinks
  • 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Ok, Let’s Get to the Good Stuff!
  • 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | ORDS is THE REST Solution for Oracle Database • Custom SQL and PL/SQL – Data binding or OWA Toolkit (HTP.P) • Auto Table Enablement – CRUD + Bulk Load • Auto PL/SQL Enablement (RPC) – Full to and from JSON support • Full SQL Scripting – sqldev/sqlcl library via REST • Predefined OS Command – Initially used in DBAAS Monitor • Native Java Code – Get Info directly from JDBC properties
  • 17. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | AUTO REST for Tables Examples 17
  • 18. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Auto enablement of RESTful request modules, publishes these URI Handlers for Tables & Views Requires ZERO code • Table Metadata • Get ( Select ) • Query ( Filtering ) • Insert • Update • Delete • Bulk load Auto Table/VIEW APIs/REST End Points
  • 19. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | DECLARE PRAGMA AUTONOMOUS_TRANSACTION; BEGIN ORDS.ENABLE_OBJECT(p_enabled => TRUE, p_schema => 'HR', p_object => 'DEPARTMENTS', p_object_type => 'TABLE', p_object_alias => 'depts', p_auto_rest_auth => FALSE); commit; END; GUI & PL/SQL APIs Available
  • 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Retrieve the Collection Metadata METHOD : GET RESPONSE: 200 OK • JSON • Collection (Schema) • Canonical • Describes (Table) Screenshots demonstrate REST calls using POSTMAN
  • 21. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Retrieve the Collection (Table – All of the Rows) 21 200 JSON METHOD : GET RESPONSE: 200 OK • JSON • More? • Next Page • First Page • Described By • Self
  • 22. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Retrieve a Detail Resource (Table – A Specific Row) 22 METHOD : GET /:PK RESPONSE: 200 OK • JSON • Self • Described By • Collection
  • 23. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Apply Predicates to Your Collection (Table – Where/Order) METHOD : GET /?q={pred} RESPONSE: 200 OK • JSON • More? • Next Page • First Page • Described By • Self ?q={"department_id": { "$lt": 3} } … WHERE DEPARTMENT_ID < 3 FULL Docs/Examples
  • 24. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Add a Row 24 METHOD : POST REQUEST BODY : JSON RESPONSE: 201 Created • Location (Header) • JSON (Body)
  • 25. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Update a Row 25 METHOD : PUT /:PK REQUEST BODY : JSON RESPONSE: 200 OK • Location (Header) • JSON (Body)
  • 26. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Delete a Row METHOD : DELETE /:ID RESPONSE: 200 OK • JSON (Body)
  • 27. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Batch Load METHOD : POST /batchload REQUEST BODY : CSV RESPONSE: 200 OK • Text (Body)
  • 28. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | A Quick Review… DELETE POST GET PUT /some/collection/ ‘Read’ a Collection /some/collection/:id ‘Update’ an Item /some/collection/:id ‘Read’ an Item /some/collection/ ‘Add’ an Item /some/collection/:id ‘Delete’ an Item GET
  • 29. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Database Resources available via REST/ORDS • AUTO REST Tables and Views – Available TODAY • SQL & PL/SQL Code Blocks – Available TODAY • AUTO RPC Store Procedures
  • 30. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | • Execute via POST • Pass parameters via BODY {JSON} • Output returned as {JSON} – REFCURSORs? Check! – Complex types, SDO_GEOMETRY, Intervals, Custom types? Check! Auto-Publish URI’s for PL/SQL Programs Remote Procedure Call (RPC) AUTO Support for PL/SQL Programs
  • 31. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Execute a Stored Procedure METHOD : POST REQUEST BODY : JSON RESPONSE: 200 OK • JSON (Body)
  • 32. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | Oracle REST Data Services: RESTful Services When AUTO is Not Enough RESTful Services • Execute any SQL or PL/SQL • Module => Template(s) => Handler(s) • PL/SQL API and GUI Support • SECURE! Priv & Role Driven • Supports OAUTH2 • Example (DOCS)
  • 33. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | REST Development – in Oracle SQL Developer Oracle SQL Developer version 4.2
  • 34. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | REST Development – in Oracle SQL Developer
  • 35. Copyright © 2014 Oracle and/or its affiliates. All rights reserved. | REST Development – CLI?
  • 36. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | ALL APIs and No APPS Makes REST a Boring Boy…
  • 37. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Using Oracle JET with ORDS Building rich web & mobile apps using REST APIs 37
  • 38. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle JET & Oracle REST Data Services • Both Oracle JET & Oracle REST Data Services comply with the Oracle REST Standard, as do many other Oracle products that offer a REST API. • The centrepiece of this standard is the Collection Resource Pattern we discussed earlier • Oracle JET provides rich functionality for interacting with REST Collections • This makes it super-easy to wire JET UIs and ORDS APIs together 38 Meant to go together
  • 39. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | <script type="text/javascript" language="javascript"> $(document).ready(function() { $.getJSON("http://servername/ords/db/demo/emp", function(data) { $(data.items).each(function (index, value) { $("#rpt").append( '<tr>' + '<td class="text-center"><a href="form.html#' + value.empno + '">Edit</a></td>' + '<td class="text-right">' + value.empno + '</td>' + '<td class="text-center">' + value.dname + '</td>' + '<td class="text-left">' + value.ename + '</td>' + '<td class="text-left">' + value.job + '</td>' + '<td class="text-right">' + value.sal + '</td>' + '<td class="text-right">' + value.sal_diff + '</td>' + '<td class="text-right">' + value.comm + '</td> + '<td class="text-center">' + value.rank + '</td>' + '</tr>'); }); }); });
  • 40. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Powered by Oracle JET, ORDS, REST, and the Oracle Public Cloud
  • 41. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | REST API for the Database Itself 41
  • 42. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | A customer asked for REST services that could be used to • INSTALL Oracle • CREATE DATABASE PUT /database/ ?
  • 43. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | • Take existing, internal APIs and ‘clean up’ for public consumption • Consistent URIs for Cloud (across services) and On Premises • Deploy via ORDS Updates • ORDS Dev Calendar to Synch up with Cloud, Quarterly Updates • Prioritize around Lifecyle Operations • APIs will have Swagger style Oracle DOCs treatment The Plan
  • 44. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Lifecycle Is Critical – Automate Everything Operational ‘Buckets’ • VM • Database • Backup & Recovery • Instance Management • Security • Performance • Features
  • 45. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | The ‘Buckets’ Security Instance VM DB Backup Perf State(start, stop, status), Shape(current, change), Image(copy, move, drop, snapshot… Params(list, change), State(create, drop, clone, start, stop, relocate, plug, unplug…) Locations(list, update), Windows(list, update), Backups(list, details), Backup(now, backup to trace)… Sessions(List, Kill, Trace), Pools(Flush), Logging(Current, Switch), Storage(tblspc-add, edit, list) Auditing(Trails, ChangeSettings, Delete), User(list, create, drop, list privs, grant/revoke priv), Roles(list, create, drop…) AWR, ADDM, ASH, SQL Tuning Advisor, RTSM
  • 46. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Automatic API Doc Gen via Swagger • Inventory REST API • Descriptions • Examples • Test via Curl • Oracle Docs Integration
  • 47. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Securing REST APIs 47
  • 48. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | ORDS is Flexible - Security Caveats • Almost all dev/demo/blog is done with security off & with HTTP • Always, always, always secure REST services and run with HTTPS
  • 49. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | First Party Authentication • Oracle REST Data Services specific solution • Only available to the author of the API, application must be deployed on same origin as API • https://example.com/api & https://example.com/app ✓ • https://api.example.com & https://app.example.com ✗ • User enters credentials in sign-in form, ORDS issues cookie, cookie is only validated by ORDS if the request is determined to originate from the from the same origin as the REST Service. 49
  • 50. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | About OAuth 2.0 • IETF standard for securing access to REST APIs • Comes in two forms: • Two Legged - For Business to Business, server to server applications • Example: Sync HR data between internal applications • Three Legged - For Business to Consumer, app to end-user applications • Example: Share subset of HR data with external benefits provider after employee approves access. • Third party registers client, issued credentials, uses credentials to acquire access token, uses access token with request to prove authorization 50
  • 51. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | External Authentication • Comes in many flavors, for example: • Oracle Access Manager - SSO cookie at Oracle OHS server level authenticates users stored in Oracle Identity Manager • ORDS does not perform authentication, just authorization. • Usually relies on HTTP cookies, need to restrict CORS allowed Origins to avoid CSRF 51 APEX Authentication too (read users from a db table)
  • 52. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Learn More About Oracle REST Data Services oracle.com/rest @OracleREST @cdivilly @krisrice @thatjeffsmith

Editor's Notes

  1. This is a Safe Harbor Front slide, one of two Safe Harbor Statement slides included in this template. One of the Safe Harbor slides must be used if your presentation covers material affected by Oracle’s Revenue Recognition Policy To learn more about this policy, e-mail: Revrec-americasiebc_us@oracle.com For internal communication, Safe Harbor Statements are not required. However, there is an applicable disclaimer (Exhibit E) that should be used, found in the Oracle Revenue Recognition Policy for Future Product Communications. Copy and paste this link into a web browser, to find out more information.   http://my.oracle.com/site/fin/gfo/GlobalProcesses/cnt452504.pdf For all external communications such as press release, roadmaps, PowerPoint presentations, Safe Harbor Statements are required. You can refer to the link mentioned above to find out additional information/disclaimers required depending on your audience.
  2. Describe a RESTful Design Pattern, that defines how RESTful APIs are typically structured Explain how Hyperlinks facilitate loose coupling between clients and servers and enable each to evolve at their own pace Talk about the challenges of modelling tabular relational data as hierarchical nested Web resources Describe how concurrency is handled on the Web Explain the options for securing REST APIs, and give detail on the options, note this could be a talk in itself (which it was @ OOW15 - CON1748)
  3. RESTful APIs typically follow a very uniform pattern, termed the Resource Collection Focus is on modelling resources, and manipulating resources using uniform operations. Little emphasis on modelling operations
  4. There have been many many remote procedure call/distributed communication protocols. Many have been very deeply specified with thousands of pages of specifications, but in the end the industry moved away from these protocols to a much looser concept. So loose it cannot even deemed a protocol, rather REST is referred to as an architectural style. REST won not by being the most advanced, or the most capable, or the most efficient, but by being the easiest to get to grips with. Which is both a blessing and a curse. The world is full of less than optimal REST APIs. Because REST is so approachable folks quickly move to building and shipping APIs without considering some of the more thorny issues that every distributed application has to deal with How to manage concurrency, how to deal with lost updates, co-ordinate transactions How to deal with unavailability How to deal with massive scale Oracle REST Data Services is designed to deal with many of these issues, we’ve done the hard thinking and chosen approaches to deal with these issues so developers using ORDS don’t need to worry about them so much. I want to draw a comparison between REST and another foundational technology, UNIX. When I think of UNIX I picture big air conditioned rooms in data centres full of big iron servers. But that’s not the reality of UNIX today. It’s not just data centres and backend servers. The reality is UNIX is all around you, you wear it on your wrist, you carry it in your pocket, it powers the movies you watch when sat on an aeroplane, it controls the car you drive, it is literally everywhere. It is part of the fabric of our reality, but it’s not something out there in front of you. It’s a building block, something atop which much of the rest of the technology in our lives is built upon. I’m sure everyone in this room knows how to get around in UNIX, I’m sure that wasn’t always the case, there was a time when all I knew was MS-DOS and Windows. UNIX was a foreign land, and even seemed like something that was fading away under the march of Windows, but that time was so long ago and now I can’t picture a future where knowing and being comfortable using UNIX won’t be a valuable skill for at least another decade or two. I feel REST is following a similar trajectory. It is almost as old as the HTTP protocol itself, and it’s popularity and ubiquity has taken a considerable amount of time to build, but now that it’s value has been recognised, I don’t see it’s utility being displaced until the next paradigm shift in computing technology occurs. It has become one of the building blocks we take for granted. And thus everyone needs to know and understand REST and more importantly every piece of technology involved in distributed computing needs to be a good and competent REST citizen.
  5. Enables database developer to control access to the database, instead of offering free for all access, provide controlled APIs that execute well designed and performant SQL/PLSQL Remove client developer from having to worry about sizing and managing database connection pools.
  6. RESTful APIs typically follow a very uniform pattern, termed the Resource Collection Focus is on modelling resources, and manipulating resources using uniform operations. Little emphasis on modelling operations
  7. The Collection URI is the entry point to the API, it’s function is to list all the items in the collection and provide an endpoint for creating new resources. It is typically a concrete URI, without any wildcarding/patterning. The Item URI is parameterized/wildcarded, it represents the naming pattern for all Item Resources in the Collection. It’s function is to provide the detail of a resource, along with the means to update and/or delete the resource.
  8. RESTful APIs typically follow a very uniform pattern, termed the Resource Collection Focus is on modelling resources, and manipulating resources using uniform operations. Little emphasis on modelling operations
  9. Perform a GET on the Collection URI to retrieve the resource In ORDS the response is a JSON document with two main elements: items: lists the items in the collection links: provides hyperlinks to help navigate the collection (next) and to identify the URI to use to POST new Items to the Collection
  10. Perform a GET on the Collection URI to retrieve the resource In ORDS the response is a JSON document with two main elements: items: lists the items in the collection links: provides hyperlinks to help navigate the collection (next) and to identify the URI to use to POST new Items to the Collection
  11. Perform a GET on the Collection URI to retrieve the resource In ORDS the response is a JSON document with two main elements: items: lists the items in the collection links: provides hyperlinks to help navigate the collection (next) and to identify the URI to use to POST new Items to the Collection
  12. Perform a GET on the Collection URI to retrieve the resource In ORDS the response is a JSON document with two main elements: items: lists the items in the collection links: provides hyperlinks to help navigate the collection (next) and to identify the URI to use to POST new Items to the Collection
  13. In the live demonstration we saw an application built with Oracle JET to communicate with a set of REST APIs defined entirely using ORDS. I wanted to talk a little more about this integration and how powerful it is.
  14. I talked earlier about how the loosely defined REST paradigm won out over the many deeply and strongly specified technologies that went before it. Forever a complaint with those technologies was the difficulty of achieving robust interoperability both between applications and framework technologies, particularly across vendors. Oracle JET and ORDS are built by two completely different teams in Oracle. We have never co-ordinated with each other, we’ve hardly even communicated with each other. Yet you can plug our two products together with great ease. We both adhere to a common Oracle standard, but even that standard is nowhere near as tightly specified as something like a CORBA spec. It seems paradoxical, how come when we have loosely specified completely uncoordinated developement of two products that they can fit together so easily, especially when past efforts which attempted to dot every i and cross every t failed to deliver such interoperability? This is what demonstrates the true power of REST and the reason it is has triumphed over other approaches. It has well defined semantics for the basic behaviours that are broadly applicable across many different types of applications. It has barely enough specification rather than too much specification. It would seem that humans co-ordinate better when there is a bare minimum of rules rather than where there are too many regulations to run foul off.