A few months ago, we announced that Qodly Studio is now available to all our Silver Partners (and higher).
Qodly Studio for 4D is fully integrated into 4D, allowing 4D Server to host your application with both desktop and web pages.
Qodly Studio is also accessible on Qodly, as part of 4D’s newly launched SaaS offering. This innovative hybrid low-code solution is specifically designed for web browser-based business applications.
Even if you’ve already built apps using the Qodly platform, we have more good news! You can now with 4D 20 R5 utilize the REST API of a Qodly application to seamlessly work with your data.
Keep reading to learn more.
main principles
the system of roles and privileges
This feature relies on an API key mechanism tied to the roles and privileges system shipped in 4D 19 R8. It is a powerful and fully customizable system to protect your data from unauthorized users. The access to data is granted according to who is accessing it and which data is accessed. This is done by setting up roles.
Before starting, get some basic knowledge about this feature.
handle API keys on the qodly dashboard
On the Qodly dashboard, an endpoint URL for the REST access is given.
You can also generate an API key and associate it with a role. This API key provides REST access to the data exposed in your Qodly app and allows you to run all the actions permitted for the associated role.
See also the Qodly documentation to learn the other functionalities related to API keys (set an expiration date, authorize some client IPs, … etc)
Use the REST API of a Qodly application
You can target the REST API of your Qodly app from:
- a 4D Server application (using the Open datastore command or the HTTPRequest class)
- Any third-party application supporting REST requests
scenario
Consider a Qodly app that manages Products, exposing a product dataclass. A 4D Server application (Factory) needs to use the REST API to read or create Products. The Qodly app Products is safeguarded against unauthorized access through the roles and privileges system.
preparing access to the rest API
First, set up roles that are allowed to perform specific actions on defined data using the Roles and Privileges interface in Qodly Studio.
Reading the product dataclass is allowed for the Employee role due to the ‘simple‘ privilege level it possesses.
To allow a client application to use the REST API of the Qodly app Products, we have generated on the Qodly dashboard Products an API key associated with the Employee role:
use the rest API of the products qodly app in a 4D Server app with the open datastore command
In the 4D Server client application (Factory), the list of the products must be displayed.
Here is the 4D code:
Form.products:=ds.getProducts("Employee")
And here is the DataStore class:
Class extends DataStoreImplementation
exposed Function getProductsDatastore($apiKey : Text; $id : Text) : 4D.DataStoreImplementation
//End point URL given on the Qodly dashboard
var $connect : Object:={hostname: "https://xxx-yyyyyyyy-zzzz-xxxx-yyyy-zzzzzzzzzzzz.xx-yyy.acme.com"; tls: True}
var $theRemoteDS : 4D.DataStoreImplementation
$connect["api-key"]:=$apiKey
$theRemoteDS:=Open datastore($connect; $id)
return $theRemoteDS
exposed Function getProducts($role : Text) : 4D.EntitySelection
var $apiKey : Text
var $theRemoteDS : 4D.DataStoreImplementation
$apiKey:="82c0abfe-0628-4446-b890-9add5509335c"
$theRemoteDS:=This.getProductsDatastore($apiKey; $role)
return $theRemoteDS.product.all()
In the getProducts() function, we use the API key corresponding to the Employee role.
Thanks to the getProductsDatastore() function, we get the datastore object corresponding to the Products Qodly app. A session is opened on this Products instance. It contains the privileges of the Employee role.
So that with this datastore object, we can run all actions permitted for the Employee role.
Note:
– the API key must be given only once (as an “api-key” property in the connect object) when calling the Open datastore command
– the endpoint URL given on the Qodly dashboard of the Products instance is used as the hostname.
– for a quick understanding, we have used the API key as a hard-coded value in the code. For security purposes, it should be in an externally protected file (not synchronized on GitHub, for example).
Here is the result of the 4D Server application:
use the rest API of the products qodly app From any application using REST requests
The example below shows how to use Postman to run REST requests targeting the REST API of a Qodly application. The attached HDI also demonstrates how to execute such requests using the HTTPRequest class, JavaScript, or other technologies.
Note the API key must be passed in the “api-key” header for each REST request.
The examples above feature some read data, but you can also create, update, or delete data using the REST API.
Learn more
Watch this video for a complete example, from creating a sandbox demo on Qodly to using the REST API.
And visit the Qodly website to learn more and stay updated on new features!