Easily Using Qodly’s REST API



Product

A few months ago, we announced that Qodly Studio is now available to all our Silver Partners (and higher).

Qodly Studio for 4D is fully integrated into 4D, allowing 4D Server to host your application with both desktop and web pages.

Qodly Studio is also accessible on Qodly, as part of 4D’s newly launched SaaS offering. This innovative hybrid low-code solution is specifically designed for web browser-based business applications.

Even if you’ve already built apps using the Qodly platform, we have more good news! You can now with 4D 20 R5 utilize the REST API of a Qodly application to seamlessly work with your data.

Keep reading to learn more.

HDI_Qodly_App_REST_API

main principles

the system of roles and privileges

This feature relies on an API key mechanism tied to the roles and privileges system shipped in 4D 19 R8. It is a powerful and fully customizable system to protect your data from unauthorized users. The access to data is granted according to who is accessing it and which data is accessed. This is done by setting up roles.

Before starting, get some basic knowledge about this feature.

handle API keys on the qodly dashboard

On the Qodly dashboard, an endpoint URL for the REST access is given.

You can also generate an API key and associate it with a roleThis API key provides REST access to the data exposed in your Qodly app and allows you to run all the actions permitted for the associated role.

See also the Qodly documentation to learn the other functionalities related to API keys (set an expiration date, authorize some client IPs, … etc)

Use the REST API of a Qodly application

You can target the REST API of your Qodly app from:

  • a 4D Server application (using the Open datastore command or the HTTPRequest class)
  • Any third-party application supporting REST requests

 

scenario

Consider a Qodly app that manages Products, exposing a product dataclass. A 4D Server application (Factory) needs to use the REST API to read or create Products. The Qodly app Products is safeguarded against unauthorized access through the roles and privileges system.

preparing access to the rest API

First, set up roles that are allowed to perform specific actions on defined data using the Roles and Privileges interface in Qodly Studio.

blank

Reading the product dataclass is allowed for the Employee role due to the ‘simple‘ privilege level it possesses.

blank

 

blank

 

 To allow a client application to use the REST API of the Qodly app Products, we have generated on the Qodly dashboard Products an API key associated with the Employee role:

blank

use the rest API of the products qodly app in a 4D Server app with the open datastore command

In the 4D Server client application (Factory), the list of the products must be displayed.

Here is the 4D code:

Form.products:=ds.getProducts("Employee")

And here is the DataStore class:

Class extends DataStoreImplementation

exposed Function getProductsDatastore($apiKey : Text; $id : Text) : 4D.DataStoreImplementation
	
        //End point URL given on the Qodly dashboard 
	var $connect : Object:={hostname: "https://xxx-yyyyyyyy-zzzz-xxxx-yyyy-zzzzzzzzzzzz.xx-yyy.acme.com"; tls: True}
	var $theRemoteDS : 4D.DataStoreImplementation
	
	$connect["api-key"]:=$apiKey
	
	$theRemoteDS:=Open datastore($connect; $id)
	return $theRemoteDS
	
exposed Function getProducts($role : Text) : 4D.EntitySelection
	
	var $apiKey : Text
	var $theRemoteDS : 4D.DataStoreImplementation
	
	$apiKey:="82c0abfe-0628-4446-b890-9add5509335c"
	
	$theRemoteDS:=This.getProductsDatastore($apiKey; $role)
	
	return $theRemoteDS.product.all()

In the getProducts() function, we use the API key corresponding to the Employee role.
Thanks to the getProductsDatastore() function, we get the datastore object corresponding to the Products Qodly app. A session is opened on this Products instance. It contains the privileges of the Employee role.

So that with this datastore object, we can run all actions permitted for the Employee role.

Note:
– the API key must be given only once (as an “api-key” property in the connect object) when calling the Open datastore command
– the endpoint URL given on the Qodly dashboard of the Products instance is used as the hostname.
for a quick understanding, we have used the API key as a hard-coded value in the code. For security purposes, it should be in an externally protected file (not synchronized on GitHub, for example).

Here is the result of the 4D Server application:

blank

use the rest API of the products qodly app From any application using REST requests

The example below shows how to use Postman to run REST requests targeting the REST API of a Qodly application. The attached HDI also demonstrates how to execute such requests using the HTTPRequest class, JavaScript, or other technologies.

Note the API key must be passed in the “api-key” header for each REST request.

blank

 

The examples above feature some read data, but you can also create, update, or delete data using the REST API.

Learn more

Watch this video for a complete example, from creating a sandbox demo on Qodly to using the REST API.

And visit the Qodly website to learn more and stay updated on new features!

Discuss

Tags , , , , ,

Avatar
- Product Owner - Marie-Sophie Landrieu-Yvert joined the 4D Product team as a Product Owner in 2017. In this role, she is responsible for writing user stories and translating them into functional specifications. She also ensures that the delivered feature implementation meets the customer's needs. Marie-Sophie graduated from the engineering school ESIGELEC and began her career as an engineer at IBM in 1995. She took part in various projects (maintenance and development projects) and worked as a COBOL developer. She then moved on to work as a UML designer and Java developer. More recently, her main responsibilities included analyzing and writing functional requirements, and coordinating business and development teams.