Cloud Pak for Business Automation

 View Only

Making request to external through IBM Business Automation Application Engine proxy in your App

By Kam To Frederick Ngo posted Thu November 19, 2020 02:37 AM

  

Due to the cross-domain security protection, web application running in the web browser is prohibited from making direct XHR requests to systems on other domains. However, in today's distributed environment, services are not necessarily provided by a single domain architecture. It is even more true in Cloud's computing. Services that are provided by a well-known provider, e.g., IBM Watson, usually cannot be replicated in the single domain architecture. There are different ways to enable cross-domain XHR communication, and one of the well-known solution is to send the request to the other system via a server proxy that is provided in the same origin domain.


App served from IBM Business Automation Application Engine is no different than other web application running in web browser. They are also protected by cross-domain security protection in the browser. There are many ways for your App to invoke services provided by external providers. For this article, we will focus on making the request through a proxy provided by IBM Business Automation Application Engine.

 
It is simple and easy to make your request through the IBM Business Automation Application Engine proxy. Let's assume you need to make an xhr call in your View to a service provided by an external provider, all you need to do is the following:

1) Create a "Defined Endpoint" AppResource with the external service provider connection info.

AppResource Example


2) In your View where you need to make the xhr request, use the this.context.rewriteURI Javascript API to construct the URI to be used in your xhr call.  In most cases, only the first two parameters to the rewriteURI API are sufficient to construct the final URI. The first parameter is the URI of the external service. The second parameter is the name of the AppResource that you created in step 1.

3) Make sure you also use this.context.getCSRFTokenHeaderName() and this.context.getCSRFToken() to inject the CSRF token to your xhr call.

Code example


That’s it! Your xhr request from your View will be sending out from the browser to the destination via the IBM Business Automation Application Engine proxy. IBM Business Automation Application Engine proxy by default blocks all requests to the other systems to be secured. The proxy will treat the AppResources you created in your App as the allowlist for your App. Once you promote your App to staging/testing/production env, administrator can update the AppResource information in Navigator if necessary.

Navigator example 1
Navigator example 2




You can find the details about the proxy and the APIs in the knowledge center https://www.ibm.com/support/knowledgecenter/SSYHZ8_20.0.x/com.ibm.dba.appdesign/topics/ref_appdesign_view_api.html

 

I appreciate any comments or feedback, using the comment function below.

 



#CloudPakforBusinessAutomation
#Featured-area-1
#Featured-area-1-home
0 comments
140 views

Permalink