{ DreamFactory: 'Blog' }

Bill Appleton

Find me on:

Recent Posts

Educational Institutions Are Rapidly Adopting DreamFactory

Posted by Bill Appleton

Wed, Nov 30, 2016

We are seeing many educational institutions adopt the DreamFactory REST API platform for a variety of innovative purposes. In some cases educational institutions are developing API services for internal use, and in other cases these services are provided for students writing applications. Hopefully this blog will outline how DreamFactory is being used in an educational setting, and maybe give some other colleges and universities out there some new ideas on how to take advantage of the platform. Here are some recent customer examples.

DreamFactory Silver DreamFactory Gold User Stories education

Governmental Institutions Are Rapidly Adopting DreamFactory

Posted by Bill Appleton

Tue, Nov 22, 2016

We are seeing many governmental institutions adopt the DreamFactory REST API platform for a variety of innovative purposes. The customer might be a foreign country, a state, a province, or a city. In many cases they are working with a software development partner who has recommended the DreamFactory platform. One very common use case is when a governmental institution needs to provide access to public information. DreamFactory makes it very easy to safely expose a database or services as a REST API for integration or application development. Hopefully this blog will outline how cities, states, and countries around the world are using DreamFactory. Here are some recent customer examples.

User Stories Government

The Healthcare Industry Is Rapidly Adopting DreamFactory

Posted by Bill Appleton

Mon, Nov 21, 2016

We are seeing many medical institutions adopt the DreamFactory REST API platform for a wide variety of innovative purposes. In some cases, medical clinics are using DreamFactory for internally facing applications. In other cases, national healthcare systems are using DreamFactory to provide medical information directly to patients. DreamFactory is also helping to make medical claims easier to file with insurance companies and hospitals. Doctors and clinics are using DreamFactory services to send large documents like MRI photographs and medical videos. Hopefully this blog will outline how hospitals, clinics, doctors, nurses, patients, and insurance providers are using the DreamFactory REST API service platform. Here are some recent customer examples.

User Stories healthcare

PHP 7 doubles performance for DreamFactory

Posted by Bill Appleton

Thu, Sep 15, 2016

DreamFactory is a high performance request/response engine for REST API Services. You can hook up any SQL or NoSQL database and instantly get a comprehensive REST API for that data source. A big part of our platform is the support for JSON Web Tokens. JWT is an open standard for representing session information that is transferred between the client and server. JWT allows DreamFactory to run in a completely stateless manner, which makes the platform very easy to scale vertically with additional server capabilities or horizontally with multiple instances between a load balancer.

PHP Product Updates

Beyond API management with DreamFactory

Posted by Bill Appleton

Thu, Jul 7, 2016

There are a lot of great API managers available. Starting with the A’s, we have Akana, Apigee, AWS and Azure, among others. The first part of this post explores how you can use the DreamFactory REST API Platform with almost any API manager. The second part explores scenarios where DreamFactory is a more effective way to engage developers than an API management solution.

Enterprise Architecture APIs

Why we didn't choose Node.js for the DreamFactory REST API Backend

Posted by Bill Appleton

Fri, May 13, 2016

Our engineering team considered using Node.js to build the DreamFactory REST API backend. There are some great things about Node that we really like. Developers can write JavaScript on both the client and the server, and the Node package manager is great. But after a careful look, we decided that Node was not the best choice. Instead, we choose the Laravel framework, the V8 Engine, and PHP to write DreamFactory. This architecture offers some real advantages when it comes to building a REST API backend. Read on, I think you will come to the same conclusion that we did.

DreamFactory PHP Node.js

Parse Server lacks depth, DreamFactory digs much deeper

Posted by Bill Appleton

Wed, Feb 10, 2016

Parse had some initial success among native game designers. If you were writing an iOS or Android app and you weren't quite sure how to code OAuth or Push Notifications, then Parse was an easy fix for the problem. They also provided help with User Management and a place to store the information on your High Scores Screen.

Gartner Gets It Right with MASP (Almost)

Posted by Bill Appleton

Tue, Dec 22, 2015

We have been a Gartner subscriber here at DreamFactory Software for quite a few years, and they provide a great service to help companies understand technology trends and customer needs. I have watched with interest as they have refined their recommendations for mobile application development in the enterprise. They started out with vertically integrated stacks and moved to loosely coupled client-server configurations thereafter. Along the way, they changed the name of the platform a few times, including a Mobile Application Development Platform (MADP), a Mobile Enterprise Application Platform (MEAP) and then finally a Mobile Application Integration Platform (MAIP). They produced quite a few different architectural diagrams as well.

REST API DreamFactory Silver DreamFactory Gold

DreamFactory 2.0 Support For SQLite

Posted by Bill Appleton

Wed, Dec 16, 2015

I have been blogging extensively about the highly scalable and enterprise class features in DreamFactory 2.0. We’ve benchmarked huge server installations and explored exciting new possibilities with Big Data. But now in a complete change of course, I want to talk about what may be the coolest new feature we have: DreamFactory 2.0 now supports SQLite. It may not be massively scalable, but SQLite is an extremely convenient way to create a database on the fly for development and testing. Production applications can also benefit from this nifty new feature.

REST API SQL DreamFactory Silver

DreamFactory Enterprise: DreamFactory Management Made Easy

Posted by Bill Appleton

Tue, Dec 1, 2015

We’re thrilled to announce that DreamFactory Enterprise is officially available to the fast-growing worldwide DreamFactory community.

DreamFactory Silver DreamFactory Gold

DreamFactory 2.0 released into the wild

Posted by Bill Appleton

Thu, Oct 29, 2015

We are thrilled to announce that DreamFactory 2.0 has been released and is available for immediate download. This second generation of DreamFactory provides major enhancements to API security, customizability, modularity, and performance.

NoSQL DreamFactory

Scaling DreamFactory for High-Volume Deployments

Posted by Bill Appleton

Wed, Jul 15, 2015

Here at DreamFactory, we frequently get inquires about the scalabilty and security of the DreamFactory platform. We're not surprised. There are many thousands of users running DreamFactory as a REST API backend for important real-world web, mobile, and IoT applications. To help answer the security question, I blogged about DreamFactory security a couple weeks ago. Today, I want to address questions regarding DreamFactory scalability.  

DreamFactory External File Storage Performance Nginx

How To Securely Mobilize Data Using a REST API Backend

Posted by Bill Appleton

Thu, Jul 2, 2015

We get lots of inquiries about how the DreamFactory REST API platform helps secure data access, particularly from larger enterprise and government users. It's a valid concern: a growing number of web and mobile apps need to access sensitive data, and proper controls must be implemented in the services used to access that data from an expanding number of apps.

REST API DreamFactory API Authentication Enterprise Architecture Security PHP

SOA is Not a Mobile Backend

Posted by Bill Appleton

Mon, Jun 22, 2015

The rise of mobile devices finally pushed the adoption of RESTful web services into the mainstream of application development. But years before this, companies used web services to build sophisticated service-oriented architectures for application development and integration. Some of the enterprise service bus (ESB) and API management vendors have even tried to adapt SOA systems to the brave new world of mobile devices—with limited effectiveness. I'd like to examine some of the similarities and differences between SOA and mobile backend integration platforms.

REST API DreamFactory Mobile Apps API Enterprise Applications Enterprise Architecture Tutorials

Why DreamFactory Embraces Open Source

Posted by Bill Appleton

Tue, Jun 2, 2015


The engineering team here at DreamFactory Software designed and built some of the very first rich applications that use web services. We learned the hard way that building apps for demanding enterprise customers can be daunting. Server-side page generation doesn’t work. Delivering a high performance experience on network-limited, performance-constrained devices is non-trivial. Managing security is especially challenging. And you have to build your own API to access the backend.

We thought: “there must be a better way!” So in 2012 we set out to perfect the design and implementation of a mobile backend platform that would meet the needs of our development team. These efforts led us to develop the DreamFactory Services Platform — a RESTful backend integration platform that allows mobile, web, and IoT developers to connect any data source and expose it with a secure, comprehensive palette of REST APIs for use by any client device.

DreamFactory Mobile Apps

A REST API Is Not Enough for Enterprise Mobile App Integration (Part 4 of 4)

Posted by Bill Appleton

Tue, Apr 21, 2015

My first three blogs in this series discussed the perils of building your own REST API, looked at some ineffective solutions that companies use to battle backend API complexity, and surveyed the advantages of a more comprehensive and reusable API strategy. Now in Part 4, I want to consider some of the additional issues that companies will need to consider if they want to build a complete backend platform for enterprise mobile, web, and IoT applications.

REST API DreamFactory API Enterprise Applications Enterprise Architecture

Building Reusable REST API Services (Part 3 of 4)

Posted by Bill Appleton

Wed, Apr 8, 2015

My first post in this series of four discussed the problems and pitfalls of creating your own REST APIs. After that we looked at some of the ineffective ways that companies try to deal with the API complexity problem. Now, I want to talk about the advantages of reusable web services for general-purpose application development.

REST API DreamFactory Enterprise Applications Enterprise Architecture

Band Aids Don’t Solve REST API Complexity (Part 2 of 4)

Posted by Bill Appleton

Thu, Apr 2, 2015

In my previous blog post, I examined the problem of REST API complexity in the enterprise. In short, as a company builds more and more web services, the situation server-side becomes increasingly complex, which can reduce portability, scalability, efficiency, and security. It also slows down development, just at a time when enterprises are scaling up development of mobile applications. In this blog post, I discuss some of the solutions that companies use to address this problem, and assess their effectiveness.

REST API Mobile Apps API Enterprise Applications Enterprise Architecture

Don't Build Your Own REST APIs (Part 1 of 4)

Posted by Bill Appleton

Fri, Mar 27, 2015

The engineering team at DreamFactory designed and built some of the very first applications that use web services. Over the years, we made many mistakes trying to create the perfect API backend for these applications.

In our experience working with customers, we’ve learned that many companies face the same challenges we had to think about and tackle over the years. One of the biggest challenges is figuring out a winning API strategy. This blog post lays out some of the traps and pitfalls that companies often experience when they decide to build their own REST APIs.

REST API Mobile Apps API Enterprise Applications

Four Big Mistakes In Your REST API Strategy

Posted by Bill Appleton

Mon, Aug 4, 2014

I am starting to see a familiar pattern of big mistakes that companies make when developing a REST API strategy. This blog covers four myths and  misconceptions that every enterprise architect should be aware of before creating their own RESTful services. I spend a lot of time talking to customers, and unfortunately the conversation often goes something like this... 

Avoid Cloud Lock-In With Service Virtualization

Posted by Bill Appleton

Fri, Jul 18, 2014

My previous blog covered the new trend of cloud platform vendors creating developer facing services in an attempt to lock customers into proprietary interfaces. The danger for enterprise customers is that switching costs will rise, and this will reduce the flexibility and increase the cost of application deployments. Proprietary interfaces will reduce the compatibility between public, private, and hybrid cloud installations as well. But there is a great solution to this problem: a service platform like DreamFactory can abstract all of the connections to backend data sources and provide a virtualization layer at the service level. This allows applications to migrate between clouds, servers, and databases with ease. 

Get Ready For The Cloud API War

Posted by Bill Appleton

Wed, Jul 16, 2014

Get ready for a big strategic shift in the web services provided by Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) vendors. This blog discusses these changes among public and private clouds from an Application Programmer Interface (API) perspective. By looking at the current way that services are offered, and analyzing some recent product announcements, we can begin to trace the future of where cloud computing is headed.

The Enterprise-Grade REST API for SQL

Posted by Bill Appleton

Fri, Jun 13, 2014

DreamFactory supports a wide variety of backend systems including SQL, NoSQL, BLOB, email, users, roles, security, and integration. But in this blog post, I wanted to focus on our support for SQL databases. The vast majority of enterprise data is stored in a SQL database somewhere, and there is a huge need to access this information for mobile application development. So DreamFactory has really focused on building a comprehensive and enterprise-grade REST API for SQL. 

Case Study: Solution Family Uses DreamFactory to Connect Mobile Users to Industrial Assets

Posted by Bill Appleton

Mon, May 5, 2014

While it will be some time until all our cars and fridges are connected to the Internet of Things, a software-consulting firm, Solution Family wants to connect much bigger machines to the Internet. With expertise that draws on the firm’s roots in embedded computing and machine-to-machine communication, the team at Solution Family turned to DreamFactory to enable its customers to connect all sorts of industrial assets to the cloud, so that sophisticated applications can monitor and control them.

To maximize the market appeal, Solution Family wants to make it easy for applications experts to leverage their existing development skills and integrate a wide array of machines, motors and sensors with expert systems — without any knowledge of the low-level drivers and machine code that used to be essential skills for this kind of programming.

DreamFactory 1.5 Introduces Server-Side Scripting

Posted by Bill Appleton

Mon, May 5, 2014

Version 1.5 of the DreamFactory Services Platform (DSP) introduces some incredibly powerful new features for mobile enterprise application development including Lookup Keys, Server-Side Filters, Server-Side Events, and Server-Side Scripting. We have implemented Server-Side Scripting to customize existing DSP services and create new ones. Use cases include formula fields, field validations, workflow triggers, access control, and custom limits. Here is a more detailed discussion of this exciting new capability, below.

Server-Side Scripting

For security reasons, we do not support Server-Side Scripting on the Free Hosted Edition of DreamFactory available at our website. We might do this at a future date when we are sure that there is no way for a user to crash the server or cause other problems. So you will need to install our open source software package on your own server or cloud. Fortunately, DreamFactory can be installed almost anywhere, see our Bitnami web page for more information.

When you have DreamFactory 1.5 installed, you will see a new "Scripts" tab at the bottom of the Admin Console. This tab shows the Server-Side Scripts that are available for customization. These event names are also listed in the Live API interface. You can select any branch of the REST tree, write your script, and click the "Save" button at the bottom of the screen. All of the code is in JavaScript. As you work, various notifications and warnings will appear as little icons on the left hand side of the editing area.

On the server side, we are using the V8 JavaScript engine developed by Google. We may add PHP as a language alternative in the future. Every script that is executed has access to the Lodash library. This library is automatically added to your script's context before execution. Lodash contains many powerful Javascript functions including MapReduce. Think of it as server-side jQuery, but without the DOM. You can read all about Lodash and what you can do with it on their web site.

DreamFactory 1.5 Introduces Server-Side Filters

Posted by Bill Appleton

Mon, May 5, 2014

Version 1.5 of the DreamFactory Services Platform (DSP) introduces some incredibly powerful new features for mobile enterprise application development including Lookup Keys, Server-Side Filters, Server-Side Events, and Server-Side Scripting. My previous blog covered Lookup Keys, and this post references that information in a few places. We have implemented Server-Side Filters to control record level access to objects in any legacy SQL or NoSQL database. Server-Side Filters also allow any database to be segmented by application, user, role, or field value. Here is a more detailed discussion of this exciting new capability, below.

Server-Side Filters

A DSP Admin has always been able to define roles that contain access permissions for specific database objects. For example, a role might grant access to a particular MongoDB collection or SQL table. But now Server-Side Filters can be used to implement record-level database access. Any number of filters can be added to a role permission. Each filter takes the form of a "field operator value" equation that must be true to enable access. The field can be any field in the database table. The operator can be equals, not equals, greater than, contains, etc. And the value can be any string, date, boolean, number, or Lookup Key.

Internal Filters

Server-Side Filters work great with the internal MySQL database installed on every DSP. Let's say you want to limit users to only work with data that they have created. First, add a user reference field named "OwnerID" to a table. You can use any field name. Next, create a role and grant access to the table, then add a Server-Side Filter that looks like this: "OwnerId = {user.id}". In this filter "OwnerId" is the name of the user reference field, and "{user.id}" is a Lookup Key that represents the ID of the current user. This simple filter limits user access to data that they have created!

In my example above, we need to include an OwnerId field set to the current user ID when new records are created. Trying to create a record without this information will return an error because of the filter constraint. To do this, simply use the Lookup Key name as the field value. So when a record is created the OwnerID field would be set to the string "{user.id}". Of course, this little trick does not work with private Lookup Keys. They can only be used for credentials and passwords.

DreamFactory 1.5 Introduces Lookup Keys

Posted by Bill Appleton

Thu, May 1, 2014

Version 1.5 of the DreamFactory Services Platform (DSP) introduces some incredibly powerful new features for mobile enterprise application development including Lookup Keys, Server-Side Filters, Server-Side Events, and Server-Side Scripting. I am really excited to be writing about all of these new features, starting with some of the interesting use cases for Lookup Keys. We have implemented this feature to provide a secure way to store external credentials and other information inside the DSP. Now individual users and roles can be connected to the corresponding user or role in an external SQL or NoSQL database. Here is a more detailed discussion of this exciting new capability, below.

It's Time to Redefine "Backend as a Service"

Posted by Bill Appleton

Sat, Mar 15, 2014

You may have heard the acronym BaaS, or "Backend as a Service." The basic idea is quite important: a REST API on the server side can provide database communication and hosting services for application developers. This reduces server side coding and enables smaller teams to build better applications with faster development schedules. There is a derivative acronym called mBaaS, or "Mobile Backend as a Service." Mobile devices definitely need RESTful services, so this is a more specialized version of BaaS. Unfortunately, in both cases, these terms have become associated with other ideas that make this simple value proposition hard to understand. As the mobile paradigm shift plays out we are either going to need to redefine these acronyms or drop them altogether.

What Does BaaS Have To Do With NoSQL?

The main proponents of the term BaaS were probably Kinvey, Parse, and Stackmob. Famously, Kinvey created an infographic of the "BaaS Landscape" and drew themselves in the middle of the diagram. These companies were often popular with consumer video game developers that needed somewhere to store high scores and a simple way to handle OAuth. They provided basic CRUD services for data, and in each case used a NoSQL database for storage, perhaps MongoDB or CouchDB. This made sense because their customers didn't have a legacy database or the need for structured data.

But in the world of enterprise software the vast majority of data is stored in SQL. For example, corporate information about accounts, contacts, and opportunities could be useful for a mobile application. The links between these objects are important. Contacts might be associated with a particular account, and opportunities might be associated with a particular contact. Companies need an easy way to connect Active Directory roles through a REST API to existing SQL roles and data. All things considered, SQL support is more important than NoSQL for mobile application development.


Preventing Cloud Vendor Lock-in

Posted by Bill Appleton

Mon, Mar 3, 2014

Developers love cloud services. A well constructed REST API makes integration and application development easy. There are a bunch of great REST APIs out there. There are public web services like S3, BigTable, and DynamoDB available from Google, Amazon, and Azure. There are also API marketplaces from companies like Mashable that publish services for enterprise applications. Many other services are constructed "in house" for data access or other purposes.

And REST APIs are becoming incredibly important for application development. Mobile devices like phones and tablets must use REST APIs for collaborative activities and database access. The new generation of wearable devices and the Internet of Things also depends on REST APIs. Developers use REST for server to server or desktop to server communication as well. It's just a matter of time until legacy HTML websites are rebuilt with the same REST API that all these other devices are already using.

But all of these services have different characteristics. Some use XML, some use JSON. Some use SOAP, some use REST. Some use HTTP headers, others use URL parameters. An HTTP service might require GET, PUT, POST, or DELETE. Each service has unique user authentication and security requirements. Some important assets like SQL databases don't have a REST interface at all, developers have to build one. Others like NoSQL databases might have an interface but can't be called from a client due to security constraints. Unfortunately developers have to figure out how to navigate this API jungle.


Why Doesn't Your Private Cloud Have Any Cloud Services?

Posted by Bill Appleton

Tue, Feb 25, 2014

Adopting a private cloud strategy provides some amazing capabilities for the modern enterprise. A company can turn a conventional data center into a private cloud with virtual services for compute, storage, database, and network. Companies with products in this area include VMware, Rackspace, Dell, HP, IBM, and Red Hat. Cloud orchestration software gives an enterprise the ability to combine automated tasks and provision a network, storage array, firewalls, hypervisor, operating system, database and application with the click of a button. Popular orchestration systems are available from VMware, OpenStack and CloudStack.

Introducing the DreamFactory Mobile Application

Posted by Bill Appleton

Wed, Feb 5, 2014

We are excited to announce the availability of the DreamFactory Mobile Application (DMA) for iOS, Android, and Windows 8. The DMA allows JavaScript developers to write a single application on the DreamFactory Services Platform (DSP) and then quickly deploy their work to end users on any mobile device. The DSP is an open source platform that provides all of the backend services you need for sophisticated data driven or collaborative applications. And now, with the DMA, enterprise developers can securely deliver these applications to any group users, customers, partners, or employees.

Rise of the Service Platform

Posted by Bill Appleton

Mon, Jan 6, 2014

 I've been working with web services for over a decade, but during the next few years I expect REST APIs to become even more important for application development. A big reason for this trend is the growing popularity of mobile devices. All native and most HTML5 mobile applications will need RESTful services for collaboration and data storage. Wearable devices and the Internet of Things will need to communicate with services as well. And that's just the tip of the iceberg: many developers are now adopting web services for traditional application development tasks and server to server communication.

Four Big Problems DreamFactory Solves

Posted by Bill Appleton

Fri, Jul 19, 2013

BillAppletonThe DreamFactory Services Platform (DSP) solves four big problems that plague mobile application developers.


Great REST API's You Can't Use

Posted by Bill Appleton

Fri, Jul 12, 2013

BillAppletonThe Mongo database has a great REST API, but you can't use it. They tell you this right in the docs:

Securing the Mobile Enterprise

Posted by Bill Appleton

Fri, May 17, 2013

The DreamFactory Services Platform (DSP) was designed from the beginning to be a very secure way for an enterprise customer to host mobile applications. This blog post covers security benefits on the server side and at the client, and towards the end we discuss the advantages of our user roles and permissions system.

DreamFactory Mobile Apps

How We Got Here

Posted by Bill Appleton

Thu, Apr 25, 2013

Back before the turn of the century people started experimenting with new ways to make function calls across the firewall. Around this time in 1998 Dave Winer invented XML-RPC, which stands for Extensible Markup Language Remote Procedure Call. His specification introduced the concept of exchanging XML documents across a URL endpoint. The request and response would constitute a function call. These XML documents were normally exchanged with an HTTP POST transaction, and since this looked like regular web traffic the function calls sliced right through most firewalls. Tony Hong stated the XMethods website about this time, and soon there were many example services that could be called.


The New Mobile Architecture

Posted by Bill Appleton

Sun, Mar 31, 2013

BillAppletonThere are a number of software systems for generating HTML pages on the server side, including Websphere, Weblogic, JSP, PHP, Python, and Ruby. But the increasing prevalence of mobile devices has started to chip away at the usefulness of this strategy.


Weekly Digest

Recent Posts