One of DreamFactory’s most popular features is the wide-ranging authentication support. DreamFactory supports authorization methods to meet everyone’s needs from the single developer start-up to the thousand employee enterprise company. DreamFactory has connectors for Active Directory, LDAP, OAuth through well-known identity providers such as OpenID Connect, and SAML 2.0. Leveraging DreamFactory’s OpenID Connect has never been easier. OpenID affords users the convenience of using an existing account for signing into different websites. You can forget about managing 20 different passwords from now on!
Since version 2.7 DreamFactory has supported OpenID allowing you to use OpenID based authentication in conjunction with your APIs. With the easy to use interface of DreamFactory, you can have your authorization flow done in no time. DreamFactory and OpenID does the heavy lifting giving you a session token at which point your application can persist it and include it with subsequent requests.
It’s time to leave the days of pain and suffering of integrating complicated authorization in the past for the future of development with DreamFactory. If you would like to learn more about how easy it is and see it in action, check out our guide chapter dedicated to all things authorization. What are you waiting for? Spin up for a free trial today!
Do you have a ton of data sources and do not know how to expose them? Do you know you need a SQL Server API but don’t know where to begin to build it? Look no further, DreamFactory can take any database and generate a fully documented and secure REST API faster than making a sandwich. All you need is your database credentials and DreamFactory will handle the rest, instantly generating Swagger documentation and securing your API by way of API keys. Follow along with the blog or our video below!
In order to get started you must install DreamFactory, which is Open Source and gives you the ability to try out a numerous amount of popular databases. To spin up your own hosted environment for free click here.
Generating the SQL Server API
Now the fun part. Once you have DreamFactory up and running you will be on the Admin panel. From there you will navigate to the Services tab to connect your database for your API. For example I have selected a Microsoft SQL Server database but it is nearly identical for any database you will be connecting to. Connecting your database typically only requires filling out these 5 fields as shown below.
Upon saving there will be a success window pop-up saying “Service saved successfully”. What it doesn’t tell you is all the magic it just did behind the scenes. In just that short amount of time, it generated your REST API. So now if you navigate to the API Docs tab you can see your new documentation for the API and actually interact with it via the “Try it out” button.
Securing and Interacting with the API
I can end it here now that you have generated your API, but where is the fun in that? Now let’s actually see the API in action! First things first, let’s generate an API key to be paired with the API for security purposes. DreamFactory does not allow access to the API without being authenticated. Let’s navigate to the Roles tab and create a Role for our API. This Role with correspond with the API key so different users can have different privileges based off different keys.
For my Role I have pointed it to the SQL Server Service we just created and told it to only allow GET calls on the endpoints. This will ensure anyone using this API key will not be able to, for example delete data from the database. We must now link this Role to an API key. If we now go to the Apps tab we can create a new API key with the corresponding Role.
Once we hit save we are able to see the API key generated for our use. Just to show how it works I will be using Insomnia, a popular HTTP service, to call our DreamFactory API. I will call the customers table, passing the API key in the headers for authentication.
As you can see I have access to our new API and how much time did that take? Way less time than building this API yourself! If you would like to find out exactly how much time and money DreamFactory can save you, check out our API calculator. Otherwise what are you waiting for? Go build your next application using DreamFactory already!
If you have any questions about the platform, or just APIs in general, we’d love to hear from you! Contact us.
DreamFactory supports all kinds of authentication schemes out of the box, including traditional native authentication (managing users and passwords in its own database), OAuth 1.0 and OAuth 2.0, as well as OpenID Connect and SAML 2.0. While these options cover most authentication scenarios, there are situations where none of these solutions work. For these cases, DreamFactory 2.11 includes an alternate user authentication feature that allows you to use your own database and user table for DreamFactory user authentication.
DreamFactory 2.9 supports Single Sign On (SSO) using Windows Authentication. DreamFactory’s SQL Server service also supports Windows Authentication. However, SSO with Windows Authentication has some prerequisites. Here’s what you need to know to set it up.
DreamFactory 2.7 Silver and Gold now includes the OpenID Connect service . As you may know, OpenID Connect is a wrapper around OAuth 2.0. This means you can now easily authenticate your users into a DreamFactory-based application using any OAuth 2.0/OpenID Connect service provider.
The engineering team at DreamFactory designed and built some of the very first applications that use web services. Over the years, we learned many lessons trying to create the perfect mobile backend for these applications. This article lays out some of the problems companies encounter when they build custom REST APIs from scratch, and after that, we look at some of the architectural advantages and technical characteristics of a reusable REST API platform.
The REST API Complexity Problem
When a company decides to start a new mobile project, the IT group first defines the business requirements, and then starts writing the actual software. Usually there is a client-side team that designs the application and a server-side team that builds the backend infrastructure.
These two teams must work together to develop a REST API that connects the backend data sources to the client application. One of the most time-consuming and expensive aspects of the development process is the “interface negotiation” that occurs between these two groups.
With the acceptance of BYOD and general proliferation of mobile devices, the modern enterprise may need hundreds or even thousands of mobile applications. New mobile projects typically have new requirements that were not anticipated by the existing services. You could go back and try to expand the scope of the old services, but they are already in production, and so in many situations a new REST API is created for each new project.
And so the API building process continues over time with various developers, consultants, and contractors. The REST APIs are often written with different tools and developer frameworks. They run on different servers or in the cloud. They are tied to different databases and file storage systems. Each new service has different security mechanisms, credential strategies, user management systems, and API parameter names, as this diagram illustrates.
Continue reading “The Reusable REST API Platform Strategy”
DreamFactory partnered with Verizon and Mapquest to host an all day hackathon at the beautiful Verizon campus in Dallas,Texas filled with fun, food, drinks and prizes. The September hackathon hosted 76 developers coming from different career, education and programming backgrounds which fueled creativity, collaboration and ultimately the innovation that followed.Continue reading “DreamFactory hackathon with Verizon Cloud and Mapquest”
DreamFactory is a high performance request/response engine for REST API Services. You can hook up any SQL or NoSQL database and instantly get a comprehensive REST API for that data source. A big part of our platform is the support for JSON Web Tokens. JWT is an open standard for representing session information that is transferred between the client and server. JWT allows DreamFactory to run in a completely stateless manner, which makes the platform very easy to scale vertically with additional server capabilities or horizontally with multiple instances between a load balancer.
Continue reading “PHP 7 doubles performance for DreamFactory”