Skip to content

P6Rest

Platform 6 representational state transfer Consumer are HTTP endpoints that can be defined and dynamically deployed to capture any number of requests.

For more information about the Camel REST DSL: https://camel.apache.org/rest-dsl.html

Example

This example demonstrates how several routes can be included in the same event definition script. By adding a P6Rest component to Camel, we extend the standard Camel REST API syntax allowing restful routes to be hosted by Platform 6.

Warning

The id() of a REST route is defined slightly differently to all other routes.

Template: Dev_BaseRestRoute.groovy

${addRoutes} :=

// Simple endpoint that calls a script without authentication
rest("/public/say")
    .get("/hello")
    .to("p6cmb://scripts?platform6.request.action=execute&id=RestHello")
    .id("RestOne")

// An endpoint that calls another route
rest("/public/say")
    .get("/bye")
    .to("direct:bye")
    .id("RestTwo")

// Authenticated endpoint because published under /apis
rest("/apis/say")
    .post("/tankalert")
    .consumes("application/json")
    .produces("application/json")
    .to("p6cmb://scripts?platform6.request.action=execute&id=RestTank")
    .id("RestThree")

from("direct:bye")
    .transform()
    .constant("Bye World")
    .routeId("RestFour")

${destroyRoutes} :=

p6.camel.destroyRoute('RestOne')
p6.camel.destroyRoute('RestTwo')
p6.camel.destroyRoute('RestThree')
p6.camel.destroyRoute('RestFour')

Warning

The context path REST endpoints defined with a root of /apis/ will be inspected for a valid access-token by the instance issued by P6 Auth otherwise the endpoints are un-authenticated.

A Platform 6 service called via this component can return a p6rest.body variable that will be mapped to the Exchange Message Out body so enabling any REST response content to be returned:

p6.pipeline.put("body","{ success: true }")

Other response headers used to create a REST response

  • Content-Type
  • CamelHttpResponseCode
  • p6rest.* (any header prefixed will be added without the prefix)

When an authenticated user makes a call to a REST endpoint, additional information is added to the response headers:

  • platform6.request.user
  • platform6.request.user.permissions

A practical way of checking permissions prior to executing the script called by the endpoint is to call the hasPermissionsUsingPipelineRequest() DSL function as follows:

def canReadInvoices = p6.permissions.hasPermissionsUsingPipelineRequest("invoices", "read")
if (!canReadInvoices) {
    p6.pipeline.put("CamelHttpResponseCode", "401")
    p6.pipeline.put("body", "The user doesn't have the permission 'invoices=read' to call this endpoint")
    return
}

// Rest of the processing ...

When the REST endpoint is public, the user information added to the request headers is:

Testing the endpoint through P6 Proxy

Say you want to test an endpoint, that is /public/invoices/single_pdf?invoice=XXX, where XXX should be replaced by the invoice ID. Calling this endpoint, when deployed on an instance behind the P6 Proxy, is done as follows:

https://stagingproxy.amalto.io/public/invoices/single_pdf?baseUrl=https://sidetrade-eu.platform6.io/p6&invoice=XXX&p6proxyNoToken

Where:

  • stagingproxy.amalto.io is the address of the P6 Proxy in staging
  • https://sidetrade-eu.platform6.io/p6 is the base context of the Sidetrade EU instance
  • p6proxyNoToken is an additional query parameter to bypass the JWT token validation of P6 Proxy. You could equally pass a header X-P6Proxy-NoToken: <any value> to have the same effect, The header will be removed before forwarding the request to its destination.