REST

Blog
REST
Friday, August 20, 2021PrintSubscribe
August/September 2021 Roadmap

We are very pleased to announce the host of new features that are becoming available in the next few weeks. 2-Factor Authentication, new REST API v2, and barcode scanning with the device camera, are just some of the features that are coming at the end of the summer.

2-Factor Authentication

The next release 8.9.23.0 will introduce 2-Factor Authentication that will be enabled by default in apps created with the Unlimited Edition of Code On Time.

End users will have an option to strengthen their username and password with the one-time verification codes that are delivered via email, text message, or “authenticator” apps such as Google Authenticator or Microsoft Authenticator.

User context menu provides a new option that helps the authenticated user to set up the 2-factor authentication. If the user has the “authenticator” app on their mobile device, then a simple scan of the QR code on the setup screen will configure that app to generate the verification codes to confirm to sign in.
 

 
Authenticator app does not have a physical connection to your application. The scan of the QR code during the setup allows the app to retrieve the secret stored in the user record.  The app generates a new verification code frequently. There is no need to remember the code. You will be able to sign in as long as you have access to your phone.

You will be required to enter the username and password.
 

 
The successful sign in will result in the request to enter the verification code if the 2-factor authentication was set up for the account previously. 
 

 
Another default option is to receive an email with the verification code that expires in a few minutes. Developers also have an option to instruct the app to send a text message or call the user with the verification code. 

If the correct time-based verification code is entered, then the user is signed in. Incorrect input of verification code will count as a failed login attempt with the eventual lockout of the user account.

“Authenticator App” is a very secure option since there is no communication with the 3rd party systems. The default “Email me at...” option can be disabled in the application if required.

Users can also enter the single use backup codes provided to the user during the setup process.

REST API v2 / App Middleware

We are pleased to announce the new REST API v2 available in the apps created with the Unlimited Edition. 

The server-side framework automatically responds to the requests to read and write data  by creating JSON or YAML based output. Hypertext Application Language links are automatically included in the responses to enable the API discovery.
 


The new REST API is the automatic reflection of your data controllers, lookups, and dataview fields. The root entry point of the API serves as the introspection end-point that helps to learn what’s possible.

API Keys and access tokens help authenticating the request. The new API can be used internally and also as a middleware for the projects that require database access. Developers can even enable the “middleware” mode when no user interface options are available and only the API requests are being handled. 

Camera-Based Barcode Scanning

Your apps will finally have an option to scan the barcodes and QR codes without relying on the external scanners. The powerful UI Automation and Kiosk UI already available to the app developers are getting a boost! The QR code icon on the toolbar activates the camera-based scanner powered by the Zxing (zebra crossing) library.  

The camera scanner icon is available when barcode support is enabled. Developers will also have an option to automatically activate the scanner when a particular form is displayed or a field is focused. The scanned barcodes and QR codes are placed in the barcode processing queue, which is also populated by the external scanners and readers.

The simple and powerful IfThisThenThat API allows creating complex rules that force the UI of the app to perform various actions in response to the contents of the barcode queue.

V9 and Integrated Community

We have made great progress in delivering the new browser-based development environment for your apps. The screenshots above show the live preview mode of upcoming v9. It will become the default mode for Code On Time developers and provide property grids and  toolbars with drag & drop configuration and point-and-click inspection of live apps.

The community forum is integrated into the new development environment and will allow discussing and documenting various features right from the property grid. The news feed will also be readily available along with the place to see the latest discussions, tickets, and blog posts.

Monday, September 18, 2017PrintSubscribe
Executing Requests with the Client API

All apps created with Code On Time app generator contain a single client-side API used for all server-side operations, including Select, Insert, Update, Delete, Report, Batch Edit, etc. One significant advantage of using a centralized API is that any style of user interface is able to access the same API – this has allowed the co-development of Classic and Touch UI.

Another major advantage in the client-side API is that developers are able to extend their apps with custom behavior utilizing the same data access routines – any access control rules, data controller customizations, and security restrictions will also equally apply to these custom requests.

To access the client API from custom JavaScript, simply call the method $app.execute(options) with the required parameters set on the options object. See a list of available options parameters below.

Property Description Default Value
controller The controller to direct the request to. (required)
view The view of the controller to use. grid1
done
success
Callback function when the request was send and received successfully. First argument contains the results. List of records can be found under the result property equal to the name of the controller.
fail
error
Callback function when the request failed.
command The name of the command to execute. “Select”
argument The argument of the command to execute.
lastCommand The last command name.
lastCommandArgument The last command argument.
pageSize The number of records to return in a single page. 100
pageIndex The page number to return. 0
filter An array of field filter objects. Each object must have 3 properties:
- “field” specifies the field name
- “operation” specifies the filter operation to perform
- “value” specifies the value of the filter. For operations with two operands (such as “between”), specify an array of two values.
values An array of field value objects. Each object can have the following properties:
- “name” specifies the name of the field matching the one defined in the controller.
- “value” specifies the current value of the field.
- “newValue” specifies the new value.
- “modified” specifies that the new value will be used in any Insert or Update expressions. Setting “newValue” will set “modified” to true by default.
selectedValues An array of strings that contain the primary keys of the selected records. Used for batch update.
tags Specify a list of tags that can be processed on the server.
requiresData Specifies if data should be returned to the client. true
requiresAggregates Specifies if aggregates defined on the view should be returned with the request. false
fieldFilter Specifies a list of fields to include in the response for each record. Not setting this value will return all fields.
format Specifies if field values should be formatted when the results are returned. true
includeRawResponse Specifies if the result should include the raw response in the rawResponse property. false

The simplest way to test your queries is to use the Developer Tools Console, available in most modern browsers.

First, browse to your running site in your favorite browser. Press “F12” to bring up Developer Tools. Switch to the Console tab.

Using the Console tab of Developer Tools to test the $app.execute() API.

You may now begin typing in $app.execute() requests in the console. Note the use of console.log(result), which will print the JavaScript object to the console when the request returns.

The following examples will use the online Northwind sample.

Select

The simplest use case for using the API is to request a page of data. See the following example below on how to fetch the first 10 records from the Orders table where the field “ShipCountry” is equal to “USA”.

$app.execute({
    controller: 'Orders',
    pageSize: 10,
    filter: [
        { field: 'ShipCountry', operator: '=', value: 'USA' }
    ],
    done: function (result) {
        console.log(result);
    }
})

The result shown in the Developer Tools Console.

Selecting 10 orders with a filter.

Insert

In order to insert records to a particular table, the request must specify the “Insert” command and a list of field values. This list is represented by the values property. Each field value object contains a field name. Values that will be assigned to the new record are stored in the field value’s newValue property. The primary key of the table is added as a field value object with the property value equal to null in order for the response to return the new primary key of the inserted record.

$app.execute({
    controller: 'Orders',
    command: 'Insert',
    values: [
        { name: 'OrderID', value: null },
        { name: 'ShipCity', newValue: 'San Diego' },
        { name: 'ShipCountry', newValue: 'USA' }
    ],
    done: function (result) {
        console.log(result);
    }
})

See the results below.

Inserting a record using the $app.execute() API.

Refreshing the view in the browser window will reveal the new record.

The new record is displayed in the grid.

Update

When performing operations on an existing record, either the primary key or an array of selected values must be specified. New field values must be specified in the newValue property.

$app.execute({
    controller: 'Orders',
    command: 'Update',
    values: [
        { name: 'OrderID', value: 11083 },
        { name: 'OrderDate', newValue: new Date() }
    ],
    done: function (result) {
        console.log(result);
    }
})

The result is shown below.

Updating an order via the $app.execute() API.

The result can be seen by refreshing the list of orders.

The updated field value is visible by refreshing the page.

Delete

Delete operations must specify the primary key in the values array.

$app.execute({
    controller: 'Orders',
    command: 'Delete',
    values: [
        { name: 'OrderID', value: 11079 }
    ],
    done: function (result) {
        console.log(result);
    }
})

See result below.

Deleting a record.

The rowsAffected property will be equal to “1” if the record was successfully deleted.

Saturday, March 28, 2015PrintSubscribe
Easy Setup of Content Management System, Page+JSON Compression, Auto-Rotation of JPEGs

Code On Time release 8.5.1.0 is a collection of several enhancements to the major release 8.5.0.0 that has introduces various enterprise components in the application framework including integrated Content Management System, Dynamic Access Control List, Dynamic Controller Customization, and Workflow Register.

CMS Setup

Now you can setup an integrated Content Management System for you app with a click of a button.

  1. Navigate to Project Settings in the app generator and choose Database Connection option.
  2. Click on the […] button on the right-hand side of Connection String box.
  3. Scroll to Content Management System (CMS) section and click Add button.
  4. Click OK and save settings of the connection string.
  5. Click Finish and Refresh your project.

image

CMS becomes a part of your application. Login as admin and select Site Content option in the menu.

Here is the site content management screen in the app with Touch UI.

image

This is the same page displayed with Desktop UI.

image

Add an image to the content database.

image

Now the jelly fish is available on your website when accessed with a custom URL composed of the path and file name:

~/images/jelly-fish.jpg

image

You can place static content, images, sitemaps, access control rules, pages, data controller XML files, data controller customization instructions, and just about anything else you like directly into CMS. Learn to use integrated content management system now!

The content is stored in the single database table called SiteContent, SITE_CONTENT, or site_content if the CMS was installed as explained above. Application generator will create a standard data controller, which you can customize as needed. Feel free to add new columns to the site content table.

Note that the installation of CMS in this release is supported for Microsoft SQL Server, Oracle, and MySQL. Let us know if you would like to see other databases to have a simplified setup of CMS.

Page and Script Compression

Non-hosted projects now  perform runtime compression of pages and JSON responses in SPA apps. Apps implemented with “*.aspx” page model are performing compression on page output only at this time. This new capability is available in apps with Desktop and Touch user interfaces.

JPEG Auto Rotation

Images captured on mobile devices of iOS family are preserving device orientation information in the EXIF metadata of each photo in JPEF format. Uploaded photos will display incorrectly if rotation information is not taken into account. Blob downloader of generated apps will auto-rotate and flip the photos in JPEG format by taking into account orientation of the camera recorded in the image.

Other Enhancements

Other enhancements include:

  • Duplicate data fields are not created during data controller customization if an attempt is made to create an existing data field.
  • Dynamic Access Control List correctly processes Tags property of data views.
  • Workflow Register is now available in all product editions including free edition.
  • Advanced Search form in Touch UI correctly processes dates.
  • Advanced Search form  correctly handles “include” comparison option and will not raise an exception.
  • SPA applications will correctly process HTML tags specified in About property of a page.
  • Client library parses integer values with radix of 10 to ensure correct parsing with earlier versions of JavaScript engine.
  • Application Framework activates Gregorian calendar for th-TH culture.
  • CMS: Added processing of "empty" relative path in ReadSiteContent method.
  • Pivot API: added "hideblank" keyword that will remove the "blank" value from that row or column.