1

The off-the-shelf REST API in eXist DB uses URLs like this:

http://www.example.com/exist/rest/db/myapp/api/myxquery.xql

In my case, the user will send PUT and DELETE requests.

Is there any reason one could not/should not offer a shorter URL like 

http://www.example.com/API/get-play.xql

And then in the eXist controller redirect to: 

http://www.example.com/exist/rest/db/shakespeare/api/myxquery.xql

Even reading the documentation, I remain naive about the security implications and complexities about this.

Nb: using eXist 4.7

Many thanks.

Youp Bernoulli
  • 5,303
  • 5
  • 39
  • 59
jbrehr
  • 775
  • 6
  • 19
  • Think about accepting one of the answers and if these did not satisfy you please stay in the loop and indicate what you are still missing. – Youp Bernoulli Aug 16 '19 at 08:16

2 Answers2

1

You do not need to use this the REST-API provided by eXistdb. Maybe restxq is what you are looking for.

Also, a controller.xql in a custom app will also receive and be able to handle GET, POST, PUT and DELETE requests for maximum flexibility.

Have a look at what methods the request module offers. There is some documentation on URL rewriting, too. It is a little outdated but should get you started.

In order to further customize and shorten URLs in the way you want it you should proxy request through nginx. It is the recommended method to run existdb in production anyway and allows you to route requests to /exist/apps/my-app/ or /exist/rest/ to /api/.

line-o
  • 1,885
  • 3
  • 16
  • 33
  • This is a very useful answer, as it implicates another question I posed and received no answers for (https://stackoverflow.com/questions/57437856/using-authenticated-session-user-for-rest-api-in-exist-db). Is there any reason NOT to offer APIs through `controller.xql`? I already use the controller for two web applications I've written, and now I want to introduce APIs within them for AJAX communications conducted while the user is authenticated (ie. editing and submitting data). – jbrehr Aug 11 '19 at 13:36
1

The idea with these REST url's is that they clearly describe what is "meant", they have semantic value. So you should leave them as is, don't shorten them because it is a key characteristic of REST with important arguments to do so.

Consider your API has tens of controllers and hundreds of resources (API methods, endpoints). Then very structured and meaningful url's are key to keep it organized for developers and understandable for consumers of the API.

Have a look at a resource naming guide and another which also describes anti-patterns.

Youp Bernoulli
  • 5,303
  • 5
  • 39
  • 59