REST Service
The REST Service origin is a multithreaded origin that processes all authorized REST API requests. The origin can also send records with status codes back to the originating REST API client when used with one or more Send Response to Origin destinations in the same pipeline.
By default, the REST Service origin listens at an HTTP endpoint for requests. You can configure the origin to use Data Collector as an API gateway, which enables using the Data Collector URL as an API endpoint.
Use the REST Service origin to create a REST-based microservice. In a microservice pipeline, the REST Service origin works with one or more microservice destinations that specify the HTTP response code to pass back to the originating REST API client.
The REST Service origin generates a batch for each request that it receives. The REST Service origin can use multiple threads to enable parallel processing of requests from multiple clients. The origin can also read requests containing messages with no compression or with the Gzip or Snappy compression format.
When using the REST Service origin, you must configure the REST API clients to send data to the pipeline. The required client configuration depends on how you configure the origin.
When you configure the REST Service origin, you decide if you want to use a listening port or an API gateway to receive requests. To use a listening port, you specify the HTTP listening port. To use an API gateway, you specify the service name and whether to require gateway authentication.
When not using gateway authentication, you can enable Kerberos authentication using SPNEGO, or SSL/TLS with basic authentication.
For additional security, you can require each request to include a valid application ID by listing valid application IDs in the origin. And you can indicate if the application ID will be in the URL instead of the request header.
You can configure the maximum number of concurrent requests to determine how many threads to use. You also configure the format of generated responses.
When you start the pipeline, Data Collector displays the endpoint that the pipeline uses in monitor mode.
HTTP Listening Port
By
default, the REST Service origin listens for requests at an HTTP endpoint and processes
all authorized requests. You can specify the port number that the origin listens at. By
default, the origin uses port number 8000
.
The specified listening port should be used by a single pipeline, unless you use application IDs to differentiate between the requests to be processed by different pipelines.
API Gateway
You can configure the origin to use Data Collector as an API gateway instead of listening for messages at an HTTP endpoint.
When you enable Data Collector as an API gateway, you specify a service name for the pipeline, which Data Collector uses to route requests to the pipeline. Then, you configure REST API clients to send requests to the specified service name.
Gateway Authentication
When the REST Service origin uses Data Collector as an API gateway, you can also configure the origin to require gateway authentication.
When you require gateway authentication, the user in each request must be an authenticated Data Collector user. This leverages the authentication method configured for Data Collector. When you enable gateway authentication, the origin ignores other user authentication options configured in stage properties.
- When Data Collector is enabled for SSL/TLS, communication between REST API clients and the
microservice pipeline use HTTPS.
As a result, you do not need to enable SSL/TLS in the origin stage properties. If you enable SSL/TLS in the origin, that security is used only for the connection between the gateway and the origin.
- When Data Collector uses LDAP
or file-based authentication.
For example, if Data Collector uses LDAP authentication, then the user in each API request must be authenticated by the LDAP server.
- When Data Collector is registered with Control Hub, the security configured for Control Hub is applied to the pipeline.
For example, if your Control Hub organization uses SAML authentication, then the user in each API request must be authenticated by the SAML identity provider (IdP).
REST API URLs
- Secure API
- Use the secure REST API when the origin requires gateway authentication.
- Public API
- Use the public REST API when the origin does not require gateway authentication. The public API can be accessed by any user, but to pass requests to the pipeline, the user must have read permission for the pipeline.
For more information about constructing the URL, see REST API Client Requirement.
Required Request Header
"X-Requested-By:<user-defined string>"
This header is used by the pipeline to provide additional security. The user-defined string can be any string value.
userService
gateway service using client
as the
requestor:curl -i -X POST http://localhost:18630/public-rest/v1/gateway/userService/user
--header "X-SDC-APPLICATION-ID:microservice" --header "X-Requested-By:client" -d ‘{"Name": "Joe"}’
Security
- Application ID
- When you specify a list of application IDs, the origin processes only incoming requests that include one of the specified application IDs.
- Gateway authentication
- When the origin requires gateway authentication, the origin uses the Data Collector SSL/TLS properties, if configured. The origin also requires requests to use the secure REST API.
- Kerberos with SPNEGO
- The origin can authenticate using Kerberos with SPNEGO web authentication. You can use this option when your environment is enabled to perform Kerberos authentication over HTTP.
- SSL/TLS with additional options
- When you enable SSL/TLS in the origin, you can also enable the following
additional security measures:
- Client authentication - Requires mutual authentication of each REST API client before accepting requests.
- Basic authentication - Requires incoming requests to include one of
the user accounts specified in the origin.
You can use basic authentication when other authentication methods, such as gateway or Kerberos with SPNEGO authentication, are not enabled. When other authentication methods are enabled, basic authentication properties are ignored.
Using Application IDs
You can configure the REST Service origin to only process requests that include a valid application ID. To require application IDs in the requests, define a list of valid application IDs in the REST Service origin.
When you configure application IDs for the origin, you must configure the REST API clients to include one of the listed application IDs in each request.
You might use application IDs to provide additional security or to enable multiple pipelines to listen at the same port. That is, if you specify a different application ID for each pipeline, multiple pipelines can safely share the same port.
Include the application ID for each request in one of the following ways:
- In request headers
- Add the following information to the HTTP request header for all requests that
you want the origin to
process:
X-SDC-APPLICATION-ID: <application_ID>
- In a query parameter in the URL
- If you cannot configure the client request headers - for example if the requests are generated by another system - then configure each REST API client to send data to a URL that includes the application ID in a query parameter.
REST API Client Requirement
To enable the REST Service origin to process data, you must configure the REST API clients to send data to the pipeline. The URL that you use depends on how you configure the origin.
- Listening port
- When the origin is configured to listen for
data at a specified port, you must configure each client to send data to a
URL that includes the listening port number.Note: No other pipelines or processes can already be bound to the listening port. The listening port can be used only by a single pipeline.Use the following format for the URL:
<http | https>://<sdc_hostname>:<listening_port>/<path>?<queryString>&sdcApplicationId=<application_ID>
The URL includes the following components:- <http | https> - Use
https
for secure HTTP connections. - <sdc_hostname> - The Data Collector host name.
- <listening_port> - The port number where the origin listens for data.
- <path> - Optional. The path of the URL.
- <queryString> - Optional. The parameters of the URL that come after the path.
- <application_ID> - Optional application ID if not passed in the request header.
For example:
https://localhost:8000/
orhttps://localhost:8000/rest/v1/user
. - <http | https> - Use
- API gateway
- When the origin is configured to use Data Collector as an API gateway, you specify a service name to use and indicate if authentication is required.
Multithreaded Processing
The REST Service origin performs parallel processing and enables the creation of a multithreaded pipeline.
The REST Service origin uses multiple concurrent threads based on the Max Concurrent Requests property. When you start the pipeline, the origin creates the number of threads specified in the Max Concurrent Requests property. Each thread generates a batch from an incoming request and passes the batch to an available pipeline runner.
A pipeline runner is a sourceless pipeline instance - an instance of the pipeline that includes all of the processors, executors, and destinations in the pipeline and handles all pipeline processing after the origin. Each pipeline runner processes one batch at a time, just like a pipeline that runs on a single thread. When the flow of data slows, the pipeline runners wait idly until they are needed, generating an empty batch at regular intervals. You can configure the Runner Idle Time pipeline property to specify the interval or to opt out of empty batch generation.
Multithreaded pipelines preserve the order of records within each batch, just like a single-threaded pipeline. But since batches are processed by different pipeline runners, the order that batches are written to destinations is not ensured.
For example, say you set the Max Concurrent Requests property to 5. When you start the pipeline, the origin creates five threads, and Data Collector creates a matching number of pipeline runners. Upon receiving data, the origin passes a batch to each of the pipeline runners for processing. In the batch, REST Service includes only the REST API requests with the specified application ID.
Each pipeline runner performs the processing associated with the rest of the pipeline. After a batch is written to pipeline destinations, the pipeline runner becomes available for another batch of data. Each batch is processed and written as quickly as possible, independent from other batches processed by other pipeline runners, so batches may be written differently from the read order.
At any given moment, the five pipeline runners can each process a batch, so this multithreaded pipeline processes up to five batches at a time. When incoming data slows, the pipeline runners sit idle, available for use as soon as the data flow increases.
For more information about multithreaded pipelines, see Multithreaded Pipeline Overview.
Generated Response
In a microservice pipeline, the REST Service origin can send a response back to the originating REST API client.
- Records received from microservice destinations
- Pipeline error records received when the pipeline is configured to use the Send Response to Origin pipeline error handling
The origin generates a single response for each batch of records received. The origin can generate the response in JSON or XML format. The response can include an envelope or only raw data.
Responses with an Envelope
Response Key or Element | Value |
---|---|
httpStatusCode | The status code associated with the records in the
response. If the records in the generated response share the same status code, the code is written to the httpStatusCode key or element. If the records have different status codes, the httpStatusCode is set to 207 for multiple statuses. |
data | A list of records passed to the origin by the microservice destinations used in the pipeline. |
error | A list of pipeline error records passed to the origin by the Send Response to Origin pipeline error handling. |
errorMessage | The error message associated with the first error
record in the response. Used only when the response includes error records. |
{
"httpStatusCode":<status code>,
"data":[<list of success records>],
"error":[<list of error records>],
"errorMessage": <error message, if any>
}
Raw Responses
When configured to send a raw response, the origin generates a response that contains either the list of records passed from the microservice destinations or the list of error records passed by the Send Response to Origin pipeline error handling. If the origin receives data records from destinations and error records from the pipeline, then the origin includes only the error records in the response. If the origin receives no data records from destinations and no error records from the pipeline, then the origin generates an empty response.
Sample Responses
- Single record
- The origin receives a single record from the Send Response to Origin
destination. The destination is configured to use the 200 status code.For a response with an envelope, the origin sends the following response:
{ "httpStatusCode":200, "data":[{"ID":"103","NAME":"Jack","AGE":"37","STATE":"MD"}], "error":[], "errorMessage":null }
For a raw response, the origin sends the following response:{"ID":"103","NAME":"Jack","AGE":"37","STATE":"MD"}
- Multiple data and error records
- The origin receives several records, data and error. Because each record has
a different status code, the response uses status code 207 for multiple
statuses. The errorMessage key includes the error associated with the first
record which has a missing ID. The origin is configured to present multiple
records as multiple JSON objects.For a response with an envelope, the origin sends the following response:
{ "httpStatusCode":207, "data":[{"ID":"248","NAME":"Pina","AGE":"24","STATE":"RI"}], "error":[{"NAME":"Liz","AGE":"37","STATE":"DE"}, {"ID":"302","NAME":"Roco","AGE":"","STATE":"CA"}], "errorMessage":"COMMON_0001 - Stage precondition: CONTAINER_0051 - Unsatisfied precondition(s) '${record:exists('/ID')}'" }
For a raw response, the origin sends the following response:{"NAME":"Liz","AGE":"37","STATE":"DE"}, {"ID":"302","NAME":"Roco","AGE":"","STATE":"CA"}
Record Header Attributes
The REST Service origin creates record header attributes that include information about the requested URL.
You can use the record:attribute
or
record:attributeOrDefault
functions to access the information
in the attributes. For more information about working with record header attributes,
see Working with Header Attributes.
- method - The method for the request, such as GET, POST, or DELETE.
- path - The path of the URL.
- queryString - The parameters of the URL that come after the path.
- remoteHost - The name of the client or proxy that made the request.
The REST Service origin also includes HTTP request header fields – such as Host or Content-Type – in records as record header attributes. The attribute names match the original HTTP request header field name.
Data Formats
The REST Service origin processes data differently based on the data format that you select. The origin processes the following types of data:
- Avro
- Generates a record for every Avro record. The origin includes the Avro schema in the
avroSchema
record header attribute. It also includes aprecision
andscale
field attribute for each Decimal field. - Binary
- Generates a record with a single byte array field at the root of the record.
- Datagram
- Generates a record for every message. The origin can process collectd messages, NetFlow 5 and NetFlow 9 messages, and the following types of syslog messages:
- Delimited
- Generates a record for each delimited line.
- JSON
- Generates a record for each JSON object. You can process JSON files that include multiple JSON objects or a single JSON array.
- Protobuf
- Generates a record for every protobuf message. By default, the origin assumes messages contain multiple protobuf messages.
- SDC Record
- Generates a record for every record. Use to process records generated by a Data Collector pipeline using the SDC Record data format.
- XML
- Generates records based on a user-defined delimiter element. Use an XML element directly under the root element or define a simplified XPath expression. If you do not define a delimiter element, the origin treats the XML file as a single record.
Configuring a REST Service Origin
Configure a REST Service origin to process REST API requests and pass responses back to the originating REST API client. Use the origin as part of a microservice pipeline.