Global Settings of REST Web Services

The REST web services published by Virtual DataPort (the ones available at https://denodo-server.acme.com:9443/server…) have some global settings. That is, settings that affect all the web services you publish.

After changing any of these settings, redeploy the REST web services to apply the changes (you do not have to restart Virtual DataPort). If you do not redeploy a REST web service, it will keep working but with the previous settings.

These parameters control the behavior of the REST web services you publish, they do not affect the RESTful web service (i.e. the service at https://denodo-server.acme.com:9443/denodo-restfulws).

To change these settings, click the menu Administration > Server configuration and then, expand OTHERS (only in Design Studio) and click REST web services.

Enable/Disable the OpenAPI Endpoints

By default, the REST web services of Virtual DataPort include an OpenAPI document that describes the operations of the web service, their input parameters, the schema of the output, the media types available (JSON, XML), etc. (see more in OpenAPI / Swagger).

If you switch OpenAPI/Swagger endpoints to off (in the Administration Tool, clear the check box), the REST services will not publish the OpenAPI documents.

Accessing the REST Web Services Through a Reverse Proxy

A reverse proxy is a server that sits in front of web servers (in this case, the web services of the Denodo Platform) and forwards client requests to these web servers. A reverse proxy is usually implemented to help increase security.

If the client applications are going to connect to the REST web services through a reverse proxy, select Custom host name and ports, enter Host name and check with your network administrator if you have to provide a value for the other settings for the reverse proxy:

  • Host name: enter the hostname of the reverse proxy. This is the hostname that the applications/users use to connect to the Denodo REST web services.

  • If the reverse proxy listens to HTTPS connections in the default port of HTTPS (443), in Port for HTTPS connections, enter 443. If you do not enter a value, the responses will include the HTTPS port of the Denodo web container (9443).

  • If the reverse proxy listens to HTTP connections in the default port of HTTP (80), in Port for HTTP connections, enter 80. If you do not enter a value, the responses will include the HTTP port of the Denodo web container (9090).

  • If the reverse proxy also defines a path (i.e. the client applications have to add a path to the URL), enter said path in Path.

    By default, the base URL of a REST web services is this:

    https://denodo-server.acme.com:9443/server/<database of the web service>/<name of the web service>
    

    For example,

    https://denodo-server.acme.com:9443/server/customer_db/customer360
    

    If the reverse proxy is configured so the base URL of all REST web service is “/web_services/info/”, enter this value in Path.

    After this, in the responses of the service, the URLs (if any) will be like this:

    https://reverse-proxy.acme.com:9443/web_services/info/customer_db/customer360
    

    Note that in the base URL, the segment “/server” is replaced with the value of Path.

None of these settings change the host, port or URL-path that the web services listen for incoming connections; these settings only modify the URLs of the responses. That is, if you enable these options, the service will be available in these two URLs:

https://reverse-proxy.acme.com:9443/web_services/info/customer_db/customer360
https://denodo-server.acme.com:9443/server/customer_db/customer360

The only difference is that, if the response has a URL, said URL will use the reverse proxy settings. For example, if the “reverse proxy” settings are disabled, get the HTML output of a web service has this:

<script type="text/javascript" src="/server/admin/staff_list/js/rest_web_service.js">

If you set the Path to “/web_services/info/”, this element will look like this:

<script type="text/javascript" src="/web_services/info/admin/staff_list/js/rest_web_service.js">

Note the difference in “src”.

Changing the HTTP Header “Content-type”

The responses of the REST web services have the header “Content-type”. By default, this header has a parameter “subtype” (i.e. Content-Type: application/json;subtype=denodo-8.0;charset=UTF-8). You can modify the value of “subtype” or remove it from the header.

If you select No parameters, this header will not have the parameter “subtype” but it will still return the header “Content-Type”.

Changing the HTTP Header “WWW-Authenticate”

The REST web services return the HTTP header “WWW-Authenticate” the first time a user/application tries to log in. This header contains the parameter “realm” with the name Denodo. You can change the value of this parameter.

Obfuscating that the REST Web Services are Published by the Denodo Platform

Some of the options above can be used to obfuscate that the service is published by the Denodo Platform:

  1. Disable the OpenAPI endpoints. The OpenAPI document of a REST web service has references to the user manuals of Denodo.

  2. Modify the default namespace of the XML representation to not use the word “denodo”.

  3. Modify the default namespace prefix to be “tns”.

  4. Modify the value of headers “Content-type” and “WWW-Authenticate”.

  5. In all the REST web services you publish, disable the HTML representation. The HTML representation displays the logo of Denodo by default and even if you change it, the service shows a Help link that points to the documentation of the Denodo Platform.

These changes can somewhat protect you against malicious users that try to exploit security vulnerabilities, since it will be more difficult to guess the publisher of these services.