I've been reading about the Facade Pattern and I'm trying to get an idea on how to implement this. This is how I understand how it can be implemented:
-------------------------------------------------------------
| (Facade layer) API Exposure |
-------------------------------------------------------------
| DMZ |
| (Auth API) (Application Web API) |
-------------------------------------------------------------
So there are two layers. So basically two Web API end points. One that lives in the DMZ, which is not accessible to the outside world. It contains endpoints like:
internal/User Get/Put/Post/Del
internal/Order Get/Put/Post/Del
internal/Product Get/Put/Post/Del
internal/Address Get/Put/Post/Del
etc.
And then there is the public Web server that exposes a Web API endpoint to the outside world. That layer will have endpoints like:
api/user - POST
This accepts a JSON object like:
User: {
username: 'john doe'
addresses: [{
street: 'something 1001'
}, {
straat: 'company 300'
}]
}
Then the api/user endpoint will in return make two calls. One goes to internal/User and one to internal/Address.
So the consuming user only had to make one API call to save a user object with address information. But the Facade layer will make two separate calls.
Is my understanding correct of the Facade Pattern for Web APIs?
Second question I have is, where should I do the auth checking when a consumer tries to use an API? Should I do that on the DMZ layer, or the Facade layer?
I have the feeling that I miss some important things in this example. Any details are helpful.
Aucun commentaire:
Enregistrer un commentaire