Architecture

Architecture
lac31
 
CA Live API Creator
 provides declarative definition of the following services:
  •  
    API.
     Create the default API by connecting to your database: GET, POST, PUT, and DELETE for each table, including GET/POST access to each view and stored procedure. You can create nested document resources or endpoints.
  •  
    Integration.
     Resources can combine data from multiple sources (SQL, Mongo, and RESTful), including updates between them.
  •  
    Security.
     Enforces endpoint access and row/column security.
  •  
    Logic.
     Enforces database integrity on updates, with a combination of spreadsheet-like rules and server-side JavaScript. Rules automate multi-table chaining and SQL handling. Therefore, rules are 40X more concise than conventional code.
The following image shows the architecture:
CA Technologies
Specify your settings in API Creator. Activation is instantaneous. In API Creator, there is no code generation or deployment. In addition to RESTful APIs, 
CA Live API Creator
 provides command-line interfaces (CLIs) to data and admin data. The CLIs are Node JS applications that require NodeJS. Data Explorer is created from the schema. Test your API and perform back-office database maintenance using Data Explorer.
In this article:
 
 
2
 
 
Admin Database
 
CA Live API Creator
 stores your data source connections, resource definitions, logic, and security settings in API Server's admin database. The admin database is transparent for cloud/appliance users and Web application ARchive (WAR) users must configure it. You can export admin contents into a file for maintenance in a source control system.
You can access and manage the admin data stored in the admin database by way of the 
CA Live API Creator
 Admin project API, which is a RESTful API. You can script the creation of APIs into an API Server using the Admin CLI.
 For more information about how to script the creation of APIs, see API Creation by Command Line.
Declarative Services: Retrieval, Update Logic, Data Security
Customize your API, integrate more data sources, and specify your logic and security policy using the following declarative services:
  •  
    Retrieval.
     
    CA Live API Creator
     provides RESTful listeners, SQL processing, and JSON request/response processing for all endpoints.
  •  
    Update-logic execution.
     
    CA Live API Creator
     enforces your logic on all PUT, POST, and DELETE requests. This enforcement applies to updates, to custom resources, and to tables.
  •  
    Data-security enforcement.
     
    CA Live API Creator
     controls row/column retrieval and on updates by applying role permissions on GET.
JavaScript Extension Points
You can call legacy logic, and other packages, using the following JavaScript extension points:
  •  
    Events.
     Use events for requests, GET operations (for example, call an external service, or an application server), and PUT/POST/DELETE operations. Event rules are server-side JavaScript-code business logic based on the JavaScript object model that API Creator builds.
  •  
    Rules
    . Specify by filling out forms and providing JavaScript functions. You can extend system automation for update and retrieval logic with procedural code using server-side JavaScript code. The JavaScript extension points are the basis of the extensibility services.
For more information:
Debugging
 
CA Live API Creator
 provides transparency with debugging services, including a log of all logic/database operations and a REST Lab so you can test your APIs without having to write a test program. You can test your logic using Data Explorer.
For more information about how the debugging services, see Debug.
Team Development
Multiple Developers can create APIs and logic concurrently. You can import/export your API into a JSON file, which you can manage with existing tools for diffs, Source Control Systems, etc.
For more information:
Change Management
You can protect client applications from changes in logic, security, and the database using custom resources.
For more information about change management, see Change Management.
Lifecycle Management
You can access the admin database using REST APIs. You can script the API-to-API-server deployment from source control artifacts. For example, you can save development artifacts into a source control system, and export admin contents into a file for maintenance. You can script the creation of APIs into an API server into a production system using the Admin CLI.
 For more information:
Documentation
Documentation services include:
  • API documentation, by way of Swagger.
  • System documentation, by way of URLs you can associate with your API and view in API Creator.
  • Logic documentation, by way of topics that trace requirements to the rules that implement them.
Deployment
 
CA Live API Creator
 is delivered as a WAR file. You can deploy into standard containers (Apache Tomcat, Jetty, application servers). You can load-balance the servers using standard technology. API definitions do not result in code generation. Deployment of a running system (for example, deploying a test system into production) requires an admin database update (the API Creator WAR is not changed). You do this by exporting an API to a JSON file, which you can import on the target system. You can export an API and script the import/export procedure using the Admin API.
For more information about how to script the import/export procedure, including exporting an API to a JSON file and importing the JSON file on a target system, see Import and Export APIs.
Architectural Fit
 
CA Live API Creator
 fits into an enterprise architecture:
  •  
    Web/Mobile Apps
    API Servers figure significantly in application development, ranging from basic connectivity, to object generation, to partitioning. You can get meaningfully improved re-use and reduced development time using the services for client app development.
  •  
    Databases
    Access cloud/on-premises SQL databases by way of JDBC. Their tables, views, and stored procedures are valid endpoints, per security settings. Updates are subject to database logic, such as triggers. Invoke stored procedures directly using JavaScript events.
  •  
    Existing Systems
    API Server connects well to existing databases for retrieval, with the following caveat. Some systems define new columns without schema changes by storing data as Binary Large Objects (BLOBs), for example, XML or JSON data. This practice hides the columns to SQL, to other software such as business intelligence, and to API Creator.
    For updates, API Server, like any RESTful server, operates in a standard three-tiered architecture. API Server is analogous to an application server, accessed by way of RESTful APIs rather than technology-specific access such as J2EE. Like application servers, this architecture can provide services for:
    • Integration. Your API can integrate data from multiple databases and can send/receive messages from other systems.
      For more information about viewing an example of integration, see the Business to Business Example.
    • Scalability. You can scale multiple API servers under a load balancer for increased response and failover.
    • Logic and security. API servers provide a modern approach to enforcing logic, instead of (for example) proprietary triggers.
    Like application servers, you need to be aware of applications that access the data directly without going through the APIs. Direct-data access does not enforce the logic and security that API Creator defines. Conversely, if you have existing systems that already enforce your logic, you must work within that context using API Creator.
    The following scenarios are included:
    • Read Only. In the simplest case, update logic is not an issue if you are only reading data.
    • Update considerations. The following scenarios are common for update:
      • Triggers. If you are using database triggers, triggers fire as API Server issues SQL updates.
      • Stored procedures. You can invoke store procedures from JavaScript (for example, from Table Events), using the connection made available by API Server.
      • External logic. Logic is sometimes externalized in application servers (for example, as or bound into an object-access layer). Depending on how you architect them, they can be easy or difficult to call (for example, consider transaction boundaries).
      • Screen logic. Often, external logic is bound into screen logic (for example, controllers attached to buttons). External logic is the 'fat client' ant-pattern, because this logic is typically not available outside the screen. We recommend that you migrate the screen logic to a shared server such as 
        CA Live API Creator
        .
    You can create sub-systems (manage new data that interact with existing data) and integrate systems through RESTful message exchange using 
    CA Live API Creator
    .
    To view an example, see the Business to Business Example.
  •  
    App Server
    JavaScript extensions are useful in integrating existing systems and logic, such as application servers. For example, you might use row events to acquire data from application servers or data integration servers.
  •  
    Security Systems
    CA Live API Creator
     provides authentication for development. Production systems typically use existing corporate security systems, such as Lightweight Directory Access Protocol (LDAP), Active Directory (AD), or OAuth, by delegating authentication. 
    CA Live API Creator
     injects authorization at the row/column level into SQL that is sent to the database, where 
    CA Live API Creator
     can properly optimize authorization.
    For more information about authentication, see Authentication.
  •  
    API Management
    API Server is a standard REST API. You can insert API management systems (they operate as Gateways) for monitoring, denial of service attack protection, etc.
  •  
    MBaaS/PaaS Services
    CA Live API Creator
     can be an important component to your Mobile backend as a Service (MBaaS), providing transaction processing automation to complement technologies such as push or security/social integration.
  •  
    Rules Engine
    CA Live API Creator
     logic is complementary to other automation services, such as a rules engine for decisions and workflow.
  •  
    Enterprise Service Bus
    Service orchestration products (also known as integration Platform as a Service (iPaaS), such as MuleSoft), can provide enterprise integration by assisting in building an enterprise service bus that integrates a number of existing underlying REST services. 
    CA Live API Creator
     plays a complementary role by enabling you to build (and integrate) services that do not already exist. These services run beside existing manually coded database services, and non-transactional services that deal with more content-oriented information.
    For more information about iPaaS, see the Integration platform wikipedia page.
Resource Endpoints
Your API can consist of schema resources, or endpoints, system resources, or custom resources. Your schema resources are defaulted from the schema. System resources are automatically-created metadata services to obtain the list of tables and resources and their attributes. Custom resources are the endpoints you define explicitly.
For more information about resource endpoints, see Customize your API.
Expose Tables and Stored Procedures as Resource Endpoints
You can can expose your base tables, view tables, and stored procedures as resources, or resource endpoints. Resources are available instantly. There is no restart, code generation, deploy, or configuration. After you have exposed the tables and procedures, you can begin browsing your API and start app development. You can protect access to this data by turning this off later in the API.
For more information about securing access to your data, see API Properties.
Access Resource Endpoints with a RESTful API
You can access your resource endpoints by way of a RESTful API. This makes your data available from virtually any client, in particularly mobile clients and cloud-based access.
You can issue HTTP-based retrieval requests against these resources using a URL, for example:
http://eval.acme.com/account/project/apiversion/request
You can retrieve a single JSON object (in this case, a customer with key = 
Acme
), for example:
GET http://.../rest/v1/cust/Acme
Your program can also issue retrieval operations against the following resources, for example:
GET http://.../rest/v1/cust?filter=name%3C%27Shar%27&order=name%20desc,balance
The filter controls what "cust" resource rows are returned in a JSON array, sorted per the order clause. You can omit the filter, in which case all the customers are returned in an array. Each customer is returned as a JSON string, including its nested objects (for example, payments, purchase orders, line items, and product information). You can also use the other retrieval services.
 For more information:
Enterprise-class Services
The following services are provided for enterprise-class use:
Coalesced Retrieval Strategy
Retrieval is processed a level at a time, retrieving <pagesize> rows per request. Subresource rows are retrieved in the same request, with optimizations for multi-database resources. All the subresource rows are retrieved in one query.
For example, you have a 
pagesize
 of ten, retrieving customers and their orders. On the first request, 
CA Live API Creator
 does the following:
  1. Retrieves the first ten customers.
  2. Extracts the ten customer keys and performs a query for orders with a where clause for the ten customers ("cust-1 or cust-2, ...') using these keys. The query also includes relevant security filters.
  3. Distributes the orders to the proper customer in the preparation of the JSON response.
This processing avoids ten orders queries and performs well in multi-database configurations where a customer-join-order is not feasible.
 You can control the chunk size on a per-request basis. For example, you can emit the simple SQL for debugging and testing by setting the chunk size to one (1).
 For more information about controlling chunk size, see API Properties.
Security
Your security specifications are defined for base tables and are applied automatically to all resources defined over that table. You can specify the security properties after you define your resource.
For more information about defining your security definitions, see Security.
 Pagination
Large result sets can cripple performance, both on the client and the server. You can retrieve more data using the URI that 
CA Live API Creator
 supplies. Pagination is supported at any subresource level. For example, a query of Customers and Orders can provide pagination for many customers and many orders for each of the customers.
 For more information about performance and pagination, see Performance.
JSON Refresh Information
A key benefit of logic is automated multi-table derivations. For example, saving an order might update the customer's balance. It is further possible (but not required) that this related data might be on the user's screen. Good user interface design dictates these effects be shown to the end user. 
CA Live API Creator
 returns JSON-refresh information for all updated data per logic execution, so that clients can merge these updates into the screen. This returned information can improve performance because the client does not need to show derivation results by re-retrieving data.
Performance
Per REST requirements and industry best practice, all processing is stateless. 
CA Live API Creator
 scales horizontally. 
CA Live API Creator
 provides services that address enterprise-class performance, such as minimizing network latency, through RESTful server operation, to database management system (DBMS) optimization.
 For more information about the services that address performance, see Performance.