DreamFactory is an API management gateway. It’s proficient of generating influential, documented APIs for almost twenty databases including Microsoft SQL Server, in addition to file storage, caching, e-mail, 3rd party APIs and SOAP services. The scripting interface supports four scripting languages. 3rd party libraries are also supported, and business logic integration allows for data validation, masking and transformation.API keys and role-based access controls restrict endpoint and method access. DreamFactory supports many user authentications options, including AD, OpenID Connect and Okta.Request limiting ensures system resources aren’t abused, reducing the likelihood of data theft. Logging is supported through Elastic Stack. Other compliance controls include restricted admins and API lifecycle monitoring
The units below discuss the various components and characteristics of the system and an anatomy of various API calls as they travel through the system.
DreamFactory is an open source REST API backend that delivers RESTful services for building mobile, web, and IoT applications. In technical terms, DreamFactory is a runtime application that runs on a web server similar to a website running on a traditional LAMP server. In fact, as a base, we require a hosting web server like Apache, NGINX, or IIS. DreamFactory is written in PHP and requires access to a default SQL database for saving configuration. Depending on configuration for caching, etc. it may or may not need access to the file system for local storage. If pre- and/or post-process scripting is desired, access to V8Js or Node.Js may also be required. It runs on most Linux distributions (Ubuntu, Red Hat, CentOS, etc.), Apple Mac OS X, and Microsoft Windows. Installation options are highly flexible. You can install DreamFactory on your IaaS cloud, PaaS provider, as a Docker container, on premises server, or a laptop. Installer packages are available, or the DreamFactory source code is obtainable under the Apache License at GitHub. DreamFactory Components The DreamFactory application can rationally be divided into several operational components. Though these components are logical and do not essentially represent the code structure itself, they are beneficial in conversing the subsystems and functionality of the application, as well as the composition of the API call later on.
Routing sets up the supported HTTP interfaces to the system. In tandem with Controllers, this component controls the flow of the calls through the system. Controllers are essentially groups of routes or HTTP calls that share some logical handling and are paired with a set of access control components. There are essentially three controllers that the routing component can hand the call off to.
• Splash Controller – This handles the initial load and setup states of the system. It also routes web traffic to the default web application (i.e. Launchpad), where users can login and access other configured applications like the admin console, etc.
• Storage Controller – This handles direct file access to any file services where folders have been made public through configuration. Files are requested via the service name and the full file path relative to that service. The file contents are returned directly to the client. This is primarily used for running applications hosted on the DreamFactory instance.
• REST Controller – This is the main controller for the API, it handles the versioning of the API and routing to the various installed services via a Service Handler. It also handles any system exceptions and response formatting. The Service Handler communicates generically with all services through a service request and response object. Access Control Access Control is made up of middleware, groups of checks and balances that can be used to control access to various parts of the application. The services and resources for Access Control consist of the following:
• System status checks
•Cross-Origin Resource Sharing (CORS) configuration allowances
• Authentication via user login, API keys, and/or session tokens
• Authorization via assigned user and app role access
• And usage limit tracking and restrictions
If any of these checks fail, the call is left without and the correct error response is sent back to the client; no further processing is done. If all of these checks pass, the call is allowed to continue on to one of the handling controllers, which routes the call for the appropriate API processing. API Processing At this point the API can be broken down further into logical components that we call Services. Services can be anything from a system configuration handler (i.e. the “system” service), to a database access point, or a remote web service. Service types can be dynamically added to the system to expand service offerings, but many are involved out of the box.
A mainstream of the processing done on the server is handled by Services. Services and Resources are both built on the concept of a REST handler. Therefore, a Service may process the full request directly, or choose to pass along the request or parts of the request to any number of resources to process the call based on the path given. Server-side Scripting Part of this REST handling by the services includes server-side scripting. Each API endpoint, be it a Service endpoint, or a subtending Resource endpoint, triggers two processing events, one for pre-process and one for post-process. Each event can be scripted to alter the request (pre) or response (post), perform extra logic including additional calls to other services on the instance or external calls, as well as halt execution and throw exceptions.
Scripting can be used for formula fields, field validations, workflow triggers, access control, custom services, and usage limits. The role-based access controls have separate settings that govern data access for both client-side applications and server-side scripts. This capability enables server-side scripts to safely perform special operations that are not available from the client side REST API. The event scripting all happens in the context of the original API call. Therefore, event scripts block further execution of the API call until finished.
DreamFactory is designed to be safe, humble to use, easy to customize, and vigorously expandable to meet most of your API needs.
New User Interface
Dream Factory’s interface has long been perfectly functional yet decidedly utilitarian in design. Version 3.0 marks a radical improvement to the administration console’s visual appeal while taking care to not require existing users to reorient themselves. This is the first step in a series of exciting UI/UX improvements we plan on making in the coming months to ensure DreamFactory is the most user-friendly API management platform in the universe. Here’s a glimpse of the shiny new UI:
By the way, the beta version of this new UI coincided with the launch of our completely redesigned website https://www.dreamfactory.com/.
Restricted Administrator Support
Compliance must be balanced with the ability to effectively build and manage APIs, and so in response to paid user requests we’ve added support for restricted administrators. This feature allows root administrators to identify with a great deal of specificity what parts of the platform a restricted administrator can access. This is done using the simple point-and-click interface presented in the following screenshot:
Since the companion web-based administration client is itself making API calls to the platform, these restrictions are applied at the API level, ensuring curious or wicked colleagues aren’t able to avoid their defined rights.
Like the UI changes, this is just the first in a series of enhancements we’ll be making to administrator security. In the coming months we’ll be adding authentication geofencing, among other features planned to improve security.
API Lifecycle Auditing
Also by request of several users required to follow data privacy laws such as GDPR and POPI, we’ve added the first iteration of API lifecycle auditing. This feature persists the timestamp and administrator identity associated with API creation, modification, and deletion. Like the restricted administrator feature, we’re very excited about this new capability and plan on dramatically expanding it in the coming months to include API activation review and approval.
Python 3 Support
DreamFactory has long supported four scripting engines, including NodeJS, PHP, Python, and V8JS. Scripting support is undoubtedly one of DreamFactory’s most popular features, not only because it’s used to add business logic to API endpoints, but also because you can create entirely new APIs using the Scripted Services connector. To put the popularity of this feature into perspective, we are aware of at least two users who are running more than 400 scripted APIs within their DreamFactory environments!
In version 3 we’ve updated Python support to include version 3 due to the forthcoming conclusion of support for Python 2.7. The End of Life date is slated for January 1, 2020 so we wanted to be sure our users have plenty of time to begin porting their scripts to version 3. Note we are not removing Python 2 support! We’ve supplemented this support with Python 3 to ensure users can choose from both options as companies transition from version 2 to 3 in the months
Automated Linux Installers
DreamFactory can interact with thousands of of data sources and third-party services, and for this reason developers have done so many amazing things with the platform. But installing and configuring all of the necessary drivers can be pretty intimidating process. Our Docker environment goes a long way towards alleviating these issues however understandably not everybody is using Docker so we wanted to ease the installation process for other users.
The outcome are two new installation scripts found in the installers directory. These installer scripts are used in conjunction with Debian and Ubuntu, and install all of the dependencies you need to run DreamFactory! If you’re running one of our commercial editions, the installers will additionally assist in the installation of the Microsoft SQL Server and Oracle drivers.
DreamFactory engineers wrote the world’s first service-based applications over a decade ago. We worked with XML-RPC in 1998, SOAP in 2002, and REST and JSON in 2004. As the technology behind web services matured, we started writing applications for various partner platforms, including the first AppExchange application DreamTeam in 2006. We have also published on the Intuit Partner Platform, Cisco Webex Connect, Amazon Web Services, and Microsoft Azure. Today, DreamFactory applications are used by over twenty thousand companies.
By 2009 we were building our own service platforms, and installing them on IaaS clouds, including Amazon and Azure. Our engineering team became familiar with the best practices for creating REST APIs, and how to make a service platform fast, scalable, and secure. With the rise of mobile phones and tablets, we realized that our application development model would be extremely useful for other companies to adopt, but there simply wasn’t a great open source REST API platform available anywhere. As a consequence, developers had to write their own integration code by hand, over and over again, often with mixed results.
In 2011 we decided to tackle this problem, and started work on the DreamFactory Services Platform. We launched this exciting new product two years later. DreamFactory transforms any IaaS cloud into a PaaS backend for mobile application development. Our platform incorporates more than a decade of deep experience about how to securely build, deploy, and manage service-based applications in the enterprise. DreamFactory can be installed on any server, connected to any SQL or NoSQL database, and used for developing HTML5 or native mobile applications. Our technology enables developers to build modern applications for the phone, tablet, or desktop without having to manage server side code and complexity.
1.Instant API creation
Integrate any SQL or NoSQL database, file storage system, or external HTTP or SOAP service and DreamFactory instantly generates a flexible, comprehensive, and fully documented REST API endpoint that’s ready to use. Focus on building your applications, not hand-coding APIs for every new development project
2. Deep SQL support
DreamFactory provides the most comprehensive REST API for SQL databases. Features include automatically generated REST endpoints for data, schema, functions, stored procedures, and API parameters for complex filters, pagination, sorting, related table joins, virtual foreign keys, calculations, aggregation, rollback, commit, and more.
3. Data Mesh to combine unrelated databases
Create virtual foreign key relationships between tables in the same database or between completely different databases without altering your schema or writing any code. Create, read, update, or delete objects and related objects with a single API call.
4. Turn SOAP into REST
DreamFactory instantly turns any WSDL into a live, fully documented REST API. DreamFactory automatically converts the JSON request into SOAP, calls the legacy SOAP service, and then the SOAP response is converted back to JSON for the client application. DreamFactory also generates Live API Docs from the WSDL for testing
Add business logic to your APIs to suit any business requirement. Supporting four scripting engines (NodeJS, PHP, Python, and V8JS), custom logic can be used to validate input parameters, transform responses to suit client requirements, and even call other APIs.
5. Rock-solid security
Securing APIs is difficult and time consuming. DreamFactory makes it easy with User Management, SSO Authentication, JSON Web Tokens (JWT), CORS, Role-Based Access Control on API endpoints, record-level permissions on data, OAuth, LDAP, Active Directory, SAML integration, and more
6. Federated access and data governance
DreamFactory is a privacy-by-design product engineered to fold in the governance safeguards to keep your data compliant for regulations such as GDPR and HIPAA. Keep legal, audit, security and compliance departments happy while still delighting your engineering team with streamlined development.
7.Live API docs
DreamFactory automatically generates interactive API documentation for every connected data source. DreamFactory uses Swagger, the most popular open source project for API documentation. Live documentation allows you to try out different parameters and see the request and response before building an application
8. Admin console
The admin console makes it easy to centrally manage the entire DreamFactory Platform, including your catalog of REST APIs, applications, scripts, security settings, users, roles, and more. All of the administrative capabilities are also exposed as a REST API in case you need to automate repetitive tasks.
9) Run anywhere
DreamFactory is accessible, stateless, and transferrable. DreamFactory is an open source project that runs on Linux, Windows, and Mac OS X. You can run it on private, public, or hybrid infrastructure and easily move your apps between servers. DreamFactory is easy to deploy with Docker, Kubernetes, Bitnami, or straight from GitHub source.
10)Logging and reporting
DreamFactory comes with the popular ELK stack (Elastic, Logstash, and Kibana) for logging and reporting on API traffic. Kibana provides flexible reporting on all API calls with pre-configured dashboards segmented by instance, application, role, user, API endpoint, and more.
Major Features of DreamFactory
Installation Instructions For Ubuntu
Note : Please use “DreamFactory ” in the place of “stack_name”
To connect to the operating system, use SSH and the username is ubuntu.
Please Click here to know how to generate password .
Internal Endpoints: Internal Services are normally running on below ports and Shall be NAT-ted with the Public Endpoint as required. Although we do not recommend
Any RDBMS or Nosql admin ports to be opened to Public endpoints and these are all not exposed by default externally.
- 22 – SSH
- 80/443 – Webserver
External Endpoints: For Public Endpoints, normally only below port are Opened, although this can change from stack to stack. We recommend changing SSH and RDP ports to Non Standard ports and Putting ACL to your IP.
- 8080/8443 – Webserver
- 2222 – SSH
Configure custom inbound and outbound rules using this link
Install DreamFactory and follow the instruction
Installation Instructions For Ubuntu
Note: How to find PublicDNS in Azure
Step 1) SSH Connection: To connect to the deployed instance, Please follow Instructions to Connect to Ubuntu instance on Azure Cloud
1) Download Putty.
2) Connect to the virtual machine using following SSH credentials:
- Hostname: PublicDNS / IP of machine
- Port : 22
Username: Your chosen username when you created the machine ( For example: Azureuser)
Password: Your Chosen Password when you created the machine ( How to reset the password if you do not remember)
Step 2) Other Information:
- Linux Machines: SSH Port – 22
Install dream factory 2.0 on windows