Why Coldbox for APIS over Regular restargs in CF

I Hope you can help me out… I am having a hard time “reimagining” my legacy API. I currently use very simple arguments such as restpath in my CFcomponent to create functions that solve for Get, Post, etc. Furthermore I parse headers by myself to authenticate a simple Basic authorization.

Now with Coldfbox framework and so many moving pieces (OOP, Handler, Wire, CFSecurity, Models, etc) I am really struggling to understand how to build.

I’ve seen videos, read blogs even browsed through documentation and still all this work seem to overcomplicate things for me. I don’t know how to properly phrase my question, I really don’t even know what I’m askiing, I just want too take the best approach for security, performance, scalability, etc.

The problem really is that using Adobe’s RESTARGS pretty much solves it for me!

Why is it better to undertake all these new tools… Obviously I am very procedural based and am somewhat reluctant to OOP. I have managed to run my APIS under Coldbox as simple CFCs, but need your advise as to how to properly build them “step by step” and including all other box considerations.

Also, I fear that leveraging CB’s API model will disregard API Manager & CFAdmin settings that I have in place… Do you have articules as to how these relate or can co-exist? It sounds to me like CB is overtaking CF’s standard api capabilities and can clash… is this the case?

In Procedural I can build an api in under 5mins… so far I’ve spent hours and ams still lost in translation… help please. I feel like a complete newbie… Thank you!

If Adobe’s implementation works for you, then that is a completely valid approach.

IMHO, though, it’s not a truly RESTful approach to API design and, as such, lends itself to all of the pitfalls of legacy application design. Having designed upwards of two dozen RESTful APIs using Coldbox, now, I can attest that the short term learning curve is worth the long term gain.

Let us know where you are struggling in that learning curve and I’m sure many would be happy to advise.

1 Like

Thank you! Yes,. this is why I want to embrace it. I guess my problem really comes down to separating the moving pieces and addressing them one by one… When I see a video that simply “rolls-out” self contained things it get’s hard to follow. Specifically, how does CBsecurity work? is it looking at headers for Basic/bearer? Is there anything that should be done at APIS/rest in CFADMIN? How to refactor the logic from Procedural to MVC/OOP ? How to not break a working /rest endpoint in a shared server and deploy to a different url? how does url.rewriting affect/or not? and many etc’s…

how does CBsecurity work? is it looking at headers for Basic/bearer?

It can be configured to to look for any headers you wish. You could have a static basic auth setup, you could implement JWT or you could create your own interceptor that looks for a custom header and then authenticates against the auth service. ( e.g. auth.login( event, rc, prc ) - after you have scoped the user/pass in to the rc )

Is there anything that should be done at APIS/rest in CFADMIN

No. Coldbox rest is separate and independent from the Adobe’s Rest API implementation

How to refactor the logic from Procedural to MVC/OOP

That is really up to you. You can progressively refactor your templates or start by just creating the route configurations and calling the existing methods you already have in place. What you will probably find is that you have a lot of routines in your procedural code which become unnecessary within the Coldbox context - because many of those things are handled by the framework or cbSecurity.

How to not break a working /rest endpoint in a shared server and deploy to a different url

You can simply set up Coldbox to handle those routes instead of configuring in the cfadmin. For example, use your config/Router.cfc to configure a route for /rest/MyHandler/myMethod

how does url.rewriting affect/or not

The basic url rewrite redirects all traffic from missing templates or files to the framework. From there the framework picks up and evaluates the routes.

If you feel you would like more personalized assistance or an evaluation of how you might proceed in migration, please feel free to reach out to consulting@ortussolutions.com

1 Like

Thank you J for taking the time to answer. As suspected there is no “recipe” or “fast path” (this is good there really shouldn’t be)… So I Need to study many new topics and tools to get my new APIS up and running. Topics I see in scope are CBsecurity, Interceptors, Routing/Wiring. Will reach out if I get stuck and will try to blog on my learnings. The truth is I need to start with practical OOP and MVC (just saw a great training in cfcasts by Mr Nolan). will keep you posted. Surely in time I will be able to build my same apis under a modern framework in even less time.

1 Like