Technical Paper
Pronto Connect A technical overview
Foreword
Audience This paper provides a technical overview of the Pronto Connect web services architecture. It is written for technical and development staff considering using Pronto Connect for integration.
The evolution of web services Internet technologies now allow standardised system to system connectivity over the World Wide Web. Efficiencies in integration among business processes, applications, enterprises, partners, customers and so on are now possible for businesses of all sizes. The adoption of Internet-based applications has created a world of discrete business applications, which co-exist without interacting. Application-to-application communication can be enabled by service-oriented architectures, which allow business applications to link with other organisations for application integration and data sharing without the need for manual intervention. Service oriented architectures also enable interoperability between business applications and processes within the enterprise. The service-oriented architecture model uses platform-neutral standards such as XML to expose underlying application components (or business logic) and make them available to external applications or platforms, either mobile, web or desktop. These widely adopted web-services technologies and methodologies form the basis of Pronto Connect.
Page 2
White Paper
Introduction to Pronto Connect
Meeting the needs of the growing business Expanding data and proliferating business applications push us to seek better ways to connect and share information between applications. Without connectivity, users have to switch between applications, re-enter data multiple times, share data with colleagues manually, and spend more time asking questions and searching for key data. These business process inefficiencies mean less productivity and more mistakes, which reduce staff and customer satisfaction and reduce profitability.
The Pronto Connect architecture offers the following capabilities: • Real-time data transfer • Inbound web services calls using RESTful APIs • Certificate and LDAP (Active Directory) user authentication • Secure data transfer using SSL Outbound HTTP calls can also be defined to retrieve data from a published web-service. It should be noted that this capability does not require Pronto Connect.
Pronto’s design approach to web services
Benefits of web services integration technologies
Pronto Connect is the architectural framework that supports connectivity and data exchange between mobile, web or desktop applications and the Pronto Xi Runtime.
Pronto Connect web services architecture has many benefits over traditional ‘flat file’ or field-based connectivity approaches (including Pronto Software’s previous technology, PIE (Pronto Integration Engine)). These include:
Pronto Connect APIs (Application Programmable Interfaces) present information as eXtensible Markup Language (XML) documents. XML is widely used in web technologies and is appropriate for publishing APIs as it offers a human-readable description of the functions available to external calling applications. XML describes data in simple terms, such as ‘give me detailed information for that account’ or ‘update this account’s contact details’. Using document-based APIs means more information can be retrieved in a single call. This provides faster and more efficient data retrieval than legacy API connectivity models, which call information on a per field basis. Pronto Xi Mobile CRM uses this methodology. For example, when the user selects a customer record in the mobile application, all related customer details are collected at once (e.g. customer name, email, phone number and address), meaning data retrieval is quicker and the application’s user interface is more responsive.
• Real-time information exchange, meaning processes can be completed using up-to-date information, not yesterday’s data • Secure data exchange using encrypted Secure Socket Layer (SSL) • Adherence to Pronto Xi user security and authentication, meaning only those who are entitled to view data can do so • No flat file transfer mechanism maintenance, which saves time and money for administrators • Fewer upload or synchronisation errors thanks to a reliable messaging system that ensures data is delivered as requested • Easier development – work with an intuitive business layer, removing need for Pronto Xi Rapid Application Development (RAD) knowledge and understanding of the Pronto Xi Data Dictionary.
Pronto Software
Page 3
Benefits of the Application Programmable Interface (API) An API specifies how software components should interact with each other. When used in application development, APIs specify the remote calls which are exposed to external applications, allowing them to source, populate and exchange data for the end user. APIs also help system integrators create ways for applications to exchange data freely and efficiently, without human intervention. This reduces data double-handling and human error, allowing for substantial increases in productivity and costefficiency. APIs come in a variety of formats or protocols – the most common being representational state transfer (REST) and simple object access (SOAP). APIs that adhere to the REST architecture are called RESTful APIs.
Why Pronto adopted REST Pronto Software has chosen Representational State Transfer (REST) API format, because it has gained widespread acceptance across the Web as a simpler alternative to SOAP and Web Services Description Language (WSDL). Key evidence of this trend is the adoption of REST by mainstream web application providers—including Yahoo, Google, Microsoft and Facebook. Some aspects of a RESTful approach include; • The format of web address, e.g. http://www.pronto.net/crm/ • The media type (e.g. XML) • The communication protocols (HTTP) that both transfer and manipulate the data.
Page 4
White Paper
Writing custom APIs with Pronto Connect APIs A developer guide and standard Rapid Application Development (RAD) tools are available for programmers to define custom APIs for use with Pronto Connect. Pronto Connect APIs support manipulation of data in several request types, (CRUD): • To read data from Pronto Xi using GET operation • To update data in Pronto Xi using UPDATE operation • To create data in Pronto Xi using INSERT operation • To delete data from Pronto Xi using DELETE operation Using the Customer Relationship Management (CRM) API as an example, a request operation might look for the following information:
XML element name
Description
OBJECT.FIELD
RepCode
Rep Code code e.g. ‘JS2’
rep-master.rep-code
RepName
Rep Name e.g. ‘John Smith’
rep-master.rep-description
RepLocationCode
Rep Location code e.g. ‘PARIS’
rep-master.rep-location
These CRM fields, along with several others, are available for definition in the API request as well as the details of what the field is, and its database name. Field sizes can be found using the Pronto Xi Dictionary section of the Pronto Xi Software Development Kit (SDK).
Example code for a request:
A response would look like the following: OK LF alilangan Ailangani Sen 06-JUN-2012 CAMP-5 Campaign 5 30-MAY-1998 01-MAY-1998 all none mail outs 1
Pronto Software
Page 5
A closer look at the Pronto Connect architecture Pronto Connect requires two main components, Pronto Xi Runtime, and Pronto Connect Server. Pronto Connect APIs are executed by your Runtime.
Pronto Xi Runtime
Pronto Connect Server
Pronto Xi Runtime is a proprietary abstraction layer that brokers communications between Pronto Xi applications and platform components such as the operating system and database. It provides compatibility with diverse hardware, operating systems and relational database management systems (RDBMS).
The role of Pronto Connect Server is to manage connectivity between Pronto Xi Runtime and external applications. There are two main functions within the Pronto Connect Server:
Furthermore, it decouples external technology from the business application logic of Pronto Xi. In simple terms, it brokers interactions between business activities at the application level and system activities at the hardware, operating system and database level. Some features of the Pronto Xi Runtime include: • Technology abstraction for porting applications to multiple platforms • Execution and management of the applications and general system environment • Throughput control, bandwidth usage and multi-user access in conjunction with the Pronto Xi Enterprise Client • High volume transactional processing • Pronto Connect API execution
Page 6
White Paper
Pronto Connect Service Pronto Connect Service is a standalone Java application which uses JMX (Java Management Extension) technology and exposes APIs to external applications. Pronto REST Client Pronto REST Client is a web application client of Pronto Connect Service. It is implemented on top of a third-party platform, Jersey, which is a RESTful web services framework for developing web services in Java (https://jersey.java.net/). Pronto Connect REST Client runs on Apache Tomcat web servers and uses Java Management Extensions (JMX) to connect to and execute exposed APIs. Any connected application that needs to execute APIs can do so via the published RESTful web services.
How Pronto Connect establishes connectivity The Pronto Connect architecture and the API execution and response process is shown in the following diagram:
Pronto Xi Server
Pronto Connect Server Execute API
Pronto Xi Runtime
XML
Pronto Connect (Service & REST Client)
Response
Connected Applications Execute API
XML
Web
Mobile
Response
Database
Cloud
Desktop
Active Directory authentication (LDAP)
In order to execute a Pronto Connect API, the system requires a valid security token be presented by the calling application. This token ensures that the call is made by an authorised client or person. In order to obtain a security token, the user calls the login URL and provides a username and password. The Pronto Connect Service then delegates the user authentication to JAAS (Java Authentication and Authorisation Service). In most installations, the user’s credentials will be authenticated against an LDAP Server. Once the authentication is successful, a token is generated, written into a token table and returned to the caller. Subsequent API calls should include the received token.
Here is a brief overview of the steps to establish a web-services connection between Pronto Xi and an external application: 1. An external application issues an HTTP request to the Pronto Connect REST Client installed on Apache Tomcat. 2. The REST Client decodes the type and parameters of the request, assembles a document containing the API call, and forwards it to the Pronto Connect Service. 3. The Pronto Connect Service authenticates the user account associated with the API request using Active Directory. If the authentication is successful, the Pronto Connect Service establishes and manages a socket connection to the Pronto Xi Server. 4. The API connects through the socket to the Pronto Xi Runtime to execute a request and receive the response. 5. Finally, the Pronto Connect Service forwards the response to the REST Client, which in turn forwards it on to the web application that originally issued the request. 6. A token-based system allows further API calls to retrieve data from Pronto Xi without repeated authentication, while the allocated token remains valid.
Encrypted communication All communication is encrypted using Secure Sockets Layer (SSL), using the default self-signed certificate included in the Pronto Connect installation or a certificate purchased separately from a Certificate Authority. Purchased certificates should be installed in the Pronto Connect Certificate Manager. Pronto recommends clients purchase a certificate, as these are more secure than self-signed certificates.
Pronto Software
Page 7
Implementation of Pronto Connect Windows or Linux, real hardware or virtual, hosted on on-premises.
Pronto Connect can be installed on either Windows or Linuxbased Operating Systems by an installer. The Pronto Connect Server may be on shared or virtualised hardware. Hardware specifications can be provided by Pronto Software Technical Services teams. Pronto Connect requires outbound communications from the Pronto Connect server. This will likely require an administrator to set up an open port to allow communication through any network firewalls. ‘Call home’ functionality built into the Pronto Connect licensing server reports usage information to and performs frequent handshakes with the Pronto Xi Runtime. No transactional data is stored by Pronto Connect, only usage statistics — such as number of APIs called, volume of data transferred, which users have connected to Pronto Connect and which APIs have been called. This usage information can be made available to Pronto Xi system administrators. Pronto Connect can be deployed either as a hosted service, or at your premises.
Page 8
White Paper
Security We take data privacy and communication security very seriously. It’s important to you, and important to us.
Pronto Connect has been independently audited to ensure its security against Internet attacks and uncertified user access. As such, Pronto Connect is tested for the following; • XML entity vulnerability injection for all REST API endpoints • Authentication and session management to ensure that tokens are managed correctly and protected by appropriate cryptographic controls • The latest patches and stable versions of application servers and operating systems are supported to ensure that sensitive configuration details are not accessible and there are no information disclosure issues • Pronto Connect API access is enforced and tested using a horizontal approach (different users with the same privileges) and a vertical approach (different users with different privileges). This means, in particular, that authenticated users will not be able to see the data associated with any other user, and anonymous users will not be able to perform any operations that require authentication.
Pronto Software
Page 9
Glossary
Application Programmable Interface (API) An API specifies how software components should interact with each other. APIs are commonly used to specify the remote calls exposed to an external application, and to ease the work of developing graphical user interface (GUI) components. In a web-services architecture, Web APIs come in a variety of formats with the most common being REST and SOAP. Pronto Connect has adopted a RESTful approach and offers standard out-of-the-box APIs as well as a development framework for the creation of custom APIs. Extensible Markup Language (XML) Widely used in web technologies, XML is a structured text markup language used for data exchange and is appropriate for publishing APIs as it offers a human-readable description of the data available to the external, or calling application such as ‘get me a detailed information for a particular account’, or ‘update these contact details to this account’. Pronto Connect APIs are provided as XML documents which have the benefits in allowing multiple data records to be obtained by a single ‘call’. Using XML also provides efficiencies as it can also act as the payload for the data exchange which is passed via the HTTP communication protocol.
Page 10
White Paper
HyperText Transfer Protocol (HTTP) A computer-communications protocol commonly used for Internet-facing applications and web services. Pronto Connect Service The Pronto Connect Service is a standalone Java application which uses JMX (Java Management Extension) technology and exposes APIs to external applications. Representation State Transfer (REST) REST is a software architectural style used in the development of web-services. Web service APIs that adhere to the REST constraints are called RESTful APIs and are those provided with Pronto Connect as well as leading companies such as Google, Twitter, Facebook and Flickr to name a few.
REST Client The Pronto REST Client is a web application that acts as a client to the Pronto Connect Service. It is implemented on top of the external application, Jersey, which is a RESTful Web Services framework for developing web services in Java (https://jersey. java.net/). The Pronto Connect REST Client runs on Apache Tomcat web server and uses a Java Management Extensions (JMX) architecture. Its purpose is to connect to and execute exposed APIs. Indeed, any application that needs to execute APIs can do so via the published RESTful web services.
Web Server A web server is required to store, process and deliver webbased content to a client application. It uses the HTTP protocol as its client-server transport mechanism. Pronto Xi utilises a web server to host APIs and manage the communications between Pronto Connect and its connected applications. Web Services Description Language (WSDL) An XML-based interface definition language that is used for describing the functionality offered by a web service.
Simple Object Access Protocol (SOAP) The SOAP standard is an alternative to REST and was developed for early web-services communications in computer networks. Similarly to REST, it uses XML as its data carrier and is transmitted over Hypertext Transfer Protocol (HTTP). Pronto Connect APIs are RESTful, but SOAP commands can be passed unparsed to the Pronto Xi 4GL application.
Pronto Software
Page 11
Tailor-made business software solutions. Pronto Software has been developing award-winning business management software for over 30 years. With in-built intelligence, flexibility and an easy-to-use interface, its flagship product, Pronto Xi, enables users to discover rich business insights.
[email protected] 1300 PRONTO (1300 77 66 86) Find your moment: pronto.net
Pronto believes in the power of actively listening to clients, adapting our product to meet their needs and finally revealing the best solution. It’s how we continually surpass client expectations, delivering moments of utter surprise and delight.
