Securely consume RESTful services with Spring’s RestTemplate
- June 24, 2019
Enterprise level software systems nowadays rely on many third party services and resources in order to perform the core functionalities. This has resulted in systems communicating with other services through their public API’s. Most of these API’s being RESTful API’s. In this post, we will be looking at,
• Communicating with Rest APIs with the aid of Spring’s RestTemplate.
• Communicating with a RESTful service secured with Basic Auth / Bearer Token
RestTemplate is Spring’s central class for synchronous client-side HTTP access. The class supports a wide variety of methods for each HTTP method that makes it easy to consume RESTful services. The class is a part of the spring-web which was first introduced in Spring 3.
It’s a hassle if we want to make an HTTP Call without using RestTemplate, we need to create a HttpClient and pass the request, required parameters, setup accept headers, perform unmarshalling of response, etc. The Spring RestTemplate abstracts the above operations from you and performs each of them under the hood. It automatically marshals/unmarshals the HTTP request and response bodies. Using RestTemplate is thread safe.
Spring RestTemplate provides the following REST related HTTP methods to perform API requests.
The REST Template provides a very convenient way to perform HTTP requests of any type through this Exchange method.
By executing the exchange method above, a POST request is sent to the server side API to create a new Customer. And depending on how the server side endpoint responds, you will have full access to the response body attributes as well. You could specify which type of ResponseEntity you are expecting the POST to return. You could also specify other HTTP verbs such as GET, PUT, DELETE etc.. with the exchange method.
A simple GET with the RestTemplates exchange method would look like,
The UriComponentsBuilder can be utilized to append query params to the GET request. Similarly to the POST request, we did previously we could define the response type here as well. In order to consume these HTTP requests more securely, we should append the Bearer token or Basic Auth property to the request header.
As elaborated in the code above we could use the HttpHeaders of the org.springframework.http package to add the Auth headers which would send in the credentials within the request to the API endpoints.