Securely consume RESTful services with Spring’s RestTemplate

  • June 24, 2019
  • 0

Savant De Silva

Associate Tech Lead

Enterprise level software systems nowadays rely on many third party services and resources in order to perform the core functionalities. This has resulted in systems communicating with other services through their public API’s. Most of these API’s being RESTful API’s.  In this post, we will be looking at,

      • Communicating with Rest APIs with the aid of Spring’s RestTemplate.

      • Communicating with a RESTful service secured with Basic Auth / Bearer Token


What is RestTemplate:

RestTemplate is Spring’s central class for synchronous client-side HTTP access. The class supports a wide variety of methods for each HTTP method that makes it easy to consume RESTful services. The class is a part of the spring-web which was first introduced in Spring 3.

It’s a hassle if we want to make an HTTP Call without using RestTemplate, we need to create a HttpClient and pass the request, required parameters, setup accept headers, perform unmarshalling of response, etc. The Spring RestTemplate abstracts the above operations from you and performs each of them under the hood. It automatically marshals/unmarshals the HTTP request and response bodies. Using RestTemplate is thread safe.

Spring RestTemplate provides the following REST related HTTP methods to perform API requests.


Using the Exchange method to communicate with REST API’s:

The REST Template provides a very convenient way to perform HTTP requests of any type through this Exchange method.

By executing the exchange method above, a POST request is sent to the server side API to create a new Customer. And depending on how the server side endpoint responds, you will have full access to the response body attributes as well. You could specify which type of ResponseEntity you are expecting the POST to return. You could also specify other HTTP verbs such as GET, PUT, DELETE etc.. with the exchange method.

A simple GET with the RestTemplates exchange method would look like,


The UriComponentsBuilder can be utilized to append query params to the GET request. Similarly to the POST request, we did previously we could define the response type here as well. In order to consume these HTTP requests more securely, we should append the Bearer token or Basic Auth property to the request header.



Setting bearer token for a GET request

As elaborated in the code above we could use the HttpHeaders of the org.springframework.http package to add the Auth headers which would send in the credentials within the request to the API endpoints.

Add comment

Your email address will not be published. Required fields are marked *

Kickstart your career with us

To apply for internships, please send in your CV to with ‘Internship’ in the subject line, and include a brief paragraph as to why you are suited to be an intern at 99X Technology