From DreamFactory
Jump to: navigation, search

What hard technical problems does DreamFactory solve?

The biggest technical problem that DreamFactory solves is providing a comprehensive, automatically-generated, documented, and secure REST API for every popular back-end data source, particularly SQL. Without DreamFactory, developers have to manually create, document, maintain, and securely expose custom REST APIs for each new development project. DreamFactory automatically REST-enables your data sources with a standard interface, so it becomes really easy to use SQL, NoSQL, files, email, push notifications, and remote REST / SOAP web services for any new application project, and re-use the REST API across many different application projects.

Second, any real application needs server-side business logic. DreamFactory makes it easy to customize any API call with server-side scripting, using the built-in V8 Javascript Engine, Node.js, PHP, or Python. Event scripts can be used to pre-process any API request and post-process any API response. DreamFactory also supports custom scripting, which can be called directly from your client application or from a server.

Third, DreamFactory addresses the important challenge of back-end data security. DreamFactory provides a user management system with role-based access control access to the entire REST API and scripting system, including table-level and record-level access to SQL and NoSQL, files, email, push notifications, remote REST / SOAP web services, and any custom APIs you add in DreamFactory. The user management system includes an administrative application to manage API keys, end users, user roles, OAuth, LDAP, and Active Directory integration. Under the hood, DreamFactory handles secure password hashing, authentication, and session handling for you with API keys and JSON Web Tokens (JWT) and protects against SQL injection attacks.

What types of apps are well-suited for DreamFactory?

Any data-driven, RESTful application is a great fit for DreamFactory. This includes mobile, web, and IoT apps.

Native, hybrid, and pure HTML5 applications are particularly well-suited for DreamFactory, particularly enterprise mobile apps that need a secure REST API to access data stored in legacy SQL databases.

Web apps that use REST and JSON for data exchange are also well-suited to DreamFactory. Building AngularJS applications with DreamFactory is a popular choice for many developers.

DreamFactory is also becoming a popular technology for IoT applications. Device sensors can easily write data to REST endpoints and human users or machines can read the data via REST.

DreamFactory provides example applications for popular client-side technologies.

Who is using DreamFactory?

Since DreamFactory is open source and REST APIs are flexible, usage is diverse.

The most common use case is mobile app and web app development that requires RESTful connections to back-end data sources, most commonly SQL. DreamFactory is used by enterprise companies for both internal and customer-facing applications, systems integrators, application development companies, ISVs (independent software vendors), freelance developers, students, and hobbyists. See the stories here for some examples of how DreamFactory is being used.

How would I explain the business benefits of DreamFactory to my manager?

From a business perspective, DreamFactory helps in a few ways.

First, DreamFactory solves the backend API integration and security requirements that data-driven mobile applications need. In short, it makes development much faster. DreamFactory automates REST API creation and server-side security controls on your backend data. This means that applications are a lot faster to build and much less costly to maintain over time.

Second, DreamFactory prevents infrastructure lock-in. DreamFactory is open source and server-agnostic. It runs the same way on different clouds (e.g. AWS and Azure) and server operating systems (e.g. Linux and Windows). DreamFactory is database-agnostic too. The REST API and JSON structure are identical for every supported SQL and NoSQL vendor. This provides real portability. You can install DreamFactory in the cloud or on premises. And you can change databases without changing your application.

Third, DreamFactory centralizes control for enterprise IT. A typical Fortune 500 company is planning to build thousands of mobile applications. All these applications need to be secure. Securing back-end data is extremely challenging in this context. DreamFactory provides a centralized set of reusable REST APIs that can be shared department-wide and centrally managed by IT.

How does DreamFactory handle security?

DreamFactory provides a user management system that controls end user access to your back-end data. Each client user (or machine) has an application-specific role that governs access to the underlying data exposed for each API endpoint.

An administrator configures roles in the DreamFactory Admin Console. Each end user is tied to a role in the context of each application (each application has an API key). Each role has a specific set of data permissions. For example, an administrator might set up a “Sales Rep” role and specify that the “Sales Rep” role be limited to read-only access to a particular set of tables and records in your Oracle database via the REST API.

DreamFactory supports a number of access control features:

  • Map roles to Active Directory Groups for secure authentication and Authorization with AD
  • Map roles to OAuth providers such as Facebook, Google, Twitter, and GitHub
  • Table-level CRUD access to SQL and NoSQL for each role
  • Record-level CRUD access to SQL and NoSQL for each role
  • Inherit existing CRUD permissions for SQL and NoSQL at the system, role, and user level (called lookup keys)
  • CRUD access to folders and files
  • Custom access control to any remote web service, including existing REST and SOAP interfaces
  • Custom access control to any custom API you add to DreamFactory

For details on security, consult the DreamFactory Security Guide.

How does DreamFactory scale?

DreamFactory is installed as a LAMP stack (Linux), WAMP stack (Windows) or MAMP stack (Mac). Web servers route API requests to DreamFactory, and DreamFactory returns JSON (or XML) back to your application. DreamFactory supports both Apache and NGINX web servers and you can use the native file system, Redis, or Memcached for caching.

To scale DreamFactory vertically, install it on servers with sufficient memory, disk space, and processing speed to handle your loads. To scale DreamFactory horizontally, deploy and load balance as many web servers as you need. For details on scalability, including benchmark tests, consult the DreamFactory Scalability Guide and DreamFactory Architecture Guide.

How can I learn to build an app using DreamFactory?

Before building your first application, it’s important to understand how REST APIs work. If you don’t understand REST APIs, read up on REST first. In a nutshell, each API call you make to DreamFactory is simply requesting a resource with a specific URL path. You can pass parameters in your API calls, such as a sort order and filter string, and these parameters are part of the URL path (appended as parameters in the URL). In effect, querying backend data with the API is asking DreamFactory to return data from a specific URL endpoint. This is a different paradigm than writing a SQL query or a stored procedure to return data from a server.

After understanding the basics of REST, check out the tutorials to learn the basics of DreamFactory by example.

Then walk carefully through setting up the example address book application for your choice of front-end. Links to the example app repos are here.

If you get stuck, search the community forum for an answer or post your question on the forum after searching. You can also contact our support engineers free of charge for a 14-day period (14 days from your first support inquiry). Just email [email protected] or use the in-product chat feature.

Lastly, we provide development and production support subscriptions. More information on support subscriptions is here.

How can I log bugs and feature requests?

If you find a bug or have a feature request, please file a ticket on GitHub or post it on the community forum.

Can I contribute to the DreamFactory project?

Yes. DreamFactory is an open source project and anyone is welcome to contribute. Please follow the guidelines here to contribute.

How is DreamFactory different than API Management software?

API management software requires you to build REST APIs yourself and helps you manage your custom APIs.

DreamFactory, on the other hand, is a transactional run-time server for client applications that 1) automatically generates REST APIs for you, 2) enables you to customize API behavior with server-side scripts, 3) manages all the backend security for those APIs, 4) returns JSON / XML from REST API calls at runtime.

How is DreamFactory different than hosted “mobile backend as a service” (aka MBaaS)?

“MBaaS” is an acronym for “mobile backend as a service”. MBaaS vendors host their customers' back-end data and provide features to reduce the amount of server-side code that developers need to write for their mobile applications.

DreamFactory provides the same simplification benefits of MBaaS. However, DreamFactory is an open source solution that targets enterprises. There are a number of differences between MBaaS vendors and DreamFactory:

  • MBaaS products are proprietary. DreamFactory is open source. You can modify the source code if necessary to meet your specific requirements.
  • MBaaS companies host your data. DreamFactory does not host your data. You host DreamFactory on whatever server infrastructure you prefer, including behind a corporate firewall.
  • MBaaS products typically use NoSQL to store data. DreamFactory supports every major database vendor, both SQL vendors and NoSQL vendors.
  • MBaaS products do not specialize in integrating with existing "legacy" databases and file systems inside enterprises. DreamFactory provides REST APIs for your existing SQL databases, NoSQL databases, and file storage systems.
  • MBaaS security features are tailored for consumer mobile app use cases. DreamFactory provides enterprise-grade back-end security.

How is DreamFactory different than “platform as a service” (aka PaaS)?

“PaaS” is an acronym for “platform as a service”. PaaS products such as Pivotal Web Services and Heroku run server hardware and software (i.e. “platform”) for you. Think of PaaS as full-service IaaS (Infrastructure as a Service). Instead of having your own Dev Ops team managing AWS provisioning, you can outsource the Dev Ops function to a PaaS company to monitor servers and uptime.

DreamFactory partners with PaaS companies. When you sign up for a PaaS product, you can easily deploy DreamFactory in your PaaS environment, and develop applications with DreamFactory that are hosted on your PaaS of choice.