The Visual Builder Cloud Service Blog

Visual Builder Service Connections - Connection types

Aparna Gaonkar
Product Manager

Starting from 19.4.3, Visual Builder gives you more control on how to connect to REST APIs using Service Connections, specifically in the area of CORS (Cross Origin Request Sharing).


As pointed out in an older blog post, VB can connect to external REST APIs in two ways

  • Using the browser/client JavaScript to connect to the API, commonly referred as Direct
  • Using the VB server side proxy to act as an intermediary between VB and the external API, referred to as via Proxy

These are represented in the below figure:

Previously, this option was controlled through what was set as an authentication method, plus a checkbox known as the "Token Relay" at the service connection.  These have now been standardized and made available as an attribute called the "Connection Type" next to the authentication in the Server settings of the Service Connection (or Backend)

These values that the Connection type attribute can take are :

  • Dynamic - Service supports CORS
  • Dynamic - Service does not support CORS
  • Always use the Proxy
  • Inherit from Catalog - this option only appears if you have a Service Connection created from a catalog based backend, and want to inherit the same connection type of the backend.

The Dynamic options are the recommended options, where Visual Builder best decides the route to chart from the app to the external service (i.e. whether to go directly or via Proxy), based on whether the service supports CORS or not.  However, you can always choose the third option (Always use the Proxy) and make sure that all requests are routed via the Proxy.


The advantage of using a Dynamic connection type

To decide the best route from VB app (which is a JavaScript SPA running on a browser or a device), a number of conditions need to be inspected.

  • The optimal way for VB to communicate with the external REST service is always going directly.  Proxy based connections add latency because each request and response has to pass through the proxy
  • Direct is the thus method of choice, except in case of those REST services that don't support CORS.  This means that the REST resource is not amenable to being connected from a browser based environment.  In these cases the only way is to connect via a Proxy.
  • Direct is also not suitable in case of authentications that are in clear text i.e. Basic Auth ( even though it is base64 encoded, the same can be decoded )
  • Direct is also not suitable for authentications that always need to be computed on server side (e.g. OCI Signature Authentication)
  • Another complexity is that CORS only comes into play when it is a web app or a progressive web app (PWA) that is making the REST call.  Native mobile apps are agnostic to this.  So even if you had a REST resource that didnt support CORS, you could still connect to it directly if you are running a native mobile app on device.  But you cant do it when you connect to the same REST resource via a web app, a PWA or even when you preview the app in VB's design time environment
  • If you use HTTP (hopefully only for development purposes), then you cannot use Direct, as VB pages are served via HTTPS

Phew, those are a lot of things to check!  Fortunately, you don't have to check any of these yourself when you opt for "Dynamic" with the relevant CORS option and VB automatically figures out whether to use "Direct" or "Proxy"

If you are unsure about the CORS status of the API you want to connect to, you can try testing it in the Test tab which will report if you are unable to use the "Dynamic - supports CORS" option.  In this case, the next best choice is using the "Dynamic - doesnt support CORS" option.

And if for some reason, you always want to route your request through the VB proxy, that is available too with the choice of "Always Use Proxy"

How do the Dynamic options work

VB will decide the route of communication with the REST API with Dynamic connection types based on the following parameters

  1. Choice of Authentication method - Specifically Basic Auth and OCI Authentication will always go via the Proxy
  2. The environment (browser/device) which is being used to make the call to the REST API
  3. Whether the external REST API supports CORS or not

Here is a diagram showing how VB decides which option is the most optimal during runtime:


The advantage of the new Connection Type attribute is that the developer doesn't have to decide the choice upfront - VB does it for you. The developer simply has to indicate whether or not the REST resource being connected to supports CORS for this particular VB domain.  Ofcourse, the developer also has the flexibility of completely ignoring the optimality algorithm and always route requests through the proxy by using the "Always use Proxy" option


Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.