Mastering Consuming Liferay Headless APIs

Course Overview

Consuming Liferay APIs in Backend Contexts

Backend processes are vital for a broad spectrum of business needs, facilitating both machine-to-machine communication and complex processing. These backend interactions often invoke APIs programmatically, typically operating outside Liferay's runtime. This necessitates efficient handling of API calls, data processing, and authentication. In this lesson, you’ll explore various backend examples of consuming Liferay's headless APIs.

Consuming Within Backend Contexts

Example scenarios of backend contexts include

  • Synchronizing data with third-party and middleware systems.
  • Executing custom logic in microservices.
  • Automating tasks and batch processing.
  • Consuming Liferay data within external websites and services.

Understanding different backend scenarios is essential to appropriately select authentication flows.

Synchronizing Data with External Systems

Importing and exporting data between Liferay and external platforms is a frequent organizational requirement. CRM, ERP, eCommerce, and external database contexts typically involve synchronization between systems. Common use cases include

  • Daily synchronization of users, products, orders, or customer data.
  • Injecting external data into Liferay Objects for reporting or processing.
  • Exporting data to an external system for processing or analytics.

To mitigate tight coupling and security risks for these situations, direct connections between Liferay and external systems should be avoided. Instead, evaluate leveraging integration middleware (such as Talend Studio, MuleSoft, or Apache Camel) to decouple Liferay from external platforms.

NOTE
Liferay provides middleware connectors for infrastructures like MuleSoft (built-in) and TradeCentric (available on Liferay Marketplace), simplifying API calls and authorization.

Executing Custom Logic in Microservices

Liferay's microservice client extensions empower developers to extend Liferay’s functionality with custom logic executed external to Liferay. Common use cases include

  • Triggering external operations with object actions when object entries change states.
  • Validating input before saving object entries.
  • Calling external services during approval processes.
  • Customizing checkout processes with external pricing, tax, or fraud detection services.

This approach provides flexibility for handling complex or intensive processing without modifying Liferay’s core. Since requests originate from Liferay, you can simplify authenticating these backend API processes securely with a JSON Web Token instead of an OAuth 2.0 token.

Automation and Batch Processing

Backend processes also perform bulk operations such as batch importing/exporting data or automating recurring tasks. Common use cases include

  • Importing/exporting large datasets efficiently with batch APIs.
  • Automating API calls to update Liferay records with scheduled jobs.

Consuming Liferay Data Externally

External websites, customer portals, and partner applications also consume Liferay’s data externally via APIs. In addition to SPA-based contexts, these include backend-rendered applications fetching data from Liferay and serving it to users. Common use cases include

  • Presenting Liferay distributor data within partner portals.
  • Displaying Liferay Commerce product catalogs in external sites.

Selecting Authentication Flows

Backend API consumers don't run within user sessions, unlike frontend applications. Therefore, they typically require explicit authentication via OAuth 2.0. The following authentication flows are recommended when consuming within backend contexts:

Use Case Recommended Flow Context
Synchronizing Data with External Systems OAuth 2.0 Client Credentials Typically run as independent services without user sessions.
Executing Custom Logic with Microservices JSON Web Token (JWT) Bearer JWT tokens can be sent to client extensions from Liferay. For example, see this LiferaySampleCommerceCheckoutStep’s ActionRestController.
Automation and Batch Processing OAuth 2.0 Client Credentials Ensure secure API access without user involvement for independent batch jobs.
Consuming Liferay Data Externally
  • If user authentication is required, OAuth 2.0 Authorization Code Flow
  • For machine-to-machine communication, OAuth 2.0 Client Credentials
 Evaluate adding Proof Key for Code Exchange (PKCE) in public clients to further mitigate risks of authorization code interception.

Conclusion

Backend systems are crucial for extending Liferay's functionality, automating tasks, and integrating with external platforms. Understanding specific backend contexts is essential for choosing secure API authentication methods. For third-party integrations, data synchronization, and batch processing, the OAuth 2.0 Client Credentials Flow is recommended. JWT tokens provided by Liferay streamline authentication for microservice client extensions.

Next, you'll consume Liferay APIs from Clarity's client extensions.

  • Consuming Within Backend Contexts

  • Selecting Authentication Flows

  • Conclusion
Loading Knowledge

Capabilities

Product

Education

Contact Us

Connect

Powered by Liferay
© 2024 Liferay Inc. All Rights Reserved • Privacy Policy