How to setup a Web API Facade pattern

I've been reading about the Facade Pattern and I'm trying to get an idea on how to implement this. This is how I understand how it can be implemented:

|               (Facade layer) API Exposure                 |
|                           DMZ                             |
|              (Auth API)         (Application Web API)     |

So there are two layers. So basically two Web API end points. One that lives in the DMZ, which is not accessible to the outside world. It contains endpoints like:

internal/User Get/Put/Post/Del
internal/Order Get/Put/Post/Del
internal/Product Get/Put/Post/Del
internal/Address Get/Put/Post/Del

And then there is the public Web server that exposes a Web API endpoint to the outside world. That layer will have endpoints like:

api/user - POST

This accepts a JSON object like:

User: {
  username: 'john doe'
  addresses: [{
     street: 'something 1001'
  }, {
     straat: 'company 300'

Then the api/user endpoint will in return make two calls. One goes to internal/User and one to internal/Address.

So the consuming user only had to make one API call to save a user object with address information. But the Facade layer will make two separate calls.

Is my understanding correct of the Facade Pattern for Web APIs?

Second question I have is, where should I do the auth checking when a consumer tries to use an API? Should I do that on the DMZ layer, or the Facade layer?

I have the feeling that I miss some important things in this example. Any details are helpful.


I think you're rigth. It's the same as gateway pattern.

In the gateway you can add the authorization verification, and then invoke only the allowed service.

Need Your Help

Rebooted android phone and the Geolocation in my phonegap application stopped working

android cordova plugins geolocation

I rebooted my android phone and the geolocation code in my app has stopped working. The navigator.geolocation is returning true but getCurrentPosition and watchPosition aren't working. It isn't ret...