Bill Appleton - October 29, 2015

Someone using an angle grinder

We are thrilled to announce that DreamFactory 2.0 has been released and is available for immediate download. This second generation of DreamFactory provides major enhancements to API security, customizability, modularity, and performance.

Read more about DreamFactory’s current features.

This event is a real milestone for the DreamFactory team and the growing DreamFactory community. As one of the founders of the DreamFactory project, I wanted to provide some context for these exceptional new features and capabilities.

DreamFactory History

DreamFactory Software wrote the world’s first service-based applications over a decade ago. Soon after, we started building REST API backends in the cloud. A few years ago we decided to pour all of this experience into an open source project and we launched the first version of DreamFactory on GitHub. For the first time, developers everywhere could install a free REST API backend on any server, connect to any database, and instantly get the REST APIs they need to build and deploy modern mobile, web, and IoT applications.

The DreamFactory project has been well received, growing quickly to hundreds of thousands of developers and millions of users. But after listening to feedback from numerous developers, administrators, partners, and customers, the DreamFactory development team thought they could build an even better REST API backend. So, we completely rebuilt the product from scratch using the latest PHP frameworks and web standards. The results are spectacular.

Key advancements

  • Engine rewrite for maximum performance at high transaction volumes
  • Adopted JSON Web Token (JWT) for completely stateless operation at scale
  • Architectural improvements for “Platform as a Service” and Docker Containers
  • Comprehensive integration with Active Directory, LDAP, and OAuth
  • Highly-flexible role-based security at the user-app level
  • Custom API creation capabilities with support for API interface editing
  • API customization with multiple server-side scripting languages, including V8 JavaScript, Node.js, and PHP
  • Wrap legacy SOAP services as a REST API
  • Read and write to multiple SQL / NoSQL databases with a single API call (without writing code)
  • Includes MongoDB for instant integration with the leading NoSQL database
  • Modular, lightweight installation so you can deploy only the packages you need
  • All-new example apps for AngularJS, JavaScript, Titanium, iOS, Android, and .NET

Security enhancements

We made important security enhancements to DreamFactory. First, we streamlined our support for Active Directory and LDAP. This allows enterprise customers to use their current user directory to control access to the platform. Users can inherit existing rights or receive custom rights for each application. We also rebuilt support for OAuth. This feature provides a convenient way for end users to log in with credentials from Facebook, Twitter, Google, or GitHub. You can set up both Active Directory and OAuth in a few minutes right from the DreamFactory admin console.

One of the most common requests we received from developers was to expand the scope of our role-based access controls. Users have always been able to host any number of applications on the DreamFactory platform. But in the 1.x generation of the software, users had the same role-based access rights regardless of which application they were running. With DreamFactory 2.0, users can have different access rights for each application. This feature allows an administrator to fine tune the access rights for each user and app.

Lastly, DreamFactory 2.0 has revolutionized the way it handles session management. JSON Web Tokens are an open industry standard from the Internet Engineering Task Force for representing claims securely. The adoption of JWT allows for stateless session management, and this has dramatically increased platform scalability. We also use JWT for API Keys. This increases security at the application level and allows each application to have a default role. You can distribute API keys to partners or use them to make an API public. The move to JWT also allows for more flexible session timeout rules.

API customization

When you connect to a data source, DreamFactory automatically generates a complete palette of powerful and reusable REST APIs with all of the required services. For example, DreamFactory provides over 40 different RESTful services for SQL, handling everything from metadata to stored procedures. If you read my blogs, then you know how helpful this capability is in reducing REST API backend complexity and cost.

But, sometimes the APIs also need to be customized. For example, you might want to do custom validations or create workflow triggers. And some developers want to go even farther and create their own REST APIs from scratch. For all of these reasons, the engineering team worked hard to increase the ability to customize existing APIs or build new ones with DreamFactory 2.0.

First off, the server-side scripting engine now supports multiple languages. DreamFactory supports JavaScript running in the V8js engine as before, but now it also supports Node.js and PHP as well. There are more languages on the way. The security of the server-side scripting system has also been enhanced. The role-based access controls can be used to grant access rights to either the internal scripting system or the external REST API as needed.

Services screenshotNext, DreamFactory 2.0 has a new kind of service available. It has always had the ability to call external REST APIs and bring them under role management. Now you can also create a custom service that runs as a server-side script. From your script, you can use any of the RESTful services made available by the platform. In this manner, you could design a completely custom RESTful interface that merges data from multiple sources.

We also doubled down on our support for Swagger. The new version of DreamFactory has an enhanced user interface that allows you to create the parameters and request or response format for your custom services. Then your custom service will appear in the API Docs just like the regular services generated by DreamFactory. The interface you design will also be used to validate the passed parameters and request or response information.

Finally, by popular demand DreamFactory 2.0 includes two powerful new features for REST-enabling legacy data sources. First, DreamFactory 2.0 makes it easy to connect to legacy SOAP services with a REST API. This makes it really easy to expose your existing SOAP services as a REST interface. Second, we added a feature called “data mesh” that enables you to read and write data from multiple databases in a single API call, without writing any server-side code. Now you can easily join records from any number of disparate databases via any unique identifier, such as phone number or email address.

Performance breakthroughs

We have conducted extensive horizontal and vertical performance benchmarks on the new DreamFactory platform and the results are impressive. Vertical scaling can be achieved with additional processors. Horizontal scaling works behind a load balancer. DreamFactory 2.0 can be scaled in a predictable manner to any desired performance characteristics. This was made possible in part by our adoption of JWT, discussed earlier. But there are other reasons for the performance improvements.

First, a major reason for the rewrite of DreamFactory was that we wanted to move to the Laravel PHP framework. This is the most popular framework for the most popular scripting language. The routing engine in Laravel is world class. The eventing system and other system libraries are extremely well done. There are also mature drivers available for every type of SQL or NoSQL database in the PHP language. While the main engine is written in Laravel, we use the V8js engine for server-side scripting. This architecture allows us to run V8js in parallel for each request and response. The engine is sandboxed for security and reliability. This architecture avoids the performance bottlenecks normally found in single-threaded Node.js, which also uses the V8js engine. And DreamFactory now supports PHP in the scripting engine as well. Laravel includes a great package management capability. This allowed us to move to a much more modular architecture. You can install just the parts of DreamFactory that you need. For example, even user management is a module. Each of the database services can be installed separately. And now, users can build their own modules and install them as first-class DreamFactory services. 

We also worked with our packaging partner, Bitnami, to really trick out the installation options. DreamFactory 2.0 now includes MongoDB, the leading NoSQL database, as a pre-installed service. MySQL is still in there, too, and there are a bunch of new file storage options. DreamFactory 2.0 also includes SQLite, so users can instantly create SQLite databases when needed. This gives developers three great options right out of the box: SQL, NoSQL, and file storage. We also made it really easy to run the web server with either Apache or NGINX. So DreamFactory is now fully-stocked and ready to run with a variety of options.

To simplify installation, there are Bitnami packaged versions of DreamFactory for all major IaaS cloud platforms, including AWS, Azure, GCP, and VMware. There is a microservices container on Docker Hub. There are easy desktop installers for Mac, Windows, and Linux. The PaaS versions of DreamFactory for BlueMix, OpenShift, Heroku, and Pivotal will be out in November. The source code is available on GitHub under the Apache License. And if you like instant gratification, we also offer a free developer environment to try a hosted instance of DreamFactory.

Wrapping it up

I am very proud of the effort that the DreamFactory engineering team and community has put into the DreamFactory project, not to mention the results. The fact that DreamFactory is a completely free open source software package is a real stunner. I encourage you to check it out for your next project. And keep an eye on this blog. We’re going to dive deep into many important topics, including scalability benchmarks, using MongoDB, creating SQLite databases, merging multiple data sources, creating custom services, and the new sample applications for AngularJS, JavaScript, Titanium, iOS, and Android.

We look forward to hearing about the incredible mobile, web, and IoT applications users will build on DreamFactory 2.0. Be sure to let us know how it goes.