With the version 12 technology platform, STARLIMS offers a new REST API engine. It is really great – until you want to enhance it and add your own endpoints. That’s where it gets … complicated. Well – not so much – if you know where to start. Nothing here is hidden information, it is all written in the technology release documentation; just not easily applied.
If you read the doc, you’ve read something like this:
Routing maps incoming HTTP API requests to their implementation. If you are a Core Product team, you must implement routing in pre-defined Server Script API_Helper.RestApiRouter; if you are a Professional Services or Customer team, you must implement routing in pre-defined Server Script API_Helper_Custom.RestApiRouter (which you need to create, if it doesn’t exist).
STARLIMS Technology Platform Documentation 09-016-00-02 REV AB
That section is accessible using the /building_rest_api.html Url of the platform documentation.
It is really good, and it works, and everything listed is appropriate. I would only add 2 points for your sanity.
1- handle your routes in a different way than what STARLIMS suggest. Their example is very simple, but you’ll want to have something scalable / reusable. I went with a single function and nested hashtables. By default, the custom routing needs a Route method. To “store” the route, I’ll also add a private getRoutes method. In the future, we’ll only add entries in the getRoutes, which will simplify our life.
hashTable of version
hashTable of of service
hashTable of entity
/* all route definition should be in lowercase;
/* store API Verions at 1st htable level;
hApiVersions := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v2"] := LimsNetConnect("", "System.Collections.Hashtable");
/* store each service within the proper version;
hApiVersions["v1"]["examples"] := LimsNetConnect("", "System.Collections.Hashtable");
/* then store each endpoint per entity;
hApiVersions["v1"]["examples"]["simple"] := "API_Examples_v1.Simple";
/* store each service within the proper version;
hApiVersions["v1"]["system"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"]["system"]["status"] := "API_CustomSystem_v1.status";
/* process-locks endpoints;
hApiVersions["v1"]["process-locks"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"]["process-locks"]["process"] := "API_ProcessLocks_v1.Process";
/* user-management endpoints;
hApiVersions["v1"]["user-management"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"]["user-management"]["user-session"] := "API_UserManagement_v1.UserSession";
hApiVersions["v1"]["sqs"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"]["sqs"]["message-queue"] := "API_SQS_v1.message";
hApiVersions["v1"]["load"] := LimsNetConnect("", "System.Collections.Hashtable");
hApiVersions["v1"]["load"]["encrypt"] := "API_Load_v1.encrypt";
hApiVersions["v1"]["load"]["origrec"] := "API_Load_v1.origrec";
.Version : string - e.g. "v1"
.Service : string - e.g. "folderlogin"
.Entity : string - e.g. "sample";
:DECLARE hRoutesDef, sVersion, sService, sEntity;
hRoutesDef := Me:getRoutes();
/* remove case route;
sVersion := Lower(routingInfo:Version);
sService := Lower(routingInfo:Service);
sEntity := Lower(routingInfo:Entity);
When you need to add new routes, all you do is add new lines to the getRoutes method, the logic in the Route method is static and shouldn’t change. Then, you create the corresponding categories and scripts to actually run your logic, and you’re set.
Of course, you can build your own mechanism – it is by no mean the best one; but I do find it to be easier to manage than STARLIMS’ suggestion.
Now, I know: you might be tempted to write a generic data-driven routing. I was tempted to do it. In the end, it is a balance between convenience and security. If you let it be data-driven, you loose control on what can be routed. Someone may modify the route to, let’s say, get result, to instead return all user information, and you wouldn’t know. If it’s in the code, then you’ll know. So – although it is not as convenient, don’t get your routes handled by the database. It would also add extra load on the database. So – no good reasons other than convenience, really.
2- properly document your APIs. Heck, document your APIs before you implement them! I recommend https://swagger.io/ to generate some .yaml files. Trust me: whoever will be consuming your API will thank you!
All in all, I think the STARLIMS REST API really brings the system to an all new level. Theoretically, one could build a full UI stack using React or Angular and just consume the API to run the system on a new front end.
Or one could expose data endpoints for pipelines to maintain a data mart.
Or anything. At this point, your creativity is the limiting factor. Do you have great ideas for use cases?
Make sure you have access to setting up a Manual Proxy. This can be tricky and may require your administrators to enable this for you. What you’ll want is to be able to toggle it like this (don’t enable it just yet! Just verify you can):
On your STARLIMS Server
Make it available through HTTP. Yes, you have read properly, HTTP. Not HTTPS. I think it can work HTTPS, but I ran into too much problems and found out HTTP is easiest. This is to simplify traffic recording when recording a scenario for re-processing.
Create your load users. If you expect to run 100 simultaneous users, then let’s create 100! What I did is create users named LOADUSER001 to LOADUSER250 (so I would have 250 users) and have their password to something silly like #LoadUser001 to #LoadUser250. Like I said – don’t do this if there’s any sensitive data in your system.
To help you, here’s a script to generate the users:
You will need to test the above, on my system it worked fine (haha!) but setting password and security is not always working as expected in STARLIMS; so do not despair – just be patient.
Edit the web.config file. I will presume you know which one and how to achieve that. You need to change / add the following appSetting to false: <appSetting name="TamperProofCommunication" value="false" />
Add Endpoint to Encrypt function. That’s really the tricky part. In both XFD and HTML, STARLIMS “masks” the username and password when putting it in the payload for authentication, to prevent sending in clear text. But this encryption is significant; it is part of .NET and not easily integrated to JMeter… Unless it becomes a REST API endpoint!.
So, in a nutshell, the trick is to create a new API Endpoint that receives a string and a key, and call the EncryptData(text, key) function, and return the encrypted string. I will not stress it enough: do – not – enable – this – on – a -system – with – sensitive – data. And make sure you will only use load testing users. If you do so, you’re fine.
This is the code of the REST API method to expose from STARLIMS:
Since it gets exposed as a REST API, the concept is that at the beginning of the load test, for every user, we call this with the username and the password to get the encrypted version of each, which allows us to tap into STARLIMS cookie / session mechanism. Magic!
Now, we are kind of ready – assuming you’ve followed along and got everything setup properly and were able to test your API with POSTMAN or something like that. Before moving on, let’s take a look at a typical load test plan in JMeter:
The idea is we want each user (thread) to run in its own “session”. And we want each session to be for a different user. My scenarios always involve a user login into STARLIMS once (to create a session) and the to loop on running the scenario (for example, one scenario could be aboout creating folders, another scenario about entering results, etc.) . I will leave to you the details of the test plans, but the idea is you first need to login the system, then do something.
At the level of the test plan, let’s add user-defined variables – in my case, this is only so I can switch STARLIMS instances later on (I strongly recommend you do that!):
Always at the level of the test plan, add a counter:
This will be the magic for multiple users. Note the number format – this has to match your user naming convention, otherwise, good luck!
Now, let’s have our user login STARLIMS.
Add a Transaction Controller to the Thread Group. I renamed this one “System Login” – call it what you want.
On your new transaction controller, add a Sampler > HTTP Request, which will be our call to the REST API
As you can see, I did a few more things than just call the API. If we break it down, I have a pre-processor “Initialize User Variables”, a HTTP Header Manager, and a JSON Extractor. Let’s look at each of these.
Pre-processor – Initialize User Variables (Beanshell preprocessor)
This will run before this call is made – every time this call is made! This is where we initialize more variables we can use in the thread.
This will initialize the currentUser and currentPW variables we can reuse later on. Since this is a pre-processor, it means the request can reference them:
Now, let’s look at the HTTP Header Manager:
Pretty simple – if you have STARLIMS 12.1 or +, you just need to get yourself an API key in the RestApi application. Otherwise, this whole part might have to be adjusted according to your prefered way of calling STARLIMS. But, long story short, SL-API-Auth is the header you want, and the value should be your STARLIMS secret API key.
Finally, this API will return something (the encoded string). So we need to store it in yet another variable! Simple enough, we use a post-processor JSON extractor:
What did we just do? Here’s a breakdown:
Initialized a user name and password in variables
Constructed a HTTP request with these 2 variables
Called the REST API with our secret STARLIMS key using this request
Parsed the JSON response into another variable
If you have set the thread group to simulate 10 users, then you’ll have LOADUSER001 to LOADUSER010 initialized. This is the pattern to learn. This is what we’ll be doing all along.
Wait. How did you know what to call afterward?
Great question! That’s where the proxy gets into play. Now, we don’t want to go around and guess all the calls, and, although I like Fiddler, I think it would be very complicated to use.
In a nutshell, this is what we’ll do:
We’ll add a Recording Controller to our Thread Group
Right-click on your Thread Group > Add > Logic Controller > Recording Controller
We’ll add a Test Script Recorder to our Test Plan
Right-click on your Test Plan > Add > Non-Test Elements > HTTP(S) Test Script Recorder
Change the Target Controller to your recording Controller above, so you know where the calls will go
We’ll activate the proxy (bye bye internet!)
Open Windows Settings
Look for Proxy
Change Manual Proxy > Use a proxy server to on.
Local Address = http://localhost
Port = 8888
Click Save! I didn’t realize at first there was a save button for this…
We’ll start the Test Script Recorder
We’ll peform our action in STARLIMS
WARNING: A good practice is to change the value of Transaction name in the Recorder Transactions Control as you progress. What I typically do is put SYSTEM_LOGIN while I launch STARLIMS. Then SYSTEM_LOGIN/VALIDATE when I enter credentials, then SYSTEM_LOGIN/OK when I click OK, etc.
If all works well, you should see items being added to your Transaction Recorder.
We’ll stop the Test Script Recorder – just click on the big red Stop
We’ll deactivate the proxy (yay!) – just toggle it off.
You should have something like this in your recorder:
If, like me, you let your Outlook opened, you will have all kind of unrelated HTTP calls. Just select these and delete them. You should be left with something like this:
Now, let’s understand what happened here. We recorded all the calls to STARLIMS. If you wish, you can remove the GetImageById lines – typically, this should not have any performance impact as these should be cached. But heh, that’s your call.
Let’s look at the 1st request:
Interestingly enough, we can see the Protocol is http, and the Server Name is our STARLIMS server. If you created user defined variables, then you can just clean these 2 fields up (make them empty). We can default them at the test plan level (later on). But if you do that, you must do it for all requests! So, let’s not do this (just yet). Let’s leave it as is.
Now, what we want, is to re-run this so we can have actual data to work with and to make our script dynamic. But we need to record all the requests sent and received.
Right-click on your Thread Group > Add > Listener > View Results Tree
I find this listener to be the best for this activity.
Now, let’s run this “as is” clicking the play button
The beauty here is you can get the data sent to STARLIMS as well as the responses, allowing us to understand how everything is connected. Let’s take a look at the Authentication.GetUserInfo – that’s our first challenge:
If you look at the Request Body, you’ll see your user name (which you used to login), as well as a 2nd very strange parameter that looks like the above highlighted string in kind of pink. Now, when we log into STARLIMS, we must send that string, which, essentially, is the password hash based on the user name (one-way encoding). So the question is: how do we get this? This is where our REST API, which we prepared earlier, comes into play!
With this, you can do everything now! Well, as far as load testing is concerned, it can at least get you started!
Earlier, I mentioned you shouldn’t leave your Server name / path / protocol in there. Indeed, in my screenshot above, you can see it’s all empty. This is because I added a HTTP Request Default to my test plan:
You’ll also want a HTTP Cookie Manager. This one doesn’t need configuration as far as I know; but it must exist so cookies are carried over.
What?? Conclusion already? But we were just getting started! Well, don’t worry. I have done a little bit more than just that, and I am including it with this post.
You will need to figure out a few things, like some of the APIs I use and some forms/scripts that you won’t have. But this should give you a very good overview of how it works and how it is all tied in together.
Here I was trying, with the infra team, to access my Azure container through SAS. STARLIMS has a built-in Azure container support, but it relies on a connection string with account information and all. But, like most Azure customers, that is not our reality. We use shared containers, so we need a SAS token… Which is not supported to configure as a STARLIMS connection string.
This means that next step will be any other web service consumption instead of direct containers access. Is it complex? Less than I expected!
Step 1: let’s get a SAS token!
Now, finding the said token is not always obvious, but mine looked something like this:
Hopefully, yours too! In the Azure Container tool, look for the “Shared Access Signature”, it’s the same thing.
Step 2 – integrate the Azure API!
Now, how do we put files there? The connection string and tutorials on STARLIMS will not help… But the web services will! All we need to do is write a UploadToAzureBlob procedure and a DownloadFromAzureBlob procedure (both in SSL) and that will do the trick:
Search for STARLIMS; if I got it right, it should come out in the partner section.
Follow the instructions, and you should be able to get it running!
A few things to note:
the predefined queries work, except for COC, which I kind of ditched for now.
the QBE work! Note that I don’t (yet) apply the default QBE filters, so don’t just go and pull up all your data. That will be hard on all servers.
You can create many connections; so you technically could create one for Folders, one for Samples, one for Results, one for your favourite QBE, one for your products, etc… And blend all of them! Magical!
Finally, and most importantly: I – do – not – cache – the – data. Not yet. I will eventually look at doing that, but not now. Therefore, each time you run this, you actually query the database server. Be careful.
I do this on my own time for fun. It’s just fun. Good if it helps you, but don’t hold me responsible if you mis-use this!
That’s it for now! Remember, this is a project for fun! Contact me if you want to know more, of if you wish me to consider adding features to this.
Yup; almost a full year without a post: shame on me. But here I am, with something cool for you STARLIMS users/developers/adminstrators!
Recently, I was looking for a good reporting tool – thinking to replace SAP’s Crystal Reports – and somehow stumbled upon Google Data. Google Data is kind of a mix in between Microsoft Power BI, Tableau, QLik and any and all Data visualization/analytics/findagoodbuzzword tools.
… Except it is free. Kind of.
DISCLAIMER: This project is in progress and I do this on my free time at home. I do not want to release the google script code just yet, but I do want to share progress and see where it takes me. Please contact me directly if you wish to know more and want to use this. Right now, this is closer to prototype than anything else.
There are good tutorials on writing your own Data Connectors. Google is really working hard to get developers on board. Of course, since this is not a very well known tool yet, it is still quite tricky to get going, even when following the said tutorials.
But chances are that if you read this, you know me. And you know this is the kind of things that intrigues me. Challenge! New playground! Undiscovered lands! So here I am: I have given it a try, and I will share my work here. Freely. Eventually, who knows; maybe someone somewhere will use it!
Given the nature of STARLIMS, you can kind of reverse-engineer the code so I will, aside from giving you here a (somewhat) working solution, explain what I have done and share the connector’s code so you can make it better.
Now, what’s behind a Google Data Connector? Basically, there are 4 functions really:
Authentication. For STARLIMS, I am using the Username and Password approach. I pass these in headers, so if your connection is secured (HTTPS) then you’re good. If you use normal STARLIMS authentication, then this will work for you. Where I work, we use AD, and it works fine too.
getSchema. This is critical – we need to provide the connector, at the beginning, the full schema of the data. Given the size of STARLIMS, I am opting for either
Predefined entities (Folders, Orders, Ordtask or COC)
QBE Templates (code-based)
I think I can manage the schemas from these quite easily. I need to know field names, labels and types, whether they are measures or dimensions; that’s it.
3. getData. This is tricky. This will pass a sub-set of the required fields, and the data must match the subset of these fields. It can be done, but one needs to create the right SQL statements based on the schema.
4. getConfig. This ties everything together. The way I built it is to define the URL of your connection (aka STARLIMS URL) and whether you will use a specific QBE or a predefined entity. When you first create a connection, it will require username and password. I am not storing these, google is; it is up to you then to decide if you trust google or not with the data…
And that’s it, really! This is the kind of charts you can do in a few clicks:
Of course, these are very simple / silly examples. But it is to show that you can create viz easily, and good looking ones at that!
My idea / goal is to extend my connector and code so you could create dynamic dashboards on your STARLIMS Data using existing QBE templates you spent hours / days to optimize and clean. I think this will be definitively worth it.
You can get started here. I will update the STARLIMS Code and enhance the connector. For now, all I do is a simple query on FOLDERS and ORDTASK to kind of have a proof of concept; it actually works quite well!
Let’s see where this gets me in the future!
P.S. Remember: this is work in progress and not production-ready!
This week was Abbott Informatics’ APAC Forum. Speaking with old colleagues, I got inspired to try to revive this site for the 4th time (or is it the 5th?).
I’m currently sitting in a performance enhancement session and thinking to myself: heh, that’s NOT how I would go about it (sorry guys!). Silver bullets? Nah.
The first step to improving performances is to identify what is slow (duh!). What are the bottleneck? Why is it slow?
As a STARLIMS developer, I know that oftentimes, the code written in there is not necessarily the most efficient one. Therefore, why not start by monitoring the performances of, let’s say, SSL scripts, which represent the backbone of the business layer?
I’m thinking: why not have a simple tool that will record, like a stop watch, all block of code execution time, and then provide a report I can read? Heck, .NET has a StopWatch class! Hey! STARLIMS IS .Net!
The more I think about it, the more I consider: let’s do it!
How do we do this?
First, let’s create a class. I like classes. I like object-oriented code. I like the way it looks in SSL afterward, and it makes it way easier to scale through inheritance later on. Question is: what should the class do?
Well, thinking out loud, I think I want it to do is something like this:
Start the stop watch
Monitor event 1
Monitor event 2
Do something else
Monitor event x
so on and so forth
Provide a readable report of all the event duration
I also want it to count the number of time an event run, and I want to know the AVERAGE time gone in there as well as the TOTAL time this event took.
Now that I know what I want, let’s write the class that will do it (for the sake of this example, I created it in the Utility global SSL category).
I have been using this in many places in our system and it did help me to find the best places to optimize our code. Sometimes, the same insert will run 500 times and will total up to 15 seconds; that is worse than one call that runs only once and take 3 seconds (at least for the end user).
I hope this can help you find the bottlenecks of your SSL code!