Default Mendix widget for common integrations - Mendix Forum

Default Mendix widget for common integrations


Mendix is a lot of times used for integration between applications. Most of us have developed a piece of functionality to embed the call to:


For us as a large company we'd like to use core Mendix and if needed use some widgets from the App Store. We then will use Mendix widgets. Not because other partners can not develop good widgets, but we will need support in future and therefor we stay with Mendix widgets. I know other companies have the same policy.

I would like that Mendix offers standard widgets for the above general functions so we, as Mendix developers,  don't need to build theme ourselves (saves cost) and there is support for future upgrades (stable upgrades)

2 answers

Marnix. thanks for your comment. 

I agree that the need is to have the most secured available way of integration. Therefor your remark about the widgets are correct. But despite my 'wrong' choice by asking for widget instead of direct API integration the question behind was the need i feel for Mendix having them integrated in the core or as a maintained add-on on the core. I think, just because the fact it changes a lot,  it saves the end-users a lot of work maintaining the changes by themselves. 



I'm going to provide some feedback regarding this request as I feel there are several issue points in my opinion.

You say your policy at a large company doesn't prefer using third party widgets from the AppStore. Which is understandable as most of them are maintained by very hard working individuals. But as they are usually maintained just by these individuals themselves there is always the chance that any critical issues with the widget introduced by a new Mendix version doesn't automatically result in a new widget version in a short time period. 

Your request for platform support over such wide range of API's that are constantly changing and upgrading in versions seems like an impossible thing to maintain by Mendix.

I also really question why most of these API integrations would be done through widgets and not through modules. Javascript at it's core is very traceable through browsers but also network calls. Therefor performing direct communication with API keys and calls from out of the user browser poses all kinds of security issues.

Especially when talking about transferring the user from a product page towards the payment platform. Or any other transaction in which personal details are transferred in these API calls. Also text analyses in Azure etc. can contain all kinds of information that shouldn't be exposed to the outside world.

The communication between the Mendix server and the application you're running is going over https:// and mendix handles the certification and security protocols for that communication between client and server.

Also for outgoing connections to third-party api's can be managed through server backend. Any implementations of certificates or restrictions are only applied on outgoing connections from the server towards those API's I believe and not from every client session to those API's directly from widgets.

Therefor building your own modules to me seems like the only way to go if you want to assure they upheld your policy for code quality and security. I guess a rule of thumb should be if you're unable to validate the quality and security of Javascript code in widgets you shouldn't be using those widgets for API integration purposes.