Unlock MySQL REST Service: Step‑by‑Step Installation and API Guide

Installation

The first step is to install the required RPM packages on Oracle Linux 9, including MySQL Shell 9.4.0 and the MySQL client, server, and related libraries.

sudo dnf install mysql-community-client-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-client-plugins-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-common-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-icu-data-files-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-libs-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-libs-compat-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-community-server-9.4.0-13.labs_mrs_13.el9.x86_64.rpm \
    mysql-shell-9.4.0-1.el9.x86_64.rpm

After installation start the server and set the temporary root password.

sudo systemctl start mysqld
sudo grep password /var/log/mysqld.log
# Example output shows a temporary password for root@localhost

Connect with MySQL Shell and change the password.

$ mysqlsh root@localhost
Please provide the password for 'root@localhost': ************
# Change password using ALTER USER before proceeding

Metadata Schema

The MySQL REST Service component requires a metadata schema. Create it before loading the component, preferably with MySQL Shell (mysqlsh) rather than the classic client.

Using MySQL Shell in VS Code

The MySQL Shell GUI extension for Visual Studio Code simplifies creating services, paths, and authentication. After installing the extension, create a connection, right‑click it, and select “Configure MySQL REST Service”. This generates the metadata schema automatically.

After configuring, the server error log shows the metadata schema creation.

Installing the Component

Once the metadata schema exists, load the component from the plugin directory.

cd /usr/lib64/mysql/plugin/
ls -lh component_mysql_rest_service.so
# Example size: 16 M
install component "file://component_mysql_rest_service";

The server log confirms the component start and that the X plugin is disabled.

2025-07-27T18:54:31.955831Z 11 [System] MySQL Rest Service Component: Starting...
2025-07-27T18:54:31.988013Z 0 [System] MySQL Rest Service Component: Disabling 'mysqlx' plugin

Variables

The component creates several global variables.

SELECT * FROM performance_schema.global_variables WHERE variable_name LIKE 'compon%rest_service%';
# Sample output shows http_port, ssl_cert, ssl_key, user, etc.

Status Variables

Additional status variables are available.

SELECT * FROM performance_schema.global_status WHERE variable_name LIKE 'compon%rest_service%';
# Sample output shows http_port_source, ssl_cert_source, ssl_key_source.

About X Protocol

By default the REST Service uses the X‑protocol port (TCP 33060) and disables the X plugin. You can change the port with the variable component_mysql_rest_service.http_port. If the X plugin is disabled, the service falls back to port 8543.

Adding a Service

All actions performed in VS Code can also be executed directly in MySQL Shell. Create a service, assign a schema and a table (e.g., fred.t1), and publish it.

Authentication

Four authentication providers are supported:

MRS (default, uses SCRAM)

MySQL Internal (plain‑text credentials in JSON payload)

Cookie (not recommended)

JWT token (preferred for MRS)

MRS

The default MRS authentication creates a dedicated account and authentication app. It is suitable for HTTPS‑only services.

MySQL Internal

Create a MySQL user and use the authentication app name in requests. No special privileges are required because the REST Service user already has data access.

CREATE USER miguel IDENTIFIED BY '<strong password>';
GRANT USAGE ON *.* TO 'miguel'@'%';

You can authenticate via cookie or JWT. Cookie authentication example:

curl -c cookie.txt -k -X POST -H "Content-Type: application/json" \
  -d '{"username":"miguel","password":"<STRONG PASSWORD>","sessionType":"cookie","authApp":"MySQL"}' \
  https://192.168.57.2:33060/myService/authentication/login

Subsequent request using the cookie:

curl -s -b cookie.txt -k -X GET https://192.168.57.2:33060/myService/fred/t1 | jq

JWT Token

Preferred method for MRS. Obtain a bearer token and use it in the Authorization header.

response=$(curl -s -k -X POST -d '{"username":"miguel","password":"<STRONG PASSWORD>","authApp":"MySQL","sessionType":"bearer"}' \
  https://192.168.57.2:33060/myService/authentication/login)

echo "Authorization: Bearer $(echo $response | jq -r .accessToken)" > /tmp/session.dat

curl -s -k -X GET -H "$(cat /tmp/session.dat)" \
  https://192.168.57.2:33060/myService/fred/t1/1 | jq

Command Line

You can also script the entire deployment with MySQL Shell commands, exporting them from VS Code if desired.

CREATE OR REPLACE REST SERVICE /myService PUBLISHED
    AUTHENTICATION
    VALIDATION "/fred/t1"
    OPTIONS {
        "http": {"allowedOrigin": "auto"},
        "headers": {
            "Access-Control-Allow-Headers": "Content-Type, Authorization, X-Requested-With, Origin, X-Auth-Token",
            "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
            "Access-Control-Allow-Credentials": "true"
        },
        "logging": {
            "request": {"body": true, "headers": true},
            "response": {"body": true, "headers": true},
            "exceptions": true
        },
        "includeLinksInResults": false,
        "returnInternalErrorDetails": true
    };
ADD AUTH APP `MRS` IF EXISTS;
ADD AUTH APP `MySQL` IF EXISTS;
CREATE OR REPLACE REST SCHEMA /fred ON SERVICE /myService;
CREATE OR REPLACE REST VIEW /t1 ON SERVICE /myService SCHEMA /fred AS fred.t1 CLASS MyServiceFredT1 {
    createdAt: created_at,
    id: id @KEY @SORTABLE,
    name: name
} AUTHENTICATION REQUIRED;

Conclusion

The MySQL REST Service component makes exposing MySQL data as JSON over HTTPS straightforward, handling SSL certificates automatically. It is ideal for progressive web apps, mobile apps, or any client that needs simple JSON access to relational data, and works with tables, views, stored procedures, and functions.