Open Source Initiative (OSI) PostgreSQL Java

Using the User API

The ConcourseConnect User API includes RESTful methods intended for 3rd party applications to authenticate as a Connect user and interact with aspects of ConcourseConnect.

There are two forms of security:

  1. SSL - SSL is the most basic way to keep communication secure; SSL must be used when talking to the API
  2. Digest authentication - The user’s username and password do not need to be stored on the device as plaintext, instead the information is encoded either for storage or before transmission

The API is accessed by appending /api to the URL.

When authentication fails, the web server returns error 401: This request requires HTTP authentication ().

Underlying data has access permissions so not all data will be visible for each user.

The services are defined and enabled in Connect’s api/core_services.xml configuration file.

Response Notes

The response uses well-formed XML when specified. An XML parser ensures proper data.

Authentication Notes

Digest authentication requires that the authorization credentials are specified in the HTTP Request Header.

Set 'Authorization' to (all on one line with a space after Digest):
Digest username="username",realm="realm",nonce="nonce",uri="uri",response="response"
realm = "ConcourseConnect";
uri = "/api/site";
ha1 = md5HexDigest(username + ":" + realm + ":" + password);
ha2 = md5HexDigest("POST:" + uri);
nonce = new Date().getTime();
response = md5HexDigest(ha1 + ":" + nonce + ":" + ha2);

REST API Methods

  • GET /site - Returns information about the site and the user
  • GET /show - Returns information about a specific profile specified by the unique-id value; the user must have access to the data
  • POST /status - Submits a new status entry to an activity stream

Sign in to add your comment.