REST API Authorization

133 views
Skip to first unread message

Uwe Jung

unread,
Aug 28, 2018, 6:58:20 AM8/28/18
to AtoM Users
Hello,

I'm still working with AtoM 2.4 on Ubuntu Server 16.04 and Nginx.
Today's question is about the REST API. I followed the steps in https://www.accesstomemory.org/en/docs/2.4/dev-manual/api/api-intro/ and was abeld to retrieve data via the a get request.
Unfortunately it's only working if I use the RESTer Plugin inside Firefox browser and only if I'm logged in to the AtoM site using another Tab inside the same browser session.
It's not working via curl or any other Bash command. The answer is always an Authorization issue. So I presume that's onyl working on Firefox/RESTer because the credentials I gave when I manually logged in to the site.
In fact we don't even need any authorization because we like to provide some "Download this description as JSON" link for all visitors.
So our first idea to  use an API-Key from a  harmless dummy user failed. What should we do next?

Thanks

Uwe Jung


Dan Gillean

unread,
Aug 28, 2018, 11:08:58 AM8/28/18
to ICA-AtoM Users
Hi Uwe, 

I've just tested the API plugin on the demo site, and it seems to work - remember, because the demo site resets regularly, you would need to first log in, go to Admin > Plugins, and make sure the API plugin is enabled. After I was able to run the following example query: 
The documentation does clarify that browser access will only work if you are logged in. I'm not aware of any way that you can pass an API key just via the browser, though it may be possible. However, as far as I can tell, the API key is also working via cURL. I generated an API key for the editor user in the public demo site (remember, if you want to repeat this, you will likely have to log in and do it yourself again, since the demo site will regularly reset), and the following query worked: 
I think to be able to do you what you want, you would need to do some development. I am not a developer, but I think you'd have to do something like the following: 
  • Generate an API key for a dummy user
  • Create a button in the view page template for information objects
  • When the button is clicked, form the query by: 
    • Fetching the dummy user's API key and inserting it, and
    • Fetching the slug of the current description and appending it to the URL
  • Post the returned JSON in a way that the browser can access and display
Let us know how it goes! 

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory


--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
To view this discussion on the web visit https://groups.google.com/d/msgid/ica-atom-users/3285fc31-30a3-4f92-a477-2aa9564c1504%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Uwe Jung

unread,
Sep 12, 2018, 8:27:53 AM9/12/18
to AtoM Users
Hi Dan,
 
Thanks. The problem was a Basic authentication I had still activated for the test site. Once deactivated, curl examples are working.
Indeed as it's not easy to use a header with the REST-API-Key value inside a simple ref link I opted to add a file api.php inside the atom root directory which is redirecting REST api queries.
Well, it's marching fine.

Now the question is, if there is a way to retrieve actors too  via a REST API. The documentation says there isn't. So do you have any idea how I can add some kind of JSON export link to a page with authority data?

Greetings

Uwe Jung

Dan Gillean

unread,
Sep 12, 2018, 10:47:40 AM9/12/18
to ICA-AtoM Users
Hi Uwe, 

You are correct that the basic REST API in AtoM does not currently have a method of exposing actor data. My best recommendation would be to study the arRestApiPlugin to see how it works currently, so you can extend it. Under modules/api/actions for example, you can see how the current supported entities are being exposed. Hopefully you can parse how this is working, and develop a new set of actions for actors. 

See also our basic Development resources on the wiki, and slide decks such as the following which may provide some general development guidance: 

Regards, 

Dan Gillean, MAS, MLIS
AtoM Program Manager
Artefactual Systems, Inc.
604-527-2056
@accesstomemory

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To post to this group, send email to ica-ato...@googlegroups.com.
Visit this group at https://groups.google.com/group/ica-atom-users.
Reply all
Reply to author
Forward
0 new messages