Overview
Authorization
When automatic login is disabled, you must include an Authorization header with a valid API token in every request:
Authorization: Bearer $CDROUTER_API_TOKEN
For example, if a user’s API token is deadbeef, the Authorization
header would be:
Authorization: Bearer deadbeef
You can use the Authenticate endpoint to learn a user’s API token by providing the user’s password.
A user’s API token can be found by navigating to /users in
CDRouter’s web interface and selecting the user from the list. It is
also possible to list the users on your CDRouter system with the
following command (requires root access):
/usr/cdrouter/bin/cdrouterd -list-users
When automatic login is disabled, failure to include a valid API token
will result in a 401 Unauthorized response. A 401 Unauthorized
response is also returned when trying to access a resource that the
user is not allowed to view:
HTTP/1.1 401 Unauthorized
Content-Type: application/json
{
"timestamp": "2016-04-14T10:33:10.728248133-04:00",
"error": "insufficient privileges"
}
Use the -H switch to add an Authorization header when using cURL:
curl -H "Authorization: Bearer $CDROUTER_API_TOKEN" http://localhost/api/v1/results
Authenticate
Get a user’s API token by authenticating via username/password.
Example
Learn API token deadbeef of user admin with password cdrouter:
POST /authenticate
Content-Type: application/x-www-form-urlencoded
username=admin&password=cdrouter
Response
200 OK
{
"timestamp": "2017-06-01T09:01:42.599028514-04:00",
"data": {
"id": "1",
"admin": true,
"disabled": false,
"name": "admin",
"description": "Default admin user",
"created": "2016-02-04T14:39:21.117867-05:00",
"updated": "2016-07-11T11:29:24.24582-04:00",
"token": "deadbeef"
}
}
Requests/Responses
Requests with a JSON body must include a Content-Type header set to
application/json:
Content-Type: application/json
Unless otherwise noted, all request and response bodies should be assumed to be JSON.
For clarity, example URL parameters on these pages are shown in their
unescaped form. However, actual requests sent to CDRouter must have
proper URL encoded
parameters. For example, the unescaped URL parameter
?filter=name=default.conf must be encoded as
?filter=name%3Ddefault.conf.
Receiving a 301 Moved Permanenty response to any request should be
considered normal. Clients receiving a 301 response should follow
the redirect by resending the request (including any request body from
the original request) to the URL in the Location header.
HTTP/1.1 301 Moved Permanently
Location: /api/v1/results/
Successful 2xx JSON responses include a top-level timestamp field
containing the server time when the response was generated and a
top-level data field containing the response payload:
{
"timestamp": "2016-04-14T10:33:10.728248133-04:00",
"data": { ... }
}
Most API errors will result in a non-200 response. The response will
include a top-level error field describing the error:
{
"timestamp": "2016-04-14T10:33:10.728248133-04:00",
"error": "invalid token"
}
Filtering
Many listing API calls can take one or more ?filter URL parameters
to narrow what is returned. The syntax for each parameter is
?filter=[NAME][OP][VALUE] where NAME is the field to filter on and
OP is a valid comparison operator for that field. A ?type URL
parameter with possible values inter or union controls how
multiple filters are combined (AND’d or OR’d). If not specified,
?type is assumed to be inter.
Each field’s set of operators is determined by its type:
String Field Operators
| Operator | Description | Example |
|---|---|---|
= |
Equal | ?filter=name=default.conf |
!= |
Not equal | ?filter=name!=default.conf |
> |
Greater than | ?filter=name>default.conf |
>= |
Greater than or equal to | ?filter=name>=default.conf |
< |
Less than | ?filter=name<default.conf |
<= |
Less than or equal to | ?filter=name<=default.conf |
~ |
Matches regexp, case sensitive | ?filter=name~All.*conf |
~* |
Matches regexp, case insensitive | ?filter=name~*all.*conf |
!~ |
Does not match regexp, case sensitive | ?filter=name!~All.*conf |
!~* |
Does not match regexp, case insensitive | ?filter=name!~*all.*conf |
Integer/Date Field Operators
| Operator | Description | Example |
|---|---|---|
= |
Equal | ?filter=created=2015-04-01 |
!= |
Not equal | ?filter=created!=2015-04-01 |
> |
Greater than | ?filter=passed>10 |
>= |
Greater than or equal to | ?filter=passed>=10 |
< |
Less than | ?filter=passed<10 |
<= |
Less than or equal to | ?filter=passed<=10 |
Boolean Field Operators
| Operator | Description | Example |
|---|---|---|
= |
Equal | ?filter=starred=true |
!= |
Not equal | ?filter=starred!=false |
Array Field Operators
| Operator | Description | Example |
|---|---|---|
= |
Equal | ?filter=tags={foo,bar} |
> |
Greater than | ?filter=tags>{foo,bar} |
>= |
Greater than or equal to | ?filter=tags>={foo,bar} |
< |
Less than | ?filter=tags<{foo,bar} |
<= |
Less than or equal to | ?filter=tags<={foo,bar} |
@> |
Contains | ?filter=tags@>{foo,bar} |
<@ |
Is contained by | ?filter=tags<@{foo,bar} |
&& |
Overlap | ?filter=tags&&{foo,bar} |
For example, the following cURL command would return results created
between 6/16/15 and 6/20/15:
curl -Ls -H "Authorization: Bearer $CDROUTER_API_TOKEN" -G \
--data-urlencode 'filter=created>2015-06-16' \
--data-urlencode 'filter=created<2015-06-20' http://localhost/api/v1/results
or to list results which are tagged with both foo and bar:
curl -Ls -H "Authorization: Bearer $CDROUTER_API_TOKEN" -G \
--data-urlencode 'filter=tags@>{foo,bar}' http://localhost/api/v1/results
or to list the union of results which contain either the tag foo or
the testcase cdrouter_basic_1:
curl -Ls -H "Authorization: Bearer $CDROUTER_API_TOKEN" -G \
--data-urlencode 'type=union' \
--data-urlencode 'filter=tags@>{foo}' \
--data-urlencode 'filter=testcases@>{cdrouter_basic_1}' http://localhost/api/v1/results
Sorting
Similarly, many listing API calls can take a ?sort URL parameter to
change the ordering of what is returned. The syntax for the ?sort
parameter is ?sort=+/-NAME[,+/-NAME].... NAME is a field to sort
on. A + indicates ascending ordering while - means descending
ordering. Multiple sort fields can be specified by separating with
commas.
For example, the following cURL command would return results, sort first by creation time (ascending) then by size (descending) and finally user ID (ascending):
curl -Ls -H "Authorization: Bearer $CDROUTER_API_TOKEN" -G
--data-urlencode 'sort=+created,-size_on_disk,+user_id' http://localhost/api/v1/results
Paging
Some API calls page results so as not to overwhelm the client with a
large response. The ?limit parameter is used to specify how many
results to return in each page. The ?page parameter is used to
specify which page of the results to return. The last page of results
can be returned by setting ?page to last. In addition to the
top-level data field which contains the current page’s data, a
top-level links field is returned with the following fields allowing
easy navigation of paged results:
{
"data": {
...
},
"links": {
"first": 1,
"prev": 3,
"current": 5,
"next": 6,
"last": 8,
"total": 100
}
}
Where first, prev, current, next and last are the first,
previous, current, next and last page numbers, respectively. The
total field indicates the total number of resources across all
pages. Paging can be disabled by setting ?limit to none, in which
case everything will be returned in a single response.
For example, to retrieve page 3 of /api/v1/results when asking for
25 results per page, use the following cURL command:
curl -Ls -H "Authorization: Bearer $CDROUTER_API_TOKEN" -G
--data-urlencode 'page=3' --data-urlencode 'limit=25' http://localhost/api/v1/results
Summary / Detailed Representations
Fetching a list of resources returns a response which often includes
only a subset of fields for those resources and is known as the
summary representation. Fetching an individual resource returns a
response which includes all fields for that resource and is known as
the detailed representation. Please note that while a field may not
be present in the summary representation of a resource, that field can
still be used in ?filter and ?sort parameters.
API calls which return a list of resources can be modified to return
the detailed representation and therefore return all fields for
that resource by setting the ?detailed parameter to true. Please
note that this can result in an extremely large response, especially
if used with a ?limit parameter of none, and therefore should be
used with care.
