Technical Overview

Config Requirements

Your application’s user interface MUST let the end-user specify their own API Token and the URI endpoint to upload to. 

CloudShark URI

The CloudShark URI should be the full URL including protocol of the API endpoint. For CloudShark Personal accounts this will be:

https://www.cloudshark.org

CloudShark Enterprise customers will require setting a private domain to use instead.

This URI MUST be configurable, and support both public and private instances.

Additionally, we strongly recommend using only secure HTTPS uploads to a FQDN with a matching valid certificate.

API Token

The user MUST also be able to specify the API Token that has been created on that host. API Tokens are 32-characters and only contain case-insensitive hexadecimal 0-9a-f.

The username and password of the user account SHOULD NOT be required by your application.

Performing Uploads

In order to upload a PCAP to CloudShark, your application should perform an HTTP POST or PUT with the contents of a completed capture file a URL matching the following pattern:

https://\[host\]/api/v1/\[api-token\]/upload

The host and api-token fields should be provided by the end user.

HTTP POST vs. PUT

When using the POST method, the contents of the file MUST be encoded as multipart/form-data and provided as the file URL parameter.

If using the PUT method, the file MUST be sent as binary data as the body of the HTTP request.

Response

The CloudShark server will respond to successful uploads with an HTTP 200 response containing the newly created Capture as a JSON encoded string:

{ "filename":"traffic-2011-08-16-104829.cap", "id":"f27d1494400c" }

Your application can then provide a link to the CloudShark “session” for this upload: 

https://\[host\]/captures/\[capture.id\]

We recommend directing users to only this URL as a starting point for their analysis.

Handling Errors

If an API request fails for any reason, CloudShark will return a non-200 HTTP response code. The response object will also contain a text description of the error in the exceptions field.

{ "status":404, "exceptions":\["API Token is missing or invalid"\] }

Your application SHOULD inspect the status field, as well as any exceptions given for why the upload failed. Common errors include trying to upload with an invalid API Token, or uploading a file that is larger than allowed.

CloudShark returns useful human-readable messages for all error conditions. These may be passed onto the user or displayed in your interface if desired.

If your application does not get an HTTP 200 status code back, or if the text response is not parsable as JSON, you MUST assume the upload failed and return an error code to the user.

Usage Statistics

If you’d like to see usage-statistics for your application, make sure you set the HTTP User-Agent header on requests to something unique to your application. This could include a version number as well.

User-Agent: my-plugin/v1.2.5

Contact us to find out how often your application is uploading to CloudShark!