6 Replies Latest reply on Oct 21, 2013 10:23 PM by craig.mcclanahan

    Using the V3 REST API from other applications/servers

    mcollinge

      When we started looking at the V3 REST API, it sparked off a bunch of thoughts about how we might design a few nice little integrations to help with certain business processes. This is mainly around automating, or semi-automating some of the things we do now.

       

      1. We'd like to be able to copy a document from our Staging server to Production (separate domains). This sounded simple enough to do in JavaScript + jQuery & the REST API certainly supports the actions we'd need to do this, however we can't seem to do this from a single 'controller' web page running on a single domain, since the REST API doesn't do JSONP, and we start to hit cross-domain security exceptions.

       

      2. We have an internal system for managing some content on products, running on a completely separate server.. we'd like that to spit out documents into Jive using the REST API. The API has the right actions, but won't we run into exactly the same security issues?

       

      From what we're starting to see, the REST API is all well and good if you're doing calls from the Jive application, but falls down flat when you want to talk to it from another system, or have we missed something?

       

      Thanks in advance,

       

      Matt.

        • Re: Using the V3 REST API from other applications/servers
          mrowbory

          I think the main issue is the application using the API - i.e your browser, has to pass it's logged in session cookie to the server for authentication.

           

          In the case of an external app, it won't be logged in.  Not sure you can pass credentials with the connection?

           

          I would think that you should be able to do ‘1' as long as you run the code through your browser and are logged into both systems..?

           

          I've told jquery the type is ‘text' and then used eval() to get the response back into json if that helps.

           

            • Re: Using the V3 REST API from other applications/servers

              If you are writing some sort of "app" inside an HTML widget, you do need to send the correct cookies, or (better) use the Jive Apps APIs that take care of authentication for you.  But that is not the best way to write an external client app.  Before Jive 7, you should really be using Basic Authentication with the Jive username and password of the user to perform this transaction on every request.  With 7.0, you'll also have the option to authenticate with OAuth 2, and pass the appropriate access token on each request.

            • Re: Using the V3 REST API from other applications/servers

              1. I think the way to go would be to build this as a Jive App on one side, and then use a Jive connects service to connect to the REST API on your second Jive server.

              2. You would need to build this either as a separate application, or as an extension to your product management system. Are you looking to import documents on a regular basis, or is this something a user will do interactively.

              • Re: Using the V3 REST API from other applications/servers
                gdinning

                Would CORS help you to get around the cross-domain issue?  If I remember right, it would involve a little bit of configuration on the web server and setting appropriate headers in the client code.  It should be transparent to your service calls.  For identity, I think you should be able to send a BasicAuth header to authenticate to the service.

                • Re: Using the V3 REST API from other applications/servers
                  cusdenia

                  As Gregory Dinning stated for browser (AJAX) to server calls to support cross-domain requests you'll need to add CORS support to the Apache web server(s) sitting in front of the Jive application server.  See Using CORS - HTML5 Rocks

                   

                  Apache config entries to support AJAX calls with a custom header and cookie support:

                   

                  Header set Access-Control-Allow-Origin "http://<fqdn>"

                  Header set Access-Control-Allow-Methods "POST, GET, OPTIONS"

                  Header set Access-Control-Allow-Headers: "X-Requested-With"

                  Header set Access_Control-Allow-Credentials: "true"

                   

                  One thing I've noticed is that the default Jive Apache configuration denys OPTIONS requests - so doesn't support AJAX preflight requests.