Authentication
Authentication is via a proxy or delegated model, where the REST client is treated as an administrative user by the Registry. The client, where appropriate, indicates which target subject it wishes to act on behalf of.
The REST client is authenticated via a simple user/password pair transmitted over HTTPS as part of a basic auth transaction. More sophisticated authentication mechanisms, such as delegated SAML assertions, may be supported in the future.
Note: POST may work for edit due to default CakePHP functionality but is not supported.
Adding a New API User
All API Users currently have full access to all Registry data across all COs. (CO-91)
Platform Administrators may add and manage API Users via Platform >> API Users.
Note that the API User Name must not conflict with any login identifier for any valid user on the platform. This will be enforced when an API User Name is added or edited, but not currently at any other point. (ie: It is possible for a subsequently added person to have a login identifier that conflicts with an API User Name.) (CO-104)
It may make sense to, by policy, only allow login identifiers in eppn format (with an @) and to only allow API User Names not in that format (without an @).
Object Formats
The REST API supports different formats for representing data object passed. Each format may convey the following special variables:
- Object Type: The type of object represented in the request, as defined for each data type.
- Object Version: The version of the object represented in the request, as defined for each data type.
URL
For methods such as GET that pass arguments as part of the URL, arguments are positional as defined for each data type.
JSON
This format is supported for requests and responses.
XML
This format is supported for requests and responses.
The XML format is deprecated as of Registry v3.1.0, and will be removed in Registry v4.0.0 (CO-1555).
VOOT
This format is experimental. See VOOT API for more information.
Request and Response Formats
Changelog
In addition to the attributes defined in the Response formats for each Model, Models enabled for Changelog Behavior will return Changelog metadata as well (deleted, revision, parent ID, etc).
Attribute Enumerations
If Attribute Enumerations are defined for an attribute, permitted values for that attribute are constrained to the enumerated values. Permitted values may be determined and set via the AttributeEnumeration API.
API Reference
- Address
- AttributeEnumeration
- CO
- COU
- CoEnrollmentAttribute
- CoExtendedAttribute
- CoExtendedType
- CoGroup
- CoGroupMember
- CoInvite
- CoNavigationLink
- CoNsfDemographics
- CoOrgIdentityLink
- CoPerson
- CoPersonRole
- CoPetition
- CoProvisioningTarget
- CoTAndCAgreement
- CoTermsAndConditions
- EmailAddress
- HistoryRecord
- Identifier
- Name
- NavigationLink
- Organization
- OrgIdentity
- TelephoneNumber
- Url
See REST API Examples.