Third-Party Development using ZKProto Rest Server

This section explains how to create a software using ZKProto Rest Server.Due to the fact that ZKProto Server synchronizes data with ZKProto Server, project can be created which is related ZKProto Server.

ZKProto Server uses OAuth 2.0 Authorization Framework standard.Authentication is necessary for data manipulation.When authorization request comes,If ZKProto Rest Server validates the request,It replies as a json which has token_type,access_token,expires_in and refresh_token. Someone can manipulate data using this access_token.If access_token expires,new access_token should be gotten using refresh_token.

How to get tokens

There are three ways to get token from server.Before explaining three methods, server waits a http request ,which contains five specified fields, for authorization request.These five fields are grant_type,client_id,client_secret,username and password. You can visit http://tools.ietf.org/html/rfc6749#section-4.3 for detailed information. You must make a “POST” request to the “/oauth2/access_token” url.

  • Using QueryString Method: You need to add all specified fields to the the url. For example, “/oauth2/access_tokengrant_type=password&client_id=test_client_id&client_secret=test_client_secret&username=test_user&password=test_password”.
  • Using X-WWW-Form-UrlEncoded Method: You need to fill all specified fields according to your application specification. You should not forget set “Content-Type” header to the “application/x-www-form-urlencoded” value. Example http://www.getpostman.com/ usage of this method is shown below:

  • Using Form-Data Method: This method is used via web forms,usually.You need to set form key values correctly. Example http://www.getpostman.com/ usage of this method is shown below:

How to use tokens

There are two ways to use access_token for accessing data.

  • First one is adding “access_token” query-string to the url. For example, “/br/query/getEntityTree?access_token=NmU1YTdjZTMtOTdhNi00OWE5LTk5NzQtOWIyNjJmOTVjYTZk”.
  • Second one is adding “Authorization” header to the request. You should not forget adding “Bearer” keyword before the “access_token” value. Please check example usage carefully. Example usage of this method is shown below:

When access_token is expired, you can get new tokens using refresh_token. Your request must include “grant_type”,“client_secret”,“client_id” and “refresh_token” key and values.

You can use three defined methods that explained in “how to get tokens” section. You must pay attention to change necessary fields. Example of using X-WWW-Form-UrlEncoded is shown below:

third_party_with_rest.txt · Last modified: 2015/03/02 16:43 by guillermo
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki Flying Spaghetti Monster also created this website. R'amen! Recent changes RSS feed Valid XHTML1.0