The Scripted REST API is used to create custom web APIs for instance integrations with external applications. You can define a server script called by a REST request from an external system.

The script can process request parameters, perform actions on the instance, and generate a response. The configured REST API creates an endpoint for the requests from external systems, including other SimpleOne instances.

Role required: admin.

Endpoint setting

To set an endpoint, complete the steps below:

  1. Create an API Module. Navigate to Scripted REST API→ API Modules.

  2. Specify the Name, Active and Path fields. 

    FieldDescription
    NameSpecify the API module name.
    PathSpecify a relative path to the API module, for example, support.
    ActiveSelect this checkbox to make the module active. This enables you to select this module in the referencing tables: API Version, API Action, and API Module Request Parameters
  3. Click Save or Save and Exit to apply the changes. A related record API Version is created and located in the Related list.

  4. Click the API Version record in the Related list to open it. You can add another record of the API module version in the Related list if needed. 

    FieldDescription
    ModuleSpecify the API module created earlier for this version.
    ActiveSelect this checkbox to make the version active or inactive. When set to false, you'll be unable to select this version in referencing tables (API Action).
    PathSpecify a path to the API version, for example, v1.

  5. In the Related list area, select the API Action tab and click New.

    FieldDescription
    NameSpecify the action name.
    PathSpecify a path for API action.
    ActiveSelect this action to make the version active. When set to false, you cannot select this version in referencing tables (API Action Request Parameter).
    Is Authentication Required

    Select this checkbox if the request requires authentication before the execution. The token passes in the request header. By default, this statement is equal to true.

    ModuleSelect the API Module created earlier (activate module before selecting). This field references the API Module (sys_api_module) table.
    VersionSelect the API version created earlier (activate version before selecting). This field references the API Version (sys_api_version) table.
    HTTP MethodSelect the method this action implements (for example, GET or POST).
    Script

    Specify a script that implements your action using the Server-Side API, SimpleApiRequest and SimpleApiResponse side API classes there.

    You can create an API action to run its script when a request for action is received. 

    You can state a version to the request for action:

    {your_instance_url}/v1/api/{application}/{module_path}/{version}/{action_path}

    Or you can omit it:

    {your_instance_url}/v1/api/{application}/{module_path}/{action_path}

    API requests without a version specified automatically use the last active version.

  6. Fill in the Name and the Path fields. The example value of the Path field is tickets-count.

  7. In the HTTP Method field, specify the method to call the action.

  8. In the Script filed, add a script to call when a REST request for the action occurs. To work with the REST API requests in the SimpleOne platform, the SimpleRestRequest and SimpleRestResponse classes are defined. The data objects of these classes are available in the API action script. See the example below:

    API action
    (function (request, response) {
    const reqBody = request.getBody();
    response.setBody({
        "body": JSON.stringify(reqBody),
        "count": 1
    })
})(SimpleApiRequest, SimpleApiResponse)
  9. Click Save or Save and Exit to apply the changes.

  10. You can set API action request parameter related to the action and select the Is Required option for any of them if necessary. See the screenshot below:

    When sending a request without a mandatory parameter, a user will receive the following message:

    {"error":"Required parameter param_1 not sent.","timing":{"before_echo": ...}}

Endpoint call

To call an endpoint, use the following URL format: 

https://your_instance_url/v1/api/applicationSlug/module_path/version/action_path?params

Where:

  • your_instance_url – the instance URL you use.
  • applicationSlug – the value of the Slug field of the application that the endpoint is created for. 
  • module_path – the value of the Path filed stated in the API Module.
  • version – the value of the Path field of the API Version.
  • action_path – the value of the Path field stated in the API Action.
  • params – the GET parameters.

See below a URL example of calling an endpoint: 

https://sandbox-01.dev.simpleone.ru/v1/api/c_simple/api_module_path/api_action_path?param_1=value_1

Authorization

You can make requests to the Scripted REST API with a Bearer token or without any authorization. The type of request authorization depends on the selection of the Is Authentication Required checkbox on the API action form:

A request to an API action that does not require authorization (Is Authentication Required=No) is executed under the Guest User:


The requests with an invalid Bearer token are also executed under the Guest User. 

To set Basic Auth for request authorization in Scripted REST API, do the following:

  1. Set up sending a POST request /v1/auth/login with Basic Auth from an external system to an instance to receive a token.
  2. Set up sending a request to the Scripted REST API with the token received in the first step. 

Find below an authorization scheme:

This is an example of a server script that uses the Simple API to get a token by sending a POST request with Basic Auth authorization: 

Example
const simpleInstanceUri = ss.getProperty('simple.instance.uri');
const URL_BASE = (simpleInstanceUri.startsWith('https://')) ? simpleInstanceUri : `https://${simpleInstanceUri}`;
const authRequest = sws.restRequestV1();
authRequest.setRequestUrl(`${URL_BASE}/v1/auth/login`);
authRequest.setRequestMethod('POST');
authRequest.setRequestHeader('Content-type', 'application/json');
const payload = {
    "username": "admin",
    "password": "qwerty123456"
}
authRequest.setRequestBody(JSON.stringify(payload));
const authResponse = authRequest.execute();
if (JSON.parse(authResponse.getBody()).status === 'ERROR') {
  ss.error(JSON.parse(authResponse.getBody()).errors[0].message);
  ss.info('Check credentials at 10..11 lines of current script');
  return;
}
ss.info(JSON.parse(authResponse.getBody()).data.auth_key);
// Info: 5WvOT9Ejlxd6Gb8bkCWMtG3XXMYcoDDJ

Supported types Content-Type

To get a request body in a script of API action, call the getBody() method for the request object.

Find below an example script for the API action:

API action
(function (request, response) {
   
    const reqBody = request.getBody();
    const bodyForResponse = typeof reqBody === 'string' ? reqBody : JSON.stringify(reqBody);
    response.setBody({
      "request_body_type": typeof reqBody,
      "request_body": bodyForResponse
    })
   
})(SimpleApiRequest, SimpleApiResponse)


Use the following Content-Type types for the requests sent to the API action:

  • application/json
  • application/jsonp
  • application/xml
  • text/xml
  • text/html
  • text/plain

Sending a POST request with a JSON body

Sending a POST request with an XML body


Sending a POST request with an HTML body

Sending a POST request with a text body

Response from API action

To create a response from the API action, use the  response object:

response.setBody({
      "count": 100,
      "status": "OK",
      "error_message": ""
    })


The response of the API action includes a key timing containing the execution time of the API action script:

  "timing": {
        "before_echo": 0.0884089469909668
    }


Setting examples

Here you can download a file with example configurations for the scripted REST API: [SOC] - Scripted REST API. Import the pack to your instance and try the following example settings. 

Example 1. Get a system property value without authorization

To verify the example: 

  1. Go to the main page of your instance.
  2. Add to the URL bar the following value: /v1/api/c_simple/api_module_path/api_action_path?param_1=value_1.
  3. Copy the result URL.
  4. Go to the URL in Incognito mode.

As a result, you receive a response from the API action /record/sys_api_action/164054047017513732 with a system property value simple.auth_page.support_phone

Example 2. Create a task record with an attachment

To verify the example: 

  1. Open the record /record/sys_script/164053985417710860 .
  2. Click Run to run the script.

As a result, you receive a response from the API action /record/sys_api_action/161831494014244852.

On the bottom of the script form, there is a link to the created task record. See the screenshot below:

The record contains two attachments with base 64 files transferred in lines 14-15 of the script in Step 1. See the screenshot below:

  

Features and recommendations 

  1. API action script is executed regardless of ACL.
  2. Authorization of requests to the Scripted REST API is not possible with Basic Auth. To authorize, use the solution described above in the Authorization section.
  3. A reply to the API action containing a key error with a value Undefined index: SimpleApiResponse means the script API action contains an error.
  4. To avoid data corruption, convert JSON data type into type String using a JSON.stringify() method.
     
  5. If the execution time of the API action script exceeds the Timeout, move a part of the script to the Event Script and call a system event with an API action script.

  • No labels

© 2019-2023, SimpleOne

https://simpleone.ru