Skip to content

Latest commit

 

History

History
69 lines (56 loc) · 3 KB

api.md

File metadata and controls

69 lines (56 loc) · 3 KB
Raw
title
API

Cores has a robust RESTful API for accessing inventory and booking information, used both internally by AJAX calls on the user-interface and to enable import scripts. Saying that, it isn't limited to these uses and is fair game if you think of an extension that might be able to make use of the data in Cores.

!!! note The Cores API is implemented using the Django REST Framework. For more information on its implementation in this app please see here.

Endpoints

Documentation for API endpoints and implementation code snippets are generated by Cores and coreapi on the fly and available at <cores instance>/api/docs.

You can also see a browsable version of the majority of the endpoints <cores instance>/api where you can craft requests in the browser. This doesn't show a couple of the custom endpoints for ingest however.

GET /api/

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "inventory/nic": "http://cores/api/inventory/nicbyid/",
    "inventory/host": "http://cores/api/inventory/hostbyid/",
    "inventory/hdvendor": "http://cores/api/inventory/hdvendor/",
    "inventory/hosthardware": "http://cores/api/inventory/hosthardware/",
    "inventory/hosttype": "http://cores/api/inventory/hosttype/",
    "inventory/lab": "http://cores/api/inventory/lab/",
    "inventory/rack": "http://cores/api/inventory/rack/",
    "inventory/building": "http://cores/api/inventory/building/",
    "inventory/card": "http://cores/api/inventory/card/",
    "inventory/cardtype": "http://cores/api/inventory/cardtype/",
    "inventory/nicbyid": "http://cores/api/inventory/nicbyid/",
    "inventory/hostbyid": "http://cores/api/inventory/hostbyid/",
    "booking/bookable": "http://cores/api/booking/bookable/",
    "booking/booking": "http://cores/api/booking/booking/",
    "auth/users": "http://cores/api/auth/users/",
    "auth/groups": "http://cores/api/auth/groups/"
}

Authentication

By default you will be authenticated using your existing session token for Cores. This works great for the AJAX calls in the front-end, but if you want to access the API programmatically, you will need to authenticate in. The easiest way to do this is with token authentication.

Create a token in the Admin pages assigned to the user you want to use, and then send this in the headers of your requests:

"For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b"

From DRF docs

Otherwise you'll most probably have read only access if you are an anonymous user. To check whether you're authenticated, you can make a GET request to /api/auth-test.