Noah API Documentation
API (Application Program Interface) in Noah is working with an REST interface. API is used mostly to let machines talk to machines and interchange information using an standard interface (REST).
Client
Example Client php file for GET information from Internal servers.
The authfield is altered to Internal and the token value is taken from the Core Settings/API Key:
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Content-Type: application/json en\r\n" .
"Internal: Token=r0dgr0d\r\n"
)
);
$site = "https://api.noah-iam.com/";
//get data table
$parameter = "assets/asset_id/3";
$response = file_get_contents($site.$parameter, false, stream_context_create($opts));
echo $response;
Example Client php file for GET information::
$opts = array(
'http'=>array(
'method'=>"GET",
'header'=>"Content-Type: application/json en\r\n" .
"Authorization: Token=r0dgr0d\r\n"
)
);
$site = "https://api.noah-iam.com/";
//get data table
$parameter = "assets/asset_id/3";
$response = file_get_contents($site.$parameter, false, stream_context_create($opts));
echo $response;
Example Client php file for POST information:
$data = array();
$opts = array();
//allowed table
//$parameter = "assets/asset_id/3";
$parameter = "tickets/";
$data = array("ticket_title" => "Test from API", "ticket_desc" => "body of test", "customer_id" => 3);
$data = http_build_query($data);
$opts = array (
'http' => array (
'method' => 'POST',
'header'=> 'Authorization: Token=r0dgr0d\r\n',
'Content-type: application/x-www-form-urlencoded\r\n' .
'Content-Length:' . strlen($data) . '\r\n',
'content' => $data
)
);
$site = "https://api.noah-iam.com/";
$context = stream_context_create($opts);
$fp = fopen($site.$parameter, 'r', false, $context);
$response = stream_get_contents($fp);
echo $response;
The created ticket ID will be returned in $response. Result can be seen in http://demo.gnf.dk/tickets
Server
The config.php file (placed in /api/) needs information on how to connect to the Noah database.
/* Change from here */
/**
* If internal servers is to be used
*
* Client example:
* replace with value
*
* $opts = array (
* 'http' => array (
* 'method' => 'POST',
* 'header'=> 'Internal: Token=\r\n',
* 'Content-type: application/x-www-form-urlencoded\r\n' .
* 'Content-Length:' . strlen($data) . '\r\n',
* 'content' => $data
* )
* );
*
*
**/
/* Database settings */
$db_host = "localhost";
$db_name = "database name";
$db_user = "database connection user";
$db_pwd = "database password";
/* To Here */
The access will be matched by the Client IP and Token (see Client) against the Supplier Export Settings (Tab in View Supplier).
The Site URL/IP is what the client is supposed to present it self as (Eg. 193.88.3.133 or www.gnf.dk). The API Token must match against Token sent from Client.
API description
Breif explanation of the implemented REST API. Based on https://github.com/alixaxel/ArrestDB and altered to accomodate functions in Noah.
Lets suppose you have set up ArrestDB at http://api.example.com/ and that your database has a table named customers. To get a list of all the customers in the table you would simply need to do:
GET http://api.example.com/customers/
As a response, you would get a JSON formatted list of customers.
Or, if you only want to get one customer, then you would append the customer id to the URL:
GET http://api.example.com/customers/123/
Requirements
PHP 5.4+ & PDO
SQLite / MySQL / PostgreSQL
Installation
Edit index.php and change the $dsn variable located at the top, here are some examples:
SQLite: $dsn = 'sqlite://./path/to/database.sqlite';
MySQL: $dsn = 'mysql://[user[:pass]@]host[:port]/db/;
PostgreSQL: $dsn = 'pgsql://[user[:pass]@]host[:port]/db/;
If you want to restrict access to allow only specific IP addresses, add them to the $clients array:
$clients = array
(
'127.0.0.1',
'127.0.0.2',
'127.0.0.3',
);
After you're done editing the file, place it in a public directory (feel free to change the filename).
If you're using Apache, you can use the following mod_rewrite rules in a .htaccess file:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
Nota bene: You must access the file directly, including it from another file won't work.
API Design
The actual API design is very straightforward and follows the design patterns of the majority of APIs.
(C)reate > POST /table
(R)ead > GET /table[/id]
(R)ead > GET /table[/column/content]
(U)pdate > PUT /table/id
(D)elete > DELETE /table/id
To put this into practice below are some example of how you would use the ArrestDB API:
# Get all rows from the "customers" table
GET http://api.example.com/customers/
# Get a single row from the "customers" table (where "123" is the ID)
GET http://api.example.com/customers/123/
# Get all rows from the "customers" table where the "country" field matches "Australia" (`LIKE`)
GET http://api.example.com/customers/country/Australia/
# Get 50 rows from the "customers" table
GET http://api.example.com/customers/?limit=50
# Get 50 rows from the "customers" table ordered by the "date" field
GET http://api.example.com/customers/?limit=50&by=date&order=desc
# Create a new row in the "customers" table where the POST data corresponds to the database fields
POST http://api.example.com/customers/
# Update customer "123" in the "customers" table where the PUT data corresponds to the database fields
PUT http://api.example.com/customers/123/
# Delete customer "123" from the "customers" table
DELETE http://api.example.com/customers/123/
Please note that GET calls accept the following query string variables:
by (column to order by)
order (order direction: ASC or DESC)
limit (LIMIT x SQL clause)
offset (OFFSET x SQL clause)
Additionally, POST and PUT requests accept JSON-encoded and/or zlib-compressed payloads.
POST and PUT requests are only able to parse data encoded in application/x-www-form-urlencoded. Support for multipart/form-data payloads will be added in the future.
If your client does not support certain methods, you can use the X-HTTP-Method-Override header:
PUT = POST + X-HTTP-Method-Override: PUT
DELETE = GET + X-HTTP-Method-Override: DELETE
Alternatively, you can also override the HTTP method by using the _method query string parameter.
Since 1.5.0, it's also possible to atomically INSERT a batch of records by POSTing an array of arrays.
Responses
All responses are in the JSON format. A GET response from the customers table might look like this:
[
{
"id": "114",
"customerName": "Australian Collectors, Co.",
"contactLastName": "Ferguson",
"contactFirstName": "Peter",
"phone": "123456",
"addressLine1": "636 St Kilda Road",
"addressLine2": "Level 3",
"city": "Melbourne",
"state": "Victoria",
"postalCode": "3004",
"country": "Australia",
"salesRepEmployeeNumber": "1611",
"creditLimit": "117300"
},
...
]
Successful POST responses will look like:
{
"success": {
"code": 201,
"status": "Created"
}
}
Successful PUT and DELETE responses will look like:
{
"success": {
"code": 200,
"status": "OK"
}
}
Errors are expressed in the format:
{
"error": {
"code": 400,
"status": "Bad Request"
}
}
The following codes and message are avaiable:
200 OK
201 Created
204 No Content
400 Bad Request
403 Forbidden
404 Not Found
409 Conflict
503 Service Unavailable
Also, if the callback query string is set and is valid, the returned result will be a JSON-P response:
callback(JSON);
Ajax-like requests will be minified, whereas normal browser requests will be human-readable.