Generic API Request Considerations¶
All API calls operate on sessions, with the only exception of the
GET /api/session
call that is used to create a session in the first place.
The session id can be provided by the client in an
Authorization: Bearer <sid>
header, as a URL parameter sid
, or
as a cookie named sid
. Note that sessions and their ids are only
known in the context of a specific, single server, as returned on
session creation.
Unless otherwise noted, all API commands require not only a valid
session, but also a successful user authentication on this session, as
performed with the POST /api/session
call.
API Responses¶
The server will always answer with HTTP code 200 OK to all API URL requests that are supposed to deliver JSON response messages. The JSON response itself carries the information whether the API call was successful or some error has occurred.
The general layout of a JSON response looks like the following:
{
"status": "ok"|"no-session"|"wrong-syntax"|"missing-element"|"fail"|...,
"message": "a short text about what went wrong"
}
The status
element is always present and carries information about the
success of the API call, or a reason why the call was not successful.
There are some generic status strings that can occur in possibly all of
the API calls. Some API calls define additional, situation-specific
strings. The generic status strings are:
Status | Description |
---|---|
ok | The API call was successfully executed and no error has occurred |
no-session | The request did not include a valid session id, or it contained an invalid or expired id |
no-auth | The session id included in the request is not authenticated with a valid user or partner |
wrong-origin | The API call was made from a wrong origin (i.e., the Origin header in the HTTP request does not match the Origin header of the session creation request) |
wrong-syntax | Some element in the request does not match the required element syntax format (e.g., the value of a field was too long or included invalid characters) |
missing-element | Some mandatory element is missing from the request |
fail | A generic failure has occurred. This is usually an unexpected event, more specific status codes are used for specific failure conditions. Note that for any failure condition, partial execution of the API call may have occurred. |
If an individual API call specifies additional, specific status strings, they are documented there.
The message
element might be present in a status “non-ok” condition and
contains a short description of the generic failure. This is primarily
useful for debugging and logging purposes.
Every API response includes the general response layout described in this section, the status and message fields are not shown in the descriptions of the specific API calls.
Localization¶
cospace uses very little server-side localization, mostly for texts in e-mails and sounds in the phone features. The language parameter or field to some of the API calls specifies the desired language. Supported languages in this version of the API are:
Language identifier | Description |
---|---|
de | German |
en | English |
Authentication for file downloads¶
The session ID (sid
) is the central authentication token that grants
access to all API requests once the session is authenticated. However,
sometimes a limited access only to certain objects is needed; and an
application that obtained a session ID may not want to share the session
ID with some other process only to enable that process to access a
specific object. For this reason, cospace implements a restricted
authentication method for file downloads, the so-called “download id”
(did
).
Certain API calls (usually those API calls that access file-level data
of some objects) accept the did
as a means of authentication in addition
to the possibility of using the session ID. If authentication with did
is requested, two URL parameters need to be present for the respective
API call:
did
– this parameter carries the did of the session.dkey
– this parameter, called the download key, contains a hashed combination of the requested object UUID and the sid (session ID).
The dkey
is calculated as follows:
dkey = Base64_URL_Safe(MD5(string(object UUID), string(sid)))
That is the (lowercase) version of the object UUID’s string
representation (ASCII/UTF-8) is concatenated with the session ID and
then hashed with an MD5 hash function. The binary (!) result of the MD5
hash is encoded with the base64url
method as defined in RFC 4648 section
5.
On the use of UUIDs¶
The system makes extensive use of Universally Unique Identifiers (UUIDs) to identify objects, metadata, parameters and state on the platform. All UUIDs used by the platform are time-based UUIDs (Version 1 according to RFC 4122). If clients need to sort objects or data identified by UUIDs by time, they can exploit this feature and implemented the sorting based on the intrinsic timestamps of these UUIDs. In cases where no explicit timestamp for the object exists, the intrinsic timestamp can also serve as an information about the creation time of the respective object.
However, clients must never rely on the fact that a specific server seems to have a specific clock sequence or node identifier, as these might change any time in a distributed system (for newly created UUIDs).
API Call Reference (User API)¶
/api/session¶
-
GET
/api/session
¶ Requests a new session with the system or confirms an existing session.
Query Parameters: - language –
optional: language identifier
used to localize server-side messages before the session is authenticated.
defaults to
de
if not given
Response body example
{ "sid": "boajw93bawjckbja2ZdbfdGa84Afib", "did": "iaEia83AviaDia943faobpEPRkva98", "server": "https://api43.service.de:1234", "partner": "mypartner", "auth": false, "next_event": 0 }
Status: - resource-throttle: The server did not create a session because of excessive resource usage. A new call to this API might be considered at a later time.
- wrong-session: The request contained an
sid
parameter that does not map to a known session on the server.
The HTTP response to this API call will set two HTTP cookies,
sid
andserver
, with exactly the same contents as returned in the JSON response message.Further API calls that reference the newly created session can only be made towards the server specified in the
server
field, as the session state is only maintained on this server.If the request to this API call contains an
Authorization
header, asid
cookie or URL parameter, the server will try to re-use the given session. If the session cannot be re-used, awrong-session
status is returned and thesid
andserver
cookies will be deleted.The
auth
response field will befalse
in the case of a newly created session (because no user is yet authenticated with this session), but may have a value oftrue
if an existing, already authenticated session was re-used.The
did
field is the download id of this session that can be used on certain API GET requests to obtain file contents. For more information on file download authentication, see Authentication for file downloads.The
partner
field in the response will only be present if the authenticated user belongs to a partner.The
next_event
response field indicates the id of the next, not-yet-received event. It might be used as thenext
parameter of theGET /api/event
call to ensure that only new events are received.- language –
-
POST
/api/session
¶ Authenticate a user with or without an existing session.
Request body example 1 (user authentication)
{ "username": "johndoe47", "password": "secret12345" }
- or-
{ "email": "john@doe.com", "password": "secret12345" }
Request body example 2 (partner authentication)
{ "partner": "mypartner", "key": "dOajks83AF39ua08uaSDFas" }
Request body example 3 (partner proxy authentication)
{ "partner": "mypartner", "key": "dOajks83AF39ua08uaSDFas", "user": "52c53e36-65be-11e4-bf4a-201a06c768e1" }
JSON Parameters: - username –
^[a-zA-Z0-9]{2,20}$
only for user authentication
- email –
<user@domain>
only for user authentication
- password –
^.{5,50}$
only for user authentication
- partner –
^[a-zA-Z0-9]{2,20}$
only for partner authentication
- key –
^.{5,50}$
only for partner authentication
- user –
UUID
only for partner proxy authentication
Response body example 1 (user authentication)
{ "partner": "mypartner" }
Response body example 2 (user authentication without session)
{ "sid": "boajw93bawjckbja2ZdbfdGa84Afib", "did": "iaEia83AviaDia943faobpEPRkva98", "server": "https://api43.service.de:1234", "partner": "mypartner", "auth": true, "next_event": 0 }
Response body example 3 (partner authentication)
{}
Response body example 4 (partner proxy authentication)
{}
Status: - wrong-credentials: username and/or password is wrong/unknown
- already-auth: the session is already authenticated
- wrong-user: the given user does not exist or does not belong to the partner
If this API call was successful (i.e. a valid password and the correct username or email is given), the session is authenticated and ready to accept API calls that require an authenticated session.
The
partner
field in the response will only be present if the authenticated user belongs to a partner.If user authentication is used, this API may be called without a session to reduce the number of required requests to create an authenticated session.
If the
user
field is given in a partner authentication, this signals a partner proxy authentication for the specific user. Using this feature, a partner can create an authenticated user session for the specific user.- username –
-
DELETE
/api/session
¶ Closes a session and invalidates the session id.
Response body example
{}
After closing the session, the session id is deleted on the server and can not be used for any further requests. The HTTP response will also invalidate the sid cookie.
This command does require a valid session, but not necessarily a user authentication with that session.
/api/signup¶
-
GET
/api/signup/captcha/
(xxx).png
¶ Retrieves a captcha picture associated with the given sign-up process.
Response body example
The captcha picture in PNG format on success, or HTTP 404 without response body on failure.
Each time called, this API replaces the server-side captcha with a new one.
This command does require a valid session, but not necessarily a user authentication with that session.
-
POST
/api/signup/verification
¶ Requests verification for the sign-up procedure via E-mail in case of sign-up with captcha or via the HTTP response in case of sign-up with hardware code, or initiates partner-controlled sign-up procedure.
Request body example 1 (user sign-up)
{ "captcha": "soLuTiOn", "email": "john@doe.com" }
Request body example 2 (partner-controlled sign-up)
{ "info": { "some": ["thing", 4711] } }
Request body example 3 (sign-up with hardware code)
{ "hardware-code": "ABCDE-FGHIJ-KLMNI-OPQRS", "email": "john@doe.com" }
JSON Parameters: - captcha –
^[a-zA-Z0-9]{1,20}$
The captcha solution for the captcha that was previously requested with
GET /api/signup/captcha/(xxx).png
(not required when this operation is done on a partner session or when a sign-up with
hardware-code
is performed) - email –
user@domain
The e-mail address to be verified
(not required when this operation is done on a partner session)
- info –
^.{1,10000}$
Informational metadata that will later be returned on the corresponding
GET /api/signup/verification/(verification)
call. Can be any valid JSON data type. - hardware-code –
^.{10,50}$
the sensor device access code, which is the key to the physical device.
(in this case, the
captcha
field is not required)
Response body example 1 (user sign-up)
{}
Response body example 2 (partner-controlled sign-up)
{ "verification": "dijaDia8Aiofjb9aaobasdfDF", "uuid": "dfc3e9c4-4e81-11e1-9fe3-0024e8f90cc0", "info": { "some": ["thing", 4711] } }
Response body example 3 (sign-up with hardware code)
{ "verification": "dijaDia8Aiofjb9aaobasdfDF" }
Status: - wrong-captcha: The captcha solution is wrong, or no captcha was previously requested
- email-failure: The verification e-mail could not be sent out
- already-exist: The e-mail address matches an existing user record (and thus cannot be used)
- wrong-code: The hardware code is invalid.
- exceeded-limit: The use of this hardware code for verification process has reached the maximum permitted count of 5 verifications. This hardware code cannot be used anymore for sign-up.
This API generates a verification key and sends it to the E-mail address in case of a sign-up with captcha, or sends it in the HTTP response in case of a sign-up with hardware code or a partner-controlled sign-up.
This command does require a valid session, but not necessarily a user authentication with that session for the user-style sign-up. In this case, a call to this API will reset the server-side captcha, no matter whether the response is successful or not. That means, that if the client needs to re-try this API call, a new captcha must be requested and solved before a second try can be made.
For a partner-controlled sign-up, the call will return the verification key and a uuid. If a user account is later created with this verification key, the user will be assigned this uuid.
- captcha –
-
GET
/api/signup/verification/
(verification)¶ Request information for the given E-Mail verification key
Response body example 1 (user sign-up)
{ "email": "john@doe.com" }
Response body example 2 (partner-controlled sign-up)
{ "partner": "mypartner", "uuid": "dfc3e9c4-4e81-11e1-9fe3-0024e8f90cc0" }
Status: - unknown-verification: The given verification key is unknown
This command does require a valid session, but not necessarily a user or partner authentication with that session.
-
DELETE
/api/signup/verification/
(verification)¶ Deletes a verification key.
Response body example
{}
Status: - unknown-verification: The given verification key is unknown
This command does require a valid session, but not necessarily a user or partner authentication with that session.
-
POST
/api/signup/user
¶ Creates a new user account within the system.
Request body example
{ "username": "johndoe47", "firstname": "John", "lastname": "Doe", "display_name": "Johnny Doe", "country_code": "+49", "password": "secret12345", "language": "de", "newsletter": true, "verification": "dijaDia8Aiofjb9aaobasdfDF" }
JSON Parameters: - email –
user@domain
required if the verification key is from a partner-controlled sign-up and does not already include an e-mail address
- username –
^[a-zA-Z0-9]{2,20}$
- firstname –
^.{1,50}$
- lastname –
^.{1,50}$
- display_name –
^.{1,100}$
optional; the full username as it should be displayed within an application (default is “firstname lastname”)
- country_code –
^\+[0-9]{1,3}$
optional; the country code of the user. (default is “+49” for Germany)
- password –
^.{5,50}$
- language – optional; a valid language identifier
- newsletter –
true|false
optional;
true
if the user wants to receive the newsletter,false
if not. Defaulttrue
. - verification –
^[a-zA-Z0-9]{1,50}$
the verification key (received by e-mail or partner-controlled sign-up)
Response body example
{}
Status: - duplicate-username: the selected username is already taken
- unknown-verification: the verification key is unknown
- already-exist: The e-mail address matches an existing user record
The client must provide a valid verification key (E-Mail verification procedure or partner-controlled sign-up). On success, a new user is created within the system and the E-Mail verification key is deleted.
The
country_code
field is used to enable clients to display a correct phone number. If nocountry_code
field is given, the default value “+49” for Germany will be used.If no
language
field is given, the user is created using the language of the session.If the response indicates success, the session is automatically authenticated with the newly created user, i.e. the client can immediately issue all API commands that require an authenticated session.
This command does require a valid session without a user authentication.
- email –
/api/password¶
-
POST
/api/password/recovery
¶ Request E-Mail password recovery procedure (password recovery code).
Request body example
{ "username": "johndoe47", "captcha": "soLuTiOn" }
- or-
{ "email": "john@doe.com", "captcha": "soLuTiOn" }
JSON Parameters: - username –
^[a-zA-Z0-9]{2,20}$
- email –
user@domain
alternatively to the username: the email address of the user
- captcha –
^[a-zA-Z0-9]{1,20}$
the captcha solution for the captcha that was previously requested with
GET /api/signup/captcha/(xxx).png
Response body example
{}
Status: - wrong-captcha: The captcha solution is wrong, or no captcha was previously requested
- wrong-username: The given username or email does not exist
- email-failure: The verification e-mail could not be sent out
This API generates an e-mail with a password recovery code and sends it to the e-mail address stored in the user’s profile.
This command does require a valid session, but not necessarily a user authentication with that session.
A call to this API will reset the server-side captcha, no matter whether the response is successful or not. That means, the if the client needs to re-try this API call, a new captcha must be requested and solved before a second try can be made.
- username –
-
POST
/api/password
¶ Resets a user’s password using a valid password recovery code.
Request body example
{ "username": "johndoe47", "code": "iausDia8sdfasjb9aaobasdfDF", "password": "newpass" }
- or-
{ "email": "john@doe.com", "code": "iausDia8sdfasjb9aaobasdfDF", "password": "newpass" }
JSON Parameters: - username –
^[a-zA-Z0-9]{2,20}$
- email –
user@domain
alternatively to the username: the email address of the user
- code –
^[a-zA-Z0-9]{1,50}$
the password recovery code (received by e-mail)
- password –
^.{5,50}$
the new password
Response body example
{ "partner": "mypartner" }
Status: - wrong-username: The given username or email does not exist or the password recovery code is invalid for this username
The client must provide a valid password recovery code (E-Mail password recovery procedure). On success, the password of the given user is overwritten with password and the E-Mail password recovery code is deleted.
The user account can be identified either by specifiying the username, or the email of the user.
If the response indicates success, the session is automatically authenticated with the user, i.e. the client can immediately issue all API commands that require an authenticated session.
The
partner
field in the response will only be present if the user belongs to a partner.This command does require a valid session without a user authentication.
- username –
/api/language¶
-
GET
/api/language
¶ Get the list of languages
Response body example
{ "language": [ "en", "de" ] }
This call will return all the languages supported by the API. It does not require a session.
/api/user¶
-
GET
/api/user
¶ Get user-related information of current session’s user
Response body example
{ "user": { "uuid": "1de7257a-4f34-11e0-ab6e-0024e8f90cc0", "username": "johndoe47", "firstname": "John", "lastname": "Doe", "display_name": "Johnny Doe", "birthday": "1970-12-24", "email": "john@doe.com", "language": "de", "newsletter": true, "partner": "somepartner", "zip_code": "10557", "town": "Berlin", "street": "Willy-Brandt-Stra\u00dfe", "house_number": "15", "country": "de", "country_code": "+49", "area_code": "30", "validation": "ok", "tag_all": "56697e6e-4f36-11e0-be81-0024e8f90cc0", "tag_unread": "56961546-4f36-11e0-9449-0024e8f90cc0", "tag_inbox": "56b8e300-4f36-11e0-873b-0024e8f90cc0", "tag_outbox": "56ddc9fe-4f36-11e0-a94b-0024e8f90cc0", "tag_trash": "5700ebe6-4f36-11e0-859a-0024e8f90cc0", "tag_shared": "5726c410-4f36-11e0-a8c1-0024e8f90cc0", "share_read": "9638badc-ab55-11e2-a825-0024e8f90cc0", "share_write": "a192a9e2-ab55-11e2-b215-0024e8f90cc0", "share_propagate": "a8c7aadc-ab55-11e2-a55f-0024e8f90cc0", "contact": "b02a5f0c-9268-11e0-84f8-0024e8f90cc0", "feature": { "pack": [ "20GB+", "COSPACE-BOX" ], "quota": { "volume": 25000, "fax": 50 }, "used": { "volume": 452, "fax": 13 }, "feature": { "fax_noad": true, "call_unrestricted": true, "box_enable": true, "dialplan_enable": true, "control_phone": true } }, "fax_ident": "+49 221 9999999", "fax_header": "John Doe, Inc.", "picture": true, "usergroup": "Controlling" } }
The
partner
field will only be present if this user was created with a partner-controlled sign-up.The
feature
section lists the feature configuration for the current user, that is, all of the additional feature packs that this user has, the resulting quota forvolume
(in MB) andfax
(pages per month). Theused
subsection lists the actually used values (in case offax
, for the current month). Thefeature
subsection lists boolean feature variables.The
area_code
,birthday
,zip_code
,town
,street
,house_number
,country
,fax_ident
andfax_header
fields will only be present if they were set withPOST /api/user
.The
validation
field can be set toincomplete
,checking
,missmatch
,baddocument
,fail
orok
.incomplete
address information not set withPOST /api/user
or no idcard set withPOST /api/user/idcard
.checking
the address information are complete and in validation processmissmatch
the address information miss match to the idcard.baddocument
the document dosen’t match the requirements.fail
the document is unreadable.ok
the address information match to the idcard.
The
share_xxx
fields contain the user’s personal share tags. These auto-generated tags can be used by other users to share objects with this user on a personal basis (i.e., without using manually created tags).The
usergroup
field will only be present if the user was added to a usergroup by the corresponding partner.The
picture
flag will have a value oftrue
if the user has a profile picture.
-
POST
/api/user
¶ Modify user-related information of current session’s user
Request body example
{ "firstname": "John", "lastname": "Doe", "display_name": "Johnny Doe", "birthday": "1970-12-24", "zip_code": "10557", "town": "Berlin", "street": "Willy-Brandt-Stra\u00dfe", "house_number": "15", "country": "de", "country_code": "+49", "password": "newpass", "old_password": "oldpass", "pin": "1234", "language": "de", "newsletter": false, "email": "johnsnewmail@foobar.de", "fax_ident": "+49 221 9999999", "fax_header": "John Doe, Inc." }
JSON Parameters: - firstname –
^.{1,50}$
optional
- lastname –
^.{1,50}$
optional
- display_name –
^.{1,100}$
optional; the user name as it should display within an application
- birthday –
^[\d]{4}-[\d]{2}-[\d]{2}$
optional; the user’s birthday, format
YYYY-MM-DD
, if present,zip_code
,town
,street
,house_number
andcountry
must also be present - zip_code –
^.{1,50}$
optional; if present,
birthday
,town
,street
,house_number
andcountry
must also be present - town –
^.{1,50}$
optional; if present,
birthday
,zip_code
,street
,house_number
andcountry
must also be present - street –
^.{1,50}$
optional; if present,
birthday
,zip_code
,town
,house_number
andcountry
must also be present - house_number –
^.{1,50}$
optional; if present,
birthday
,zip_code
,town
,street
andcountry
must also be present - country –
^[a-z]{2}$
optional; ISO country code; if present,
birthday
,zip_code
,town
,street
andhouse_number
must also be present - country_code –
^\+[0-9]{1,3}$
optional; the country code of the user
- password –
^.{5,50}$
optional; a new password for this user
- old_password –
^.{5,50}$
optional; must be present if password is present
- pin –
^[0-9]{4}$
optional; a new phone PIN for this user
- language – optional; a valid language identifier
- email –
user@domain
optional; a new e-mail address (first step)
- newsletter –
true|false
optional;
true
if the user wants to receive the newsletter - code –
^[a-zA-Z0-9]{1,50}$
optional; the e-mail verification code (second step)
- fax_ident –
^[\+ 0-9]{0,20}$
optional; the default fax transmitting station ID (TSI)
- fax_header –
^.{0,40}$
optional; the default fax header line
Response body example
{}
Status: - wrong-password: The
old_password
is wrong - already-exist: The e-mail address matches an existing user record
- email-failure: The e-mail could not be sent out
- address-incomplete: Missing parameter
birthday
,zip_code
,town
,street
,house_number
orcountry
- address-wrong: The combination of the given address-parameters
zip_code
,town
,street
,house_number
andcountry
are incorrect, too imprecise or unknown to the system - address-forbidden: The new address is correct, but is located at a different area code than the current address. Please release all phone numbers associated with your current area code and retry.
- unsupported-country: The country given is not supported by the system
- too-young: The given age (
birthday
field) is too young
To change the user’s e-mail address, a two-step process is needed. First, this API call is used to with the
email
field to indicate the new e-mail address. The system will send a verification e-mail to the new address including a verification code. The client can then issue this API call a second time and provide the verification code in the code field to confirm and save the new e-mail address. Thus, a single call to this API must not include both theemail
andcode
fields.In order to set location data for a user, all 6 parameters
birthday
,zip_code
,town
,street
,house_number
andcountry
must be given. These parameters will be verified and the correspondingarea_code
will be set. If the user already has location data inserted, the new data will only be accepted if the new address is correct and has the same area code or there a no phone numbers associated with the old area code.- firstname –
-
POST
/api/user/delete
¶ Requests permanent deletion of a user account.
Request body example
{ "username": "johndoe47", "password": "secret12345" }
- or-
{ "email": "john@doe.com", "password": "secret12345" }
Response body example
{}
Status: - wrong-user: The given username does not match the session’s user or the user is controlled by a partner
- wrong-credentials: The given password is wrong
The deletion of a user account is a permanent action and cannot be undone.
To delete the user account, the username and password need to be repeated in this call (i.e., the given username must match the session’s user name).
On successful completion, this call will invalidate the current user session.
-
POST
/api/user/idcard
¶ Set the current session user’s idcard for identification process.
Request body
The request body contains binary data in PDF format.
Response body example
{}
Status: - too-large: The contents are too large to be handled by the system
- malformed-file: The content is malformed.
The data in the request body should be given as a binary format PDF.
-
GET
/api/user/(user-uuid)
¶ Get basic information about a user
Response body example
{ "user": { "username": "johndoe47", "firstname": "John", "lastname": "Doe", "display_name": "Johnny Doe", "deleted": true, "picture": true, "share_read": "9638badc-ab55-11e2-a825-0024e8f90cc0", "share_write": "a192a9e2-ab55-11e2-b215-0024e8f90cc0", "share_propagate": "a8c7aadc-ab55-11e2-a55f-0024e8f90cc0" } }
Status: - wrong-user: The given
user-uuid
does not exist
This call is typically used to get information about another user of the system, whose UUID is known because it shows up in some other object.
If the
deleted
field is present, this indicates that the user is no longer active in the system.The
share_xxx
fields will contain the personal sharing tags of the other user. These fields will only be present if the current user is linked with this user.The
picture
flag will have a value oftrue
if the user has a profile picture.- wrong-user: The given
-
GET
/api/user/metadata
¶ Get the metadata information for the current session’s user.
Query Parameters: - keys – optional: a comma-separated list of metadata keys to get information for
- domain – optional: a domain to retrieve metadata for all keys under this domain
Response body example
{ "metadata": { "org.mydomain.phone": "+492216698000", "org.mydomain.room": "B3" } }
Within the
metadata
section, the requested metadata information of the user is given in form of a JSON object.Without any URL parameters, the call will retrieve all metadata keys for current session’s user. If they
keys
parameter is given, only the metadata elements for the given keys are returned. If thedomain
parameter is given, all metadata elements for keys under this domain (not including the domain as a key itself) are returned. That is, if domain iscom.mycompany
, keys likecom.mycompany.application1.element1
andcom.mycompany.entity2
will be returned, but not the keycom.mycompany
.
-
POST
/api/user/metadata
¶ Modify or delete metadata information associated with the current session’s user.
Query Parameters: - noevent – optional: if present, don’t generate a
user_metadata
event (see below) - nostore – optional: if present, don’t store the metadata permanently (see below)
Request body example
{ "update": { "com.otherdomain.client.nice": true, "com.otherdomain.client.timestamp": 1324899645 }, "delete": [ "com.otherdomain.client.something" ] }
JSON Parameters: - key –
^[a-z0-9]{2,50}(\\.[a-z0-9]{2,50}){1,10}$
- value – any valid JSON type, maximum length: 100KB
Response body example
{}
Status: - too-large: At least metadata value is too big (100 KB maximum size limit).
The metadata keys listed in the
update
section are updated in the database (or added if they don not currently exist).The metadata keys listed in the
delete
section are deleted from the database.To avoid conflicts between different applications that might otherwise use the same metadata keys, metadata keys must have the form of a reverse Internet domain, possibly extended with customer-chose domain elements. Applications are encouraged to use officially registered domains for the first part of their metadata key, like
com.mycompany.application1.element1
.By default, the modification of the user’s metadata will generate a
user_metadata
event that is sent towards all sessions currently active for the user. This behavior can be suppressed by including thenoevent
parameter in the request URL.If the request URL includes the
nostore
parameter, the given metadata will not be stored to the database (i.e. the contents can not be retrieved withGET /api/user/metadata
afterwards). This is useful if the desired behavior is to create theuser_metadata
event only.- noevent – optional: if present, don’t generate a
/api/user/picture¶
-
POST
/api/user/picture
¶ Set the current session user’s profile picture.
Request body
The request body contains binary picture data in JPEG or PNG format.
Response body example
{}
Status: - too-large: The picture data is too large to be handled
- malformed-file: The picture data is malformed / cannot be decoded
The picture data in the request body should be given as a binary format JPEG or PNG image. The actual format is automatically determined by the system. The profile picture of the user should be square, the optimal resolution is 384x384 picture, larger resolutions are possible but will be down-scaled on the server side. The maximum acceptable picture resolution is 1500x1500 pixels.
-
DELETE
/api/user/picture
¶ Deletes the current session user’s profile picture.
Response body example
{}
-
GET
/api/user/(user-id)/picture/
(size)/
(xxx).jpg
¶ Get a user’s profile picture
Response body example
The picture contents as a binary JPEG file.
The
user-id
portion of the call might have one of the following forms:- a UUID of an arbitrary user of the system.
- the string “self” to get the profile picture of the current session’s user.
- the string “default” to get the default profile picture for users that don’t have a profile picture.
If a UUID is given in
user-id
and the user is not found, an HTTP 404 error will be returned.If a UUID is given in
user-id
and the specified user does not have a profile picture, a temporary HTTP redirection (status code 302) will be returned pointing to the location of the default profile picture.The
size
selector within the URI is used to select the resolution of the picture returned by the call. The following resolutions are available:small
48x48 pixelsmedium
96x96 pixelslarge
192x192 pixelshuge
384x384 pixels
The
xxx
portion of the URI is an arbitrary file name to be chosen by the client.
/api/user/invitation¶
-
GET
/api/user/invitation
¶ Get user’s invitations
Response body example
{ "invitation": { "dlJdod9df2jAoemnvao4u9a": { "description": "CeBIT 2011, Stand 42", "expire": 1300217017, "one-time": false }, "Dfvp9audpd93dtAadvdDvsD": { "description": "Einladung f\u00fcr Hans M\u00fcller", "one-time": true } }, "out": [ "56697e6e-4f36-11e0-be81-0024e8f90cc0" ], "in": [ "11697e6e-4f36-11e0-be81-0024e8f90cc0" ] }
Invitations listed within the
invitation
element are keyed by the invitation’s identifier string. Theexpire
field specifies the expiration date of the invitation (seconds-since-epoch, only present if an expiration date exists), andone-time
specifies whether the invitation will immediately expire on usage (iftrue
).The
out
section lists outstanding requests that were made by the current user, i.e. the listed UUIDs are those of the invited users.The
in
section lists requests that were made by other users to invite the current user, i.e. the listed UUIDs are those of users that originated an invitation towards the current user.
-
POST
/api/user/invitation
¶ Modify user’s invitations
Request body example
{ "create": [ { "description": "Grillen am See", "expire": 2281283821, "one-time": true }, { "description": "Please get in touch with me", "expire": 2381283821, "one-time": false } ], "update": { "doOsie8dOmdos9732Jdkfos": { "description": "Changed description", "one-time": true }, "Dfvp9audpd93dtAadvdDvsD": { "expire": 2381283821, "one-time": false } }, "delete": [ "dlJdod9df2jAoemnvao4u9a" ], "invite": [ "56697e6e-4f36-11e0-be81-0024e8f90cc0" ], "refuse": [ "11697e6e-4f36-11e0-be81-0024e8f90cc0" ] }
JSON Parameters: - description –
^.{,100}$
- expire –
32-bit integer
- one-time –
true|false
Response body example
{ "create": [ "dfijaijADFVLIaosjd34342", "aFbouajfASDERGa49ja94wd" ] }
Status: - wrong-invitation: An invitation in the
update
ordelete
orrefuse
section does not exist. - access-denied: An invitation in the
update
ordelete
section is not owned by the current user. - wrong-user: A user listed in the
invite
section does not exist or is deleted. - already-link: A link already exists towards a user listed in the
invite
section. - already-invited: An invitation to or from a user listed in the
invite
section already exists.
The invitations in the
create
section of the request are added to the user’s invitation data. These refer to so-called external invitations, i.e. persons that are not yet users of the system. For these invitations,description
andone-time
are mandatory fields,expire
is optional.Data in the
update
section of the request body is modified in the current user’s invitation data, all fields are optional (only the fields given are modified).The invitations in the
delete
section are deleted from the user’s invitation data.The
invite
section lists UUIDs of other users to be invited via so-called internal invitations.An internal invitation can be deleted by both the initiator and the recipient of the invitation by listing the other party’s UUID in the refuse section.
The
create
section of the response lists the identifier strings of the newly created external invitations.- description –
-
GET
/api/invitation/
(invitation)¶ Get information about (usually other user’s) external invitation
invitation
Response body example
{ "description": "Please get in touch with me", "user": { "username": "johndoe47", "firstname": "John", "lastname": "Doe", "display_name": "Johnny Doe" } }
Status: - wrong-invitation: The given
invitation
identifier is wrong/unknown
This API call is used to “pre-view” an invitation received from another user, identified by its invitation identifier string
invitation
. The response reveals the description of the invitation and the name of the user that issued the invitation.To actually confirm the invitation and to create a user link, use
POST /api/user/link
.- wrong-invitation: The given
/api/user/link¶
-
GET
/api/user/link
¶ Get the user’s links
Response body example
{ "link": { "59f43914-4f3d-11e0-ac91-0024e8f90cc0": { "username": "ben", "firstname": "Ben", "lastname": "Miller", "display_name": "Ben Miller", "picture": true, "share_read": "9638badc-ab55-11e2-a825-0024e8f90cc0", "share_write": "a192a9e2-ab55-11e2-b215-0024e8f90cc0", "share_propagate": "a8c7aadc-ab55-11e2-a55f-0024e8f90cc0" }, "755c97aa-4f3d-11e0-855e-0024e8f90cc0": { "username": "hacker3", "firstname": "Steven", "lastname": "Kerner", "display_name": "Steve Kerner", "deleted": true, "picture": false, "share_read": "364f5c06-ab56-11e2-8b53-0024e8f90cc0", "share_write": "3a4f7d68-ab56-11e2-bcf1-0024e8f90cc0", "share_propagate": "3d83d772-ab56-11e2-be2a-0024e8f90cc0" } }, "know": { "bcf23c7c-e7b3-11e1-9de6-0024e8f90cc0": { "username": "lg", "firstname": "Stefani", "lastname": "Germanotta", "display_name": "Lady Gaga", "picture": true }, "be82b4c2-e7b3-11e1-9b12-0024e8f90cc0": { "username": "sme", "firstname": "Sid", "lastname": "Meyer", "display_name": "Sid Meyer", "picture": false } } }
The
link
section contains the links of the current user, theknow
sections lists users that the current user might know according to relationships in tags or other system objects. Users in theknow
section are typical candidates for future links of the current user.Users who have the
deleted
field are no longer active in the system. Users listed within thelink
andknow
sections are keyed by the linked user’s UUID.The
link
section lists the personal share tags of the users. These can be used to share objects with those users (POST /api/object/(uuid)/tag
).The
picture
flag will have a value oftrue
if the corresponding user has a profile picture.
-
POST
/api/user/link
¶ Modify the user’s links
Request body
{ "invitation": [ "aWdijv84AdivjaRia9dRba3" ], "accept": [ "56697e6e-4f36-11e0-be81-0024e8f90cc0" ], "delete": [ "755c97aa-4f3d-11e0-855e-0024e8f90cc0" ] }
Response body example
{}
Status: - wrong-invitation: There was an invitation identifier string in the
invitation
section or a wrong user in theaccept
section of the request which is wrong/unknown - wrong-link: There was a request to delete a link in the
delete
section which does not exist - already-link: There was an invitation identifier string in the
invitation
section of the request which points to a user that the current user already has an established link with
The
invitation
section lists invitation identifier strings that are accepted to create new user links in the process of this API command.The
accept
section lists UUID’s of other users whose internal invitation are accepted.The
delete
section specifies UUID’s of other users, whose already established links to the current session’s user will be abandoned.- wrong-invitation: There was an invitation identifier string in the
/api/phone¶
-
GET
/api/phone
¶ Get a list of (system-managed) phone numbers associated with current user
Response body example
{ "phone": { "+492216698712": { "announcement": { "uuid": "1de7257a-4f34-11e0-ab6e-0024e8f90cc0", "description": "John's personal announcement" }, "dialplan_enable": false, "call_enable": false, "fax_enable": true, "recording_enable": true, "play_announcement_only": false, "conference_enable": true, "notification_email": true, "notification_attachment": true, "on_hold_music": null }, "+492211110004": { "dialplan_enable": true, "call_enable": false, "fax_enable": false, "recording_enable": false, "play_announcement_only": false, "conference_enable": false, "notification_email": true, "notification_attachment": false, "partner": "mypartner", "on_hold_music": null }, "+492118888888": { "dialplan_enable": false, "call_enable": false, "fax_enable": true, "recording_enable": true, "play_announcement_only": false, "conference_enable": true, "notification_email": false, "notification_attachment": false, "unlock_code": "7649" "on_hold_music": null }, "+492118888899": { "dialplan_enable": false, "call_enable": false, "fax_enable": false, "recording_enable": false, "play_announcement_only": false, "conference_enable": false, "notification_email": false, "notification_attachment": false, "ivr": "ce19884c-8fed-11e2-93fe-0024e8f90cc2" "on_hold_music": null }, "+492118888999": { "dialplan": "215a5977-7835-47ed-8795-e9da0540074c", "dialplan_enable": false, "call_enable": false, "fax_enable": false, "recording_enable": false, "play_announcement_only": false, "conference_enable": false, "notification_email": false, "notification_attachment": false, "notification_email": false, "notification_attachment": false, "on_hold_music": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", } } }
The
phone
section lists the phone numbers associated with the current session’s user.The
announcement
element exists if an associated announcement is present.The
partner
element exists if the phone number is controlled by the partner.The
ivr
field points to an “Interactive Voice Response API” object that is associated with this phone number.If an
unlock_code
field is present, it signals that the corresponding number is reserved, but still inactive. It must be unlocked by calling the number and entering theunlock_code
(DTMF).The
on_hold_music
field is eithernull
or the UUID of an announcement that should be used as the On-Hold-Music for this number.
-
POST
/api/phone
¶ Modify current user’s phone configuration
Request body example
{ "create": true, "update": { "+492216698712": { "announcement": "1de7257a-4f34-11e0-ab6e-0024e8f90cc0", "conference_enable": false, "notification_email": true, "notification_attachment": true }, "+491796548354": { "announcement": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "dialplan_enable": false, "call_enable": false, "fax_enable": true, "recording_enable": true, "play_announcement_only": true, "conference_enable": false, "notification_attachment": false, "ivr": "ce19884c-8fed-11e2-93fe-0024e8f90cc2" }, "+492118888899": { "dialplan": "215a5977-7835-47ed-8795-e9da0540074c", "notification_email": false, "notification_attachment": false "on_hold_music": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1" } }, "delete": [ "+492211110004", "+492211110006" ] }
JSON Parameters: - phonenumber –
^\\+[0-9]{3,20}$
- ivr –
UUID | null
UUID
- associate this IVR to the phonenull
- remove the IVR field from the phone
Response body example
{ "+492118888888": { "unlock_code": "7649" } }
Status: - pool-depleted: There was a request to create a new phone number, but there are no more numbers available in the user’s area code
- address-missing: There was a request to create a new phone number, but there were no
verified address information entered (
POST /api/user
&POST /api/user/idcard
) . - phone-limit: There was a request to create a new phone number, but the maximum amount of numbers for this users has been reached.
- wrong-phone: The phone number referenced in the update section does not belong to the user.
- wrong-announcement: The given announcement does not exist or is not accessible by the current user
- wrong-dialplan: The given dialplan does not exist or is not accessible by the current user
- concurrent-access: There is another request to create a new phone number running in parallel
- phone-forbidden: This user has no rights to create new phone numbers
A new number is added to the user’s list of system-maintained phone numbers and will be automatically chosen from a internal pool of available phone numbers for the users
area_code
ifcreate
istrue
. Numbers can only be requested after a valid address is entered withPOST /api/user
. The returned number is reserved for the user but inactive. In order to activate the number, it must be called and theunlock_code
must be entered via DTMF.The phone numbers in the
update
section of the request body are modified in the current user’s phone data. If no announcement is given in this section, an existing announcement binding is deleted.The phone numbers in the
delete
section are deleted from the user’s phone data.The
dialplan_enable
,call_enable
,fax_enable
,conference_enable
andrecording_enable
elements in the create and update sections are all optional (dialplan_enable
andcall_enable
default tofalse
, all other switches default totrue
).Any combination of the
*_enable
switches is possible; howeverdialplan_enable
takes priority, i.e. ifdialplan_enable
istrue
, the setting ofcall_enable
,fax_enable
,conference_enable
andrecording_enable
is ignored for that number. The call API (call_enable
) will only work ifcall_enable
is the only switch that istrue
.The
dialplan
field enables the “Dialplan v2” feature for this number. Setting the field tonull
will disable the feature, setting it to the UUID of a “Dialplan v2” object will enable it. This field has priority over all other phone flags. SeePOST /api/dialplan/v2
for further information.The
ivr
is activated only ifcall_enable
anddialplan_enable
are disabled.The
play_announcement_only
field is optional and defaults tofalse
. If set totrue
, the system will not record a voice message after the announcement has been played in voice recorder mode.The
notification_email
andnotification_attachment
elements in the create and update sections are optional (defaultfalse
).For a given user, only one request to create a new phone number might be running in parallel. If multiple requests are issued at the same time, some will return a
concurrent-access
status.The
on_hold_music
field should be eithernull
or the UUID of an announcement that will be used as the On-Hold-Music for this number.- phonenumber –
/api/tag¶
-
GET
/api/tag
¶ Get list of tags associated with current user
Response body example
{ "tag": { "1de7257a-4f34-11e0-ab6e-0024e8f90cc0": { "owner": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "label": "private", "foreign_use": true, "policy": { "1de7257a-4f34-11e0-ab6e-0024e8f90cc1": 4, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": 2, "1d444444-4f34-11e0-ab6e-0024e8f90cc1": 3 } }, "1de1227a-4f34-11e0-ab6e-0024e8f90cc1": { "owner": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "label": "Q-loud Team", "foreign_use": false, "policy": { "1de7257a-4f34-11e0-ab6e-0024e8f90cc1": 4, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": 1, "1d444444-4f34-11e0-ab6e-0024e8f90cc1": 1 } } } }
The
tag
section lists all tags that are visible for the current session’s user. This includes tags that are owned by the user and tags from other user’s where the current user has some sort of access privileges. The result does not include the user’s system tags and the user’s share tags.
-
POST
/api/tag
¶ Create a new tag for the current user.
Request body example
{ "label": "Project X", "foreign_use": true, "policy": { "1de1227a-4f34-11e0-ab6e-0024e8f90cc1": 1, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": 2, "1d444444-4f34-11e0-ab6e-0024e8f90cc1": 3 } }
JSON Parameters: - label –
^.{1,50}$
Text label of this tag
Response body example
{ "uuid": "1de7257a-4f34-11e0-ab6e-0024e8f90cc0" }
Status: - wrong-user: One of the given user UUIDs is unknown or has no link with the current user
In the
policy
section, a mapping of other users UUIDs to access privileges is defined.The policy levels are:
1
(read): user has read access to objects tagged with this tag2
(write): user has read and write access to objects tagged with this tag3
(propagate): user has read and write access to objects tagged with this tag, and may re-tag the object, possibly granting access rights to other users4
(owner): user is the owner of that tag, and has full permissions on any object carrying the tag (in respect to the object, this is equivalent to policy level 3)
The API call returns the UUID of the created tag.
- label –
-
GET
/api/tag/
(uuid)¶ Get information for tag
uuid
Response body example
{ "owner": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "label": "Project X", "foreign_use": true, "policy": { "1de1227a-4f34-11e0-ab6e-0024e8f90cc1": 1, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": 2, "1d444444-4f34-11e0-ab6e-0024e8f90cc1": 3 } }
Status: - wrong-tag: The given UUID does not match to a tag accessible by the current user
This API cannot be used to request detail information for one of the user’s system tags or share tags (because
label
,foreign_use
andpolicy
do not make sense in the context of those tags).
-
POST
/api/tag/
(uuid)¶ Modify tag
uuid
Request body example
{ "label": "Project X", "foreign_use": false, "policy": { "update": { "1de1227a-4f34-11e0-ab6e-0024e8f90cc1": 3, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": 2 }, "delete": [ "1d444444-4f34-11e0-ab6e-0024e8f90cc1" ] } }
JSON Parameters: - label –
^.{1,50}$
Text label of this tag
Response body example
{}
Status: - wrong-tag: The given UUID does not match to a tag accessible by the current user
- wrong-user: One of the given user UUIDs is unknown or has no link with the current user
- access-denied: The user is not the owner of the specified tag
All fields in the request body are optional to allow a subset of fields to be updated. Users listed in the
update
section are added to or modified in thepolicy
list of this tag, users listed in thedelete
section are deleted from thepolicy
list.System tags and share tags cannot be modified using this API call.
- label –
-
DELETE
/api/tag/
(uuid)¶ Delete tag
uuid
Response body example
{}
Status: - wrong-tag: The given UUID does not match to a tag accessible by the current user
- access-denied: The user is not the owner of the specified tag
System tags and share tags cannot be deleted using this API call.
-
GET
/api/tag/
(uuid)/object
¶ Get objects tagged with the tag <uuid>
Query Parameters: - filter – optional: one of {fax, recording, announcement, contact, conference, volume, box, ipquality, presentation, sensor, xobject}
- from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the UUID of the first object to return, exclusive, i.e. the object with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: If set to
asc
(default), objects are returned in time ascending order (i.e. starting with from or start and ending with stop).If set to
desc
, objects are returned in time descending order (i.e. starting with to or start and ending with from). - count – optional, default
10
: limits the number of returned objects (valid range:1...500
) - tag – optional, a comma-separated list of additional tag UUIDs that also need
to be present on the objects that this query will return. This
effectively forms a logical
AND
query for objects with multiple tags. - search – optional, a search string containing words that must be present in the content of the objects this query will return. This feature is used to implement a full-text search within tags.
Response body example
{ "object": { "550e8400-e29b-41d4-a716-446655440000": { "type": "recording", "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 24532354234, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ], "description": "Ein Anruf von Herrn Mueller", "from": "+492421848484", "to": "+492216698123" }, "550e8421-e29b-41d4-a716-446655440001": { "type": "fax", "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "tag": [ "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0", "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "97d3a606-a961-11e0-9a43-0024e8f90cc0" ], "description": "Versicherungsvertrag Hausrat", "page_count": 12 }, "12322321-e29b-41d4-a716-446655440001": { "type": "contact", "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 22634544573, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0" ], "firstname": "Dirk", "lastname": "Mueller" }, "6546565-e29b-41d4-a716-446655440001": { "type": "announcement", "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 22436234323, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0", "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "97d3a606-a961-11e0-9a43-0024e8f90cc0", "9e7c3b80-a961-11e0-b40e-0024e8f90cc0" ], "description": "Meine Standardansage" }, "c1497ba2-926c-11e0-973a-0024e8f90cc0": { "type": "conference", "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 22436292746, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "97d3a606-a961-11e0-9a43-0024e8f90cc0", "9e7c3b80-a961-11e0-b40e-0024e8f90cc0" ], "description": "Unser t\u00e4gliches Kaffeekr\u00e4nzchen", "active": true, "pin": "4711" } } }
Status: - wrong-tag: The given UUID does not match to tag accessible by the current user
/api/trash¶
-
DELETE
/api/trash
¶ Purge the trash. All objects in the trash will be permanently deleted.
Response body example
{}
/api/object¶
-
POST
/api/object/
(uuid)/tag
¶ Modify tag attachments of object
uuid
Request body example
{ "add": [ "3da40b94-591b-11e0-9d92-0024e8f90cc0", "43bd397e-591b-11e0-a47e-0024e8f90cc0" ], "delete": [ "4d4f6606-591b-11e0-81f3-0024e8f90cc0", "53190e02-591b-11e0-be0c-0024e8f90cc0" ] }
Response body example
{}
Status: - wrong-object: The given UUID does not match to an object accessible by the current user
- wrong-tag: One of the given UUIDs does not match a tag accessible by the current user
- access-denied: The user does not have sufficient privileges on the object (not the owner and no propagate rights, or the object is in trash and the request operation does something else than remove the trash tag)
- already-tag: A tag listed in the
add
section is already attached to the object - no-tag: A tag listed in the
delete
section is not attached to the object
Tags listed in the
add
section are attached to the object, those listed in thedelete
section are detached from it.If an object has the trash tag, then the only valid tag modification is the deletion of the trash tag. This operation effectively “undeletes” the object.
-
GET
/api/object/
(uuid)/comment
¶ Get comments of object
uuid
Query Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start – optional: the UUID of the first object to return, exclusive, i.e. the
comment with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order – optional: If set to
asc
(default), objects are returned in time ascending order (i.e. starting with from or start and endin If set todesc
, objects are returned in time descending order (i.e. starting with to or start and ending with from). - count – optional, default
10
: limits the number of returned objects (valid range:1...500
)
Response body example
{ "comment": { "36b7bbf4-591c-11e0-a7e3-0024e8f90cc0": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 2598392983, "text": "This is a comment" }, "54512f9c-591c-11e0-8085-0024e8f90cc0": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 2498234333, "text": "Another comment" } } }
Status: - wrong-object: The given UUID does not match to an object accessible by the current user
Comments in the
comment
section are keyed by their UUID and appear ordered with ascending creating time.
-
POST
/api/object/
(uuid)/comment
¶ Create a comment for the object
uuid
Request body example
{ "text": "This is just another comment" }
JSON Parameters: - text –
^.{1,1000}$
Response body example
{ "uuid": "550e8400-e29b-41d4-a716-446655440001" }
Status: - wrong-object: The given UUID does not match to an object accessible by the current user
The call returns the UUID of the created comment.
- text –
-
POST
/api/comment/
(uuid)¶ Modify the comment
uuid
Request body example
{ "text": "This is just another comment" }
JSON Parameters: - text –
^.{1,1000}$
Response body example
{}
Status: - wrong-comment: The given UUID does not match to a comment accessible by the current user
- access-denied: The user is not the owner of the specified comment
- text –
-
DELETE
/api/comment/
(uuid)¶ Delete the comment <uuid>
Response body example
{}
Status: - wrong-comment: The given UUID does not match to a comment accessible by the current user
- access-denied: The user is neither the owner of the specified comment nor the owner of the object that this comment refers to
-
GET
/api/object/
(uuid)/link
¶ Get all objects that are linked to object (uuid)
Response body example
{ "link": { "6546565-e29b-41d4-a716-446655440001": { "type": "announcement" }, "c1497ba2-926c-11e0-973a-0024e8f90cc0": { "type": "conference" } } }
Status: - wrong-object: The given <uuid> does not match to an object accessible by the current user
The result will only contain objects that the current user has at least read access for.
-
POST
/api/object/
(uuid)/link/(other-uuid)
¶ Create a connection between object
uuid
and objectother-uuid
Request body example
{}
Response body example
{}
Status: - wrong-object: At least one of the given
uuid
orother-uuid
do not match to an object accessible by the current user - access-denied: The user does not have sufficient privileges on at least one of the
given objects
uuid
andother-uuid
(at least write privileges are required)
To create a link between to objects, write privileges are needed on both objects.
- wrong-object: At least one of the given
-
DELETE
/api/object/
(uuid)/link/(other-uuid)
¶ Delete the connection between object
uuid
and objectother-uuid
Response body example
{}
Status: - wrong-object: The given
uuid
orother-uuid
does not match to an object accessible by the current user - access-denied: The user does not have sufficient privileges on object
uuid
(at least write privileges are required)
- wrong-object: The given
-
GET
/api/object/
(uuid)/metadata
¶ Get the metadata information for object
uuid
.Query Parameters: - keys – optional: a comma-separated list of metadata keys to get information for
- domain – optional: a domain to retrieve metadata for all keys under this domain
Response body example
{ "metadata": { "org.mydomain.firstapp.floor": "basement", "org.mydomain.firstapp.room": "conference room", "com.otherdomain.client.nice": null, "com.otherdomain.client.phonelist": [ "+492216698000", "+492216698999" ], "com.otherdomain.client.timestamp": 1324898273, "com.otherdomain.client.triggers": { "this": true, "that": false } } }
Status: - wrong-object: The given UUID does not match an object accessible to the current user
Within the
metadata
section, the requested metadata information of the object is given in form of a JSON object.Without any URL parameters, the call will retrieve all metadata keys for the specified object. If the
keys
parameter is given, only the metadata elements for the given keys are returned. If thedomain
parameter is given, all metadata elements for keys under this domain (not including the domain as a key itself) are returned. That is, if domain iscom.mycompany
, keys likecom.mycompany.application1.element1
andcom.mycompany.entity2
will be returned, but not the keycom.mycompany
.
-
POST
/api/object/
(uuid)/metadata
¶ Modify or delete metadata information associated with the object
uuid
.Query Parameters: - noevent – optional: if present, don’t generate an
object_metadata
event (see below) - nostore – optional: if present, don’t store the metadata permanently (see below)
Request body example
{ "update": { "com.otherdomain.client.nice": true, "com.otherdomain.client.timestamp": 1324899645 }, "delete": [ "com.otherdomain.client.something" ] }
JSON Parameters: - key –
^[a-z0-9]{2,50}(\\.[a-z0-9]{2,50}){1,10}$
- value – any valid JSON type, maximum length: 100KB
Response body example
{}
Status: - too-large: At least metadata value is too big (100 KB maximum size limit)
- wrong-object: The given UUID does not match an object accessible to the current user
- access-denied: The user does not have sufficient privileges on the object (at least write privileges are required)
The metadata keys listed in the
update
section are updated in the database (or added if they don not currently exist).The metadata keys listed in the
delete
section are delete from the database.To avoid conflicts between different applications that might otherwise use the same metadata keys, metadata keys must have the form of a reverse Internet domain, possibly extended with customer-chose domain elements. Applications are encouraged to use officially registered domains for the first part of their metadata key, like
com.mycompany.application1.element1
.By default, the modification of the object’s metadata will generate a
object_metadata
event that is sent towards all users that have access to the object. This behavior can be suppressed by including thenoevent
parameter in the request URL.If the request URL includes the
nostore
parameter, the given metadata will not be stored to the database (i.e. the contents can not be retrieved withGET /api/object/(uuid)/metadata
afterwards). This is useful if the desired behavior is to create theobject_metadata
event only.- noevent – optional: if present, don’t generate an
/api/fax¶
-
POST
/api/fax
¶ Create a new fax object
Request body example
{ "description": "A description text" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this fax
Response body example
{ "uuid": "ca9a612c-591d-11e0-a7c8-0024e8f90cc0" }
The UUID of the new fax is returned.
- description –
-
GET
/api/fax/
(uuid)¶ Get information about fax
uuid
Response body example
{ "fax": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "Versicherungsvertrag Hausrat", "page_count": 12, "x_res": 203, "y_res": 98, "status": "ok", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ], "report": { "7b149600-5921-11e0-b85f-0024e8f90cc0": { "incoming": true, "from": "+492216689711", "to": "+492216689712", "time_start": 2128383234, "time_end": 2128384351, "status": "ok", "sip_status_code": 200, "fax_error_code": 0 }, "882b6418-5921-11e0-bb15-0024e8f90cc0": { "incoming": false, "from": "+492216689712", "to": "+4925328372322", "time_start": 2128383234, "status": "transmit" } } } }
Status: - wrong-fax: The given UUID does not match a fax accessible by the current user
The
status
field in the fax section can have the following values:record
: Fax is being received. No contents are present yet.ok
: Fax contents availableconvert
: Fax is being converted (upload). No contents are present yet.empty
: Fax has no contents availablefail
: Fax or fax upload has failed, no contents available
The
page_count
,x_res
andy_res
fields will not show if the fax doesn’t (yet) have a content. In the report section, the followingstatus
fields are possible:dial
: The destination is dialled (outgoing fax only)transmit
: The fax is transmittingok
: The fax was transmitted successfullyfail
: Fax transmission failedcancel
: Fax transmission was cancelled by the user (outgoing fax only)busy
: Fax transmission failed because opposite site is busy (outgoing fax only)error
: Fax cannot be delivered because of an internal error
The
sip_status_code
field is optional and, if present, delivers information about the status of the underlying telephone call. Likewise, thefax_error_code
, if present, gives detailed information about the T.38 fax transaction.Depending on the
status
, thetime_end
field in thereport
section may or may not be present.The
report
section is keyed by the fax report UUID and ordered by time.
-
POST
/api/fax/
(uuid)¶ Modify fax
uuid
Request body example
{ "description": "A description text" }
JSON Parameters: - description –
^.{0,200}$
a short description of this fax
Response body example
{}
Status: - wrong-fax: The given UUID does not match a fax accessible by the current user
- access-denied: The user does not have sufficient privileges on the fax (at least write privileges are required)
- description –
-
DELETE
/api/fax/
(uuid)¶ Delete the fax <uuid>
Query Parameters: - purge – optional: if present, delete this fax permanently (do not move to trash)
Response body example
{}
Status: - wrong-fax: The given UUID does not match a fax accessible by the current user
- access-denied: The user does not have sufficient privileges on the fax (at least write privileges are required)
-
GET
/api/fax/
(uuid)/
(page)/
(xxx).png
¶ Get contents of page
page
of faxuuid
in PNG formatResponse body example
The contents of page <page> of the fax in PNG format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the fax
uuid
. For more information on file download authentication, see Authentication for file downloads.
-
GET
/api/fax/
(uuid)/
(xxx).pdf
¶ Get contents of fax
uuid
in PDF formatQuery Parameters: - inline – optional: if present, the response will include an HTTP
Content-Disposition
header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The contents of the fax in PDF format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the fax
uuid
. For more information on file download authentication, see Authentication for file downloads.- inline – optional: if present, the response will include an HTTP
-
POST
/api/fax/
(uuid)/
(xxx).pdf
¶ Post fax
uuid
contents in PDF format (xxx
is an arbitrary name)Query Parameters: - orientation – optional: if set to landscape, the contents will be rotated 90 degrees before being rendered into a fax
- mode – optional: if set to photo, the document will be rastered instead of simply being converted to black and white
Request body
The fax contents in PDF format.
Response body example
{}
Status: - wrong-fax: The given UUID does not match a fax accessible by the current user
- access-denied: The user does not have sufficient privileges on the fax (at least write privileges are required)
- wrong-state: The contents of this fax cannot be changed, because it is an incoming fax or because it was already transmitted to some destination
- too-large: The contents are too large to be handled by the system
- malformed-file: The content is malformed.
xxx
is a file name arbitrarily chosen by the user agent. After the contents are received, the PDF file is converted and the contents of the fax are updated.
-
GET
/api/fax/
(uuid)/
(xxx).tif
¶ Get contents of fax
uuid
in TIF formatQuery Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The contents of the fax in TIF format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the fax
uuid
. For more information on file download authentication, see Authentication for file downloads.
-
POST
/api/fax/
(uuid)/send
¶ Send the fax
uuid
out to a destination (i.e., queue fax transmission)Request body example
{ "from": "+492216698123", "to": "+492216698711" }
JSON Parameters: - from –
^\+[0-9]{3,20}$
- to –
^\+[0-9]{3,20}$
- fax_ident –
^[\+ 0-9]{0,20}$
Optional; the fax transmitting station ID (TSI)
- fax_header –
^.{0,40}$
Optional; a fax header line printed to the top of the page
Response body example
{ "uuid": "b2f2a27e-5921-11e0-b923-0024e8f90cc0" }
Status: - wrong-fax: The given UUID does not match a fax accessible by the current user
- access-denied: The user does not have sufficient privileges on the fax (at least write privileges are required)
- wrong-phone: The phone number in the
from
field does not match one of the user’s phone numbers in the system - locked-phone: The phone number in the
from
field has not yet been unlocked - quota-exceeded: The send operation would exceed the user’s quota
- no-content: The fax does not have any content to be sent
- forbidden-to: Invalid attempt to send to a “expensive” or “premium” number using a “free” user account
The call returns the UUID of the outgoing fax report.
- from –
-
GET
/api/fax/(fax-uuid)/report/(report-uuid)/
(xxx).pdf
¶ Get a fax sender report in PDF format for the given fax
fax-uuid
and faxreportreport-uuid
.Query Parameters: - inline – optional: if present, the response will include an HTTP
Content-Disposition
header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The contents of the fax report in PDF format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the fax report
report-uuid
. For more information on file download authentication, see Authentication for file downloads.- inline – optional: if present, the response will include an HTTP
/api/recording¶
-
GET
/api/recording/
(uuid)¶ Get information about recording
uuid
Response body example
{ "recording": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "Anruf Herr Mueller", "from": "+492216689712", "to": "+492216689711", "status": "ok", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-recording: The given UUID does not match a recording accessible by the current user
In the
recording
section, the followingstatus
fields are possible:record
: The recording is just being recorded (in progress). No contents are present yet.ok
: Recording was successful, contents availableconvert
: Recording is being converted (upload). No contents are present yet.empty
: Recording was successful, only silence detected, no contents availablefail
: Recording failed for some reason, no contents available
-
POST
/api/recording/
(uuid)¶ Modify recording
uuid
Request body example
{ "description": "A description text" }
JSON Parameters: - description –
^.{0,200}$
a short description of this recording
Response body example
{}
Status: - wrong-recording: The given UUID does not match a recording accessible by the current user
- access-denied: The user does not have sufficient privileges on the recording (at least write privileges are required)
- description –
-
DELETE
/api/recording/
(uuid)¶ Delete recording
uuid
Query Parameters: - purge – optional: if present, delete this recording permanently (do not move to trash)
Response body example
{}
Status: - wrong-recording: The given UUID does not match a recording accessible by the current user
- access-denied: The user does not have sufficient privileges on the recording (at least write privileges are required)
-
GET
/api/recording/
(uuid)/
(xxx).wav
¶ Get the recording
uuid
contents in WAV format (xxx
is an arbitrary name)Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The recording in WAV format on success, or HTTP 404 without response body on failure.
This API is eligible for use with the session’s download id (did). In this case, the object UUID is the recording
uuid
. For more information on file download authentication, see Authentication for file downloads.
-
GET
/api/recording/
(uuid)/
(xxx).ogg
¶ Get the recording
uuid
contents in Ogg Vorbis format (xxx
is an arbitrary name)Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The recording in Ogg Vorbis format on success, or HTTP 404 without response body on failure.
This API is eligible for use with the session’s download id (did). In this case, the object UUID is the recording
uuid
. For more information on file download authentication, see Authentication for file downloads.
/api/announcement¶
-
POST
/api/announcement
¶ Create a new announcement object
Request body example
{ "description": "A description text" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this announcement
Response body example
{ "uuid": "62f85b4e-5924-11e0-a8ae-0024e8f90cc0" }
The UUID of the new announcement is returned.
- description –
-
GET
/api/announcement/
(uuid)¶ Get information about announcement
uuid
Response body example
{ "announcement": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "Meine Standardansage", "status": "ok", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
In the
announcement
section, the followingstatus
fields are possible:record
: The announcement is just being recorded (in progress). No contents are present yet.ok
: Announcement was successful, contents availableconvert
: Announcement is being converted (upload). No contents are present yet.empty
: Announcement was successful, only silence detected, no contents availablefail
: Announcement failed for some reason, no contents available
-
POST
/api/announcement/
(uuid)¶ Modify announcemet
uuid
Request body example
{ "description": "A description text" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this announcement
Response body example
{}
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
- access-denied: The user does not have sufficient privileges on the announcement (at least write privileges are required)
- description –
-
DELETE
/api/announcement/
(uuid)¶ Delete announcement
uuid
Query Parameters: - purge – optional: if present, delete this announcement permanently (do not move to trash)
Response body example
{}
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
- access-denied: The user does not have sufficient privileges on the announcement (at least write privileges are required)
-
GET
/api/announcement/
(uuid)/
(xxx).wav
¶ Get the announcement
uuid
contents in WAV format (xxx
is an arbitrary name)Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The announcement in WAV format on success, or HTTP 404 without response body on failure.
This API is eligible for use with the session’s download id (did). In this case, the object UUID is the announcement <uuid>. For more information on file download authentication, see Authentication for file downloads.
-
GET
/api/announcement/
(uuid)/
(xxx).ogg
¶ Get the announcement <uuid> contents in Ogg Vorbis format (<xxx> is an arbitrary name)
Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The announcement in Ogg Vorbis format on success, or HTTP 404 without response body on failure.
This API is eligible for use with the session’s download id (did). In this case, the object UUID is the announcement <uuid>. For more information on file download authentication, see Authentication for file downloads.
-
POST
/api/announcement/
(uuid)/
(xxx).wav
¶ Upload the announcement
uuid
in WAV formatRequest body
The announcement contents in WAV format
Response body example
{}
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
- access-denied: The user does not have sufficient privileges on the announcement (at least write privileges are required)
- too-large: The contents are too large to be handled by the system
- malformed-file: The content is malformed.
xxx
is a file name arbitrarily chosen by the user agent. After the contents are received, the WAV file is converted and the contents of the announcement is updated.
-
POST
/api/announcement/
(uuid)/
(xxx).ogg
¶ Upload the announcement
uuid
in Ogg Vorbis formatRequest body
The announcement contents in Ogg Vorbis format
Response body example
{}
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
- access-denied: The user does not have sufficient privileges on the announcement (at least write privileges are required)
- too-large: The contents are too large to be handled by the system
- malformed-file: The content is malformed.
xxx
is a file name arbitrarily chosen by the user agent. After the contents are received, the Ogg Vorbis file is converted and the contents of the announcement is updated.
-
POST
/api/announcement/
(uuid)/text2speech
¶ Upload the announcement
uuid
in text format.Request body example
{ "text": "Hello to Johns mailbox.", "locale": "en-GB" }
JSON Parameters: - text –
^.{1,5000}$
the text of this announcement
- locale –
^(de-DE|en-GB|en-US|es-ES|fr-FR|it-IT)$
optional, default
de-DE
: the language of text
Response body example
{}
Status: - wrong-announcement: The given UUID does not match an announcement accessible by the current user
- access-denied: The user does not have sufficient privileges on the announcement (at least write privileges are required)
- text –
/api/contact¶
-
POST
/api/contact
¶ Create a new contact object
Request body example
{ "firstname": "Peter", "lastname": "Mueller" }
JSON Parameters: - firstname – ^.{1,50}$`
- lastname – ^.{1,50}$`
Response body example
{ "uuid": "f2e1f97c-592e-11e0-8d4a-0024e8f90cc0" }
The UUID of the newly created contact object is returned.
-
GET
/api/contact/
(uuid)¶ Get information about contact
uuid
Response body example
{ "contact": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "firstname": "Peter", "lastname": "Mueller", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ], "entry": { "98b62706-9269-11e0-8ef6-0024e8f90cc0": { "type": "phone", "scope": "business", "value": "+492216698100" }, "da084df6-9269-11e0-88e3-0024e8f90cc0": { "type": "email", "scope": "private", "value": "hans@wurst.de" }, "b3dbdf94-9269-11e0-bf32-0024e8f90cc0": { "type": "other", "scope": "private", "key": "Haarfarbe", "value": "schwarz" } } } }
Status: - wrong-contact: The given UUID does not match a contact accessible by the current user
-
POST
/api/contact/
(uuid)¶ Modify the contact
uuid
Request body example
{ "firstname": "Peter", "lastname": "Mueller", "create": [ { "type": "phone", "scope": "business", "value": "+492216698100" } ], "update": { "98b62706-9269-11e0-8ef6-0024e8f90cc0": { "type": "phone", "value": "+492216698200" }, "b3dbdf94-9269-11e0-bf32-0024e8f90cc0": { "type": "other", "scope": "private", "key": "Strandkorb-Nr.", "value": "42a" } }, "delete": [ "da084df6-9269-11e0-88e3-0024e8f90cc0" ] }
JSON Parameters: - firstname –
^.{1,50}$
- lastname –
^.{1,50}$
- type –
^phone|mobile|fax|email|address|other$
- scope –
^private|business$
- key –
^.{,100}$
(only for type other) - value –
^\\+[0-9]{3,20}$
(type phone, mobile, fax)valid email address
(type email)^.{,100}$
(type address, other)
Response body example
{ "create": [ "04056934-926c-11e0-97ef-0024e8f90cc0" ] }
Status: - wrong-contact: The given UUID does not match a contact accessible by the current user
- access-denied: The user does not have sufficient privileges on the contact (at least write privileges are required)
Newly created entries must have all fields
type
,scope
,key
(only for typeother
) andvalue
.Modified entries must have at least the fields
type
,key
(only for typeother
) andvalue
.The
create
section of the response lists the member UUIDs for the newly created members (create
section of the request).- firstname –
-
DELETE
/api/contact/
(uuid)¶ Modify the contact
uuid
Query Parameters: - purge – optional: if present, delete this contact permanently (do not move to trash)
Response body example
{}
Status: - wrong-contact: The given UUID does not match a contact accessible by the current user
- access-denied: The user does not have sufficient privileges on the contact (at least write privileges are required)
/api/conference¶
-
POST
/api/conference
¶ Create a new conference object
Request body example
{ "description": "Konferenzraum f\u00fcr Team-Besprechung", "pin": "4711", "active": true, "mute_default": true }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this announcement
- pin –
^[0-9]{4}$
The authentication code (PIN) to access the conference
- active –
true|false
If true, participants can join the conference
- mute_default –
true|false
optional: if true, participants joining the conference are muted by default
Response body example
{ "uuid": "2d4d09e0-85de-11e0-844e-0024e8f90cc0" }
Status: - duplicate-pin: The PIN is already assigned to another conference object of this user
The UUID of the newly created conference object is returned.
- description –
-
GET
/api/conference/
(uuid)¶ Get information about conference
uuid
Response body example
{ "conference": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145373, "description": "Konferenzraum f\u00fcr Team-Besprechung", "pin": "4711", "active": true, "mute_default": false, "phone": [ "+492216698000", "+493029819232" ], "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-conference: The given UUID does not match a conference accessible by the current user
-
POST
/api/conference/
(uuid)¶ Modify the conference
uuid
Request body example
{ "description": "Konferenzraum f\u00fcr Kaffeekr\u00e4nzchen", "pin": "4712", "active": false, "mute_default": false }
JSON Parameters: - description –
^.{0,200}$
A short description of this conference
- pin –
^[0-9]{4}$
The authentication code (PIN) to access the conference
- active –
true\|false
If true, participants can join the conference
- mute_default –
true\|false
optional: if true, participants joining the conference are muted by default
Response body example
{}
Status: - wrong-conference: The given UUID does not match a conference accessible by the current user
- access-denied: The user does not have sufficient privileges on the conference (at least write privileges are required)
- duplicate-pin: The PIN is already assigned to another conference object of this user
All fields in the request are optional.
- description –
-
DELETE
/api/conference/
(uuid)¶ Delete conference
uuid
Query Parameters: - purge – optional: if present, delete this conference permanently (do not move to trash)
Response body example
{}
Status: - wrong-conference: The given UUID does not match a conference accessible by the current user
- access-denied: The user does not have sufficient privileges on the conference (at least write privileges are required)
-
GET
/api/conference/
(uuid)/event
¶ Subscribe the current session to the event channel of the given conference
Response body example
{ "busy": true }
Status: - wrong-conference: The given UUID does not match a conference accessible by the current user
This API call will subscribe the current session to the detailed events of the given conference. The events themselves will be delivered by the
GET /api/event
interface.If the conference has active participants, the
busy
field will betrue
, and the server is supposed to send aconference_status
event shortly after receiving this subscription, so that the client can catch up with the current conference state.If
busy
isfalse
, then the conference does not have active participants, however the detailed event subscription still takes place, and conference events will start to flow as soon as the first participant enters the conference.
-
DELETE
/api/conference/
(uuid)/event
¶ Cancel the subscription of the current session to the event channel of the given conference
Response body example
{}
Status: - wrong-conference: The given UUID does not match a conference accessible by the current user
This API call will stop the flow of conference detail events to the current session.
-
POST
/api/conference/
(uuid)/member
¶ Modify conference member state
Request body example
{ "update": { "9fe1cc2a-8ab6-11e0-b368-0024e8f90cc0": { "user": "2d07f7be-8abc-11e0-8166-0024e8f90cc0", "mute": true, "deaf": false, "volume_in": 1, "volume_out": -1 }, "b1439c46-8ab6-11e0-acdc-0024e8f90cc0": { "mute": false } }, "delete": [ "22731d12-8b6e-11e0-9f8c-0024e8f90cc0", "23980df6-8b6e-11e0-b616-0024e8f90cc0" ] }
Response body example
{}
Status: - conference-offline: The conference is currently offline, so the action cannot be delivered
- wrong-conference: The given UUID does not match a conference accessible by the current user
- access-denied: The user does not have sufficient privileges on the conference (at least write privileges are required)
The
update
section lists the member UUIDs whose properties are to be modified. All fields within a specific conference member are optional, only those that contain properties to be modified should be present.The
user
field is used to associate a conference participant with a system user.A participant can be muted (i.e., the conference cannot hear what she says) by setting the
mute
field totrue
, or made deaf (i.e., she cannot hear the conference) by setting thedeaf
field totrue
.Volume levels for the participant can be set from
-4
to4
, whereas0
is the default level.The
delete
section lists the member UUIDs to be kicked from the conference.
/api/volume¶
-
POST
/api/volume
¶ Create a new volume object
Request body example
{ "description": "files for project X" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this volume
Response body example
{ "uuid": "2d4d09e0-85de-11e0-844e-0024e8f90cc0" }
The UUID of the newly created volume object is returned.
- description –
-
GET
/api/volume/
(uuid)¶ Get information about volume
uuid
Response body example
{ "volume": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145373, "description": "files for project X", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
-
POST
/api/volume/
(uuid)¶ Modify volume
uuid
Request body example
{ "description": "files and more for project Y" }
JSON Parameters: - description –
^.{0,200}$
A short description of this volume
Response body example
{}
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
All fields in the request are optional.
- description –
-
DELETE
/api/volume/
(uuid)¶ Delete volume
uuid
Query Parameters: - purge – optional: if present, delete this volume permanently (do not move to trash)
Response body example
{}
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
-
POST
/api/volume/
(uuid)/folder
¶ Create a new folder in volume
uuid
Request body example
{ "name": "temp_files", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373 }
JSON Parameters: - name –
valid file name
The name of the folder
- parent –
UUID
The UUID of the parent folder, or, if the folder is to be created at the root level of the volume, the UUID of the volume itself
- ctime – Optional: the creation time of the folder in seconds-since-epoch, defaults to the current time
- mtime – Optional: the modification time of the folder in seconds-since-epoch, defaults to the current time
Response body example
{ "uuid": "8dfb2e5e-45d5-11e1-962b-0024e8f90cc0", "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-parent: The given parent is not a valid folder in this volume and not the volume itself
- name-exists: The parent folder already contains a file or folder with the given name
The uuid of the newly created folder is returned.
The commit UUID of the operation is returned in the
commit
field.- name –
-
GET
/api/volume/
(uuid)/folder/(folder-uuid)
¶ Get information about folder
folder-uuid
in volumeuuid
. Iffolder-uuid
is the same asuuid
, then the information about the volume’s root folder is returnedResponse body example
{ "name": "some_documents", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0", "content": { "637e470a-45db-11e1-bb2e-0024e8f90cc0": { "name": "letter.pdf", "type": "file", "ctime": 20232142212, "mtime": 21232145373, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0", "size": 386231, "mime_type": "application/pdf", "md5": "92f2e0728cd03376ed13a191734cc065" }, "6540c04a-45db-11e1-b771-0024e8f90cc0": { "name": "picture.png", "type": "file", "ctime": 20232142212, "mtime": 21232145373, "user": "71f79f78-4664-11e1-b5e8-0024e8f90cc0", "size": 4982722, "mime_type": "image/png", "md5": "1ce642b0a3616a60be0dc5651a4abd73" }, "63f0f6b0-45db-11e1-b56b-0024e8f90cc0": { "name": "old", "type": "folder", "ctime": 20232142212, "mtime": 21232145373, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0" } } }
Status: - wrong-volume: The given
uuid
does not match a volume accessible by the current user - wrong-folder: The given
folder-uuid
is not a valid folder in this volume
The
parent
,name
,ctime
,mtime
anduser
fields in the response body will not be present if the requested folder is the root folder of the volume. For files without content, thesize
,mime_type
, andmd5
fields will not be present.- wrong-volume: The given
-
POST
/api/volume/
(uuid)/folder/(folder-uuid)
¶ Modify folder
folder-uuid
within volumeuuid
Request body example
{ "name": "temp_files", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373 }
JSON Parameters: - name –
valid file name
The name of the folder
- parent –
UUID
The UUID of the parent folder, or, if the folder is to be moved to the root level of the volume, the UUID of the volume itself
- ctime – The creation time of the folder in seconds-since-epoch
- mtime – The modification time of the folder in seconds-since-epoch
Response body example
{ "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given
uuid
does not match a volume accessible by the current user - access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-folder: The given
folder-uuid
is not a valid folder in this volume - wrong-parent: The given parent is not a valid folder in this volume and not the volume itself
- name-exists: The parent folder already contains a file or folder with the given name
All fields in the request are optional. If the
parent
field is given, the resulting operation is a move of the folder to a new parent folder. If thename
field is given, the resulting operation is a rename of the folder.In contrast to
GET /api/volume/(uuid)/folder/(folder-uuid)
, this operation is only valid on a sub-folder of the volume, not the volume itself (i.e.,folder-uuid
must not be equal touuid
).The commit UUID of the operation is returned in the the
commit
field.- name –
-
DELETE
/api/volume/
(uuid)/folder/(folder-uuid)
¶ Delete folder
folder-uuid
within volumeuuid
.Response body example
{ "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-folder: The given
folder-uuid
is not a valid folder in this volume and not the UUID of volume itself
This operation recursively deletes all folders and files contained in the given folder.
If
folder-uuid
is equal to the volumeuuid
, then all folders and files in the volume are deleted (but not the volume itself).The commit UUID of the operation is returned in the the
commit
field.
-
POST
/api/volume/
(uuid)/file
¶ Create a new file in volume
uuid
Request body example
{ "name": "picture.png", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373 }
JSON Parameters: - name –
valid file name
The name of the file
- parent –
UUID
The UUID of the parent folder, or, if the file is to be created at the root level of the volume, the UUID of the volume itself
- ctime – Optional: the creation time of the file in seconds-since-epoch, defaults to the current time
- mtime – Optional: the modification time of the file in seconds-since-epoch, defaults to the current time
Response body example
{ "uuid": "8dfb2e5e-45d5-11e1-962b-0024e8f90cc0", "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-parent: The given parent is not a valid folder in this volume and not the volume itself
- name-exists: The parent folder already contains a file or folder with the given name
The uuid of the newly created file is returned.
The commit UUID of the operation is returned in the the commit field.
- name –
-
GET
/api/volume/
(uuid)/file/(file-uuid)
¶ Get information about file
file-uuid
in volumeuuid
Response body example
{ "name": "letter.pdf", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0", "size": 386231, "mime_type": "application/pdf", "md5": "92f2e0728cd03376ed13a191734cc065" }
Status: - wrong-volume: The given
uuid
does not match a volume accessible by the current user - wrong-file: The given
file-uuid
is not a valid file in this volume
For files without content, the
size
,mime_type
, andmd5
fields will not be present.- wrong-volume: The given
-
POST
/api/volume/
(uuid)/file/(file-uuid)
¶ Modify file
file-uuid
in volumeuuid
Request body example
{ "name": "picture.png", "parent": "2d4d09e0-85de-11e0-844e-0024e8f90cc0", "ctime": 21232145273, "mtime": 21232145373 }
JSON Parameters: - name –
valid file name
The name of the file
- parent –
UUID
The UUID of the parent folder, or, if the file is to be moved to the root level of the volume, the UUID of the volume itself
- ctime – The creation time of the file in seconds-since-epoch, defaults to the current time
- mtime – The modification time of the file in seconds-since-epoch, defaults to the current time
Response body example
{ "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-file: The given
file-uuid
is not a valid file in this volume - wrong-parent: The given parent is not a valid folder in this volume and not the volume itself
- name-exists: The parent folder already contains a file or folder with the given name
All fields in the request are optional. If the
parent
field is given, the resulting operation is a move of the file to a new parent folder. If thename
field is given, the resulting operation is a rename of the file.The commit UUID of the operation is returned in the the
commit
field.- name –
-
POST
/api/volume/
(uuid)/file/(file-uuid)/
(xxx)¶ Upload file contents of file
file-uuid
in volumeuuid
.xxx
is an arbitrary name chosen by the client.Request body
The file contents
Response body example
{ "size": 386231, "mime_type": "application/pdf", "md5": "92f2e0728cd03376ed13a191734cc065", "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-file: The given
file-uuid
is not a valid file in this volume - quota-exceeded: The upload operation would exceed the user’s quota
- upload-fail: The upload operation failed
The
size
,mime_type
, andmd5
properties of the file will be derived from the content of the upload, stored in the database and returned in the response.The
xxx
is an arbitrary name that can be chosen by the client for convenience. It will not change or set the file’s name as defined by this API.The commit UUID of the operation is returned in the the
commit
field.
-
GET
/api/volume/
(uuid)/file/(file-uuid)/
(xxx)¶ Get file contents of file
file-uuid
in volumeuuid
.xxx
is an arbitrary name chosen by the client.Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body
The file contents, or a HTTP error status (e.g., 404) if the file does not exist or is not accessible.
The
xxx
is an arbitrary name that can be chosen by the client for convenience, for example to select the proposed “download file name” within a browser. It has no influence on which file is selected for download; the file is uniquely addressed by the givenfile-uuid
.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the file’s
file-uuid
. For more information on file download authentication, see Authentication for file downloads.
-
GET
/api/volume/
(uuid)/folder/(folder-uuid)/
(xxx)¶ Get file contents of folder
folder-uuid
in volumeuuid
as a compressed ZIP file, i.e. all files and sub-folders of this folder.xxx
is an arbitrary name chosen by the client.Query Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment. |
Response body
The folder contents as a ZIP file, mime type application/zip, or a HTTP error status (e.g., 404) if the folder does not exist or is not accessible.
The
xxx
is an arbitrary name that can be chosen by the client for convenience, for example to select the proposed “download file name” within a browser (in this case, the extension “.zip” should probably be used to let the user know that the result is actually a ZIP file). It has no influence on which folder is selected for download; the folder is uniquely addressed by the givenfolder-uuid
.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the folder’s
folder-uuid
. For more information on file download authentication, see Authentication for file downloads.
-
DELETE
/api/volume/
(uuid)/file/(file-uuid)
¶ Delete file
file-uuid
within volumeuuid
.Response body example
{ "commit": "a0801fe0-3632-11e3-9f9f-0024e8f90cc0" }
Status: - wrong-volume: The given UUID does not match a volume accessible by the current user
- access-denied: The user does not have sufficient privileges on the volume (at least write privileges are required)
- wrong-file: The given
file-uuid
is not a valid file in this volume
The commit UUID of the operation is returned in the the
commit
field.
-
GET
/api/volume/
(uuid)/commit
¶ Get commit operations for volume
uuid
Query Parameters: - start – optional: the UUID of the first commit entry to return, exclusive, i.e. the entry with an exact match UUID is not returned.
- count – optional, default
10
: limits the number of returned entries (valid range:1...500
) - order – optional: If set to
asc
(default), commit entries are returned in time ascending order. If set todesc
, commit entries are returned in time descending order.
Response body example
{ "commit": [ { "commit": "383a5354-362f-11e3-837a-0024e8f90cc0", "event": "file_new", "time": 21232145372, "file": "8aaf6000-474f-11e1-b0ba-0024e8f90cc0", "volume": "6a8432ec-474f-11e1-8495-0024e8f90cc0", "type": "file", "name": "letter.pdf", "parent": "9e6bde98-474f-11e1-9a62-0024e8f90cc0", "ctime": 20232142212, "mtime": 21232145372, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0" }, { "commit": "400f9be8-362f-11e3-b868-0024e8f90cc0", "event": "file_modify", "time": 21232145373, "file": "8aaf6000-474f-11e1-b0ba-0024e8f90cc0", "volume": "6a8432ec-474f-11e1-8495-0024e8f90cc0", "type": "file", "parent": "d5edfe04-4750-11e1-be06-0024e8f90cc0", "ctime": 20232142212, "mtime": 21232145373, "user": "bc93f42a-45d6-11e1-b856-0024e8f90cc0", "size": 386231, "mime_type": "application/pdf", "md5": "92f2e0728cd03376ed13a191734cc065" }, { "commit": "46bf0e74-362f-11e3-a637-0024e8f90cc0", "event": "file_delete", "time": 2182782840, "file": "8aaf6000-474f-11e1-b0ba-0024e8f90cc0", "volume": "6a8432ec-474f-11e1-8495-0024e8f90cc0" } ] }
Status: - wrong-volume: The given
uuid
does not match a volume accessible by the current user
The commit log of a volume is the amount of all file events, which are stored in the system and can be retrieved with this call, sorted by time according to the order parameter.
Each file event is marked with a commit entry UUID, which serves for time-ordering and can be used as a key for paging through a large set of commit entries with this command by using the start and count parameters. To get the next batch of commit entries, use the last commit UUID as a
start
parameter for the next call of this command.For a detailed description of the entries, refer to the description of the file events in this document (
file_new
,file_modify
,file_delete
). Please note that several fields in the file events are optional, for example the name field will only be present in afile_modify
event if the file was actually renamed.
/api/box¶
-
POST
/api/box
¶ Create a new box object and associates the box with a physical device using the device code.
Request body example
{ "description": "box in office basement", "code": "ABCDE-FGHIJ-KLMNI-OPQRS" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this volume
- code –
^.{10,50}$
the device access code, which is the key to the physical device that will be attached to the new box
Response body example
{ "uuid": "63013ee2-772a-11e1-a9b8-0024e8f90cc0", "device": "64215bea-772a-11e1-ae6c-0024e8f90cc0" }
Status: - wrong-code: The given code does not match an available physical device
- duplicate-box: The device is already linked to an existing box object
The
uuid
field returns the UUID of the newly created box object. Thedevice
field carries the UUID of the device that the box was linked to.- description –
-
GET
/api/box/
(uuid)¶ Get information about box
uuid
Response body example
{ "box": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "box in office basement", "device": "64215bea-772a-11e1-ae6c-0024e8f90cc0", "hw_version": "cospace-box", "sw_version": "001", "ip_addr": "212.202.35.2", "mac_addr": "00:24:e8:f9:0c:c0", "online": true, "license": { "key": "EXAMP-LELIC-ENSEK-EY007", "begin_time": 1356998400, "expire_time": 1388534399 }, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-box: The given UUID does not match a box accessible to the current user
The
device
field carries the UUID of the device associated with the box. Themac_addr
field contains the last known MAC address of the associated device, if any. Theip_addr
field contains the last known IP address of the device, if any. Theonline
field will have a value oftrue
if the box (aka the associated device) is currently connected to the cloud.The
license
section (which will only be present if a license is attached to the box) will contain the license key as well as the license begin and end times (in seconds-since-epoch).
-
POST
/api/box/
(uuid)¶ Modifies box
uuid
, including the possibility to change the underlying physical device.Request body example
{ "description": "new box in office basement", "code": "XYZKL-FGHIJ-KLMNI-OPQRS", "license": "EXAMP-LELIC-ENSEK-EY007" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this volume
- code –
^.{10,50}$
optional: the device access code, which is the key to the new physical device that will be attached to the new box
- license –
^.{10,50}$
optional: a license key to attach to the box
Response body example
{ "device": "828bfe1c-772c-11e1-90f0-0024e8f90cc0" }
Status: - wrong-box: The given UUID does not match a box accessible to the current user
- duplicate-box: The given code is already linked to an existing box object
- access-denied: The user does not have sufficient privileges on the box (at least write privileges are required)
- wrong-code: The given code does not match an available physical device
- wrong-license: The given license key is unknown
The
device
field carries the UUID of the new device that the box was linked to and is only present if the device association was changed during this request.Note that once a license key is attached to a box, it cannot be deleted, only be replaced by another license key.
- description –
-
DELETE
/api/box/
(uuid)¶ Delete box object
uuid
Response body example
{}
Status: - wrong-box: The given UUID does not match a box accessible to the current user
- access-denied: The user does not have sufficient privileges on the box (at least write privileges are required)
The box object is permanently deleted (no trash option) and the association with the physical device is removed.
/api/ipquality¶
-
POST
/api/ipquality
¶ Create a ipquality object
Request body example
{ "description": "data center rack #1", "source": "736f7e1c-772d-11e1-bc19-0024e8f90cc0", "destination": "80334d0e-772d-11e1-b374-0024e8f90cc0", "interval": 10, "duration": 5, "active": true, "dscp": 0, "ptime": 30, "psize": 100 }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this object
- source –
UUID
optional: the UUID of the box that acts as a source for the quality measurements under this object
- destination –
UUID
optional: the UUID of the box that acts as a destination for the quality measurements under this object
- interval –
^[0-9]{1,4}$
the time (in seconds) between the end of a measurement and the start of the next measurement
- duration –
^[1-9][0-9]{1,3}$
the duration of a measurement (in seconds)
- active –
true|false
optional: if
true
, measurements are currently scheduled according to the interval/duration parameters. Defaults tofalse
. - dscp –
0..63
optional: IP DSCP value for the measurement, default
46
- ptime –
10..1000
optional: packetization time (packet rate) in ms, default
20
- psize –
80..2000
optional: IP packet size, default
200
Response body example
{ "uuid": "9a955dbc-772e-11e1-ad02-0024e8f90cc0" }
Status: - wrong-box: The given source or destination do not match to accessible box device (at least read access is needed to the respective box object to create a measurement on that box)
The uuid of the newly created ipquality object is returned.
- description –
-
GET
/api/ipquality/
(uuid)¶ Get information about ipquality object
uuid
Response body example
{ "ipquality": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "data center rack #1", "source": { "box": "736f7e1c-772d-11e1-bc19-0024e8f90cc0", "description": "box in office basement", "device": "64215bea-772a-11e1-ae6c-0024e8f90cc0", "ip_addr": "212.202.35.2", "mac_addr": "00:24:e8:f9:0c:c0", "online": true }, "destination": { "box": "80334d0e-772d-11e1-b374-0024e8f90cc0", "description": "box in the woods", "device": "3c445074-abea-11e1-be9e-0024e8f90cc0", "ip_addr": "92.192.3.45", "mac_addr": "00:c0:e1:12:23:0a" }, "interval": 10, "duration": 5, "active": true, "dscp": 46, "ptime": 20, "psize": 200, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-ipquality: The given UUID does not match a ipquality object accessible to the current user
The
source
anddestination
sections include information about the source and destination box objects for this ipquality measurement. Their respective description, device UUID, IP address and MAC address will always be included (if they exist), regardless if the user has access to the box or not. The online information will only be included if at least read access to the box is possible for the user, because only in this case a status change might later be recognized in form of abox_online
/box_offline
event.
-
POST
/api/ipquality/
(uuid)¶ Modify ipquality object
uuid
Request body example
{ "description": "data center rack #2", "source": "736f7e1c-772d-11e1-bc19-0024e8f90cc0", "destination": "80334d0e-772d-11e1-b374-0024e8f90cc0", "interval": 0, "duration": 10, "active": true, "psize": 150 }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this object
- source –
UUID
optional: the UUID of the box that acts as a source for the quality measurements under this object. To delete the source, this field must be an empty string.
- destination –
UUID
optional: the UUID of the box that acts as a destination for the quality measurements under this object. To delete the destination, this field must be an empty string.
- interval –
^[0-9]{1,4}$
optional: the time (in seconds) between the end of a measurement and the start of the next measurement
- duration –
^[1-9][0-9]{1,3}$
optional: the duration of a measurement (in seconds)
- active –
true|false
optional: if
true
, measurements are currently scheduled according to the interval/duration parameters. - dscp –
0..63
optional: IP DSCP value for the measurement, default
46
- ptime –
10..1000
optional: packetization time (packet rate) in ms, default
20
- psize –
80..2000
optional: IP packet size, default
200
Response body example
{}
Status: - wrong-ipquality: The given UUID does not match a ipquality object accessible to the current user
- access-denied: The user does not have sufficient privileges on the ipquality object (at least write privileges are required)
- wrong-box: The given source or destination do not match to accessible box device (at least read access is needed to the respective box object to create a measurement on that box)
- description –
-
GET
/api/ipquality/
(uuid)/result
¶ Get information about ipquality object <uuid>
Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the UUID of the first result to return, exclusive, i.e. the result with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: If set to
asc
(default), objects are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to
desc
, objects are returned in time descending order (i.e. starting withto
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned objects (valid range:1...1000
)
Response body example
{ "result": { "c7c1e972-7747-11e1-85ea-0024e8f90cc0": { "time": 2598392983, "duration": 10, "source": { "p_s": 500, "p_r": 480, "t_n": 475, "t_min": 13, "t_max": 56, "t_sum": 14970, "t_sq": 311875, "j_n": 465, "j_max": 34, "j_sum": 2413, "j_sq": 11625 }, "destination": { "p_s": 500, "p_r": 480, "t_n": 475, "t_min": 13, "t_max": 56, "t_sum": 14970, "t_sq": 311875, "j_n": 465, "j_max": 34, "j_sum": 2413, "j_sq": 11625 } }, "d8c42a00-7747-11e1-a938-0024e8f90cc0": { "time": 2598392993, "duration": 10, "source": { "p_s": 500, "p_r": 480, "t_n": 475, "t_min": 13, "t_max": 56, "t_sum": 14970, "t_sq": 311875, "j_n": 465, "j_max": 34, "j_sum": 2413, "j_sq": 11625, "l_n": 20, "rfac": 87 }, "destination": { "p_s": 500, "p_r": 480, "t_n": 475, "t_min": 13, "t_max": 56, "t_sum": 14970, "t_sq": 311875, "j_n": 465, "j_max": 34, "j_sum": 2413, "j_sq": 11625, "l_n": 18, "rfac": 79 } } } }
Status: - wrong-ipquality: The given UUID does not match a ipquality object accessible to the current user
Explanation of fields in the source / destination response:
p_s
: number of packets sentp_r
: number of packets receivedp_e
: number of ICMP errorst_n
: number of packets valid for RTT (round-trip time) calculationt_min
: minimum RTT (ms)t_max
: maximum RTT (ms)t_sum
: sum of all RTT values of valid packets (ms)t_sq
: sum of all squared RTT values of valid packets (ms^2)j_n
: number of packets valid for jitter calculationj_max
: maximum jitter (ms)j_sum
: sum of all jitter values of valid packets (ms)j_sq
: sum of all squared jitter value of valid packets (ms^2)l_n
: the number of packet loss sequencesrfac
: the R-factor quality assessment of the measurementNote that the
l_n
parameter was introduced later and may not be present on older ipquality results. It specifies the number of gaps in the packet sequence, not the number of lost packets. For example, ifl_n
is 1, it means that all the packet loss happened in one burst error.The
rfac
result is optional and will only be present if the parameters of the measurement allow for a quality assessment using the ITU-T E-model (R-factor).
-
GET
/api/ipquality/
(uuid)/result/
(xxx).csv
¶ Download ipquality results in CSV format
Parameters: - from – start time, in seconds-since-epoch (must have from <= to)
- to – end time, in seconds-since-epoch (must have from <= to)
- inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
time,duration,src pkts sent,src pkts rcvd,src ICMP errs,src # pkts RTT,src min RTT,src max RTT,src sum RTT,src square sum RTT,src # pkts jitter,src max jitter,src sum jitter,src square sum jitter,src # loss sequences,src r-factor,dst pkts sent,dst pkts rcvd,dst ICMP errs,dst # pkts RTT,dst min RTT,dst max RTT,dst sum RTT,dst square sum RTT,dst # pkts jitter,dst max jitter,dst sum jitter,dst square sum jitter,dst # loss sequences,dst r-factor 1342004417,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,, 1342004427,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,, 1342004437,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,, 1342004447,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,, 1342004457,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,, 1342004467,10,500,500,0,500,0,0,0,0,499,0,0,0,,,500,500,0,499,0,0,0,0,499,0,0,0,,
This API call allows for downloading of ipquality results in comma-separated-values format. The output is streaming, so very large results can be handled well.
The fields in the CSV output correspond to the fields in the
GET /api/ipquality/(uuid)/result
call.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the ipquality
uuid
. For more information on file download authentication, see Authentication for file downloads.
-
DELETE
/api/ipquality/
(uuid)¶ Delete ipquality object
uuid
Parameters: - purge – optional: if present, delete this object permanently (do not move to trash)
Response body example
{}
Status: - wrong-ipquality: The given UUID does not match a ipquality object accessible to the current user
- access-denied: The user does not have sufficient privileges on the ipquality object (at least write privileges are required)
/api/sip¶
-
POST
/api/sip
¶ Create a SIP account
Request body example
{ "password": "sEcReT53a", "description": "office phone", "domain": "sip.cospace.de" }
JSON Parameters: - password –
^.{5,50}$
a password for the new account
- description –
^.{0,100}$
optional: a description text for the new account
- domain –
sip.solucon.com
orsip.cospace.de
optional: the SIP domain that this account is associated with
SIP accounts created before the 01.01.2016 are created with
sip.cospace.de
by default. SIP accounts created after that date are usingsip.solucon.com
instead.
Response body example
{ "user": "joe_08", "domain": "sip.cospace.de" }
Status: - quota-exceeded: The maximum number of SIP accounts for this user is reached
- wrong-domain: The specified
domain
is not a valid choice
The
user
anddomain
parts of the newly created SIP accounts are returned.- password –
-
GET
/api/sip
¶ Get the user’s SIP accounts
Response body example
{ "sip": { "joe_01": { "domain": "sip.solucon.com", "password": "sEcReT53a", "description": "office phone", "contact": "212.202.0.32:5060", "expire": 1340107084 }, "joe_08": { "domain": "sip.cospace.de", "password": "sEcReT55a" } } }
The
contact
andexpire
fields will only be present if there is currently an active registration by a SIP end device for the respective SIP account.contact
contains the IP address and port of the registration origin (i.e., usually the IP address and port of the end device),expire
contains the absolute time of registration expiration in seconds-since-epoch.
-
POST
/api/sip/(sip-user)
¶ Modify a SIP account
Request body example
{ "password": "sEcReT54a", "description": "PC softphone", "domain": "sip.cospace.de" }
JSON Parameters: - password –
^.{5,50}$
optional: a password for the new account
- description –
^.{0,100}$
optional: a description text for the new account
- domain –
sip.solucon.com
orsip.cospace.de
optional: the SIP domain that this account is associated with
SIP accounts created before the 01.01.2016 are created with
sip.cospace.de
by default. SIP accounts created after that date are usingsip.solucon.com
instead.
Response body example
{}
Status: - wrong-sip: The given SIP user name does not match any of the user’s SIP accounts
- wrong-domain: The specified
domain
is not a valid choice
- password –
-
DELETE
/api/sip/(sip-user)
¶ Delete a SIP account
Response body example
{}
Status: - wrong-sip: The given SIP user / account does not exist
-
POST
/api/sip/(sip-user)/notify
¶ Request the system to send a custom notify message to the given sip-user
Request body example
{ "event-string": "check-sync;reboot=true", "content-type": "application/simple-message-summary" }
JSON Parameters: - event-string –
^.{0,200}$
the event-string used in the generated notify
- content-type –
^.{0,200}$
the content-type for the generated notify
- content –
^.{0,2500}$
optional: the content set in the generated notify
Response body example
{}
Status: - wrong-sip: The given SIP user / account does not exist
- not-registered: The given SIP user / account is not registered
The user can send custom notify messages to own registered sip accounts e.g. to restart the used device or to reload the current configuration.
- event-string –
-
GET
/api/sip/(sip-user)/blf
¶ Get all active phone number subscriptions for the given
sip-user
Response body example
{ "subscriptions": [ "492216698711", "492216698712" ] }
Status: - wrong-sip: The given SIP user / account does not exist
-
POST
/api/sip/(sip-user)/blf
¶ Change the subscriptions of phone numbers for the busy lamp field (blf) feature.
Request body example
{ "subscribe": [ "+492216698711", "+492216698712" ], "unsubscribe": [ "+492216698307" ] }
Response body example
{}
Status: - wrong-sip: The given SIP user / account does not exist
- wrong-phone: At least one phone number does not exist
- access-denied: The user is not member of an usergroup or at least one owner of the given phone numbers are not in the same usergroup as the user.
The user can subscribe to other users phone numbers and will be notified when these receive calls or are in an active call. The user can also pickup incoming calls from monitored users while they are ringing. In order to use the busy lamp field feature a supported device (SIP-Client) must be used and properly configured.
/api/presentation¶
-
POST
/api/presentation
¶ Create a new presentation object
Request body example
{ "description": "Why The Sky Is Black At Nighttime" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this object
Response body example
{ "uuid": "13e46b2c-13a1-11e2-b0eb-0024e8f90cc0" }
The uuid of the newly created presentation object is returned.
- description –
-
GET
/api/presentation/
(uuid)¶ Get information about presentation object
uuid
Response body example
{ "presentation": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 21232145273, "description": "Why The Sky Is Black At Nighttime", "page_count": 15, "busy": false, "status": "ok", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-presentation: The given UUID does not match a presentation object accessible to the current user
The
page_count
field returns the number of slides (pages) in this presentation. If no content has been uploaded to the presentation, this field is not present.The
busy
field istrue
if the presentation has been started, i.e. it has active participants.The
status
field can have the following values:ok
: Presentation content is availableconvert
: Presentation is being converted (upload). No contents are present yet.empty
: Presentation has no contents availablefail
: Presentation or presentation upload has failed, no contents available
-
POST
/api/presentation/
(uuid)¶ Modify presentation object
uuid
Request body example
{ "description": "Why The Sky Is Blue At Daytime" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this object
Response body example
{}
Status: - wrong-presentation: The given UUID does not match a presentation object accessible to the current user
- access-denied: The user does not have sufficient privileges on the presentation object (at least write privileges are required)
- description –
-
GET
/api/presentation/
(uuid)/
(page)/
(xxx).png
¶ Get contents of page
page
of presentationuuid
in PNG formatResponse body example
The contents of page <page> of the presentation in PNG format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.
-
GET
/api/presentation/
(uuid)/
(xxx).pdf
¶ Get original contents of presentation
uuid
in PDF formatParameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
The original contents of the presentation in PDF format on success, or HTTP 404 without response body on failure.
xxx
is a file name arbitrarily chosen by the user agent.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the presentation
uuid
. For more information on file download authentication, see Authentication for file downloads.
-
POST
/api/presentation/
(uuid)/
(xxx).pdf
¶ Upload presentation
uuid
contents in PDF formatRequest body
The presentation contents in PDF format.
Response body example
{}
Status: - wrong-presentation: The given UUID does not match a presentation accessible by the current user
- access-denied: The user does not have sufficient privileges on the presentation (at least write privileges are required)
- too-large: The contents are too large to be handled by the system
- malformed-file: The content is malformed.
xxx
is a file name arbitrarily chosen by the user agent.After the contents are received, the PDF file is converted and the individual pages (slides) of the presentation are stored as images (PNG format). The original content is preserved and can be downloaded later.
-
DELETE
/api/presentation/
(uuid)¶ Delete presentation object
uuid
Parameters: - purge – optional: if present, delete this object permanently (do not move to trash)
Response body example
{}
Status: - wrong-presentation: The given UUID does not match a presentation object accessible to the current user
- access-denied: The user does not have sufficient privileges on the presentation object (at least write privileges are required)
-
GET
/api/presentation/
(uuid)/event
¶ Subscribe the current session to the event channel of the given presentation
Response body example
{ "busy": true }
Status: - wrong-presentation: The given UUID does not match a presentation accessible by the current user
This API call will subscribe the current session to the detailed events of the given presentation. The events themselves will be delivered by the
GET /api/event
interface.If the presentation has active participants, the
busy
field will betrue
, and the server is supposed to send apresentation_status
event shortly after receiving this subscription, so that the client can catch up with the current presentation state.If
busy
isfalse
, then the presentation does not have active participants, however the detailed event subscription still takes place, and presentation events will start to flow as soon as the presentation starts.
-
DELETE
/api/presentation/
(uuid)/event
¶ Cancel the subscription of the current session to the event channel of the given presentation
Response body example
{}
Status: - wrong-presentation: The given UUID does not match a presentation accessible by the current user
This API call will stop the flow of presentation detail events to the current session.
-
POST
/api/presentation/
(uuid)/control
¶ Control the presentation
uuid
, modify subscription state for participants or control the presentation parameters for the moderatorRequest body example
{ "control": "start" }
Response body example
{}
Status: - wrong-presentation: The given UUID does not match a presentation accessible by the current user
- illegal-state: The given control parameter does not match the current presentation state or the state of the current user
The following control command parameters are defined:
Start a presentation
{ "control": "start" }
This command starts a presentation. The current user will join the presentation as the first member and will take the role of the moderator. If the presentation has already been started, an
illegal-state
status will be returned.Stop a presentation
{ "control": "stop" }
This command ends a presentation. All members of the presentation leave the presentation. If the presentation has not been started, an
illegal-state
status will be returned. Only the moderator can stop a presentation.Join a presentation
{ "control": "join" }
With this command, the current user will join the presentation as a listening member. If the presentation has not been started, an
illegal-state
status will be returned.Leave a presentation
{ "control": "leave" }
With this command, the current user will leave the presentation. If the presentation has not been started, an
illegal-state
status will be returned.Member keepalive
{ "control": "keepalive" }
A presentation member should send this control after receiving a
presentation_keepalive
event. The keepalive mechanism is used by the server to continuously ensure the presence of listening members.Change the presentation moderator
{ "control": "moderator", "moderator": "489fbb76-13a8-11e2-b6aa-0024e8f90cc0" }
This command changes the moderator of a presentation. If the presentation has not been started, an
illegal-state
status will be returned. Only users that are currently members of the presentation can be appointed the moderator. The old moderator will stay a member of the presentation.Switch page
{ "control": "page", "page": 3 }
The current page of the presentation is changed to the given number. If the presentation has not been started, an
illegal-state
status will be returned. Only the moderator can control the current page.Move pointer
{ "control": "pointer", "x": 0.47, "y": 0.7, "visible": true }
This command changes the pointer properties of the presentation. The
x
,y
andvisible
fields are all optional. They refer to the pointer position (x, y) with values between 0.0 (left, top) and 1.0 (right, bottom) and control the visibility of the pointer. If the presentation has not been started, anillegal-state
status will be returned. Only the moderator can control the pointer.
/api/chat¶
-
GET
/api/chat
¶ Get information about chats that the user participates in
Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the UUID of the first chat to return, exclusive, i.e. the chat with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: if set to
asc
(default), chats are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to
desc
, chats are returned in time descending order (i.e. starting withto
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned chats (valid range:1...500
) - uuid – optional: if set, the chat with the given UUID is returned as a single entry (if it exists and the current user is a member). All other URL parameters are ignored.
Response body example
{ "chat": { "1815eef2-84d3-11e2-8d90-0024e8f90cc0": { "description": "some nice chat", "create_time": 1362587184, "message_head": "fd43561e-84d7-11e2-88d8-0024e8f90cc0", "message_read": "68ee6d72-84d3-11e2-a343-0024e8f90cc0", "user": [ "126ad5ae-31a2-11e3-bfaa-0024e8f90cc0", "2018470e-31a2-11e3-a05a-0024e8f90cc0" ] }, "2c71353c-84d3-11e2-a1d3-0024e8f90cc0": { "message_head": "39af0574-84d5-11e2-bf25-0024e8f90cc0", "create_time": 1362587000, "user": [ "2018470e-31a2-11e3-a05a-0024e8f90cc0" ] }, "3a7354c4-84d5-11e2-a795-0024e8f90cc0": { "create_time": 1362534343, "user": [ "126ad5ae-31a2-11e3-bfaa-0024e8f90cc0" ] } } }
The
description
field is optional, in fact it might not be set for a majority of chats.The
create_time
field denotes the creation time of the chat in seconds-since-epoch.The
message_head
UUID points to the newest message in the chat, while themessage_read
UUID points to the newest message that the current user has marked withPOST /api/chat/(uuid)/user
. Together, these fields enable a client to detect whether there are new messages in the chat. In addition, they serve to synchronize the “message-read state” between multiple clients. Both fields are optional (no messages might exist in the chat or no message might have been marked yet).The user section contains all user UUIDs currently participating in the chat, excluding the current session’s user.
-
POST
/api/chat
¶ Create a new chat
Request body example
{}
Response body example
{ "uuid": "1815eef2-84d3-11e2-8d90-0024e8f90cc0" }
The newly created chat will have only one participant, the current user.
The call returns the uuid of the newly created chat.
-
GET
/api/chat/
(uuid)/user
¶ Get participant information about a specific chat
Response body example
{ "user": { "1de7257a-4f34-11e0-ab6e-0024e8f90cc1": { "active": 58, "message_read": "68ee6d72-84d3-11e2-a343-0024e8f90cc0" }, "1d333333-4f34-11e0-ab6e-0024e8f90cc1": { "active": 35, "typing": 20, "message_read": "68ee6d72-84d3-11e2-a343-0024e8f90cc0" }, "1d444444-4f34-11e0-ab6e-0024e8f90cc1": {} } }
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
The
user
section lists all users that participate in the chat. Users are keyed by their user UUID.Within the individual user’s section, the transient states of the user are listed. The represents the state, and the value is a timeout in seconds that denotes the expire time of this state. For example, if the state is
"typing": 20
, this means that user is currently typing text, and if no update is received this state will last for the next 20 seconds. It is the responsibility of a client to expire transient states after the given expire time, so in this case the client must set the internal state to “not typing text” after 20 seconds.Note that all transient states in the user’s section are optional. States that are not listed are supposed to be inactive, i.e. not set.
The following transient states are defined:
active
states that the user is currently attending the chat, i.e. has an active view of the chat and is most likely to take note of chat contents.typing
states that the user is currently typing text.
In addition to the transient states, the
user
section also lists themessage_read
field if the corresponding user has read at least one message in the chat.
-
POST
/api/chat/
(uuid)/user
¶ Change the current user’s transient chat state or read message pointer
Request body example
{ "active": 60, "typing": 10, "message_read": "68ee6d72-84d3-11e2-a343-0024e8f90cc0" }
JSON Parameters: - state –
0..60
optional; the state expire value in seconds,
0
will set the state to inactive immediately - message_read –
UUID
optional; the current message-read pointer for this user
Response body example
{}
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
- wrong-message: The given
message_read
does not match a message within the chat
All fields in this request are optional.
With this call, the user can set her own transient states expire values. For a description about transient states, see
GET /api/chat/(uuid)/user
.Note that since only
expire
values between0
and60
seconds are allowed, clients are forced to regularly refresh longer lasting states such as active. This mechanism is used to ensure the detection of dead clients.In addition to the transient states, the
message_read
pointer for the session’s use can also be set with this call.- state –
-
GET
/api/chat/
(uuid)/message
¶ Get chat messages
Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the UUID of the first message to return, exclusive, i.e. the message with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: If set to
asc
(default), messages are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to desc, messages are returned in time descending order (i.e. starting with
to
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned messages (valid range:1...500
)
Response body example
{ "message": { "c2c35df8-84dd-11e2-933d-0024e8f90cc0": { "user": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407297, "type": "add", "member": "fd43561e-84d7-11e2-88d8-0024e8f90cc0" }, "c1aa1566-84d7-11e2-a7a8-0024e8f90cc0": { "user": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407297, "type": "text", "text": "what's for lunch today?" }, "ee01a430-84d7-11e2-bab2-0024e8f90cc0": { "user": "1d333333-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407293, "type": "image" }, "f901a430-84d7-11e2-bab2-0024e8f90cc0": { "user": "1d333333-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407297, "type": "text", "text": "chicken wings \u2013 again :-(" }, "fa01a430-84d7-11e2-bab2-0024e8f90cc0": { "user": "1d333333-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407293, "type": "audio" }, "fd43561e-84d7-11e2-88d8-0024e8f90cc0": { "user": "1d444444-4f34-11e0-ab6e-0024e8f90cc1", "time": 1362407297, "type": "leave" } } }
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
The returned chat messages are keyed by the message UUID.
Within the
message
section, theuser
field specifies the user who performed the action. For a description of the message types, seePOST /api/chat/(uuid)/message
.
-
POST
/api/chat/
(uuid)/message
¶ Post a chat message or action
Request body example
{ "type": "text", "text": "what's for lunch today?" }
- or -
{ "type": "add", "member": "1d444444-4f34-11e0-ab6e-0024e8f90cc1" }
JSON Parameters: - text –
^.{1,500}$
the message text (for type text)
- description –
^.{,100}$
the new chat description (for type description)
- member –
UUID
the user UUID of the new member (for type add)
Response body example
{ "uuid": "c1aa1566-84d7-11e2-a7a8-0024e8f90cc0" }
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
- wrong-user: Only for type
add
: the given member is unknown or has no link with the current user - already-member: Only for type
add
: the given member is already a member of this chat
The following message types are defined:
text
is a simple text message. The content is delivered in the field text.add
adds a new member to the chat. The member field holds the UUID of the new member.leave
is used to exit the chat.description
is used to change the description of the chat. The new description is delivered in the field description.
The call will return the UUID of the newly created chat message.
- text –
-
POST
/api/chat/
(uuid)/message/image
¶ Post a chat message with type image
Request body example
Binary encoded image data in JPEG or PNG format
Response body example
{ "uuid": "c1aa1566-84d7-11e2-a7a8-0024e8f90cc0" }
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
- too-large: The image data is too large to be handled
- malformed-file: The image data is malformed or cannot be handled
This request will create a chat message with type
image
. The image data is passed as raw image data (format JPEG or PNG) in the request body.The maximum image size is 10MB and the maximum acceptable dimension is 5000 x 5000 pixels.
The system will down-scale images to a maximum dimension (x- or y-dimension) of 2000 pixels (the large version of the image) and an additional version with a maximum dimension of 500 pixels (the small version of the image). Down-scaling will keep the aspect ration of the image; images smaller than the target dimension will not be up-scaled.
The call will return the UUID of the newly created chat message.
-
POST
/api/chat/
(uuid)/message/audio
¶ Post a chat message with type audio
Request body example
Binary encoded audio data in AAC format
Response body example
{ "uuid": "c1aa1566-84d7-11e2-a7a8-0024e8f90cc0" }
Status: - wrong-chat: The given UUID does not match a chat that the current user participates in
- too-large: The audio data is too large to be handled
- malformed-file: The audio data is malformed or cannot be handled
This request will create a chat message with type
audio
. The audio data is passed in AAC encoded form (MP4 or M4A container).The maximum encoded audio size is 10MB.
The call will return the UUID of the newly created chat message.
-
GET
/api/chat/
(uuid)/message/(message-uuid)/image/(small|large)/
(xxx).jpg
¶ Get the contents of a chat message with type
image
Response body example
Binary encoded image data in JPEG format, or an HTTP error without response body on failure.
The size selector within the URL is used to select either the small (maximum dimension 500 pixels) or the large version of the image (maximum dimension of 2000 pixels).
The
xxx
portion of the URI is an arbitrarily chosen file name by the client.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the
message-uuid
. For more information on file download authentication, see Authentication for file downloads.
-
GET
/api/chat/
(uuid)/message/(message-uuid)/audio/
(xxx).(mp4|m4a)
¶ Get the contents of a chat message with type audio
Parameters: - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
Binary encoded image data in AAC format, MP4/M4A container, or an HTTP error without response body on failure.
The
xxx
portion of the URI is an arbitrarily chosen file name by the client.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the
message-uuid
. For more information on file download authentication, see Authentication for file downloads.
/api/call¶
-
GET
/api/call
¶ Get details of the current user’s controlled calls within the call API.
Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the UUID of the first call to return, exclusive, i.e. the call with an exact match UUID is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: if set to
asc
(default), calls are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to
desc
, calls are returned in time descending order (i.e. starting withto
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned calls (valid range:1...500
) - uuid – optional: if set, the call with the given UUID is returned as a single entry (if it exists and is owned by the current user. Any other URL parameters are ignored.
- state – optional: if set to
active
(default), only active, i.e. ongoing calls will be returned. If set tohangup
, historic calls that are already finished will be searched.
Response body example
{ "call": { "2b3b70ce-8677-11e2-a7c1-0024e8f90cc0": { "incoming": false, "to": "+492216695777", "from": "+492216695888", "clip": "+492216695000", "clir": false, "status": "answered", "create_time": 1362587184, "answer_time": 1362587197, "current_control_id": "ivr-second-state", "last_control_id": "ivr-first-stage", "record_on": false }, "ecbe6758-867a-11e2-a415-0024e8f90cc0": { "incoming": true, "to": "+492216695888", "from": "anonymous", "clir": true, "status": "ringing", "create_time": 1362587213, "last_control_id": "let-it-ring", "record_on": false }, "ecc434b6-867b-11e2-a32f-0024e8f90cc0": { "incoming": true, "to": "+492216695888", "from": "+498001234567", "clir": false, "status": "answered", "create_time": 1362587213, "answer_time": 1362587215, "current_control_id": "play-some-stuff", "last_control_id": "hook-off", "record_on": false, "bridge": "1a4d67c2-867c-11e2-aadc-0024e8f90cc0" }, "4644f1d4-867b-11e2-96ed-0024e8f90cc0": { "incoming": true, "to": "+492216695888", "from": "+492216695777", "clir": false, "status": "hangup", "create_time": 1362587350, "answer_time": 1362587358, "hangup_time": 1362587599, "last_control_id": "arrivederci", "record_on": false, "recording": "ba65e460-867b-11e2-9c3b-0024e8f90cc0", "hangup_cause": 16 } } }
Calls are listed in the call section with the call UUID as the key.
If
incoming
istrue
, the call direction is incoming (from the PSTN towards cospace), iffalse
, the direction is from cospace towards the PSTN.The
to
field specifies the called phone number (B-party).The
from
field specifies the caller’s phone number (A-party).The
clip
field is only present if a different, user-signaled caller phone number is associated with the call.The
clir
field signals if the presentation of the caller’s phone number is restricted (CLIR feature).The
status
field can have one of the following call states:init
– only for outgoing calls, the call logic is initializedcalling
– the call is ongoing and has not received any confirmation or progress yetprogress
– the call received a confirmation and is progressingringing
– the call is progressing and has ringing indicationanswered
– the call has been answered, media is establishedhangup
– the call has ended
The
hangup_cause
field is only present if the call status is hangup. It carries the Q.850 termination cause code.If
record_on
istrue
, call media is currently being recorded. If the recording process is finished and the media has been imported into the system, therecording
field will show up and carry the UUID of a new recording object that has the media data.The
bridge
field is only present if the call is currently bridged with another call. In this case, it carries the UUID of the other call leg.The
create_time
field denotes the time of call creation (seconds-since-epoch).The
answer_time
field denotes the time of answering (only present if the call was answered).The
hangup_time
field denotes the time of call hangup (only present if the call has ended).If a call control is currently executing on the call, the
current_control_id
field will carry the user-provided id of this call control.If at least one call control has finished executing on the call, the
last_control_id
field will carry the user-provided id of the last call control that was finished.
-
GET
/api/call/event
¶ Subscribe the current session to the call API events
Response body example
{}
This API call will subscribe the current session to the flow of call events which are part of the call API.
-
DELETE
/api/call/event
¶ Cancel the subscription of the current session to the call API events
Response body example
{}
This API call will stop the flow of call API events to the current session.
-
POST
/api/call/dial
¶ Create an outgoing call within the call API
Request body example
{ "to": "+492216698123", "from": "+492216698007", "clip": "+4980098989898", "clir": false }
JSON Parameters: - to –
^\+[0-9]{3,20}$
the destination phone number
- from –
^\+[0-9]{3,20}$
the calling phone number, must be one of the current user’s phone numbers
- clip –
^\+[0-9]{3,20}$
optional; an arbitrary phone number for display (CLIP – calling line identification presentation feature)
- clir –
true|false
optional, default
false
; iftrue
, presentation of the calling number is restricted (CLIR feature)
Response body example
{ "uuid": "2b3b70ce-8677-11e2-a7c1-0024e8f90cc0" }
Status: - wrong-phone: The given
from
number does not match any of the user’s phone numbers
- to –
-
POST
/api/call/
(uuid)/control
¶ Execute one or more actions on the call
uuid
via the call APIRequest body example
{ "queue": "append", "controls": [ { "control": "ring" }, { "control": "silence", "duration": 1000 }, { "id": "hook-off", "control": "answer" } ] }
JSON Parameters: - queue –
append|clear|break
optional; controls the behavior of the server-side control queue. If
append
(default), the listed controls are appended to the control queue and are executed after the controls that are already in the queue.If set to
clear
, the server-side queue is cleared and replaced with the given controls.break
will behave likeclear
but in addition to clearing the server queue, it will also interrupt the currently running control on the server. - id –
^.{,100}$
optional; an arbitrary, user-supplied identification string that will be referenced in the call state and events to identify the currently running control.
- control –
(see below)
a control action to execute on the call. For detailed description of available controls, see below.
Response body example
{}
Status: - illegal-state: the given control parameter does not match the current call state. For example, a call that is already answered will not accept a ring control.
- wrong-call: the given call
uuid
is unknown - wrong-object: only for control play: the given announcement or recording UUID is invalid
The following call control actions:
Start ringing
{ "control": "ring" }
This control will let the call start ringing, which is only possible in incoming calls. The caller will typically hear a network-generated ring-tone in this state.
Signal call progress
{ "control": "progress" }
This control will signal call progress on an incoming call. This will establish one-way media flow, so that it is possible to play audio to the call.
Answer the call
{ "control": "answer" }
This control will answer the call and establish two-way media flow. This is only possible on incoming calls.
End the call
{ "control": "hangup", "hangup_cause": 16 }
This control will end the call. The optional
hangup_cause
field can be supplied to specify the ITU-T Q.850 call termination cause. It defaults to 16 (“normal call clearing”).Bridge two calls
{ "control": "bridge", "call": "0cde3f60-8683-11e2-99bd-0024e8f90cc0", "hangup_both": true }
This control will connect the call with another call, specified by the UUID in the call field. This b-leg call must also be controlled by the same user’s call API.
The optional
hangup_both
field controls how the other call leg behaves in case a call leg is hung up. Iffalse
, then the bridge will terminate but the other channel will stay alive. Iftrue
(default value if the field is not given) the other channel will automatically be hung up.Un-bridge two calls
{ "control": "split" }
This control will end the bridge between two calls. To perform this operation, the call must have been previously bridged with another call using the bridge control.
Sleep on a call without audio
{ "control": "sleep", "duration": 1000 }
This control will wait for the specified number of milliseconds (duration field, allowed values between 1 and 3600000). During the sleep, no audio will be played to the call. The primary use is when a call is status where it is not accepting audio (i.e., incoming calls with status calling or outgoing calls that are not yet answered). To pause within an answered call, the use of the silence control is recommended.
This control can be interrupted with the queue break option.
Sleep on a call playing silence
{ "control": "silence", "duration": 1000 }
This control will play silence to the call for the specified number of milliseconds (duration field, allowed values between 1 and 3600000).
This control can be interrupted with the queue break option.
Play a tone one a call
{ "control": "tone", "duration": 1000, "frequency": 440, "interval": 4000, "loop": 10 }
This control will play a tone with the specified frequency (in Hz, values between 0 and 40000) for duration milliseconds (values between 1 and 3600000). If the interval field is given, it specifies a period of silence following the tone (in milliseconds, values between 1 and 3600000). If the loop field is given (range 0 to 1000), the tone (and the optional period of silence) is repeated for the specified amount of times, with 0 meaning endless repetitions.
This control can be interrupted with the queue break option.
Play audio on a call
{ "control": "play", "object": "a93d166e-a69c-5a85-8604-4f9faa6620cc" }
This control will play the audio contents of an announcement or recording object with the specified object UUID to the channel. The given UUID must point to an object of type
announcement
orrecording
.This control can be interrupted with the queue break option.
Start call recording
{ "control": "record_start", "limit": 30 }
This control will start audio recording on the call. The
limit
field specifies the maximum duration of the recording in seconds (values between 1 and 3600). The process will eventually generate a recording object and deliver its UUID with ancall_update
event when the recording is finished.Stop call recording
{ "control": "record_stop", "discard": true }
This control will stop an ongoing audio recording on the call. If the optional
discard
field is given and has a value oftrue
, the recording contents will be discarded. Otherwise, a recording object will be created and its UUID will be delivered with achannel_update
event.Enable / Disable DTMF collection on a call
{ "control": "dtmf_collect", "enable": true }
This control will enable or disable the recognition and delivery of DTMF digits within the call (which is disabled by default). The
enable
field specifies whether detected DTMF digits should be delivered viacall_dtmf
events.Play DTMF digit on a call
{ "control": "dtmf_send", "digits": "*123#", "duration": 250 }
This control will play the specified DTMF digits into the call (valid digits are “0”..”9”, “#” and “*”). Instead of the default DTMF digit duration 100 milliseconds, the duration might optionally be specified by duration parameter (in milliseconds, values between 50 and 3600000).
- queue –
/api/sensor¶
-
POST
/api/sensor
¶ Create a new sensor object and associates the sensor with a physical sensor device using the sensor device code.
Request body example
{ "description": "sensor in my garden", "code": "ABCDE-FGHIJ-KLMNI-OPQRS" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this sensor
- code –
^.{10,50}$
the sensor device access code, which is the key to the physical device that will be attached to the new sensor
Response body example
{ "uuid": "63013ee2-772a-11e1-a9b8-0024e8f90cc0", "sdevice": "001a45fe" }
Status: - wrong-code: The given code does not match an available physical sensor device
- duplicate-sensor: The sensor device is already linked to an existing sensor object
The
uuid
field returns the UUID of the newly created sensor object as a hex encoded string. Thesdevice
field carries the hardware address of the sensor device that the sensor was linked to.- description –
-
GET
/api/sensor/
(uuid)¶ Get information about sensor
uuid
Response body example
{ "sensor": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 1363333307, "description": "sensor in my garden", "sdevice": "001a45fe", "mbus": { "manufacturer" : "AMT", "ident_number" : "50026470", "version" : "2e", "device_type" : "04" }, "model": "cospace-sensor", "profile": "room-sensor-thm", "recv_interval": 60, "send_interval": 10, "recv_after_send": true, "recv_time": 1363623307, "battery_status": 86, "mains_power": true, "tamper_detect": 1363347807, "fault_detect": 1363347820, "capabilities": { "data": [ "temperature", "motion" ], "action": [ "onoff", "text" ] }, "state": { "data": [ 20.5, [1, 10, 50] ], "action": [ 1, "Hello, World!" ] }, "box": { "efd04b02-8fd8-11e2-bf7e-0024e8f90cc0": { "time": 1320403260, "rssi": -80, "lqi": 45 }, "f10cb83e-8fd8-11e2-9f7c-0024e8f90cc0": { "time": 1320403155, "rssi": -38, "lqi": 70 } }, "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-sensor: The given UUID does not match a sensor accessible to the current user
The
sdevice
field carries the hardware address of the sensor device associated with the sensor as a hex encoded string. Themodel
field contains the model identification string of the associated sensor device. If the sensor device belongs to a standardized profile class, this is shown in theprofile
field.The optional
mbus
field carries information retrieved from the M-Bus Device Id if the sensor is an M-Bus device. If so, the sensor uses the M-Bus protocol for communication in the local sensor network. The subfielddev_id
provides the complete hex string of the M-Bus device id as transported on the wire (or on the ether if the sensor is an wireless M-Bus device). Themanufacturer
subfield informs about the device manufacturer in the format given by ASCII code of EN 62056-21 (three uppercase letters). The flag association, UK (http://www.dlms.com/) administers these three letter manufacturers ID of EN 62056-21. Theident_number
is a fixed fabrication number that runs from 00000000 to 99999999. The subfieldversion
specifies the generation or version of the device and depends on the manufacturer. It can be used to make sure, that within each ‘’version’’ number theident_number
is unique. The subfield fielddev_type
mirrors the device type of the sensor in hex code format as specified in EN 113757-3.The
recv_interval
field is only present if the sensor is supposed to send data in regular time intervals. It specifies the maximum time interval between sensor transmissions in seconds.The
send_interval
field is only present if the sensor participates in the beacon protocol. It specifies the maximum beacon interval for the sensor in seconds.If the
recv_after_send
field is present, the sensor will receive data only after having transmitted a packet itself. This is typically used in battery powered applications.The
recv_time
field contains the timestamp of the last received data from the sensor. It is only present if the sensor has delivered data at least once in its lifetime.The
battery_ok
field (typeboolean
) will be present if the sensor is battery-powered and is capable of signaling a simple “battery ok” (true
) or “battery low” (false
) condition. If the sensor is capable of reporting detailed battery statistics, thebattery_status
field will reflect the battery level in percent. Themains_power
field might be present if a battery-powered device is currently running on mains power. If the device has the ability to detect a tampering attempt, thetamper_detect
field will be present and will show the timestamp of the first detection. Likewise, the presence of thefault_detect
field signals a sensor fault condition timestamp.The box section will list the UUIDs of the box objects that have had contact with the sensor in the last time. Each box will have some meta-information about the connection to the sensor. Possible fields in this section include
time
(time of the last sensor contact in seconds-since-epoch),rssi
(received signal strength indication in dBm) andlqi
(link quality indicator, higher value means better signal).The
capabilities
section lists the feature attributes of the sensor device.In the capabilities
data
subsection, sensor capabilities are displayed as an ordered array of features (thus with an implicit index). The sensor device in the above example has two sensor features, a temperature sensor at index 0 which will yield a temperature in degrees Celsius), and a motion sensor at index 1 which will yield a motion detection duration time in seconds.In the capabilities
action
subsection, actor capabilities are displayed as an ordered array of features (thus with an implicit index). The sensor device in the above example has two actor features, a onoff actor at index 0 that can be switched on (1) or off (0) and a text display at index 1.The following capabilities are defined with their corresponding data format (see
GET /api/sensor/(uuid)/data
):temperature
: A temperature sensor that has a single JSON number value as data, measured in degree Celsius (°C).light
: An illuminance sensor (typically an ambient light sensor) that has a single JSON number value as data, measured in lux (lx; 1 lx = 1 lm/m2 = 1 cd sr/m2).humidity
: A sensor for relative humidity that has a single JSON number value as data, measured in percent.open
: A sensor that monitors the state of an opening such as a door, window, vent or a similar object. The value is a single JSON number that reads 1 if the state is “open”, or 0 if the state is “closed”.open_percent
: A sensor that monitors the state of an opening such as a door, window, vent or a similar object. The value is a percentage, expressed as a single JSON number. The reading is 100 for “open” and 0 if the state is “closed”. Numbers in between signal a half-closed half-open condition.motion
: A motion detection sensor which has a JSON array containing exactly three JSON numbers as data. The first number represents the initial state of the motion sensor (0
for no motion detect,1
for motion detect), the second number represents a time interval in seconds for this state. The third number represents a time interval for the opposite state. As an example, the data[1, 3, 5]
would mean that the initial state of the sensor was “motion detect”, this state lasted for 3 seconds, and afterwards the sensor remained 5 seconds in the state “no motion detect”. The data[0, 100, 1]
means that the sensor did not detect motion for 100 seconds, but then a motion detect happened for 1 second.energy
: An energy meter that has a single JSON number value as data, measured in Watt-hours (Wh; 1 Wh = 0.001 kWh = 3600 J [Joule]).voltage
: An electrical voltage sensor that has a single JSON number value as data, measured in Volts (V).current
: An electrical current sensor that has a single JSON number value as data, measured in Amperes (A).power
: An electrical power sensor that has a single JSON number value as data, measured in Watts (W).power_factor
: An electrical power factor. Data is a single JSON number in the range -1..1.frequency
: A frequency counter. The data is represented as a JSON number, measured in Hz (1 Hertz = 1 cycle per second).onoff
: A switch-type sensor that has a single JSON number as a representation. Valid values are 1 (representing the “on” state) and 0 (“off” state).text
: A device that has some sort of text display. The representation is a JSON string which holds the text that is to be displayed with a maximum length of 255 characters.button
: A button-type sensor that has a single JSON number as a representation. There is only one valid value, 1, which represents that the button was pressed.color_rgb
: A color sensor. The data is represented as a JSON array with exactly three JSON numbers, one for each color component: red, green and blue. Values for the individual components range from 0 to 255. As an example, the data [ 255, 255, 0 ] represents a bright yellow.interval
: A time interval expressed as a single JSON number, representing the time period in seconds (s).datetime
: An absolute point in time, expressed as a single JSON number that holds the seconds elapsed since the epoch of Jan 1st, 1970.dimmer
: A dimmer switch in percent, represented by a single JSON number with values between 0 (completely off) and 100 (completely on).distance
: A physical distance (length), expressed by a single JSON number, representing the distance in meters (m).mass
: A mass, expressed as a single JSON number, representing the mass in kilograms (kg).mass_flow
: A flow rate of mass, expressed as a single JSON number, representing the flow in kilograms per second (kg/s).volume
: A space volume, expressed as a single JSON number, representing the volume in cubic meters (m3).volume_flow
: A flow rate of volume, expressed as a single JSON number, representing the flow in cubic meters per second (m3/s).fuel_use
: A mileage (fuel usage), expressed as a single JSON number, representing the value in liters per 100 km (l/100km).velocity
: A velocity, expressed as a single JSON number, representing the speed in meters per second (m/s).acceleration
: An acceleration, expressed as a single JSON number, representing the speed gain in meters per square second (m/s2).resistance
: An electrical resistance, expressed as a single JSON number, representing the resistance in ohms (Ω).pressure
: A pressure, expressed as a single JSON number, representing the pressure in Pascal (Pa; 1 Pa = 1 N/m2).force
: A force, expressed as a single JSON number, representing the force in Newton (N).torque
: A circular force (torque), expressed as a single JSON number, representing the torque in Newton meters (Nm).angle
: An angle, expressed as a single JSON number, representing the angle in degrees (°, full circle is 360°).compass
: A compass reading, expressed as a single JSON number, in degrees °, clockwise from the north direction (0°) to east (90°), south (180°) and west (270°) back to north (360°).location
: A geographical position. The data is represented as a JSON array with exactly two JSON numbers. The first number represents the longitude, the second number the latitude of the position. Both values are in degrees (°) ranging from -180° to 180°.concentration
: A concentration (ratio of mixture between two components), expressed as a single JSON number, representing the concentration in parts-per-million (ppm).ph
: A pH value, expressed as a single JSON number, representing the pH (no unit, typical values between 1 and 14).radiation
: An ionizing radiation dose. The data is expressed as a single JSON number, representing the dose in Sievert (Sv).sound_pressure
: A sound pressure, expressed as a single JSON number, representing acoustic pressure in dezibels (dB).level
: An otherwise unspecified logarithmic level, expressed as a single JSON number, representing the level in dezibels (dB).alarm
: An alarm sensor. The data is expressed as a single JSON number. Valid values are 0 (“no alarm” state) and 1 (“alarm” state).gauge
: An otherwise unspecified absolute value, expressed as a single JSON number.counter
: An otherwise unspecified counter value, expressed as a single JSON number.load
: An load percentage value, expressed as a single JSON number, representing the load in percent (%).cycles
: A rotary speed value, expressed as a single JSON number, representing the rotary speed in cycles per second (1/s).binary_8bit
: An otherwise unspecified value, expressed as a single JSON integer number with a range between 0 and 255.binary_16bit
: An otherwise unspecified value, expressed as a single JSON integer number with a range between 0 and 65535.binary_32bit
: An otherwise unspecified value, expressed as a single JSON integer number with a range between 0 and 4294967295.octets
: An otherwise unspecified array of octets (binary string), expressed as a single JSON string in Base64 encoding.mbus_raw
: A raw M-Bus (long-)frame, expressed as a single JSON string in Base64 encoding. After its end marker, the frame may be padded with 0x00.
The
state
section contains the most recent up-to-date status of thedata
andaction
elements. Its structure matches thecapabilities
section. While theGET /api/sensor/(uuid)/data
andGET /api/sensor/(uuid)/action
calls can be used to get the precise time series of sensor data and actions, thestate
section represents the current state of each of thedata
andaction
items. For thedata
items, this is the last sensor data update which was not null, and the theaction
items, this is that last action command which was not null.
-
POST
/api/sensor/
(uuid)¶ Modifies sensor
uuid
, including the possibility to change the underlying physical sensor device.Request body example
{ "description": "new sensor in garden", "code": "XYZKL-FGHIJ-KLMNI-OPQRS" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this sensor
- code –
^.{10,50}$
optional: the sensor device access code, which is the key to the new physical sensor device that will be attached to the sensor
- tamper_detect –
^0$
optional: if set to the fixed value of
0
, a tamper detect condition of the sensor is cleared - fault_detect –
^0$
optional: if set to the fixed value of
0
, a fault condition of the sensor is cleared
Response body example
{ "sdevice": "014a5fe7" }
Status: - wrong-sensor: The given UUID does not match a sensor accessible to the current user
- duplicate-sensor: The given code is already linked to an existing sensor object
- access-denied: The user does not have sufficient privileges on the sensor (at least write privileges are required)
- wrong-code: The given code does not match an available physical sensor device
The
sdevice
field carries the hardware address of the new sensor device that the sensor was linked to as a hex encoded string and is only present if the device association was changed during this request.- description –
-
DELETE
/api/sensor/
(uuid)¶ Delete sensor object
uuid
Response body example
{}
Status: - wrong-sensor: The given UUID does not match a sensor accessible to the current user
- access-denied: The user does not have sufficient privileges on the sensor (at least write privileges are required)
The sensor object is is permanently deleted (no
trash
option) and the association with the physical sensor device is removed. All persistent data associated with the sensor is deleted.
-
GET
/api/sensor/
(uuid)/data
¶ Get the sensor data for sensor object
uuid
Query Parameters: - from – optional: start time, in seconds-since-epoch (must have from <= to)
- to – optional: end time, in seconds-since-epoch (must have from <= to)
- start –
optional: the start key of the first data object to return, exclusive, i.e. the result with an exact match data key (definition see below) is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: If set to
asc
(default), data objects are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to
desc
, data objects are returned in time descending order (i.e. starting withto
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned data objects (valid range:1...50000
)
Response body example
{ "data": { "1363623247000": [ 20.5, [1, 10, 50] ], "1363623307001": [ null, [0, 500, 0] ], "1363623367000": [ 21, null ] } }
Status: - wrong-sensor: The given UUID does not match a sensor object accessible to the current user
Within the
data
section, the requested data objects are listed in form of a JSON object.The key within the
data
section consists of the data sampling time in seconds-since-epoch, multiplied by 1000, and increased by an arbitrary ID between 0 and 999 to make the number unique. The key should not be interpreted as a time in milliseconds. The time of the data record has only second precision and can be obtained by converting the key to an integer number and dividing the value by 1000.The value within the
data
section is a JSON array. The entries in this array represent the data capabilities of the sensor (seeGET /api/sensor/(uuid)
). The number of entries in each JSON value array must exactly match the amount of data capabilities of the sensor. The type of values within the array depend on the specific data capabilities.In this example, since the sensor has a temperature sensor at index
0
and a motion sensor at index1
, each data value consists of two entries, the first one being a single JSON number (temperature in °C), the second one an array of motion detection count and detection time. Each entry might be null, to signal that the sensor did not deliver any data for the respective index.
-
POST
/api/sensor/
(uuid)/data
¶ Store sensor data for sensor object
uuid
Request body example
{ "data": { "1363623247000": [ 20.5, [1, 10, 50] ], "1363623307001": [ null, [0, 500, 0] ], "1363623367000": [ 21, null ] } }
Response body example
{}
Status: - wrong-sensor: The given UUID does not match a sensor object accessible to the current user
- access-denied: The user does not have sufficient privileges on the sensor (at least write privileges are required)
- malformed-encoding: The Content-Encoding is set to gzip but the payload can not be decompressed.
The body of the request might be gzip encoded which must then be indicated by setting the
Content-Encoding
HTTP header togzip
.The data in the request body is given in form of a JSON object.
The keys of the JSON object consists of the data sampling time in milliseconds-since-epoch or of the data sampling time in seconds-since-epoch, multiplied by 1000, and increased by an arbitrary ID between 0 and 999 to make the number unique.
The values of the JSON object are JSON arrays. The entries in this array represent the data capabilities of the sensor (see
GET /api/sensor/(uuid)
). The number of entries in each JSON value array must exactly match the amount of data capabilities of the sensor. The type of values within the array depend on the specific data capabilities.In this example, since the sensor has a temperature sensor at index
0
and a motion sensor at index1
, each data value consists of two entries, the first one being a single JSON number (temperature in °C), the second one an array of motion detection count and detection time. Each entry might benull
, to signal that the sensor did not deliver any data for the respective index.
-
GET
/api/sensor/
(uuid)/action
¶ Get the sensor actions for sensor object
uuid
Query Parameters: - from – optional: start time, in seconds-since-epoch (must have
from
<=to
) - to – optional: end time, in seconds-since-epoch (must have
from
<=to
) - start –
optional: the start key of the first action object to return, exclusive, i.e. the result with an exact match action key (definition see below) is not returned.
If given, overrides the
from
parameter whenasc
order is selected or overrides theto
parameter whendesc
order is selected. - order –
optional: If set to
asc
(default), action objects are returned in time ascending order (i.e. starting withfrom
orstart
and ending withstop
).If set to
desc
, action objects are returned in time descending order (i.e. starting withto
orstart
and ending withfrom
). - count – optional, default
10
: limits the number of returned action objects (valid range:1...50000
)
Response body example
{ "action": { "1363623253000": [ 0, "Hello, World!" ], "1363623378001": [ 1, null ] } }
Status: - wrong-sensor: The given UUID does not match a sensor object accessible to the current user
This call lists the time series of sensor action commands (i.e. actions that were sent to the sensor with the
POST /api/sensor/(uuid)/action
call)Within the
action
section, the requested data objects are listed in form of a JSON object.The key within the
action
section consists of the data sampling time in seconds-since-epoch, multiplied by 1000, and increased by an arbitrary ID between 0 and 999 to make the number unique. The key should not be interpreted as a time in milliseconds. The time of the data record has only second precision and can be obtained by converting the key to an integer number and dividing the value by 1000.The value within the
action
section is a JSON array. The entries in this array represent the action capabilities of the sensor (seeGET /api/sensor/(uuid)
). The number of entries in each JSON value array must exactly match the amount of action capabilities of the sensor. The type of values within the array depend on the specific action capabilities.- from – optional: start time, in seconds-since-epoch (must have
-
GET
/api/sensor/
(uuid)/data/
(xxx).csv
¶ Get the sensor data for sensor object
uuid
in CSV formatQuery Parameters: - from – optional: start time, in seconds-since-epoch (must have
from
<=to
) - to – optional: end time, in seconds-since-epoch (must have
from
<=to
) - inline – optional: if present, the response will include an HTTP
Content-Disposition
header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
time,U/V,U/V,U/V,t/s,I/A,I/A,I/A,t/s 2014-06-04 13:00:00,230,225,233,300,1.2,1.98,1.34,300 2014-06-04 13:05:00,231,223,233,300,1.24,1.98,1.32,300 2014-06-04 13:10:00,230,222,233,300,1.22,1.98,1.34,300 2014-06-04 13:15:00,231,227,233,300,1.21,1.98,1.31,300
This API call allows for downloading of sensor data results in comma-separated-values format. The output is streaming, so very large result sets can be handled.
The fields in the CSV output correspond to the fields in the
GET /api/sensor/(uuid)/data
call depending on the data capabilities the sensor supports. If a sensor supports a multidimensional capability, the data is flattened in the downloaded CSV format. This means that every dimension of such a capability has its own header field in the CSV file and the corresponding data separated by commas. For more information on supported capabilities please see documentation of API callGET /api/sensor/(uuid)
.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the sensor
uuid
. For more information on file download authentication, see Authentication for file downloads.- from – optional: start time, in seconds-since-epoch (must have
-
GET
/api/sensor/
(uuid)/action/
(xxx).csv
¶ Get the sensor action for sensor object
uuid
in CSV formatQuery Parameters: - from – optional: start time, in seconds-since-epoch (must have
from
<=to
) - to – optional: end time, in seconds-since-epoch (must have
from
<=to
) - inline – optional: if present, the response will include an HTTP Content-Disposition header (see RFC 2183) with a value of inline. Otherwise, the content disposition will be attachment.
Response body example
time,state 2014-06-04 13:00:00,0 2014-06-04 13:05:00,1 2014-06-04 13:10:00,1 2014-06-04 13:15:00,0
This API call allows for downloading of sensor action data in comma-separated-values format. The output is streaming, so very large result sets can be handled.
The fields in the CSV output correspond to the fields in the
GET /api/sensor/(uuid)/action
call depending on the action capabilities the sensor supports. If a sensor supports a multidimensional capability, the data is flattened in the downloaded CSV format. This means that every dimension of such a capability has its own header field in the CSV file and the corresponding data separated by commas. For more information on supported capabilities please see documentation of API callGET /api/sensor/(uuid)
.This API is eligible for use with the session’s download id (did). In this case, the object UUID is the sensor
uuid
. For more information on file download authentication, see Authentication for file downloads.- from – optional: start time, in seconds-since-epoch (must have
-
POST
/api/sensor/
(uuid)/action
¶ Triggers an action on the sensor
uuid
.Request body example
{ "action": [ 0, "Hello, World!" ] }
- or -
{ "action": [ 1, null ] }
Response body example
{ "action-uuid": "97a1f558-9167-11e2-892a-0024e8f90cc0" }
Status: - wrong-sensor: The given UUID does not match a sensor accessible to the current user
- sensor-offline: The sensor is currently not visible through any devices, so the action cannot be delivered
The entries in the JSON array
action
must exactly match theaction
capabilities of the sensor (seeGET /api/sensor/(uuid)
). The type of values in the array depend on the specificaction
capabilities. In the first example, the sensor has anonoff
capability at index0
, which is set to the “off” state (value0
) with this call, and a text capability at index1
which is instructed to display the string “Hello, World!”. In the second example, the onoff-switch is set to “on”, while the text display remains unchanged.Note that even though the number of elements in the
action
array must exactly match the number ofaction
capabilities of the given sensor, a value ofnull
might be given for a specific element to signal that no change is desired for this actor.If the action was successfully queued to the sensor, the call will return an action UUID. A
sensor_action
event will be delivered to the user after an acknowledgement message has been received by the sensor to confirm that the action was successfully carried out.
-
GET
/api/sensor/
(uuid)/event
¶ Subscribe the current session to the event flow of sensor
uuid
Query Parameters: - timeout – optional: expiration timeout of the event flow in seconds. Default: 1 hour (3600 seconds), valid range 1..36000 seconds (10 hours)
Response body example
{}
Status: - wrong-sensor: The given UUID does not match a sensor object accessible to the current user
This API call will enable the flow of
sensor_data
andsensor_action
events to the current session for the specified sensor object. The flow of events will automatically stop after the timeout period. If this behavior is not desired, this API call should be called again before expiration to re-new the timeout period.
-
DELETE
/api/sensor/
(uuid)/event
¶ Cancel the subscription of the current session to the data events of sensor
uuid
Response body example
{}
Status: - wrong-sensor: The given UUID does not match a sensor object accessible to the current user
This API call will stop the flow of sensor data events to the current session for the given sensor.
/api/xobject¶
-
POST
/api/xobject
¶ Create a new object of type xobject.
Request body example
{ "description": "some custom object" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this xobject
Response body example
{ "uuid": "be4b6102-e3b6-11e2-b2d6-0024e8f90cc0" }
The
uuid
field returns the UUID of the newly created xobject.The conceptual idea behind xobjects is to support a form of structured object storage in the cospace system that has no semantic representation in the platform itself. By using objects of type
xobject
, applications can leverage generic cospace features like attaching tags, comments and linking objects, storing metadata and passing events based on metadata without cospace having to understand the meaning of the application itself. In this way, generic use cases can be implemented on top of the cospace framework.- description –
-
GET
/api/xobject/
(uuid)¶ Get information about the xobject
uuid
Response body example
{ "xobject": { "owner": "550e8400-e29b-41d4-a716-446655440000", "time": 1372839009, "description": "some custom object", "tag": [ "ae30e5b0-5c3d-11e0-817e-0024e8f90cc0", "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] } }
Status: - wrong-xobject: The given UUID does not match a xobject accessible to the current user
This API call is provided mainly to maintain consistency with other object calls. Since objects of type
xobject
don’t have any real content besides the description field, applications might want to store custom information using metadata (seePOST /api/object/(uuid)/metadata
).
-
POST
/api/xobject/
(uuid)¶ Modifies xobject
uuid
Request body example
{ "description": "some other custom object" }
JSON Parameters: - description –
^.{0,200}$
optional: a short description of this xobject
Response body example
{}
Status: - wrong-xobject: The given UUID does not match a xobject accessible to the current user
- access-denied: The user does not have sufficient privileges on the xobject (at least write privileges are required)
Since objects of type
xobject
do not have any real content besides the description field, applications might want to store custom information using metadata (seePOST /api/object/(uuid)/metadata
).- description –
-
DELETE
/api/xobject/
(uuid)¶ Delete xobject
uuid
Parameters: - purge – optional: if present, delete this xobject permanently (do not move to trash)
Response body example
{}
Status: - wrong-xobject: The given UUID does not match a xobject accessible to the current user
- access-denied: The user does not have sufficient privileges on the xobject (at least write privileges are required)
/api/event¶
-
GET
/api/event
¶ Returns events pending for the session (event system)
Parameters: - timeout – optional: a timeout in seconds after which the call returns even if
no event was triggered (valid range:
0...300
, default:55
) - next – optional: The next event that the client wants to see. For subsequent
calls to this function, the value of the
next
field of the response (see below) can be used here (default:0
)
Response body example
{ "event": [ { "id": 0, "event": "object_new", "time": 2182782732, "object": "52a9fd3c-8aad-11e0-9138-0024e8f90cc0", "type": "contact", "owner": "1de7257a-4f34-11e0-ab6e-0024e8f90cc1", "description": "Hans Mustermann", "tag": [ "be00e8aa-5c3d-11e0-b0cf-0024e8f90cc0" ] }, { "id": 1, "event": "fax_report", "time": 2182782758, "fax": "94f1bb1a-5931-11e0-8db5-0024e8f90cc0", "report": { "7b149600-5921-11e0-b85f-0024e8f90cc0": { "incoming": true, "from": "+492216689711", "to": "+492216689712", "time_start": 2128383234, "time_end": 2128384351, "status": "ok" } } } ], "next": 2 }
JSON Parameters: - timeout – The specified (or default) timeout has occurred before an event was triggered
Events are ordered by ascending time (seconds-since-epoch). Please see chapter Generic Event JSON Considerations for a detailed description of the events and their JSON representation.
The
next
field specifies the next event (i.e., the one expected after the events returned with this call). It can be used for subsequent calls in thenext
URL parameter.Note that the amount of events that are stored in the server side might be limited. So if events are not requested by a client for a long period of time, old events might be lost. The client can detect this condition by looking at the
id
fields: since ids are contiguous, a gap in theid
fields indicates that events have been dropped on the server side.- timeout – optional: a timeout in seconds after which the call returns even if
no event was triggered (valid range:
-
POST
/api/event/filter
¶ Attaches a filter to the session’s stream of events
Request body example
{ "op": "or", "args": [ { "op": "and", "args": [ { "op": "equal", "key": "owner", "value": "b4e38072-dcd1-11e2-a597-0024e8f90cc0" }, { "op": "rematch", "key": "type", "value": "sensor|box" } ] }, { "op": "filter", "key": "object", "arg": { "op": "equal", "key": "owner", "value": "b4e38072-dcd1-11e2-a597-0024e8f90cc0" } } ] }
Response body example
{}
With this API call, the client can attach a filter to the stream of events for the current session, effectively reducing the amount of events delivered to the client via the
GET /api/event
call. Every event that is received for the current session is matched against the filter, and only if it passes the filter it is queued for delivery to the client. Note that the filter works on a per-session level. A user might have several sessions with different filters. If a new session is created, it does not have a filter associated with it.A filter consists of the operator (
op
field) and one or more additional fields specific for the selected operator. The following operators are supported:equal
Passes the event if it has a field with the name defined in the filter’s
key
field that exactly matches the content given in the filter’svalue
field. Any JSON type might be used for thevalue
field, as the type is also part of the matching process.rematch
Passes the event if it has a field with the name defined in the filter’s
key
field that is of JSON string type and matches the regular expression given in the filter’svalue
field.greater
Passes the event if it has a field with the name defined in the filter’s
key
field that is of JSON number type and has a value greater than the JSON number in the filter’svalue
field.lesser
Passes the event if it has a field with the name defined in the filter’s
key
field that is of JSON number type and has a value lesser than the JSON number in the filter’svalue
field.contain
Passes the event if it has a field with the name defined in the filter’s
key
field that is of JSON array type and this array contains an element that exactly matches the content given in the filter’svalue
field. Any JSON type might be used for thevalue
field, as the type is also part of the matching process.filter
Passes the event if it has a field with the name defined in the filter’s
key
field that is of JSON object type and this object passes the filter given in the filter’s value field. With this operator, matching of fields that are nested in deeper JSON structures is possible, since the filter in thevalue
field is now applied one level deeper than the original filter.and
This filter has an additional
args
field that is an array of JSON objects, each in turn being a new filter that is applied to the event. If all of these new filters match, then the event is passed.or
This filter has an additional
args
field that is an array of JSON objects, each in turn being a new filter that is applied to the event. If at least one of these new filters matches, then the event is passed.not
This filter has an additional
arg
field of type JSON object, which in turn is a new filter that is applied to the event. The result of this new filter is negated, i.e. the outer filter passes the event if the inner filter would reject it and the other way around.
The filter given in the example above will pass the event via the
GET /api/event
call if either condition is true:- the event has an
owner
field with valueb4e38072-dcd1-11e2-a597-0024e8f90cc0
and the event has atype
field with valuesensor
orbox
(regular expression match). - the event has an
object
field which in turn is a JSON object that has anowner
field with valueb4e38072-dcd1-11e2-a597-0024e8f90cc0
.
If the event filtering fails because there is an error in the filter syntax that could not be detected when the filter was attached, the event will pass and will be delivered with the
GET /api/event
call. In this case, afilter_error
field will be present in the event so that the filter failure can be detected by the client.
-
DELETE
/api/event/filter
¶ Removes a session filter from the event system
Response body example
{}
This API call will remove a filter previously applied to the session’s event stream.