Overview 
OVERVIEW
API Access Mechanism using OAuth2
How are permissions determined for the API calls
OAuth for desktop Applications (Automating OAuth)
What to use for redirect_uri parameter
Adding a new API application registration
API changes in Collaborate 4.1.4
New API's in 4.3 - Site API changes in Collaborate 4.3 and 4.3.4
API changes in Collaborate 4.4
Share file API - Add file for quick share
Share file API - Share via link
Share file API - Share via microblog
Share file API - Share via private message
Share file API - Share via email
Share file API - Remove a share
Get isheet record id for a file
DMS management API endpoints - Documents to Sync
DMS management API endpoints - Document DMS sync status
DMS management API endpoints - Folder link
DMS management API endpoints - API calls to save back documents to DMS
File/folder group and user permissions
File/folder group and user permissions - Get folder group/user permissions
File/folder group and user permissions - Add/update group/user folder permissions
File/folder group and user permissions - Get file group/user permissions
File/folder group and user permissions - Add/update group/user file permissions
Get files/folders from recycle bin
Get file info - Get file info v1
Get file info - Get file info v2
Get files list - Get files list v1
Get files list - Get files list v2
Download File - Download file v1
Document bundling - Rounding file and folder names
Restore folder from recycle bin
Get folder info - Get folder Info v1
Get folder info - Get folder info v2
Delete folder from recycle bin
Get folder list - Get folder list v1
Get folder list - Get folder list v2
Get activity list - Get activity list v1
API to display the Activity filters
Get site list - Get site list v1
Get site list - Get site list v2
Get site templates - Get site templates v1
Associating multiple matter IDs to a site
Site users management - Add existing user to site
Site users management - Add user to site
Site users management - Models
Site users management - Get all site users
Site users management - Get email alert settings
Site users management - Set email alert settings
Site users management - Remove users from a site
Site users management - Send reset password email to users
Site users management - Send invitation email to users
Site users management - Send an email to users
Site users management - Suspend users
Site users management - Activate users
Site users management - Add / edit user module permission
Site users management - Get user module permission
Get user list - Get all users v1
Delete/ Archive User - Delete user v1
Site group management - Get all site groups
Site group management - Group models
Site group management - Get site group
Site group management - Add site group
Site group management - Add existing group to site
Site group management - Get group module permission
Site group management - Add / edit group module permission
Site group management - Add user to a group
Site group management - Delete user from a group
Site group management - Update site group
Site group management - Get users of a site group
Get group list - Get all groups v1
Update group - Update group v1
Get Instance details - Get Instance details v1
Get Usage and Quota for a site
System reporting API for site summary
Get externalID's of iSheet records
Get a list of iSheets created using a specific iSheet template
Get isheet record id for a file
iSheets API version 2 - Common objects
iSheets API version 2 - Get column types
iSheets API version 2 - iSheet module - API
iSheets API version 2 - iSheet admin - API
iSheets API version 2 - iSheet System Admin - API
Common objects - Task attachments
Common objects - Task reminders
Task status API - Add task status
Task status API - Edit task status
Task status API - Delete task status
Task status API - Get all task status
Task list API - Remove task list
Task list API - Get all task lists
Task list API - Edit task list
Task reminder API - Delete task reminder
Task CRUD operations API - Add task
Task CRUD operations API - Edit task
Task CRUD operations API - Delete task
Task CRUD operations API - Get task
Task CRUD operations API - Get all tasks
Task attachment API - Remove task attachment
Get isheet record id for a task
Group/user folder permissions object
Group/user file permissions object
Favourite Items - Add to favourites / Remove from favourites
Comments list object - Add / Edit comment
Remove attachment from content (un-link)
Add Organisation - Add Organisation v1
Managing changes API response for multiple sites
Register folder for Changes API based on sourceclient
Remove folder registration for Changes API based on sourceclient
Remove all folder registrations for Changes API based on sourceclient
Sandbox environments for integration
Steps to move from Sandbox to Production
Using content-length for accelerated Collaborate instances
Common objects - Event categories
Events category - GET event category list
Event CRUD API - Add event API
Move bulk users to another domain
User API - Bulk - Reset password
Add User profile image(Avatar)
Importing file along with its metadata
Storing information of a file imported from an external DMS system
External Object Storage Connector
Rapid Application Prototyping Framework
Stripe.com has an example of good API documentation. This open source project was inspired by Stripe: https://github.com/lord/slate Easy to manage and produces a user-friendly result (builds static HTML files so you can publish to collaborate or anywhere else). Just putting it out there.
Jim Page as discussed in our phone call, the user is associated to the OAuth token when they login in step 2 of the OAuth flow to generate the OAuth code. The OAuth code cannot be generated when the user hits the specific URL unless they login to the Collaborate instance, and hence the OAuth Code and generated OAuth token is associated to their account.
I am still unclear as to how the API knows which Collaborate user you have generated the OAuth token for. In section 3 of the 'OAuth protocol explanation' I would expect there to be a Collaborate username or userID parameter so that Collaborate can apply the correct permissions to calls made with the respective token.
At no point in the OAuth handshake is it documented that the Collaborate user is specified so how does Collaborate know which user you want the token to apply to?
Jim Page the API token is generated for each specific user. When you make an API call using a specific API token the server determines who that token was created for, and all API calls respond based on that information. So in your case the GetSiteList will only respond with the list of site that the specific user has got access to.
Thanks for the reply again. I think when you say user, you mean 'session', so the OAuth token is specific to the user session from our registered client application. So for example, our client application may have ClientUserA and ClientUserB logged in and would be making API calls on behalf of both those user sessions under two separate OAuth tokens.
What I still can't quite figure out is that if the Collaborate API honours its internal user permissions then surely at some point the Collaborate user must be specified in the API calls. So for example ClientUserA may have permissions within Collaborate to view Site1 and Site 2 but ClientUserB only has permissions to view Site1.
If we were to make the GetSiteList API call, how would we get the respective responses if we do not at some point specify the collaborate user as I do not see that as a parameter on any of the calls?
Comments
19 Comments