OVERVIEW
Introduction
The HighQ Collaborate API provides access to the features available through the web interface to use in your own application. HighQ API is a RESTful API.
Goal of HighQ API
The key purpose and goal of HighQ API is to enable access to all modules of HighQ Collaborate. This access is not only to obtain the contents from each module that you have access to, but also to perform operations of creating new content, editing and deleting existing content.
API enablement
Access to the HighQ API requires creation of a user account in the Collaborate instance. In addition an API key from the Collaborate instance is required to use the OAuth2 protocol.
The following steps are needed to obtain all of the required information to start using Collaborate API.
1) The feature should be made available for each Collaborate Instance ( API is enabled by default )
2) Generating a new API key for each API client
The system admin has to use the system admin interface System Admin -> API application registration to register a new application for the client
System admin access rights are required to add a new API registration.
Once the system admin has generated the new API registration details, details are sent to the API client which will use it to generate an API token. This is explained in our OAuth protocol explanation.
URI architecture
This API reference is organized by resource type. Each resource type has one or more data representations and one or more methods.
The general format of our API endpoint is as under
https://domain.com/instancename/api/{version number}/{module name}/{elements}
In the above URI, the version number of the API will be altered with each major release of the API, the current version of the API is 1
Module name represents the Collaborate modules e.g files, isheets etc
The elements present the reference to a group of items or an individual item
Following the RESTful standard the operations are made available for the elements under a specific module.
API permissions
All resource calls appreciate the permissions enforced by the web interface. During the OAuth handshake a user account is associated with each API token. When an API call is made using the API token, the user account permissions are taken into consideration to service that API call, so for example if the user is calling the sites API to get a list of all sites, he will only be sent the list of sites that they are able to access within Collaborate. Similarly the rest of the operations like creation / deletion and updation appreciate the user permissions.
The API and documentation is intended for individuals interested in developing to integrate HighQ Collaborate with another application.
The API resources support both XML and JSON format.
API documentation
HighQ supports swagger documentation and is the best resource for developing using the API. The details of the swagger documentation can be found here.
Next Step
Use the OAuth documentation to generate your API application token to use for the API calls.
Note:
Most of the Collaborate instances are accelerated through the Akamai network. Akamai expects all PUT and POST requests to have a content-length header. If you use our API and do not provide a content-length header for PUT and POST requests then you will get a 411 error response from Akamai network, please include a content-length header to resolve this error response.
How do I generate X.509 certificate for User registration?
Imran Aziz, thanks for the link - good info.
I do not have a specific use case for SSO and the Web API currently, but do need to better understand all the available options/implications for authentication/authorisation of external and internal users, into the HighQ Collaborate web app and web API, so I can offer better future-proofed advice to clients.
Your answers have helped a lot - thanks!
Leo Furze-Waddock can you please let me know your use case for SSO, as pointed out earlier this is not something that you can use for API's it only comes into play when generating the OAuth token for the first time. A quick introduction to HighQ SSO can be found here
@Leo Furze-Waddock the UI session is independent of the API authentication and cannot be used for API access.
Comments
9 Comments