GroupShare Web API Help Page

Introduction

This page documents the GroupShare REST API. Through the use of the REST Web API 3rd party developers can extend the GroupShare eco-system. Your applications can integrate with GroupShare using simple HTTP methods - supporting JSON format. All the calls in this specifications are OAuth 2.0 protected resources. This means that callers must provide a so called "bearer token". This token can be obtained by issuing a POST request, to the authentication/api/1.0/login URL (see the Login section). The received token can be used to get access to the associated resources (all of the exposed API calls).

Changing version of API documentation

We currently have 4 API versions which are documented. To alternate between them, type in the textbox above one of the following URLs:

Accessing protected REST API resources

Requests to protected resources that require authorization will return HTTP code 401 - Unathorized, if the Authorization request-header is not found or if the token expired. In this case you need to include the Authorization request-header with a valid authorization token value. To get this authorization token do a POST request to authentication/api/1.0/login.

Response body of an authentication request

The respone to the POST request to authentication/api/1.0/login is the bearer access token. Use this value in the Authorization request-header, with each call to protected resources.

"AAIAAIPYQYPBMluvjQdetB_dMMd6qa0TJ3vbOTyCFqZISN3Uvgh6VU_oV0xDJxEIoDk2GDUyk1EU-zxUIhhY0Lqzg64-i3yY5xRgk2zOK94K6DqKhqL1MRtJgRA6CIAiwTRjI2yIB_N3dfLAxs36rRXYIkcg9TYecWlI_
d8jWTCAn3W-0HZeO5UVV-srG1gt4qZC6CP8z75OjD9WXULRXWPxHCPwgNed7tvBVABSxR9ubOIPbD80SMmoAoLY_PvYcasb2iY6FAFYLGwxS_PjA7JGG2pgftw9FFCSfVRGLifmI0qHLkGwO50kmyA53muA__qODxhf9Rr
25uP7vUJLDUX14OTLRz22-Ey-vvONm7jXhCasQzoPJJHK1kYcHfyCY3lzewcNycgvCvhsYUbjHTsIrz9lFJTH2jCrn4w58rLwZUMMUPFUtp4LB9shn8HtzGZWjU6LW55RmL9opypOxYMwZNmu757RvIv25MBPedZCtkdP6
gdT2gtNrB4CQvbrQeE9ck9drE2Wyb75_NfKEATooc0izh-3D_5nPdkCtN2I-Uye50AuCscPNf8gqgBIrI7S70IRXFiPSML448vSLkrY2DQFpBKGN5wtA34Q-tSReuQbICqNBBgaj6ioE-7FcPW0uvZ2CSzy3z0xuAa-5oo
b54RzrH125e49Vz_5eJfLP2HMpAIAAAACAAB9PAzwxe3fD8Mv9NSxbEstcZD8_5Vt0vPMjtCuR97WmaIFMAYd_q6ityU7Ah2bsbDdjzrCTZBM1a04_UHzSN6x9IdDdmX8yZ137CfaBDHh7EE8jBLjOLIBsEvWnqnEs1Pji
dU96ctzWA6NOIs6MUaDljAO7E1TfjAuctGZyA6dcfotxmRjjAED5pVYUQiKUxfoVCoIyn3fnUlCExOF8JpBIHr5vNXniSFfms3oNMyC_u2tX05l6_v7gI4w-cjjTLqq60bU7zX-r-dX_y9IDKHniBEPo3N9_nFd-548bPk
mPgi8kR-4hveAtf0lE8FS-F_eW5kk3BgrnUn3fHkGK-IiHgBjNWAB54_AoFkuU54NdOKimF0wxyNW7Pu-UPNnjm7rknxVE-oTGd6F_zd8TyqcRi6_ozxlyBkVkhDtVjD-mFHP0Jv8ayZ6gynJw_BQM9SNrZsPcnweS90Q8
yIEGiuLPZB3lD0a4IMQ5tjOidxVt7dKyos6uVYF0EV87jqKWoFAXt_uiZoh5AQQyCBWTovE9AJzFK7AjaU7k04Av7R3MmIf04UZRSTFX_OVUcBz_kYXz2VldwQMP4FuurHRHOyQKf_jEo55LS1m6Be8wO0hXmeRa-0AdvF
a8nV2nqEPT4MeeyyrCXv_kiUgt5megumGLREyGPruR725JgHq7DRYNyxIc06u5zK51x4uND1zlGrcnb1IINqYnnR5KmLbw36Kj1OR_lC9TwZhmJ8FDtAlTY91R5GblGE_cHHJun-m4enOELzfO0dobMCI8ry6h7nzUzFRf
mNyhjtAWSncLnsrJHiDj-OmksvVaGr8GHWzFS71DcqHhSlZQ08Hmuwdtf9-vDeiJvam_XzPM531vpROv75wd_zOMi0NtexdptpSWvk"
            

Requests to restricted resources

Take the token value sent in response to the POST request to authentication/api/1.0/login and include it in the Authorization request-header. The authorization scheme should be set to "Bearer". This means that you need to set the Authorization request-header by concatenating "Bearer " and the returned token value.

Authorization: Bearer AAIAAD35zz7qdUHHSRceCMP6zg7F8MClF6g4oMmz9Df0oxSODp9F9gZWCzpzds7hSlfmbB2IuxmAjXnNSA            

Note

Bearer tokens need to be protected from disclosure using transport layer security. Any party in possession of a valid token can access protected resources.