GroupShare Web API Help Page


This page documents the GroupShare REST API. Through the use of the REST Web API 3rd party developers can extend the GroupShare eco-system. Your applications can integrate with GroupShare using simple HTTP methods - supporting JSON format. All the calls in this specifications are OAuth 2.0 protected resources. This means that callers must provide a so called "bearer token". This token can be obtained by issuing a POST request, to the authentication/api/1.0/login URL (see the Login section). The received token can be used to get access to the associated resources (all of the exposed API calls).

Changing version of API documentation

By default, all supported endpoints are listed (i.e., deprecated endpoints are excluded "/docs/supported" in textbox above). To retrieve all endpoints including deprecated ones, specify "/docs/all" instead. To retrieve only the endpoints of a specific version, specify the following:

Note: V1 is and V2 used to be a version for the RestAPI as a whole. However, since the GroupShare RestAPI is now using per-endpoint versioning, V2, V3 and V4 are merely a coincidental collection of endpoints with the same version number.

Accessing protected REST API resources

Requests to protected resources that require authorization will return HTTP code 401 - Unathorized, if the Authorization request-header is not found or if the token expired. In this case you need to include the Authorization request-header with a valid authorization token value. To get this authorization token do a POST request to authentication/api/1.0/login.

Response body of an authentication request

The respone to the POST request to authentication/api/1.0/login is the bearer access token. Use this value in the Authorization request-header, with each call to protected resources.


Requests to restricted resources

Take the token value sent in response to the POST request to authentication/api/1.0/login and include it in the Authorization request-header. The authorization scheme should be set to "Bearer". This means that you need to set the Authorization request-header by concatenating "Bearer " and the returned token value.

Authorization: Bearer AAIAAD35zz7qdUHHSRceCMP6zg7F8MClF6g4oMmz9Df0oxSODp9F9gZWCzpzds7hSlfmbB2IuxmAjXnNSA            


Bearer tokens need to be protected from disclosure using transport layer security. Any party in possession of a valid token can access protected resources.

Note on path parameters

Due to an OpenAPI requirement, all path parameters are denoted as "required". There may however be a corresponding endpoint that does not include that part of the path. If this is the case, the endpoint not having that path parameter is listed under a different URL (i.e., the URL without the path parameter). The endpoint without the path parameter may still accept the same parameter as a (potentially optional) query parameter.

TM Service documentation disclaimer

The following REST API documentation is provided "as is" and without any warranty, express or implied. In previous versions, the TM Service RestApi documentation was displayed by accessing "http://{machinename}/docs/ui/index"(which is now accesed by specifying "/resources/TmServiceRestApiDocumentation.json" in textbox above). The information contained herein is subject to change without notice. By accessing and using this documentation, you acknowledge and agree that: