Quable PIM API is based on REST principles
This documentation aims to follow the RFC2119 concerning the usage of key words to indicate requirement levels.
You have to be authenticated and call the simple HTTPs request on the URL specified below.
The following documentation covers core resources that are used to manipulate with the main entities. First of all, read basic instructions to start using the API.
Allowed HTTPs requests:
POST
- To create resourcePUT
- To update resourceGET
- Get a resource or list of resourcesDELETE
- To delete resource
Description Of Usual Server Responses:
200 "OK" - the request was successful.
201 "Created" - the request was successful and a resource was created.
204 "No Content" - the request was successful but there is no representation to return (i.e. the response is empty).
400 "Bad Request" - the request could not be understood or was missing required parameters.
401 "Unauthorized" - authentication failed or user doesn't have permissions for requested operation.
403 "Forbidden" - access denied.
404 "Not Found" - resource was not found.
405 "Method Not Allowed" - requested method is not supported for resource.
405 "Request format is not acceptable" - requested format is not supported for resource.
API provide JSON request and response. It's can be set by:
All requests must be send over HTTPS protocol.
Each response contains a "Quable-Digest" header. This header include a checksum of the response.
Login based on API login + Password
POST /sessions
Parameters
- signin[username] : string
- signin[password] : string
- signin[remember] : boolean
- lang : string (locale valeur)
Response payload
{
"oauth":
{
"access_token": "fd55861aefa86aa3a2cc77575a9e9bfb",
"expires_in": 3600,
"refresh_token": "ec58b427a96aca9e17a9cc376669b3a5"
}
}
Authentification OAuth based on a refresh_token :
GET /sessions
Cookie :
- quable-remember-me=TOKEN
Response payload
{
"oauth":{
"access_token":"e086490be7030758b3b6d442ce7d548c",
"expires_in":3600,
"refresh_token":"954059611ec1fc133b1b5d9116062de4"
}
}
With the use of the access_token, you can connect using a Bearer token in the request header:
Authorization:Bearer ACCESS_TOKEN