Wookie Admin REST API
This is a draft specification for the Wookie Admin REST API. This is the API invoked by admin clients for managing the Wookie server, e.g. for managing whitelist entries or widget access policies.
Authentication
By default the Admin REST API is secured using the Admin security restrictions defined in web.xml. This means that typically the client needs to have authenticated with the server using the admin user credentials.
Response formats
Clients may request a response in either XML or JSON by setting the appropriate request content type. (If it is not possible to specify a content type in the request, clients may use the optional "format" parameter to specify a content type override.)
Whitelist
Action | Request | Example | Description |
|---|---|---|---|
| GET {wookie}/whitelist |
| Returns all whitelist entries, consisting of an identifier and a URL. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication |
| POST {wookie}/whitelist/ {param:url} |
| Creates a new whitelist entry with the URL provided using the url parameter. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication. |
| DELETE {wookie}/whitelist/{id} |
| Deletes the whitelist entry specified by id. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication. |
Widget Access Request Policies (WARP)
Action | Request | Example | Description |
|---|---|---|---|
| GET {wookie}/warp {param: widgetId} |
| Returns all access policies, or only the access policies that apply to the widget identified by the widgetId parameter. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication |
| GET {wookie}/warp/{id} |
| Returns the access policy specified by id. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication |
| POST {wookie}/warp/ {param:widgetId, origin, subdomains} |
| Creates a new policy with the details provided. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication. |
| PUT {wookie}/warp/{id} {param: granted} |
| Updates the policy specified by id with the status of granted if the granted parameter is set to "true", otherwise sets the status of the policy to not granted. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication. |
| DELETE {wookie}/warp/{id} |
| Deletes the policy specified by id. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication. |
Widgets
Action | Request | Example | Description |
|---|---|---|---|
| POST {wookie}/widgets {file} |
| Posts a widget file to the server; this is identical in behaviour to dropping a ".wgt" file into the Wookie deploy folder. This method requires authentication using a widgetadmin role, e.g. using HTTP Basic authentication |