Interface | Description |
---|---|
InformationModelService |
A public web service for the TIBCO Spotfire Information Model.
|
LibraryService |
A public web service for the TIBCO Spotfire Server Library.
|
LicenseService |
A public web service for the TIBCO Spotfire Server License functionality.
|
SecurityService |
A public web service for managing sessions.
|
UpdateAnalysisService |
A public web service used to update a Spotfire WebPlayer analysis externally.
|
UserDirectoryService |
A public web service for the TIBCO Spotfire Server User Directory.
|
Class | Description |
---|---|
AclEntry |
Represents an Access Control List entry for an item in the Library.
|
AclEntryCollection |
Represents a collection of Access Control List entries for an item in the Library.
|
FaultInfo |
Represents a SOAP fault.
|
GroupName |
Represents the name of a group principal in the User Directory.
|
GroupPrincipal |
Represents a user principal in the User Directory.
|
Guid |
Represents a globally unique identifier (GUID).
|
LibraryItem |
Represents an item in the Library.
|
LibraryProperty |
Represents a custom property of an item in the Library.
|
LicenseFaultInfo |
Represents a SOAP fault.
|
PrincipalName |
Represents the name of a principal (user or group) in the User Directory.
|
SpotfirePrincipal |
Represents a principal (user or group) in the User Directory.
|
UpdateAnalysis |
Describes the properties needed to submit an external scheduled update via the dedicated SOAP web service.
|
UserName |
Represents the name of a user principal in the User Directory.
|
UserPrincipal |
Represents a user principal in the User Directory.
|
Enum | Description |
---|---|
LibraryConflictResolution |
Represent a conflict resolution strategy used when copying or moving items in the Library.
|
LibraryPermission |
Represents a permission on an item in the Library.
|
Exception | Description |
---|---|
InformationModelServiceException |
Exception thrown by the InformationModelService.
|
LibraryServiceException |
Exception thrown by the LibraryService.
|
LicenseServiceException |
Exception thrown by the LicenseService.
|
SecurityServiceException |
Exception thrown by the SecurityService.
|
UpdateAnalysisServiceException |
Exception thrown by the UpdateAnalysisService.
|
UserDirectoryServiceException |
Exception thrown by the UserDirectoryService.
|
Note that this is a Web Service API. The implementing classes may not be called directly from Java code. Use the WSDL files to generate client proxies which will contains all types and methods that may be used.
The services can be accessed at:
How do I enable the API?
Before the API can be used, it must be enabled. To do this, export the server configuration from the database, run
the config-web-service-api
command and import the updated configuration to the database.
On Windows, open a command prompt, go to the <Spotfire Server installation folder>\tomcat\bin
directory and execute the following commands:
config.bat export-config --force
config.bat config-web-service-api --enabled=true
config.bat import-config -c "Enabled the public Web Service API"
On Linux, open a command-line shell, go to the <Spotfire Server installation folder>/tomcat/bin
directory and execute the following commands:
config.sh export-config --force
config.sh config-web-service-api --enabled=true
config.sh import-config -c "Enabled the public Web Service API"
All user accounts that are going to use the API must also be members of the API User group.
Sessions
When the web service client performs its first request to the server, a new session is established. The response from
the server contains a session cookie called JSESSIONID
. The web service client needs to include this
session cookie in all further requests to the server made in the context of the session.
CSRF protection
The Web Service API has built-in protection against CSRF attacks. For backwards compatibility reasons, this CSRF
protection is not enabled by default. For maximum security, it is strongly recommended to enable it. To do this,
export the server configuration from the database, run the config-csrf-protection
command and import the
updated configuration to the database.
On Windows, open a command prompt, go to the <Spotfire Server installation folder>\tomcat\bin
directory and execute the following commands:
config.bat export-config --force
config.bat config-csrf-protection --public-web-services=true
config.bat import-config -c "Enabled the CSRF protection for the public Web Service API"
On Linux, open a command-line shell, go to the <Spotfire Server installation folder>/tomcat/bin
directory and execute the following commands:
config.sh export-config --force
config.sh config-csrf-protection --public-web-services=true
config.sh import-config -c "Enabled the CSRF protection for the public Web Service API"
The protection mechanism is based on the synchronizer token pattern. When the web service client first establishes
its session on the server, the server returns a CSRF synchronizer token in a cookie called XSRF-TOKEN
.
The client needs to pick up this cookie value and provide it in an HTTP header called X-XSRF-TOKEN
in
all requests to the server, for as long as the session is active. If the server returns a new XSRF-TOKEN
cookie value, the client must immediately use the new token value. If the client does not provide any token in the
X-XSRF-TOKEN
header, or if the provided token is invalid, the server responds with the HTTP status code
403 Forbidden
. The request should then be repeated with the valid token in the HTTP header.
How do I generate client proxies?
Proxies can be generated using the tool of your choice. Here is an example on how to do it using the
wsimport
tool that is included with Oracle JDK.
Steps:
Copyright © 2013-2020 TIBCO Software Inc. All Rights Reserved.