Status: Open
Status: Answered
Status: Closed
Status: Duplicate

Using REST API to customize Content Server UI

Posted May 16 by Hugh Ferguson.

I'm looking at the Content Server REST API as a quick and dirty way to add additional functionality to a Content Server page, perhaps served through an Appearance or a CustomView page. To make this work, I need to ask a couple of questions about the API's capabilities (this is for CS REST API V1, not AppWorks Gateway V2):

  • How might I share authentication information between the Content Server UI (I've already logged into http://myserver/CS105/cs.exe and am browsing the Enterprise Volume)? If I access any part of the CS REST API while already authenticated, I am still asked to authenticate. I understand that there may be risks associated with doing this, and this is something that I'd likely only do behind a corporate firewall.
  • Can someone post an example of how exactly the authentication API works? For instance http://myserver/OTCS105/cs.exe/api/v1/auth will respond with the message username is required. How are username and password passed on the URL? OR is this only done in a POST request?
  • Can someone post an example of how to use the UI Widgets that come bundled with version U13 and up of Content Server 10.0? I would like to start playing around with these.

Thanks in advance

2 Answers

BEST ANSWER: As chosen by the author.

CS pages are authenticated by a ticket stored in a cookie (LLCookie). REST API uses the same crypto-subsystem. While it may change, currently the value of this ticket in the REST API HTTP header (OTCSTicket) is the same. Read the LLCookie on your page and send its value in the OTCSTicket header. While it allows you to get the API working quickly, the LLCookie can be configured as HTTP-only, which makes it inaccessible in the browser. For the final solution you should make its value available on your page on your own - by a JavaScript code injected on the page using WebLingo, for example. (Your page itself or a component registered using Appearances, for example.)

The explicit authentication done by /auth accepts only POST for security reasons. Try executing the samples referred below on your page and observe requests and responses in the network panel in the browser.

See the documentation for the UI Widgets at KC. The SDK with samples hasn't been released yet, but I see you work at OpenText and thus can access my demo machine. Links at the bottom of the guidepost page point to pages with examples how to integrate the Widgets.

BEST ANSWER: As chosen by the author.

Actually, I haven't worked at Open Text since 2010. I'm an independent consultant working for various Open Text clients these days.

 You have subscribed and will receive email notifications of updates to this topic. To unsubscribe, uncheck the checkbox.


Related categories

Your answer

To leave an answer, please sign in.