When calling Ambience using the REST API, you need to logon first to obtain a token. You can do this via the REST API itself, but unless you choose https, your username and password are sent as plain text with the logon request.
As an alternative, you can create API keys - you just need to supply a elx.token=key
parameter with your request.
An API Key is just a special kind of session key. An API Key represents a user and has the access rights of that user. There are two differences between API keys and session keys:
You can create an API Key for a user using the web admin panel. To create an API key:
Click Add as shown:
You can either choose to create a separate user and assign an API Key to it and give it to several calling programs, or you can give each user program its own API Key.
Note the following important points about API Keys:
You can export and import API keys from the web interface. This makes it easy to move keys across servers.
To export all keys, click Export Keys.
The API is exported as a file in your home directory.
To import API keys, navigate to the Repository. You should see the exported API key files as shown in the following example.
To view the contents of a key file, click Open.
The contents of the API key file are then displayed.
You can either import the file from this page by clicking Import or go back to the Repository and import as follows.
Click a key file and select Import.
The system displays the number of API keys in the key file. Click Import to import the API keys.
The system overwrites any existing key with the same token as the key being imported. Click Refresh to refresh the API list.
Each user can view their API keys from Overview - Settings - Show API Keys.
Cross-origin resource sharing (CORS) is a mechanism that allows many resources on a web page to be requested from another domain outside the domain from which the resource originated.
Cross-Origin Resource sharing for DataSource APIs allows browser mash ups that merge data from different servers.
The following example demonstrates this feature.
http://localhost:8080/elx/do/eno/ds/ElixirSamples/DataSource/Excel.ds?mode=file
Web
tab under Admin
, in the Ambience web interface.
Enter a regular expression for Cross-Origin Resource Pattern, as shown. Click Save to save the pattern.
Here, we enter .*
as the pattern. This allows anyone to use our data on their web page.
http://localhost:8080/elx/do/eno/ds/ElixirSamples/DataSource/Excel.ds?mode=file
Note the Access-Control-Allow-Origin
header. This tells us that CORS support is enabled and that we allow everyone to use our data.