Accessing the a9s Public API
This pages describes how to access the a9s Public API endpoints.
Authentication
To correctly authorize the request when accessing using cURL, the user must first get the token from Cloud Foundry:
bearer_token=$(cf oauth-token | grep bearer)
Then, get the a9s Service Dashboard URL using cf service
:
$ cf service <service_name>
This should give you an output like:
Showing info of service my-service in org example / space example as admin...
name: my-service
service: a9s-keyvalue
[...]
dashboard: https://a9s-keyvalue-dashboard.example.com/service-instances/db8d8ad3-3d72-4f5a-b84a-47aa9df70a7d
Showing status of last operation from service my-service...
status: create succeeded
[...]
When using API V1
the path has to be modified in order for the cURL
command to work. This is done by replacing the
current base path /service-instances
with the base path /v1/instances
; while the scheme
, host
, and
Service Instance id
remain the same.
For API V1, the URL ends up looking like this:
url="https://a9s-keyvalue-dashboard.example.com/v1/instances/db8d8ad3-3d72-4f5a-b84a-47aa9df70a7d"
Authorization
The user must execute the following command with the given Cloud Foundry token and a9s Service Dashboard URL, and then it creates the cookie authorized to be used in future API requests.
curl --cookie session.cookie --cookie-jar session.cookie \
--location --insecure --header "Authorization: ${bearer_token}" "${url}"
- Remember to use
--location
, since the a9s SSO Proxy redirects to the real endpoint. - Use
--insecure
only, if running the Service Instance with self generated certificates. - Use
--cookie-jar
to store the authorized cookie in a file to be used in future API requests.
The authentication is handled by Cloud Foundry, so when you have a valid token, you are authenticated. With this token, the a9s SSO Proxy checks if you are authorized to access the a9s Service Dashboard for the given instance.
Once the user is authorized, this information is stored in the session, which is then stored in the cookie. After this, the requests can be redirected to the a9s Public API and the user can access all the provided endpoints as described below.
This authorization step must be done before the API request when the user is not authorized yet.
Headers
The following HTTP Headers are defined for the operations on this API:
Header | Type | Description |
---|---|---|
Authorization* | string | A token that is authorized to access the a9s Public API for the given Service Instance. |
* Headers with an asterisk are required.