Skip to content

REST Services

Quick Start

Login: 

curl -X 'PUT' \
  'http://localhost:8080/AristaFlowREST/OrgModelManager/OrgModelManager/GlobalSecurityManager/authentication' \  
  -H 'accept: application/json'   -H 'Content-Type: application/x-www-form-urlencoded' \  
  -d 'userName=supervisor&orgPosId=-1&callerUri=http%3A%2F%2Flocalhost&password=password'

Response:


[{"agent":{"agent":{"agentId":-1,"agentName":"supervisor","orgPosId":-1,"orgPosName":"supervisor","userSessionId":null},"userReadableName":"supervisor supervisor","mailAddress":"kevin.goeser@vtg.com","langTag":"de-DE","additionalAttributes":{"firstName":"supervisor","lastName":"supervisor"}},"token":"","callerUri":"http://localhost","addAttributes":null}]

Service Structure and OpenAPI Specification

Most BPM functionality is also available as REST services, so full-featured workflow applications can be implemented using the REST API. OpenAPI Version 3 is used as specification, so tools like swagger can be used to generate stubs. The services are structed in the very same way like the Java and WebService API. So each service is identified by its type name and an instance name, latter one usually defaults to the type name if not explicitly configured differently. The OpenAPI specification is available at the path openapi.json. It can be retrieved with different API levels so by default only the most important simple API methods are specified. With increasing the levels, more methods are provided. The API levels are basic (default if unspecificed), plus, advanced, expert and full.

So the structure of the REST service's OpenAPI specification looks like:

http://localhost:8080/AristaFlowREST/<type name>/<instance name>/openapi.json?apiLevel=<api level>

So for retrieving the API Specification for the OrgModelManager with default API level we use: http://localhost:8080/AristaFlowREST/OrgModelManager/OrgModelManager/openapi.json

or for full API level we use
http://localhost:8080/AristaFlowREST/OrgModelManager/OrgModelManager/openapi.json?apiLevel=full

Security Token, Caller-URI

Each request needs to provide a Security Token and a Caller URI. The values can be provided as Cookie, or as additional HTTP headers. The OpenAPI spec has a separate section where the required header/cookie names and values are specified.