First steps into THRON API

The first thing to do when you are approaching THRON APIs is to obtain a valid session token which will allow you to perform web services requests. This can be done in two ways:

 

Authenticate as a user providing username and password

 

The first way to obtain a valid session token is to perform a login. This method requires that you own the credentials (username and password) of a business user. If this is the case you can invoke the login web service which is included in the accessmanager package of xsso. The URL of the request is structured as follows:

//<clientId>-view.thron.com/api/xsso/resources/accessmanager/login/<clientId>

Where clientId is the domain name used to access THRON (usually your company name). Additional parameters to be included among the headers of the request are:

  • username
  • password

In the response you will find a tokenId which can be used to perform API requests. Its validity is set to 60 minutes, but each request performed with such token will "refresh" its validity.

Once authenticated, you will be able to perform all the requests for which you have been granted with relative permission. Every relevant action performed on content or users via web services will be recorded in the audit section of THRON Dashboard.

 

Authenticate as an application providing appId

 

The second way to obtain a valid session token via THRON Custom Application Manager. This method is commonly used by developers who need to integrate with THRON ecosystem. At least one application must be installed, and the developer must know its appId and the appKey to perform authentication. If this is the case, in order to obtain a valid token you will have to invoke the loginApp web service which is included in the app package of xadmin. The URL of the request is structured as follows:

//<clientId>-view.thron.com/api/xadmin/resources/apps/loginApp/<clientId>

Where clientId is the domain name used to access THRON (usually your company name). Additional parameters (form params) to be included are:

  • appId 
  • appkey

Both these information can be found in the management screen of the THRON Custom Application Manager.

In the response you will find a tokenId which can be used to perform API requests. Its validity is set to 60 minutes, but each request performed with such token will "refresh" its validity.

 

Use an already active session's token

 

In some cases you might be provided with an already active session token (tokenId), which can be used to invoke web services. If this is your case, you just have to include the token as a request header in the form:

  • X-TOKENID : yourTokenId

Please remember that session tokens have a limited validity; you can check if the token is active by invoking the validateToken web service.

 

Integration post-authentication

 

Once you are authenticated you will be able to perform via web services a series of actions related to the content the application (or the user) can see.

Most common actions are searches to retrieve specific content; in this article you will find a detailed explanation on how to perform searches. If you want to perform more accurate searches by leveraging additional information such as folders, tags or metadata, you might want to have a look at the following articles.

In some integration projects it might be necessary to perform requests through an application but still preserving the identity of the users; detailed instructions on how to do so are presented in this article.

 

Was this article helpful?
1 out of 1 found this helpful

Have any question?

Open a ticket
Comments