Using the ApplinX REST API

Using the ApplinX REST API you can create and disconnect a session, get a screen and update a screen. Four authentication modes are provided to call the API: ApplinX, LDAP, OpenID Connect and Host Authentication. This document covers the following topics:

• Getting Started

• Configuration

• Session Management

• Authentication

Getting Started

You can get the API description (based on the OpenAPI Specification) of the REST API by sending a GET request to the following URL:

http://{host}:{port}/applinx/rest/swagger.json

Example:

http://localhost:8080/applinx/rest/swagger.json

We recommended you paste the response output in the Swagger Editor in the following URL:

https://editor.swagger.io/

This gives you all the information about the operations and models of the API, as well as generating an out-of-the-box new client (in your favorite language) that consumes the API.

Configuration

The ApplinX REST API contains a configuration file rest-api-config.json in folder WEB-INF\config. Use this file to define the configuration parameters:

"session_inactive_expiration_minutes": 5

Session Management

This section covers the following topics:

• Creating a Session

• Getting the Current Screen

• Updating the Current Screen

Creating a Session

To create a session (connection)

• Send a POST request to the following URL:

  http://{host}:{port}/{basePath}/rest/session

  For example:

  http://localhost:8080/applinx/rest/session

  Request Body:

  {
    "naturalUsername": "string", (required for Natural hosts)
    "naturalPassword": "string", (required for Natural hosts)
    "redirectAfterLogin": true/false, (optional)
    "sessionDescription": "string" (optional)
  }

  Notes:

  1. Parameters naturalUsername and naturalPassword are required only if you configured hostAuth as your authentication mode. See Host Authentication.
  2. Parameter redirectAfterLogin applies to OpenID Connect authentication only. If set to true, you will be redirected to your client application after a successful login. This is required to configure client_app_uri in the configuration file.

  Authorization Header:

  If you are using ApplinX's Administrator or LDAP authentication, add Basic Auth schema to the Authorization header.
  Example:

  "Basic lfhsdadkankdnaadacxzczca"

  The second word in the string is you username/password encoded in Base64. For example, in JavaScript use

  var auth = 'Basic ' + btoa(username + ':' + password); 

  and add the auth string to the Authorization header of the request.

  Response Body:

  {
    "message": "Connected", 
    "redirect_uri": "http://openidconnect.com?adad?123"
  }

  Note:
  "redirect_uri" will be returned only if using OpenID Connect authentication. See OpenID Connect Authentication.

To disconnect a session

• Send a DELETE request to the following URL:

  http://{host}:{port}/applinx/rest/session

Getting the Current Screen

When a connection is established, using the create session request, you can get the current screen, as well as update the screen and navigate to the next.

To get the current screen

• Send a POST request to the following URL:

  http://{host}:{port}/applinx/rest/screen

  Request Body:

  options are optional key-value pairs, for example:

  {
    "options": {
      "GX_VAR_TRIM_FIELDS": "none",
      "GX_VAR_TRIM_MODE": "bothSides"
    }
  }

Updating the Current Screen

To update the current screen and navigate to the next

• Send PUT request to the following URL:

   http://{host}:{port}/applinx/rest/screen

  Request body (required):

  {
    "fields": [
      {
        "name": "string", // name is interchangeable with position (see below).
        "value": "string", (required)
        "index": 0, (Only for multiple field)
        "position": { // if the field has name, position is interchangeable with name.
          "column": 0,
          "row": 0
        }
      }
    ],
    "sendKey": "string",
    "cursor": {
      "fieldName": "string", (optional, interchangeable with position).
      "position": {
        "column": 0,
        "row": 0
      }
    }
  }

  Example 1:

  {
    "fields": [
      {
        "value": "Hello World!",
        "position": {
          "column": 15,
          "row": 21
        }
      }
    ],
    "sendKey": "[enter]",
    "cursor": {
      "position": {
        "column": 11,
        "row": 3
      }
    }
  }

  Example 2:

  {
    "fields": [
      {
        "name": "FIELD02",
        "value": "Hello world!",
      }
    ],
    "sendKey": "[enter]",
    "cursor": {
      "fieldName": "FIELD03"
    }
  }

  Request header:

  Screen ID (required)

  The current screen ID obtained in a get screen response.

To get information on whether there is a session connected and the authentication mode defined in the configuration file

• Send a GET request to the following URL: http://{host}:{port}/applinx/rest/info.

Authentication

The ApplinX REST API supports the following authentication modes:

• ApplinX Authentication

• LDAP Authentication

• OpenID Connect Authentication

• Host Authentication

• Disabled

ApplinX Authentication

To configure ApplinX authentication

• In the the configuration file rest-api-config.json configuration file, set security parameter auth to "applinx". Example:

  {
    "serverURL": "applinx://localhost:2323",
    "applicationName": "InstantDemo",
    "security" : {
        "auth" : "applinx",
        "groups" : {
            "admins_group" : "Supervisors",
            "developers_group" : "Developers",
            "users_group" : "Everyone",
        }
    }
  }

  Note:
  Authentication of type applinx uses the users and groups from the ApplinX Administrator tool.

LDAP Authentication

This authentication mode uses a third-party LDAP server.

To configure LDAP authentication

• In the the configuration file rest-api-config.json configuration file, set security parameter auth to "ldap" and provide the LDAP environment variables. Example:

  {
      "serverURL": "applinx://localhost:2323",
      "applicationName": "InstantDemo",
      "security": {
          "auth": "ldap",
          "groups": {
              "admins_group": "APX_Admins",
              "developers_group": "APX_Developers",
              "users_group": "APX_Users"
          },
          "ldap": {
              "url": "ldap://localhost:123",
              "dn": "cn=admin,dc=test,dc=apx,dc=eur,dc=ad,dc=sag",
              "password": "passwordExample",
              "authentication": "simple",
              "filter_user": "(uid={})",
              "filter_admins_group": "(&(cn=APX_Admins)(memberUid={}))",
              "filter_developers_group": "(&(cn=APX_Developers)(memberUid={}))",
              "filter_users_group": "(&(cn=APX_Users)(memberUid={}))",
              "context_users": "dc=test,dc=apx,dc=eur,dc=ad,dc=sag",
              "context_groups": "dc=test,dc=apx,dc=eur,dc=ad,dc=sag"
          }
      }
  }

  LDAP Environment Variable	Description
  url	The LDAP server's address.
  dn	The DN of read-only account, if not anonymous.
  password	The password of read-only account, if not anonymous.
  authentication	Either "simple" if a read-only search account is required, or "none" if anonymous.
  filter_user	Filter to find user's record; note that {} is replaced by the user-supplied ID.
  filter_admins_group, filter_developers_group, filter_users_group	These are filters for our three application roles... You might have to use 'member' instead of 'memberUid'.
  context_users	Optional path to start the user search somewhere more specific than the root.
  context_groups	Optional path to start the group search somewhere more specific than the root.

  This is the LDAP server we connected to in the above example, showing the context of the groups and users:

  

After everything has been configured in the configuration file, the end users log in by sending their username (which in this example is the uid we configured inside the filter_user parameter) and password.

In this example we have a user with User Name "acohen". To log this user in, send acohen:pass. Send the username:password in the Authorization Header of the create session request.

OpenID Connect Authentication

• Configuring OpenID Connect Authentication
• Example using Account Created in Okta
• Example using Account on Keycloak
• Connecting an ApplinX Session and Authenticating with OpenID Connect

Configuring OpenID Connect Authentication

To configure OpenID Connect authentication

• In the the configuration file rest-api-config.json configuration file, set security parameter auth to "oidc" and provide the OpenID Connect environment variables.

  OpenID Connect Environment Variable	Description
  authorization_endpoint	The client sends the end-user's browser here to request the user's authentication and consent. This endpoint is used in the code and implicit OAuth 2.0 flows that require end-user interaction.
  token_endpoint	Post an OAuth 2.0 grant (code, refresh token, resource owner password credentials, client credentials) to obtain an ID and/or access token.
  userinfo_endpoint	Retrieve profile information and other attributes for a logged-in end-user.
  client_secret	The client secret, which you get from your OpenID Connect provider.
  client_id	The client ID, which you get from your OpenID Connect provider.
  redirect_uri	The ApplinX REST API session endpoint.
  client_app_uri	Your client application URI to which you will be redirected after a successful login to your third-party OIDC provider.

Example using Account Created in Okta

For this example, three groups (Supervisors, Developers, Users) were created in Okta. The Everyone group is available out-of-the-box.

For this example, a custom group claim was also created. This will be returned in the ID token. This means that the REST API will know which group the user (who is trying to authenticate) belongs to.

Here is the configuration of the group claim:

Example using Account on Keycloak

This second example uses an account created on Keycloak. In Keycloak we get the groups out-of-the-box, so there is no need to create a custom groups claim we did in the first example. Keycloak configuration:

Like the first example, we created three groups here as well:

Connecting an ApplinX Session and Authenticating with OpenID Connect

The flow of a Create Session Request when using OpenID Connect authentication is somewhat different.

To create a session

1. Send a regular POST request to the session endpoint, for example

   http://{host}:{port}/applinx/rest/session

2. You will receive a JSON response containing the variable redirect_uri. For example:

   

   This link will send you to authenticate against your OIDC provider.

3. Enter your credentials and confirm to create a new session, for example:

   

   If your credentials are valid, a new session will be created.

4. If you set redirectAfterLogin to true, you will be redirected to the client application you configured under client_app_uri. See Configuring OpenID Connect Authentication.
   Otherwise you will get a JSON message saying the session has connected.

Host Authentication

This authentication mode is used for hosts such as Natural-UNIX that already have an authentication step.

To configure Host Authentication

1. In the the rest-api-config.json configuration file, set security parameter auth to "hostAuth".

2. In the request body, send the host credentials in order to connect a session:

   "naturalUsername": "string",
   "naturalPassword": "string",
   

Disabled

This authentication mode (no authentication) is used for hosts that have a screen containing an authentication step. This mode means you can disable the additional third-party authenticator. This setting is also useful if you do not want authentication before creating a session.

To disable authentication

• In the the rest-api-config.json configuration file, set security parameter auth to "disabled".