Loading... Loading ...
expand / collapse all

Welcome to the DriveOnWeb API

Main features

OAuth 2 Security

All methods that require a user account are secured with OAuth 2. Specifically we implement Spring Security OAuth 2. Please also have a look at the OAuth 2 Specification.

If you want to use the api, please contact us with some details about your application (type, scopes, purpose). We will then provide you with a client_id and other needed information. The oauth Endpoints are available at /oauth. In the example we will use relative urls. So if you want to apply the examples to our sandbox system, please append the relative url paths to https://sandbox.driveonweb.de

Authorized Rest Request

To make a request against OAuth 2 secured methods you need to send a access token in the request's header.

  • Authorization: Bearer YOUR_ACCESS_TOKEN

Grant Types

Grant Types define different workflows for different kinds of applications.

implicit

This grant type is for pure javascript applications and apps. We will need a redirect url provided by you to where the user should be redirected after successful login.

  • Redirect the user to
    /oauth/authorize?response_type=token&client_id=CLIENT_ID
  • The user logs in and approves your required scopes.
  • The user is redirected to your application
    YOUR_REDIRECT_URL#access_token=345145a3-d5d2-4180-9151-0f7469ebf309&token_type=bearer&expires_in=43199&scope=files_folders
  • Extract the token from the url parameter and use it to for your rest request.

authorization_code

This grant type is for server side web applications. We will need a redirect url provided by you to where the user should be redirected after successful login.

  • Redirect the user to

    /oauth/authorize?response_type=code&client_id=CLIENT_ID
  • The user logs in and approves your required scopes.
  • The user is redirected to your application.
    YOUR_REDIRECT_URL?code=iKSdnc
  • Extract the CODE value from the url parameter.
  • Your backend application must request an access token.
    • POST Request
    • URL: /oauth/token?grant_type=authorization_code&code=CODE
    • Basic Auth: CLIENT_ID:CLIENT_SECRET
  • Example Response

    {
    • "access_token": "6dc65b83-6d78-4b80-8ad2-6fac14a9e7c7"
    • "token_type": "bearer"
    • "expires_in": 43199
    • "scope": "files_folders sharing"
    }
  • Extract the token from the response body and use it to for your rest request.

password

This grant type is for desktop applications.

  • Example Request
    • POST Request
    • URL: /oauth/token?grant_type=password
    • Basic Auth: CLIENT_ID:CLIENT_SECRET
    • Content-Type: x-www-form-urlencoded
    • Body: username=USERNAME&password=PASSWORD
  • Example Response
    {
    • "access_token": "6dc65b83-6d78-4b80-8ad2-6fac14a9e7c7"
    • "token_type": "bearer"
    • "expires_in": 43199
    • "scope": "files_folders sharing"
    }
  • Extract the token from the response body and use it to for your rest request.

Scopes

A scope defines a set of methods a client is allowed to execute. For example file/folder operations. At the moment DriveOnWeb knows of the following scopes:
  • files_folders
  • users_roles_rights
  • account
  • sharing
  • gallery

Captcha Security

For public available methods (methods without a role security) we implement one time captcha security. Methods requiring catpcha solving are marked with (Captcha Security). The workflow is as follows:

  • Request a captcha at /rest/captcha/generate.
  • The response bean will have the id and the url (context) where you can download the captcha.
  • Download the captcha.
  • Display the captcha to the user with some sort of input field.
  • Send your original rest request with additional query parameters captchaId=YOUR_CAPTCHA_ID and captchaResponse=THE_USER_RESPONSE
  • Deprecated.

    Deprecated:

    {{baseUrl.value || ' '}}
       {{role}}{{$last ? '' : ', '}}

    Body

    Accept:
    no type

    Returns

    Content-Type:
    no type

    Response Headers

    Status codes



  • Interfaces not documented

    MireDot believes that the Java methods below correspond to REST interfaces, but somehow had problems parsing/processing these interfaces and therefore excluded them from the generated documentation. We would very much appreciate it if you would send us the interfaces (not the implementations) and the types used (returntype, parameters). This will allow us to further improve MireDot and better document your interfaces in the future.

Below is a list of potential problems detected by MireDot. They can be severe or not. Some of them wil result in low quality documentation, some are real implementation issues. With each warning, the Java method causing the problem is documented.

    • method:

    not shown here because this documentation was generated by the free version of MireDot. As such, not all features are supported.