• FEATURES
  • PRICING
  • MARKETPLACE
  • CASE STUDIES
  • BLOG
  • Authentication for REST API calls

    I would like to call https://openspecimenurl/openspecimen/rest/ng/query/ to get the results of a query programmatically. How do I authenticate this REST API call?

    I saw you guys have an Atlassian wiki for API documentation but I don’t have access to it.

    Thanks!

    I am going to post some more details hoping I will get an answer.

    Last year at the OpenSpecimen conference I was successful in writing code that made a POST call to one of your REST services by passing in an Authorization header with Basic authentication, username and password. However, the OpenSpecimen instance I am currently working with also has a dropdown for domain on the login page, since it supports multiple user stores. So my question is, how do I specify which domain name I want to use when making the POST call to your REST services?

    Thanks!

    It may be that only local domain authentication is supported for the API. I’ll test it out and see what works with the other domains we have configured on our systems.

    Hi All,

    Randy has sent me some documentation on the APIs and in the Authentication section of that document lists two options to authenticate. Option #2 involves getting a token. I was able to successfully get a token, but when calling the /ng/query API with a specific query and passing in the token as request.Headers[“X-OS-API-TOKEN”], I get “400 Bad Request”.

    I will have to keep working at this and will post my progress.

    Thanks Randy for your help!

    Mihai

    Hi @Mihai_Virtosu

    1. Basic authentication works only when invoking APIs with credentials of users configured in OpenSpecimen database. For other databases (LDAP/SAML), you need to invoke /sessions API first to obtain the token and use the token in subsequent REST API call HTTP headers.

    2. The HTTP 400 bad request means the API call payload is not same as what the API is expecting. Can you please post the following details to help you find what is going wrong?
      2.1 HTTP Method
      2.2 API URI
      2.3 Request Body
      2.4 Headers

    Thanks,
    Vinayak

    @vpawar : here are my answers below:

    2.1 POST

    2.2. https://openspecimen.ccts.utah.edu/openspecimen/rest/ng/query/

    2.3 {“aql”:“select count(distinct Participant.id) as “cprCnt”, count(distinct SpecimenCollectionGroup.id) as “visitCnt”, count(distinct Specimen.id) as “specimenCnt” where Participant.vitalStatus any and Participant.gender any and Participant.race any and SpecimenCollectionGroup.clinicalDiagnosis any and SpecimenCollectionGroup.clinicalStatus any and Specimen.lineage in (“New”,“Aliquot”,“Derived”) and Specimen.type any and Specimen.tissueSite any and Specimen.tissueSide any and Specimen.pathologicalStatus any and Specimen.collectionStatus = “Collected” and Specimen.availableQty > 0 and SpecimenCollectionGroup.site.name any and years_between( current_date(), Participant.dateOfBirth) any and years_between( SpecimenCollectionGroup.collectionDate, Participant.dateOfBirth) any “, “cpId”:”-1”, “drivingForm”:“Participant”, “runType”:“Count”, “savedQueryId”,“15”}

    2.4 request.ContentType = @“application/json”;
    request.Headers[“X-OS-API-TOKEN”] = token;

    Thanks for your time!

    Mihai

    I have also tried using the “Advanced REST client” add-on in Chrome and I got the same 400 Bad Request:

    Uploading…

    The request body JSON is malformed. Can you fix the above JSON fragment as below and give it a try?

    “savedQueryId”: “15”

    The entire fixed JSON is given below:

    {
    	"aql":"select count(distinct Participant.id) as \"cprCnt\", count(distinct SpecimenCollectionGroup.id) as \"visitCnt\", count(distinct Specimen.id) as \"specimenCnt\" where Participant.vitalStatus any and Participant.gender any and Participant.race any and SpecimenCollectionGroup.clinicalDiagnosis any and SpecimenCollectionGroup.clinicalStatus any and Specimen.lineage in (\"New\",\"Aliquot\",\"Derived\") and Specimen.type any and Specimen.tissueSite any and Specimen.tissueSide any and Specimen.pathologicalStatus any and Specimen.collectionStatus = \"Collected\" and Specimen.availableQty > 0 and SpecimenCollectionGroup.site.name any and years_between( current_date(), Participant.dateOfBirth) any and years_between( SpecimenCollectionGroup.collectionDate, Participant.dateOfBirth) any", 
    	"cpId":-1, 
    	"drivingForm":"Participant", 
    	"runType":"Count", 
    	"savedQueryId": 15
    }
    

    For speedier responses, please email to support@krishagni.com. The forums are community driven and response time is not guaranteed.