CIS Infinity Version 4 is equipped with a standardized API utilizing the REST (Representational State Transfer) architectural style. This architecture presents a RESTful or REST like interface and is defined by constraints that must be met. These constraints will be described later.
The Advanced RESTful Web API (API) is fully documented and published using Swagger, which allows discovering, testing, and prototyping the API. The API supports JSON inputs and outputs, paging and data shaping.
Note: All core business logic available in CIS Infinity – ranging from processing a meter change at an account to retrieving complex billing data – will eventually be accessible in the published REST API for external access. (third party company)
Internally used by CIS Infinity and CIS add-ons, the API provides external vendors with the ability to create their own applications that communicate with and/or insert entries into CIS Infinity, as well as allows using alternative user interfaces to write their applications.
The subsequent sections describe how the Advanced RESTful Web API is designed and functions, with specific examples. Use these examples to assist with determining how to call the necessary API services that will perform the functions you want in CIS Infinity.
.Net Version 4.7.2 or higher. This facilitates the use of Web API 2 (built on ASP MVC5) and asynchronous constructs.
IIS 7.5 or later
ASP.NET 4.7.2 or later
The API architecture is established from the Advanced Utility Services API layer (Services API), and resource models. Model properties correspond directly with the CIS Infinity Business Class equivalents (customer, account, address, etc.), and the Uniform Resource Identifiers (URIs), which are considered resources, never change.
Resource Names in the API are the Business Class Names (e.g. CustomerAccount) from the CIS Infinity Services API, and the unique API RESTful Resource ID values are the unique and mandatory O_Code values (e.g. CUSTACCTID) associated with each business object in the CIS Infinity Services API.
Note: There are several ways to determine the CIS Business Class Names and associated O_Code to call in the API:
In CIS Infinity:
Access the Class Name using the CIS Form Lookup form
Using the right-click menu, click on the Support Info menu option
Use the Advanced REST Web API documentation
Use the Swagger documentation
Security and login features are implemented using the Authentication Header in the API and API access is protected using the CIS Infinity V4 security model at the business object layers.
All data updates are passed through the services layer, ensuring that data integrity is maintained and the business layer security is protected.
Installation and use of the API requires HTTPS/SSL certificate security. The website where the API is hosted can use a self-signed certificate if desired by the organization. Acquiring, installing, and distributing SSL certificates is the responsibility of the client.
API call authorization and authentication is done using a standard HTTP Basic Authorization using the Authorization header.
The API was programmed using MS ASP.NET Web API 2 and there are several tools available for clients to choose from to test and document the API. Some tools are listed here:
curl – A command line client used to produce automated testing scripts. Can be used in conjunction with Postman, which also generates curl commands.
Fiddler – Web debugging proxy tool.
Postman – A popular REST client. An API development and experimentation environment. This is the tool we use most often internally at Advanced.
Insomnia – Another popular REST client.
PowerShell – A great interactive scripting tool for experimenting with the REST API.
Swagger – (aka OpenAPI Specification or OAS) Used for discoverability and self-documentation of the API.
NSwag – NSwag is a Swagger/OpenAPI 2.0 and 3.0 toolchain for .NET, .NET Core, Web API, ASP.NET Core, TypeScript (jQuery, AngularJS, Angular 2+, Aurelia, KnockoutJS and more) and other platforms, written in C#. .
REST Constraints are rules that are applied to establish the distinct architectural design of a RESTful API. The following constraints were implemented for the REST API:
The response messages from the API services to the client are cacheable at the Internet and/or HTTP (Hypertext Transfer Protocol) level. Caching allows the client or intermediate HTTP servers in the HTTP chain to cache the server data, if appropriate. This is very important for performance and scalability.
When using HTTP, caching can occur automatically by setting the appropriate header tags, which indicate that the data can be cached by the HTTP, under what conditions, and the length of time allowed for caching. This is useful for situations where multiple requests might be made to the same data resource by different clients, and if caching applies, the CIS application may be bypassed and will not see the request because the cache was supplied by the inter-webs.
This establishes a clear separation between the web services and the clients / consumers, and provides the services based on the requests that are made.
The API server maintains no state about the client. This means the communication between the client and server involves no session objects, and each call to the server is independent of the call that occurred before and after. This is beneficial when considering scalability and caching. Typically implementing this feature is more difficult when dealing with a thick client application, such as CIS Infinity.
There are multiple architectural layers and no one layer has focus past the next. This facilitates middleware components and layers can be added, removed, modified or reordered according to the requirements for the API.
When considering that the REST API adheres to a uniform interface, it implies the following:
Uniform Resource Identifiers – All API services and clients within the REST-compliant architecture share a single, overarching technical architecture. Uniform Resource Identifiers (URIs) are considered resources, which are unique and will never change (permanent).
Manipulation of resources through their presentations – Interaction with each resource is done through Swagger (or another tool) by running calls against CIS Infinity using the HTTPS (HyperText Transfer Protocol with Secure Sockets Layer) implementation. This implementation allows performing actions using the standard HTTP methods with appropriate parameters specified in the call. The standard methods for REST are as follows:
GET – Retrieves the list of resources or an individual resource.
Example:
URL path: 'https://yourApi/data/resourceName'
URL path: 'https://yourApi/data/resourceName/id'
Authorization: Your CIS user name and password
POST – Adds a new resource. Note that business validation is applied and any issues are reported with a 400/Validation failed response. Missing properties are defaulted to blank/empty.
Example:
URL path: 'https://yourApi/data/resourceName'
Authorization: Your CIS user name and password
Headers: 'Content-Type' 'application/json'
Body: '{ "description":"newDescription", "code": "AA"}'
PUT – Updates the entire individual resource only. Missing properties are defaulted to blank/empty. Business rules are applied and issues reported via 400/Validation failed response.
Example:
URL path: 'https://yourApi/data/resourceName/id'
Authorization: Your CIS user name and password
Headers: 'Content-Type' 'application/json'
Body: '{ "description":"newDescription", "code": "AA"}'
DELETE – Deletes the resource.
Example:
URL path: 'https://yourApi/data/resourceName/id'
Authorization: Your CIS user name and password
PATCH – Performs a partial update to the resource typically based on a limited list of modifications and new values (using the mechanisms defined by JSONPatch RFC6902). This list can be used to add, update or delete part of a resource. Patch syntax is different from other requests. Since patch is a partial update, it should contain information about particular field within the model which should be updated. Also, it should contain patch operations, such as 'replace', 'add' or 'remove' and new value for updating field. More information here: link.
Example:
URL path: 'https://yourApi/data/resourceName/id'
Authorization: Your CIS user name and password
Headers: 'Content-Type' 'application/json'
Body: '[{ "op": "replace", "path": "/description", "value": "this is a description" }, { "op": "replace", "path": "/o_customdata/myflag", "value": true }]'
VALIDATE – An Advanced extension custom method which validates the target resource or the given resource changes. This is an Idempotent and safe method, which will not affect database and needed for evaluation purposes.
Example:
URL path: 'https://yourApi/data/resourceName'
Authorization: Your CIS user name and password
Body: '{ "description":"newDescription", "code": "AA"}'
Example:
URL path: 'https://yourApi/data/resourceName/id'
Authorization: Your CIS user name and password
NEW – An Advanced extension custom method which returns a business object model resource populated with default data as handled by the AddDefaults() function of the standard CIS business object life cycle functionality.
Example:
URL path: 'https://yourApi/data/resourceName'
Authorization: Your CIS user name and password
Self-descriptive Resource Representation – Resource messages appear in the format requested in the header of the call to the resource. The implemented format for presenting resource messages is JSON. When determining the presentation of the resource message, the format parameters that will typically be included are the full resource, Content-Type, and any other headers, if required.
HATEOAS “ Hypermedia As The Engine Of Application State”, promotes the linking of resources to each other and to operations available on them in useful and dynamic ways. This results in resources that contain links to related resources. The Advanced Web API implements this using the “HAL” standard, which makes the API much more self-documenting than other types.
This API Design table explains how the HTTP methods affect Resource URIs in the API. Currently, only the Resources (URIs) listed with “/data/” are implemented.
|
Item # |
Resource (URI) |
GET (Read) |
POST (Add) |
PUT (Update) |
DELETE (Delete) |
PATCH (Partial Update) |
VALIDATE (Validate) |
NEW (Add Default, Copy) |
|
1 |
/data/(bizobjname) (CIS business object resource, eg “CustomerAccount”, “ServiceAddress”, “AccountMeter”, etc) |
Get List of items. Returns list in list result container(*) Query String can add filtering |
Insert Item (return item) |
N/A |
N/A |
N/A |
Validate the given model for add |
Get an item populated with business defaults as per object life cycle 'AddDefaults' functionality |
|
2 |
/data/(bizobjname)/(id) (specific resource) |
Get a resource by its unique id (O_Code) (return item) |
N/A |
Update Item |
Delete Item |
Update Item |
With updated resource – Validate new data for update. Without data – validate existing resource. |
Get a new copy of the specified resource. Equivalent to API BusinessBase.NewCopy() call. |
|
3 |
/do/(function) |
N/A |
Execute the RPC function specified. |
N/A |
N/A |
N/A |
N/A |
N/A |
|
4 |
/session |
Get details about “current” login session |
Login / Get a token |
N/A |
Logout / expire token |
N/A |
N/A |
N/A |
|
5 |
/run |
Get (possibly filtered) list of running or completed runnable processes of any kind |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
6 |
/run/report |
Get (possibly filtered) list of running or completed reports |
Run a report using the supplied details |
N/A |
N/A |
N/A |
Validate given report settings |
N/A |
|
7 |
/run/report/(runid) |
Get details of running or completed report by runid |
N/A |
N/A |
Request cancel of a running report |
N/A |
N/A |
N/A |
|
8 |
/run/pickup |
Get (possibly filtered) list of running or completed pickup processes |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
9 |
/run/pickup/(name) |
Get (possibly filtered) list of all running or completed pickups of the named type |
Run a pickup of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the supplied pickup run settings |
Returns a default run model; Passing a run model allows serialize/deserialize of parameters |
|
10 |
/run/pickup/(name)/(runid) |
Gets details of the running or completed pickup type by runid |
N/A |
N/A |
Request cancel of a running pickup |
N/A |
N/A |
N/A |
|
11 |
/run/its |
Get (possibly filtered) list of running or completed interface table sync processes |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
12 |
/run/its/(name) |
Get (possibly filtered) list of running or completed interface table sync processes of the named type |
Run an interface table sync process of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the given interface table sync settings |
Returns a default run model; Passing a run model allows serialize/deserialize of parameters |
|
13 |
/run/its/(name)/(runid) |
Gets details of the running or completed interface table sync type by runid |
N/A |
N/A |
Request cancel of a running interface table sync job |
N/A |
N/A |
N/A |
|
14 |
/run/import |
Get (possibly filtered) list of running or completed AIM import processes |
Run an AIM import of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the given AIM import parameters |
N/A |
|
15 |
/run/import/(name) |
Get (possibly filtered) list of running or completed AIM import processes of the named type |
Run an AIM import process of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the given AIM import process settings |
Returns a default run model; Passing a run model allows serialize/deserialize of parameters |
|
15.1 |
/run/import/(name)/(runid) |
Gets details of the running or completed AIM import by runid |
N/A |
N/A |
Request cancel of a running AIM import job |
N/A |
N/A |
N/A |
|
16 |
/run/export |
Get (possibly filtered) list of running or completed AIM export processes |
Run an AIM export of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the given AIM export parameters |
N/A |
|
17 |
/run/export/(name) |
Get (possibly filtered) list of running or completed AIM export processes of the named type |
Run an AIM export process of the named type using the supplied details |
N/A |
N/A |
N/A |
Validate the given AIM export process settings |
Returns a default run model; Passing a run model allows serialize/deserialize of parameters |
|
17.1 |
/run/export/(name)/(runid) |
Gets details of the running or completed AIM export by runid |
N/A |
N/A |
Request cancel of a running AIM export job |
N/A |
N/A |
N/A |
|
18 |
/server |
Query server status |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
18.1 |
/server/enable |
Enable access to the REST resources |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
18.2 |
/server/disable |
Disable access to the REST resources. Returns 503 (Service Unavailable) when disabled |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
18.3 |
/server/stop |
Disable the server and unload the CIS application, freeing the libraries. Takes affect when CIS is idle unless the “force” option is used |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
19 |
/application |
Query the application object associated with the server |
N/A |
Update selected application object settings |
N/A |
Update selected application object settings |
N/A |
N/A |
|
20 |
/application/resource |
Retrieve all localization translation resources for the current or specified language |
Add new translation override resource to Localization Control |
N/A |
N/A |
N/A |
N/A |
N/A |
|
21 |
/application/resource/(id) |
Return translation of given resource in current or specified language |
N/A |
Update an existing translation override in Localization Control |
Delete existing translation override from Localization Control |
N/A |
N/A |
N/A |
|
22 |
/application/dictionary |
Retrieve application dictionary |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
23 |
/application/dictionary/table |
Retrieve application dictionary table list |
Add application dictionary table definition |
N/A |
N/A |
N/A |
N/A |
N/A |
|
24 |
/application/dictionary/table/(id) |
Retrieve application dictionary table item |
N/A |
Update table item |
Delete table item |
Update table item |
N/A |
N/A |
|
24.1 |
/application/dictionary/table/(id)/field |
Retrieve application dictionary field list for table |
Add application dictionary field to specified table |
N/A |
N/A |
N/A |
N/A |
N/A |
|
24.2 |
/application/dictionary/table/(id)/field/(id2) |
Retrieve application dictionary field item |
N/A |
Update field item |
Delete field item |
Update field item |
N/A |
N/A |
|
24.3 |
/application/dictionary/table/(id)/index |
Retrieve application dictionary index list for table |
Add application dictionary index to specified table |
N/A |
N/A |
N/A |
N/A |
N/A |
|
24.4 |
/application/dictionary/table/(id)/index/(id2) |
Retrieve application dictionary index item |
N/A |
Update index item |
Delete index item |
Update index item |
N/A |
N/A |
|
25 |
/application/dictionary/relation |
Retrieve application dictionary relationship list |
Add application dictionary relationship definition |
N/A |
N/A |
N/A |
N/A |
N/A |
|
26 |
/application/dictionary/relation/(id) |
Retrieve application dictionary relation item |
N/A |
Update relation item |
Delete relation item |
Update relation item |
N/A |
N/A |
|
27 |
/application/security/ |
Retrieve system security profile item |
N/A |
Update system security profile item |
N/A |
Update system security profile item |
N/A |
N/A |
|
28 |
/application/security/user |
Retrieve list of user security profiles |
Add a new security user profile to the system |
N/A |
N/A |
N/A |
N/A |
N/A |
|
29 |
/application/security/user/(id) |
Retrieve user security profile item |
N/A |
Update user security profile item |
Delete user security profile item |
Update user security profile item |
N/A |
N/A |
|
29.1 |
/application/security/user/(id)/right |
Retrieve list of security rights for a user |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
29.2 |
/application/security/user/(id)/right/(id2) |
Retrieve security right item for a user |
N/A |
Update security right item for a user |
N/A |
Update security right item for a user |
N/A |
N/A |
|
30 |
/application/security/group |
Retrieve list of security groups |
Add a new security group to the system |
N/A |
N/A |
N/A |
N/A |
N/A |
|
31 |
/application/security/group/(id) |
Retrieve security group item |
N/A |
Update security group item |
Delete security group item |
Update security group item |
N/A |
N/A |
|
31.1 |
/application/security/group/(id)/users |
Retrieve list of users assigned to this group |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
31.2 |
/application/security/group/(id)/right |
Retrieve list of security rights for a group |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
31.3 |
/application/security/group/(id)/right/(id2) |
Retrieve security right item for a group |
N/A |
Update security right item for a group |
N/A |
Update security right item for a group |
N/A |
N/A |
|
32 |
/application/counter/(id) |
Retrieve the next counter value for the specified counter. Creates a new counter with that name and starts from 1 if it does not exist! |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
33 |
/application/report |
Retrieve the list of available report definitions |
Add a new report definition to the system |
N/A |
N/A |
N/A |
N/A |
N/A |
|
34 |
/application/report/(id) |
Retrieve report definition item |
N/A |
Update report definition item |
Delete report definition item from the system |
N/A |
N/A |
N/A |
|
34.1 |
/application/report/(id)/contents |
Retrieve list of embedded contents for a report definition |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
|
34.2 |
/application/report/(id)/contents/(file) |
Retrieve embedded report file |
N/A |
Add or update report embedded file |
Delete report embedded file |
N/A |
N/A |
N/A |
|
35 |
/batch |
N/A |
Execute all HTTP requests contained in the multipart body. See Batched Requests for details |
N/A |
N/A |
N/A |
N/A |
N/A |
|
36 |
/utility/(name) |
Invoke utility functions by name using any query parameters that apply |
Invoke utility functions by name using the applicable body data |
N/A |
N/A |
N/A |
N/A |
N/A |
All list level resource GET results conform to the HAL document formatting standard (i.e. JSON). Any request for a return of list results will return a container with several list summary and status information, along with the requested list. The list container will be a wrapper for the list and have a standard structure, as follows:
“ totalItems” count – This is the total number of items in the entire list.
“ pagesSize” value – This value indicates the standard number of items in a page, and therefore the number of items in this result, unless it is the last/only page.
“ totalPages” value – This value indicates the total number of pages in the entire list.
“ currentPage” value – The number of the current page.
Note: The HATEOAS _link items “next” and “prev” will also be available if applicable to point to the previous or next page of the list.
https://localhost/data/account?pagesize=20&page=3&order=accountnumber&fields=*&where=accountnumber gt '00011111' and accountnumber lt '00099999'
Multiple individual HTTP REST requests can be packaged into a single request message by using the MIME (RFC1341) standard multipart message format and sending a POST to the /batch endpoint:
Each request is processed and transactioned independently of the others; requests are not transactioned as a group.
A content type of "multipart/mixed" indicates that the requests should be processed sequentially. This guarantees that each is finished before the next starts. Each is processed in the order in which they appear in the request.
A content type of "multipart/parallel" indicates that the requests can be processed in parallel, if possible. Parallel processing is not guaranteed. They may be processed sequentially, or in parallel, in any order.
Individual response content are always placed in the same order as the requests in the response MIME multipart body.
An HTTP response is not returned until all requests are finished.
An authorization header is required on the main request and must be valid. Individual requests can include an authorization header if desired. Individual authorization headers will apply to the message on which it is applied and override the default from the main authorization header. If individual requests do not have an authorization header, then the main header credentials will apply.
Response content type will be the same multipart content type as the request.
HTTP text representing a sample batch request is available here.
Any functionality that is deemed to need versioning will have version support added and will interpret the “version” query string as requesting a specific version of that URI. By default, the latest version is always used if a version is not requested. Versioning will only be supported on URIs where a change is made that potentially breaks functionality, and/or the existing functionality will be required by a client. Examples of changes that could require versioning are the removal of a field or parameter, or changes to an existing function, which causes it to behave very differently.
Note: Versioning will not be implemented when a new field is added to an existing item, or new or additional functionality is added to an existing item, or when functionality changes or additions are only enabled by optional configuration elsewhere in CIS Infinity.
The HTTP URL supports a variety of query strings to shape the data and to control aspects of the operation. Consider using the following query strings:
|
Query String |
Description |
Supported Methods |
|
fields= |
Request only a subset or superset (child lookups or related data) of the object data. Optional data shaping. Used to limit the data being returned when size is an issue (e.g. with mobile devices), or to request multiple related objects in one request rather than several requests. Child items or related data can also be referenced, using dot notation to refer to fields in embedded child items or relationships. Properties which have many-to-one lookup relationships all support inclusion of the related object by requesting the child with the same name as the property. Associated data via the AppDict relationship definitions in the system may also be requested by their relationship code names (see Application Dictionary Relationship data). Include or exclude fields or embedded content using a comma separated list.
|
GET on list resource or item resource |
|
order= |
This clause contains an optional comma separated list of fields to sort the result list. Reverse the sort order from the default ascending to descending by prefixing fields with “-”, e.g. order= -field1, field2, -field3. Default is to order by Pk / O_Key. Using invalid field names in the order list will return a 400/Bad Request. |
GET on list resource |
|
page= |
Requests a specific page from the list resource. Defaults to page 1 (paging support) |
GET on list resource |
|
pagesize= |
Set an explicit page size to override the default page size of 50 (page support) |
GET on list resource |
|
version= |
Requests a specific version of the API call |
All |
|
where= |
Simple filter expressions. This clause contains conditions to be applied to select the result list. The expression format is similar to the ODATA standard, e.g. where=field1 eq 123 and (field2 like '%12' or field4 ne 'X'). Distinct items must be separated by white space. Brackets “()” can be used to group items or to change precedence. Using invalid field names in the expression will return a 400/Bad Request. Currently supported operators:
Currently supported connectors:
Formats for values of different types:
|
GET on list resource |
|
method= |
Invokes custom or API retrieve logic. Specific end points may implement special support for specific method names on a case by case basis. This is also used to invoke existing API retrieve methods on each business class (resource). Use the existing V4 API documentation to discover the names and parameters of the static retrieval methods supported. Any existing retrieve method which returns the target resource business item or a list of target resource business items is supported.
Signature in API: GetByCustomerAccount(CisSession session, string customerNumber, string accountNumber, bool checkAccess = false, params string[] statusOrder) Usage: /data/customeraccount?method=getbycustomeraccountstatus('0001233', '014000555', false, ['AC','IN']) Example 2 Signature in API: GetLast50CustomerAccount(CisSession session) Usage: /data/customeraccount?method=getlast50customeraccount&fields=*,*.customer,*.account |
GET on list resource |
The various status codes that can occur when using HTTP methods are listed in the following table:
|
Status Code |
Description |
|
200 |
OK – Request was successfully processed. |
|
201 |
Created – New item was successfully added. |
|
204 |
No Content – Item was successfully processed and no response content was returned. (See X-AdvancedUtility-NoContent header attribute) |
|
304 |
Not Modified – If-None-Match condition failed for a resource GET |
|
400 |
Bad Request – Client request is somehow incorrect. When the status message is "Validation failed", then body details contain validation details associated with the error. |
|
401 |
Unauthorized – Authentication failure returned when you are not authenticated or authenticated incorrectly (ie. incorrect user or password). |
|
403 |
Forbidden – Authorization failure returned when you try something that you do not have security access to from the CIS security subsystem. |
|
404 |
Not Found – Requested resource not found, etc... |
|
405 |
Method Not Allowed – Authorization failure when user attempts an operation not allowed on that resource. |
|
412 |
Precondition Failed – If-Match condition failed, or a non-GET If-None-Match condition failed |
|
500 |
Internal Error – Server handling is somehow incorrect – exception, etc.. |
|
503 |
Service Unavailable |
The common status codes that can occur when using HTTP methods are listed in the following table:
|
HTTP Method |
Status Code |
|
GET |
200, 304, 400, 401, 403, 404, 412, 500, 503 |
|
POST |
201, 400, 401, 405, 412, 500, 503 |
|
PUT |
200, 204, 400, 401, 404, 405, 412, 500, 503 |
|
PATCH |
200, 204, 400, 401, 404, 405, 412, 500, 503 |
|
DELETE |
200, 204, 400, 401, 404, 405, 412, 500, 503 |
|
VALIDATE |
200, 400, 404, 405, 412, 500, 503 |
| NEW | 200, 400, 404, 405, 412, 500, 503 |
See RFC7231 for more details and standards around HTTP verbs and response codes.
Common header tags that apply to the API requests:
|
Header Tag |
Direction (from) |
Description |
|
Date |
Server |
Required. Standard HTTP Date header indicating the date and time of the message. |
|
Content-Type |
Client / Server |
Required. Standard HTTP header item. Should indicate the type of the body content being sent. Common values are:
|
|
Content-Length |
Client / Server |
Include when applicable. Standard HTTP header item. Indicates the length of the content body data. |
|
Accept |
Client |
Standard HTTP header item. Specifies type of data requested to be returned to client. If not used, the Advanced Web API defaults to application/json. Selected GET calls support additional types when applicable (e.g. /data/ebill/{id}/image supports additional types like application/pdf, application/octet-stream, text/html, etc)
|
|
Client |
Required. Basic xxxxx (where xxxxx is base-64 encoded “userid:password” or “userid:token”). The userid and password are CIS UserIds and the corresponding password. Once a CIS session is established, you can optionally use the token associated with that login to improve performance on subsequent calls until the session is closed or times out. |
|
|
ETag |
Server |
Entity Tag identifier
|
|
If-None-Match |
Client |
Optional. Used with ETag to implement caching on GET operations. |
|
If-Match |
Client |
Optional. Used with ETag to implement optimistic locking. |
|
X-AdvancedUtility-NoContent |
Client |
Optional tag to indicate that the response should not send back the resource after the operation. If not included, or included with a value of ‘false’, ‘off’, or ‘no’, then the response will contain the resulting resource and typically respond with 200/OK. If included with a value of ‘true’, ‘on’, or ‘yes’, then the response will not include the updated resource and will typically use response 204/No Content. POST is unique and will respond with 201/Created in both cases and simply include or not include the content depending on this tag. The default is to always include the result resource in the response. Applies to POST, PUT, PATCH, DELETE; and is ignored by GET, NEW, VALIDATE |
|
X-AdvancedUtility-JsonResponseCamelCase |
Client |
Optional tag to indicate whether the response should format the returned JSON using the old standard of camel-casing for all responses or not. If set to included with a value of ‘false’, ‘off’, or ‘no’, or "0" then the response leave the included JSON variable case untouched (in native REST/C# format). If included with a value of "true", "on", "yes", or "1", the response JSON will continue to be formatted in the original way it had been before this option was implemented. If the header is not present, the JSON response content will currently default to applying the camel-case formatter, but this will change in a future release of REST Web API. Applies to GET, POST, PUT, PATCH, DELETE, VALIDATE, NEW |
|
X-AdvancedUtility-NoAuthChallenge |
Client |
Optional tag to indicate that a 401 (Unauthorized) response should suppress the normally included WWW-Authenticate challenge header. This header typically causes a login prompt to appear in browsers when a REST call returns 401, and this is sometimes not desireable, such as when the browser is internally calling REST via a proxy on the web server redirected to the REST server. Any value is acceptable, since the presence of the header is what triggers the suppression. Applies to GET, POST, PUT, PATCH, DELETE, VALIDATE, NEW |
|
Location |
Server |
Always included on a successful POST response (201/Created). Contains the URI of the newly created resource. |
|
X-HTTP-Method-Override |
Client |
Override the HTTP method on a GET or POST to the one indicated on the header. This is used for cases when support for the actual method does not exist in the client, or when the network will not pass REST methods for security reasons. In those cases, use GET or POST and specify the actual method desired in this header. POST will support all other verbs. GET is only allowed for other “safe” methods (VALIDATE, HEAD, OPTIONS). This is typically needed to invoke the custom actions 'VALIDATE' and 'NEW'. |
|
Content-Language |
Client |
Standard HTTP header item. Specifies the request language content type. This is used in rare cases on a POST or PUT to control the localization language to which the call applies (e.g. POST /application/resource ) Examples of acceptable language codes to use: *, en, en-CA, en-US, fr, fr-CA. Any unrecognized options are ignored and will result in the response being in the current language preference of the CIS user associated with the request. |
|
Accept-Language |
Client |
Standard HTTP header item. Specifies the response language preference for content to be returned to the client by this request. If not used, the Advanced Web API defaults to the existing language preference associated with the current CIS user associated with the request. Examples of acceptable language codes to use: *, en, en-CA, en-US, fr, fr-CA. Any unrecognized options are ignored and will result in the response being in the current language preference of the CIS user associated with the request. Note: Only some aspects of the response details can be affected by this header. Some are internal and only controlled by the CIS user language preference. |
|
Accept-Encoding |
Client |
Optional. Indicates that the response can use one of the listed encoding methods to compress the response content. "gzip" and "deflate" are supported. Request one or the other, or both in order of preference. Unsupported encoding methods can be requested, but will be ignored. The response will contain the standard HTTP Content-Encoding header item to indicate which encoding was applied. |
|
Content-Encoding |
Server |
Indicates that the response contains body content encoding using the specified compression method. "gzip" or "deflate" are possible. |
See RFC7231 Request Headers for more details on these and other HTTP headers.
CIS custom fields functionality is completely supported through the REST interface. Every return business model contains an additional container property o_CustomData with properties corresponding to each custom field and value associated with that resource. Each custom field item defined on the resource is included with its current value. Property names and values are formatted exactly like all other object properties.
Note that PUT/POST handling for custom properties is slightly different from the standard properties:
If the o_CustomData container is not included in the PUT/POST object, the custom properties are not touched. This means existing values are left unchanged on an update, and new values are defaulted on an add.
If the o_CustomData container is included, then only explicitly included properties in the container are handled. Missing properties are not touched on an update, and defaulted on an add. This is different from base property handling where any missing properties are always set to the default value on add and update.
Note that PATCH support is slightly different for custom properties. The path reference in the PATCH command should be formatted as "/O_CustomData/MyPropertyName" rather than just the property name alone as with standard properties.
Example:
PATCH ../data/serviceorder/901950
[
{"op":"replace","path":"/serviceMessage","value":"BIF023 has Custom Fields"},
{"op":"replace","path":"/o_customdata/test","value": true},
{"op":"replace","path":"/o_customdata/topfigure","value": 3.5}
]
The Advanced Web API REST server has the ability to log system messages as well as request/response details. The logging is configured via settings in the NLOG.config file in the Advanced Web API home folder. Examples and additional documentation are available in the NLOG.config.sample file, also in the Web API home folder. Documentation on unusual or advanced logging configurations can be found at the NLOG website.
The system log name is WebApi and records any system level events, messages, and errors. It logs levels Debug, Info, Warn, and Error. Debug level messages are verbose and log internal functionality typically around session and cache management and operations. Info level messages record normal system operations like start up and shutdown and requests for system actions like enabling, disables, or recycling, the server. Warn and Error level messages are important and should be reviewed and addressed immediately.
Web API has the ability to record detailed information about any requests and responses handled by the server. Details such as request user, URI, method, and payload can be selected. Response details can also be tracked for each request, including response code, message, and payload. Care should be taken when selecting request or response payload logging, since it imposes a heavy load on the server and the logger. Requests can be filtered based on method, URI, and response code.
Request/response logger configuration is done with a logger item of the form: <logger name="[method pattern]:[URI pattern]" levels="[levels]" writeTo="[target]" />
Additional logger target layout items are available to access the specialized data associated with a request and response. These layout items are accessed using a layout= attribute on the target definition and have the form layout="${event-properties:[keyword]}" where [keyword] is one of the following: User, UserIp, HttpMethod, RequestUri, RequestPath, RequestQueries, RequestHeaders, Status, ElapsedTime, RequestBody, ResponseBody
Sample NLOG configuration file
Advanced searching using $search or /data/customeraccount/search
Meter operations (change/modify/install/remove) using /data/accountmeter/change
Sample code for HTTP requests provided using different programming languages. This is a sample code, which interacts with CIS classes and provides GET, PUT, POST, DELETE, PATCH, VALIDATE methods
C# sample code to Get/Post/Put/Delete a resource (and corresponding Visual Studio 2017 project)
PowerShell sample to retrieve a list from any given resource
After the REST Web API is installed, use this URL to access the Swagger UI from a web browser: /swagger
You can retrieve an up-to-date Swagger/OpenAPI document for this system from the resource /swagger/docs/v1