The API functionality allows external applications to connect to Asset Bank to perform searches and retrieve assets.
The API (Application Programming Interface) allows external applications to connect to Asset Bank to search and retrieve assets.
We are happy to provide help to your developers in their use of the API, we charge for this on a Time & Materials basis.
Asset Bank's REST API is detailed in this document: REST API v1.3.14.
The URL of your REST API will be the URL of your Asset Bank (including the webapp name) plus /rest, for example: http://yourassetbank/asset-bank/rest
The API functionality can be restricted to only allow connections from certain clients (i.e. the applications calling it), based on their IP address. This option should be used when the Asset Bank server is accessible from the internet to prevent unauthorised requests. We recommend that you only allow access to the API from machines that are used only as servers, and not as web-browsing clients, to avoid the risk of CSRF attacks. If required the API functionality can be configured so that Asset Bank allows connections from any client, however this should only be used if the Asset Bank server is within a private network.
Versions prior to 3.1723
The ApplicationSettings.properties settings needed to enable the API are:
api-restrict-by-ip=[true or false]
api-allowed-ip-addresses=[comma separated list of ip addresses]
Version 3.1723 or later
In versions of AssetBank later than 3.1723, the API application settings have been moved inside the application and can be changed without the need for an application restart by navigating to:
Admin > System > REST API Settings
Version 3.1755 or later
Starting from version 3.1755, all API requests can additionally be authenticated using an OAuth 2.0 token. The settings can be configured to restrict access by OAuth token access only, or to also support IP restrictions.
From the Admin > System > REST API Settings page:
- Enable the Rest API: Yes
- Restrict the API by IP address: Yes
- Allowed IP addresses: <blank for OAuth 2.0 access only, or comma separated list of IP addresses>
Please note that OAuth 2.0 access is independent of IP restrictions - OAuth 2.0 access is granted to all users regardless of IP address, and visitors from the listed IP addresses are given unrestricted access to the API without needing to follow the OAuth 2.0 Workflow.
For more information on accessing Asset Bank through OAuth 2.0, see our OAuth 2.0 Workflow article.
Direct Link Cache
The 'direct link cache' enables clients (which can be browsers) to call a URL that converts and returns an image based on request parameters. This can be used to display images resized to particular requirements. See Direct Link Cache