API Resources

Introduction

The WebLink API resources are hosted on resource servers and allow a 3rd party client to interact with the organization's WebLink data. The resources are defined by a JSON REST interface and are protected by the OAuth 2.0 authorization framework. The 3rd party client system must obtain an access token from the WebLink authorization servers and include the access token when making calls to the WebLink resource servers. The API Authorization page details how to obtain an access token.

Resource Request

Permissions

WebLink API resources are protected by permissions and the data that is returned from resources can also be restricted further by permissions and other security settings. Access tokens issued by the authorization servers are tied to users in the WebLink system. A user is assigned to groups, and groups are what determine the permissions that a user is given. Therefore, the access tokens are granted the permissions of the user who was authorized in the API Authorization process.

Using the Access Token

Every resource request must include an access token set on the Authorization header. The following is the format of the Authorization header:

Authorization: Bearer [Access_Token]

Access_Token: the access token issued by the authorization server

Example

Using the example value below, the following is the resulting Authorization header:

Access_Token: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwczovL3d3dy53ZWJsaW5rYXV0aC5jb20iLCJhdWQiOiJodHRwczovL3d3dy53ZWJsaW5rYXV0aC5jb20vcmVzb3VyY2VzIiwiZXhwIjoxNTE2MjI3NTY2LCJuYmYiOjE1MTYyMjM5NjYsImNsaWVudF9pZCI6IkNQaGlsbGlwc1Rlc3QiLCJzY29wZSI6IlB1YmxpY1dlYkFwaSJ9.cIsyrwGAoKAadCQ4Px6VQuXN4Dq_Pqvh5WumT76fQ3shKTRPAJbc_AVh2dC5VkK6AkZ2cQbOI2nv9zhNXE7nA_rDOCWmotfx0TOA-h95H7B77XD0FnfUBUs6Gqx-ObPfS6TwUvOzl5MbA3W2Pq7-Cg-ceBzDPxuf1BtVaH41z38fG5BTubbNHE_ZNQ6WIdbtB2upl_5WSD1EEDdGVNN886xvbqtE-0KLkXtNGUT8RQHGb3JeZw_ucuqAH80YmLsTw1UPovTVaG2PePYLCdxLCWk1tCnrxpEmDVIH2nmGUN0oFPQHRFM-UcJyhuAjzr6OD6upG-BUb54M-0I0xnQ8vw

                Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSIsImtpZCI6ImEzck1VZ01Gdjl0UGNsTGE2eUYzekFrZnF1RSJ9.eyJpc3MiOiJodHRwczovL3d3dy53ZWJsaW5rYXV0aC5jb20iLCJhdWQiOiJodHRwczovL3d3dy53ZWJsaW5rYXV0aC5jb20vcmVzb3VyY2VzIiwiZXhwIjoxNTE2MjI3NTY2LCJuYmYiOjE1MTYyMjM5NjYsImNsaWVudF9pZCI6IkNQaGlsbGlwc1Rlc3QiLCJzY29wZSI6IlB1YmxpY1dlYkFwaSJ9.cIsyrwGAoKAadCQ4Px6VQuXN4Dq_Pqvh5WumT76fQ3shKTRPAJbc_AVh2dC5VkK6AkZ2cQbOI2nv9zhNXE7nA_rDOCWmotfx0TOA-h95H7B77XD0FnfUBUs6Gqx-ObPfS6TwUvOzl5MbA3W2Pq7-Cg-ceBzDPxuf1BtVaH41z38fG5BTubbNHE_ZNQ6WIdbtB2upl_5WSD1EEDdGVNN886xvbqtE-0KLkXtNGUT8RQHGb3JeZw_ucuqAH80YmLsTw1UPovTVaG2PePYLCdxLCWk1tCnrxpEmDVIH2nmGUN0oFPQHRFM-UcJyhuAjzr6OD6upG-BUb54M-0I0xnQ8vw
            

Request Limits

In addition to requiring permission via an access token, WebLink resource servers implement a request rate limit of 10 requests per minute during normal hours, and a relaxed limit of 30 requests per minute from 1:00-5:00 AM, Eastern time. If this request limit is exceeded, the resource servers will begin responding with the following message:

                HTTP/1.1 429 Too Many Requests

                {

                "Status": 429,
"Message": "Requests are throttled.  You have exceeded 10 request(s) per minute."

                }