Skip to content

API

Introduction

Contour API's are a set of interfaces developed by Contour to allow direct communication with Contour Services.

API Specifications

Read our Swagger definitions for 8.0 or click here to download.

What has changed from 7.0

  • Users must now use their email address to log in rather than their username
  • New GET APIs are available to retrieve details of the current identity access, X500 of the current identity access as well as a list of identities the user has access to
  • A new PUT API is available for user to switch to an identity the user has access to

API Usage Guide

Constructing Endpoints

Endpoints can be found in the API documentation above.

To make API requests, append the endpoint from the documentation to the hostname of the server running the Contour Application.

i.e. https://<SERVER_NAME>/login

Authentication

Most APIs require authentication, the API authenticates using sessions and cookies.

Therefore, API consumers must first login via the Login Endpoint.

Subsequent requests to the APIs should include the cookies in the header.

Also, for all non-GET method requests (e.g. PUT, POST, DELETE), a CSRF token is needed.

Authentication Example

Login Request

Login with an email address and password:

curl --location --request POST 'https://<SERVER_NAME>/login' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "<EMAILADDRESS>",
    "password": "<PASSWORD>"
}'

Response Headers for Valid Login:
X-CSRF-TOKEN 7579be26-d7d6-48f2-b429-0811876e9cca
Set-Cookie SESSION=YjA2Yjc5N2ItN2MwZi00MmVlLWIwNTItMzc5YWMyMTNmNmZk; Path=/; HttpOnly; SameSite=Lax

Headers for Subsequent Authenticated GET Requests
cookie SESSION=YjA2Yjc5N2ItN2MwZi00MmVlLWIwNTItMzc5YWMyMTNmNmZk; Path=/; HttpOnly; SameSite=Lax

Headers for Subsequent Authenticated POST Requests
X-CSRF-TOKEN 7579be26-d7d6-48f2-b429-0811876e9cca
cookie SESSION=YjA2Yjc5N2ItN2MwZi00MmVlLWIwNTItMzc5YWMyMTNmNmZk; Path=/; HttpOnly; SameSite=Lax