REST API

Contents [Hide]

Access Token
API Token
Notification
Request Token
Initiation API
Callback API

Access Token

Called by publisher to exchange the request token for access token. This API can be called only after a request token is authorized. The publisher calls this URL in response to the Adobe Wave Desktop Client calling the callback URL provided by the publisher.

URI

/identity/1.0/oauth/accesstoken

HTTP methods supported

POST, GET

Request query parameters

Parameter	Description
`oauth_consumer_key`	The consumer key (Adobe ID) that Adobe assigns to a publisher.
`oauth_token`	The oauth_token returned in the Request Token response. This token must be authorized by the end user before it can be exchanged for an access token.
`oauth_signature_method`	The signature algorithm: “PLAINTEXT” must be used.
`oauth_signature`	The consumer secret (Adobe ID password) and oauth_token_secret returned in the Request Token Response: “consumersecret&requesttokensecret” Note: “&” must be escaped as “%26”
`oauth_timestamp`	The time the request is sent, expressed as the number of seconds since January 1, 1970 00:00:00 GMT (As defined by the OAuth specification).
`oauth_nonce`	A random string, uniquely generated for each request. To prevent replay attacks (as defined by the OAuth specification), make the nonce/timestamp pair unique.
`oauth_version`	(Optional) If present, the value must be 1.0.

Example request

https://id-wave.adobe.com/identity/1.0/oauth/accesstoken?oauth_consumer_key=publisheraccnt@funwithothers.com&oauth_token=47a6244f7e304a96a95f4d51f46b528b&oauth_signature_method=PLAINTEXT&oauth_signature=password123%264e9dc7503a8a416fa1606441caacf15a&oauth_timestamp=1226366624&oauth_nonce=foobar

Response parameters

A successful response has a MIME type of application/x-www-form-urlencoded and contains the following parameters:

Parameter	Description
`oauth_token`	The access token.
`oauth_token_secret`	The associated secret.

The publisher makes a persistent mapping between the returned access token and the associated subscriber’s identity on the publisher’s site. When the publisher wants to make a point-to-point notification to a specific subscriber, they must look up the subscriber’s associated access token.

Example response

oauth_token=e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317R3NYS1BVdWJ3aGlINmlQY1IxGTArdz09fWeiMgPYVw%2FBagXTXwwoQrPtMKe3W%2F9qwiRHVgqQhtK0hGZd6p6TtI8GLnJNtfBxE99hROe%2FDwr0Da83t1QLRHI%3D&oauth_token_secret=da9231bcdeb24814b023ce0167d12f5

Response codes

Code	Description
200	OK.
400	Bad Request: parameters invalid or missing.
401	Unauthorized: invalid credential (consumer key, consumer secret, request token secret) or token request is not authorized.

API Token

Authenticates the user against the Adobe user database and returns an ID token, if successful.

URI

/identity/1.0/auth/apitoken.xml

HTTP methods supported

POST

Request query parameters

Parameter	Description
`username`	(Optional) The publisher user ID (Adobe ID), unless the Authorization header is specified. You can use either the username parameter or the Authorization header, but not both.
`password`	(Optional) The publisher password (Adobe ID password), unless the Authorization header is specified.

Request header parameters

Parameter	Description
`Authorization`	(Optional) Accepts the Basic authentication scheme. The use of https is mandatory. The format for the credentials is username + ':' + password, and the entire string must then be Base64 encoded (see RFC 2617 section 2). Not all environments allow the Authorization header to be manipulated. In this case, the information from the body of the HTTP POST request is used.

Example request

https://id-wave.adobe.com/identity/1.0/auth/apitoken.xml?username=publisheraccnt@funwithothers.com&password=password123

Example response

The parameter is passed in the HTTP POST body. The content type of the HTTP body is MIME type application/xml. The token is returned as XML. There is an outer element called apitokenResponse whose namespace is urn:com:adobe:identity:1.0. Inside this element is a single element named apitoken with the same namespace.

<?xml version="1.0" encoding="UTF-8"?> 
<apitokenResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:com:adobe:service:identity:1.0"> 
<apitoken>e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317KzVaNm52UG0xUG5GNk4vTEpkbithZz09fWRkjFr5OIV4QZ1qUbKca5zShMtC8yK7/qAkVhM5fNkixY0FZKjlJRHoBfbTNJfsnfocCO3CEefEBpiDbb/NTCE= 
</apitoken> 
</apitokenResponse>

Response codes

Code	Description
200	OK.
400	Bad Request: Parameters invalid or missing
401	Unauthorized: Invalid credential (user ID or password) or token request is not authorized.
404	Not found: The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
405	Method not found: The method specified is not allowed for the resource identified by the Request-URI. This fault is used to indicate that the resource does not allow a particular method such as GET or HEAD. The POST method is used to get the API token.

Notification

Sends a notification to a topic. You can send a request to the notification API in application/x-www-form-urlencoded format or in multipart/form-data format. You can optionally send a link, an access token (for point-to-point feeds), and a thumbnail image.

To send notifications to individual subscribers the feed that contains the topics must be configured as point-to-point. To send point-to-point notifications, send an access token.

Thumbnail images cannot be larger than 40x40 pixels and must be JPG or PNG files. Adobe Wave converts the image to PNG format before sending it to a client. You can send a thumbnail image in one of the following ways:

Upload the PNG or JPG image from the file system. Make a multipart/form-data request and specify the imagetype and image parameters. The bytes of the image must be Base64 encoded and are passed as a string.
Specify a link to an image. Make an application/x-www-form-urlencoded request or a multipart/form-data request and specify the imageurl parameter. The image is retrieved from this location and included in the outgoing notification.

URI

/notificationgateway/1.0/notification

HTTP methods supported

POST

Request query parameters

Use the following query parameters to send a request in application/x-www-form-urlencoded format:

Parameter	Description
`X-apitoken`	ID token of authenticating publisher sending notification. The publisher must acquire this API token from the Adobe Wave Service.
`topic`	The topic URI (for example 22334/23456/status_update). The URI can be obtained from the Adobe Wave Publisher Portal.
`message`	Message to send with notification.
`link`	(Optional) A URL that Adobe Wave opens in a web browser when subscriber clicks notification. The URL must begin with “http” or “https.”
`accesstoken`	(Optional) An access token. Use this parameter to send a point-to-point notification.
`imageurl`	(Optional) A URL that points to a thumbnail image that is displayed as part of the notification. The image must be no larger than 40x40 pixels. The image is retrieved from the specified URL. The URL must use http or https. When the image is retrieved from the URL the content-type must be /image/png or /image/jpeg.

Use the following query parameters to send a request in multipart/form-data format:

Parameter	Description
`X-apitoken`	ID token of authenticating publisher sending notification. The publisher must acquire this API token from the Adobe Wave Service.
`topic`	The topic URI (for example 22334/23456/status_update). The URI can be obtained from the Adobe Wave Publisher Portal.
`message`	Message to send with notification.
`link`	(Optional) A URL that Adobe Wave opens in a web browser when subscriber clicks notification. The URL must begin with “http” or “https.”
`accesstoken`	(Optional) An access token. Use this parameter to send a point-to-point notification.
`imagetype`	(Optional) The MIME type of the attached image, if any. This parameter is required if an image is attached. If no image is attached, the value of this parameter is ignored.
`image`	(Optional) A thumbnail image that is displayed as part of the notification. The image must be no larger than 40x40 pixels. The image must be a PNG or JPEG. The bytes of the image must be Base64 encoded and are passed as a string.

Example request

The following example request is in application/x-www-form-urlencoded format:

https://p000-wave.adobe.com/notificationgateway/1.0/notification?X-apitoken=e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317UmNvVVg2alhPOTlQV0pTOHNUaVhRQT09fSmTNJOx08q1xYGZ3TZwGWgQpjAu0If5zv93XIGUTER5CPN3SezHO6xIKBFrHHq3CU38XUZX6ZyBzDSxvHddUUd0uPoBcadXwJGiXakjrKw2&topic=company_3480%2Ffeed_184836%2FCAAE63B2-32FA-00F4-1748-CA1076A5547A&message=Test%20message%202485&link=http%3A%2F%2Fwww.adobe.com&accesstoken=e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317V1RiajMwNjN6K1Urb05IbExCMHNXQT09fYnvOwt1%2Fi5WDm5h1xQl6l9hmAwqErtDvizk0rG0i9B2NV93IYxgeTVYY7vdmAN6h%2FRQmEaP5qr%2F%2F%2FbhWMjZJ7PX5w5vtSvsYtq9306ZDnLIX7kIPz424HuNOivXKltV4q6Pnai6nuREo%2FRZc3cCeCc%3D

The following example request is in multipart/form-data format:

POST /notificationgateway/1.0/notification HTTP/1.1 
Content-Type: multipart/form-data; boundary= 
-----------------------------6578211237537995051102246882 
Host: localhost 
Content-Length: 4014 
-----------------------------6578211237537995051102246882 
Content-Disposition: form-data; name="X-apitoken" 
e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317c0F5RzBSV0dSTEpxNnBHdXlFTk5CUT09fYxhhPU7Z8lPkOtXX28tSxWO7EEkrxtaCPw3h0oP7w40JrVa652dV3WEPi3I7sguubxqY/YwinjOz6o0Rzf/Yb5Fj3VahacHEhIL0wZLRWde 
-----------------------------6578211237537995051102246882 
Content-Disposition: form-data; name="topic" 
company_3480/feed_184836/CAAE63B2-32FA-00F4-1748-CA1076A5547A 
-----------------------------6578211237537995051102246882 
Content-Disposition: form-data; name="message" 
Test message 2512 
-----------------------------6578211237537995051102246882 
Content-Disposition: form-data; name="accesstoken" 
e0FFUzoxMjg6Q0JDOlBLQ1M1UGFkZGluZ317bXUvYXA4Zk94MU1CeHEvUTdhZFg2Zz09fWnYyT8E2m2ESJ/gFuJYPB3UNbH2I1Wv6BLcegf/5KexK27uxocI2gTmSoKwiBJIZwXquHduUVSUARDKmdglBqsGJsgMasUuOVgW4bq1/7EJStnFvby8irE/7249I76NqXW1EDekjjgR4uodF5L9l9U= 
-----------------------------6578211237537995051102246882 
Content-Disposition: form-data; name="imagetype" 
image/png 
-----------------------------6578211237537995051102246882--

Example response

The following response indicates success:

HTTP/1.1 204 No Content

Response codes

Code	Description
400	The server did not understand the request due to bad syntax. The cause of this error is usually one of the following: No topic or message was provided in the body.The parameters in the body were not encoded according to the rules of the MIME type application/x-www-form-urlencoded.
401	The request requires user authentication. The response includes a WWW-Authenticate header field containing a challenge for the requested resource. If the request did not include Authorization credentials, repeat the request and include them. If the request included Authorization credentials, the 401 response indicates that authorization has been refused for those credentials. The server understood the request, but refuses to fulfill it. The cause of this error is usually one of the following:No X-apitoken was provided.The X-apitoken provided was corrupt or was expired.The user is not authorized to use the service.
403	The server understood the request, but refuses to fulfill it. The resource is controlled by another owner. The API token provided with this request identifies a user that does not have authority to perform this operation.Note: Response code 403 indicates that the user is not authorized to perform this operation. Response code 401 indicates that the user is not authorized to use the service at all.
415	The server refuses to service the request because the entity of the request is in an unsupported format. The cause for this error is typically one of the following:The included image, or the image pointed to by the imageurl, could not be read or decoded.The included image, or the image pointed to by the imageurl, was larger than 40x40.

Request Token

Called by a publisher to obtain a request token, which is exchanged later for an access token. Called in response to the Adobe Wave Desktop Client calling the initiation URL provided by the publisher.

URI

/identity/1.0/oauth/requesttoken

HTTP methods supported

POST, GET

Request query parameters

Parameter	Description
`oauth_consumer_key`	The consumer key (Adobe ID) that Adobe assigns to a publisher.
`oauth_signature_method`	The signature algorithm: “PLAINTEXT” must be used.
`oauth_signature`	The consumer secret (Adobe ID password).
`oauth_timestamp`	The time the request is sent, expressed as the number of seconds since January 1, 1970 00:00:00 GMT (As defined by the OAuth specification).
`oauth_nonce`	A random string, uniquely generated for each request. To prevent replay attacks (as defined by the OAuth specification), make the nonce/timestamp pair unique to prevent replay attacks. .
`oauth_version`	(Optional) If present, the value must be 1.0.

Example request

https://id-wave.adobe.com/identity/1.0/oauth/requesttoken?oauth_consumer_key=publisheraccnt@funwithothers.com&oauth_signature_method=PLAINTEXT&oauth_signature=password123&oauth_timestamp=1226366624&oauth_nonce=Axzyse72n

Response parameters

A successful response has a MIME type of application/x-www-form-urlencoded and contains the following parameters:

Parameter	Description
`oauth_token`	The request token.
`oauth_token_secret`	The associated secret.

The publisher must do two things with this data:

Return the value of the oauth_token to the Adobe Wave Desktop Client.
Persist a mapping between the oauth_token and the oauth_token_secret. When the Adobe Wave Desktop Client later calls the publisher’s callback URL, it appends the same request token to the query string of the URL. The callback URL on the publisher’s site uses the provided request token value to look up the corresponding request token secret. The publisher must use the request token secret in the request for the access token.

Example response

oauth_token=47a6244f7e304a96a95f4d51f46b528b&oauth_token_secret=4e9dc7503a8a416fa1606441caacf15a

Response codes

Code	Description
200	OK.
400	Bad Request: parameters invalid or missing.
401	Unauthorized: invalid consumer key or secret.

Initiation API

The publisher implements the Initiation API. The publisher specifies the URL for this API in the feed details in the Publisher Portal. For point-to-point notifications, Adobe Wave Desktop Client calls the URL to link the publisher to the user’s Adobe Wave account. The call to the Initiation API tells the publisher to start a new account linking transaction. The publisher then calls the Request Token API to obtain a request token. The request token is returned to the Adobe Wave Desktop Client.

URI

Chosen by the Publisher. Must start with http or https.

HTTP methods supported

GET

Request query parameters

None.

Request header parameters

None.

Response parameters

The response must have the content type application/x-www-form-urlencoded. The only response parameter is called oauth_token. Make sure that the HTTP body contains only this value. Do not following the token with white spaces or newline characters.

Example request

GET /auth/initiation.php HTTP/1.1 
Host: www.funwithothers.com

Example response

HTTP/1.x 200 OK 
Content-Type: application/x-www-form-urlencoded 
oauth_token=541bf00d0a5146cf90eb4a7a3ac6a030

Response codes

Code	Description
200	OK.
400	Bad Request: parameters invalid or missing.
401	Unauthorized: invalid credential (consumer key, consumer secret, request token secret) or token request is not authorized.
500	Internal Server Error: bug.
503	Service Unavailable: service temporarily unavailable.

Callback API

The publisher implements the Callback API. The publisher specifies the URL for this API in the feed details section of the Publisher Portal for point-to-point feeds only. The Adobe Wave Desktop Client calls the URL when a user has successfully authorized the OAuth request token. The Callback call signals to the publisher that the request token can be exchanged for an access token. The publisher then calls the Access Token API.

In the Callback API response, the publisher tells the user whether the account linking transaction succeeded or failed. Unlike the Initiation API, the response of the Callback API is not sent to Adobe Wave Desktop Client. Instead, Adobe Wave Desktop Client opens a browser window and the response is rendered in the browser. XHTML is the preferred response content type. Because the browser facilitates all interactions with the publisher's service, the publisher must determine whether the user is logged in to the publisher's website. When the user is identified and authenticated, the publisher can associate the access token with a user account.

About the invokeArgs parameter

The subscription badge supports a parameter named invokeArgs, for use only with point-to-point notifications. Use this parameter to attach context data from your website to OAuth protocol interactions. When a user clicks your customized badge, the badge forwards your invokeArgs data to the Adobe Wave Desktop Client. After the user authorizes the request token, the Adobe Wave Desktop Client returns the invokeArgs data attached to the callback URL.

The invokeArgs data usually identifies the session that started the OAuth token exchange process. Session information is useful after you exchange the request token for an access token because you must store the access token with the context of the session that requested it. Matching the correct session to the access token can be difficult if multiple requests occur simultaneously. To avoid this problem, publishers can use invokeArgs parameters to identify the originating user or session.

The callback URL mechanism allows additional parameters to be attached to the end of the query. These parameters include your invokeArgs data. In Adobe Wave, the callback URL is constructed according to the OAuth specification, section 6.2.3.

To send a custom invokeArgs value, set the invokeArgs global JavaScript variable in the badge.html file.

Callback URL format

Callback URLs are constructed as follows:

<callback_url_base><concatenator>oauth_token=<request_token>

<callback_url_base> includes three concatenated subcomponents:

<fixed_callback_base_url><concatenator><feed_info>[<concatenator><invoke_args>]

Use standard HTTP query format to concatenate strings. Use a question mark (“?”) to separate the base URL from the first parameter. Use an ampersand (“&”) for all subsequent parameters.

Callback URL parameters

Name	Description
fixed_callback_base_url	Stored with the feed as defined in the Adobe Wave Publisher Portal. See Set up feeds.
`feed_info`	Added by the Adobe Wave Desktop Client to provide context information on the feed that the user subscribed to using the badge. The subscription badge passes `feedId` and `companyId` values to the Adobe Wave Desktop Client to identify the feed to which the user wants to subscribe. These values are returned through the `feed_info` component of the URL.
`invoke_args`	(Optional) Appended to `<callback_url_base>` before the `oauth_token` parameter. This information ties the second phase of the OAuth protocol (obtaining an access token) to the initial phase (obtaining a request token). It is the publisher's responsibility to specify the parameters and their values.
`oauth_token`	The authorized request token.

Example request

http://www.funwithothers.com/auth/callback.php?feedId=feed_574753&companyId=company_779050&sessId=123412876443&oauth_token=c8cd3e0d1c4640de8740215c49372c00