Using the API

Using the API

#340200

Authentication

Authentication Methods

Densify supports only token-based authentication for securing API requests. Densify employs the JSON Web Token (JWT) standard. You need to obtain a signed token using an /authorize request, which can then be used for authenticating subsequent Densify API calls. See Authorize for details.

API-enabled User Credentials

To access the API, you need Densify API-enabled user credentials. An API-enabled user must have the SaaS_User role assigned.

Configuration Settings

The following configuration settings can affect your API requests.

Table: API and Report Settings

Setting

Description

Default Value

API Detailed Logging
(key=rest.api.logging)

Enables additional logging of API requests to the Densify Web Server log file %CIRBA_HOME%\logs\cirba-webserver.log.

OFF

API Page Size
(key=rest.api.paging.pageSize)

The number of objects returned when performing a GET request on a collection of objects. To override the page size, use the following syntax (see Paging for details):

GET /<resource object>/?page=<pagenumber>[&page_size=<pagesize>]

100

API Key Rotation (Days)
(key=rest.api.key.rotation)

Specifies the number of days the Densify API key is rotated.

30

API Token Expiring (Minutes)
(key=rest.api.token.expiry)

Specifies the JWT API token expiry time, in minutes. Configuring a short expiry time is recommended.

5

Enable Password Policy
(key=password.policy.enabled)

Enables the password policy and enforces password character, length and lockout policies. See Managing Configuration Settings> Password Policy (Help Topic ID 111250).

If this setting is set to TRUE, Densify API user accounts are subjected to the Password policy rules on login attempts, expiry date, and inactivity lockout.

Note: The Densify API does not enforce Character and Length Password policies during authentication.

FALSE

Contact [email protected] for details on changing any of these properties.

Note:  Densify API elements, parameters, and filters are case-sensitive.

Logging

You can view the requests and the owner who performed the requests in the web server log file (%CIRBA_HOME%\logs\cirba-webserver.log). The log file also includes POST request details such as creation and state changes. This information is logged independently of configuration setting, API Detailed Logging, below.

To enable detailed logging, specify the configuration setting API Detailed Logging to "ON":

rest.api.logging=ON

Contact [email protected] for details on changing this property.