User:LesOrchard/BandwagonAPI: Difference between revisions
Jump to navigation
Jump to search
LesOrchard (talk | contribs) (Filled out authen section) |
LesOrchard (talk | contribs) No edit summary |
||
| (22 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
=== Implementation Notes === | === Implementation Notes === | ||
==== Use URLs as resource identifiers ==== | |||
This API spec uses the | This API spec uses the | ||
| Line 11: | Line 13: | ||
The only URL that should be hardcoded (or preferably kept in a user preference) | The only URL that should be hardcoded (or preferably kept in a user preference) | ||
in the client application is the URL to the [[#.2Fapi | in the client application is the URL to the [[#.2Fapi.2Fsharing.2F|service document]]. | ||
This will not only make it | This will not only make it easier to switch between production, staging, and dev instances | ||
of the API, it will also make the client resilient to other more granular | of the API, it will also make the client resilient to other more granular | ||
changes in the server URL space. | changes in the server URL space. | ||
==== Use xml:base to resolve relative URLs ==== | |||
The URLs in response data may be supplied as relative paths, or | The URLs in response data may be supplied as relative paths, or | ||
relative with respect an URL indicated by an | relative with respect an URL indicated by an | ||
[http://www.w3.org/TR/2001/REC-xmlbase-20010627/#syntax xml:base attribute]. | [http://www.w3.org/TR/2001/REC-xmlbase-20010627/#syntax xml:base attribute], | ||
usually supplied by the root node of the response document. | |||
==== Use conditional GET ==== | |||
For <tt>GET</tt> requests, be sure to retain the value of the | For <tt>GET</tt> requests, be sure to retain the value of the | ||
| Line 28: | Line 35: | ||
can save in both CPU consumption and bandwidth in preparing | can save in both CPU consumption and bandwidth in preparing | ||
and sending the response data. | and sending the response data. | ||
==== HTTP Method Override Hack ==== | |||
This API uses the HTTP methods GET, POST, PUT, DELETE, and OPTIONS. Some | |||
incomplete HTTP clients support only GET and POST methods. So, this API | |||
supports the use of POST as a stand-in for any method other than GET, with | |||
the actual desired HTTP method supplied via one of the following | |||
conventions: | |||
* A URL query parameter named <tt>_method</tt> | |||
* A POST parameter named <tt>_method</tt> | |||
* The value of a header named <tt>X-HTTP-Method-Override</tt> | |||
=== Authentication === | === Authentication === | ||
All API access requires authentication. | |||
==== AMOv3 cookie session ID ==== | ==== AMOv3 cookie session ID ==== | ||
| Line 39: | Line 60: | ||
Cookie: foo=bar; AMOv3=865ikpjmn6bqh897msr3o5hv12; baz=quux | Cookie: foo=bar; AMOv3=865ikpjmn6bqh897msr3o5hv12; baz=quux | ||
The primary use-case for this means of authentication is in a browser | |||
extension with access to the user's cookie jar and the ability to extract | |||
the same cookie used for website login. | |||
==== HTTP basic auth with email/pass ==== | ==== HTTP basic auth with email/pass ==== | ||
| Line 46: | Line 71: | ||
expected to be an email address registered with AMO and the correct | expected to be an email address registered with AMO and the correct | ||
password for that account must be supplied. | password for that account must be supplied. | ||
An example use case for this authentication method is for simpler testing without | |||
the need to perform a website login and get a cookie. | |||
=== Authorization === | === Authorization === | ||
| Line 59: | Line 87: | ||
will receive responses with a <tt>405 Method Not Allowed</tt> status code, | will receive responses with a <tt>405 Method Not Allowed</tt> status code, | ||
and the <tt>Allow:</tt> header will list which methods ''are'' allowed. | and the <tt>Allow:</tt> header will list which methods ''are'' allowed. | ||
=== Resources === | === Resources === | ||
| Line 84: | Line 94: | ||
literal use as templates in the client application. | literal use as templates in the client application. | ||
Also note that not all HTTP methods are avalable for every resource. | |||
This is the main entry point URL for the API. Concrete examples of this URL | ==== Service Document - /api/sharing/ ==== | ||
might look something like the following: | |||
This [[#Service Document|service document]] is the main entry point URL for the | |||
API. Polling it periodically, with proper attention to Last-Modified and | |||
If-Modified-Since headers, should offer a relatively efficient way to track | |||
collection subscriptions and what subscriptions are writable. | |||
Beyond collections, the [[#Service Document|service document]] will supply URLs leading into the rest of the API. (eg. [[#.2Fapi.2Fsharing.2Femail|email sharing]]) | |||
Concrete examples of this URL might look something like the following: | |||
http://localhost/~lorchard/addons/api.php?action=service_doc | http://localhost/~lorchard/addons/api.php?action=service_doc | ||
| Line 93: | Line 111: | ||
https://preview.addons.mozilla.org/en-US/firefox/api/1.3/sharing | https://preview.addons.mozilla.org/en-US/firefox/api/1.3/sharing | ||
https://addons.mozilla.org/en-US/firefox/api/1.3/sharing | https://addons.mozilla.org/en-US/firefox/api/1.3/sharing | ||
===== GET - Fetch the service document ===== | ===== GET - Fetch the service document ===== | ||
| Line 104: | Line 119: | ||
** Response body varies according to authenticated user's context | ** Response body varies according to authenticated user's context | ||
==== /api/sharing/collections/ ==== | ==== Collections List - /api/sharing/collections/ ==== | ||
This resource represents the set of all shared collections. | |||
A concrete URL for this resource can be acquired from the [[#Service Document]]. | |||
Note that the GET method is not currently implemented, because the service doc | |||
and individual collection docs provide the information that would conceivably | |||
be made available. Someday, this could be an interface on the public | |||
collection directory. | |||
===== POST - Create a new collection ===== | ===== POST - Create a new collection ===== | ||
| Line 113: | Line 134: | ||
** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ||
** Parameters: | ** Parameters: | ||
*** <tt> | *** <tt>name</tt> - human readable name for the collection | ||
*** <tt> | *** <tt>description</tt> - human readable longer description for the collection | ||
*** <tt>nickname</tt> - unique nickname for collection usable in URLs | |||
*** <tt>listed</tt> - whether the collection should be listed in the directory (<tt>1</tt>) or not (<tt>0</tt>) | |||
* Response | * Response | ||
** Status: <tt>201 Created</tt> | ** Status: <tt>201 Created</tt> | ||
** Content-Type: [[#Addon Collection]] | ** Content-Type: [[#Addon Collection]] | ||
** Response body will contain the | ** Response body will contain the data for the freshly created collection. | ||
** Location header points to the URL of new collection. | ** Location header points to the URL of new collection. | ||
==== /api/sharing/collections/{uuid} ==== | ==== Collection - /api/sharing/collections/{uuid} ==== | ||
This resource represents a single collection of shared addons. | This resource represents a single collection of shared addons. | ||
A concrete URL for this kind of resource can be acquired from the [[#Service Document]]. | |||
===== GET - Fetch contents of a collection ===== | ===== GET - Fetch contents of a collection ===== | ||
| Line 133: | Line 156: | ||
** Content-Type: [[#Addon Collection]] | ** Content-Type: [[#Addon Collection]] | ||
===== | ===== PUT - Update collection details ===== | ||
Note that this update is limited to collection-specific details, and cannot | |||
modify any of the other data that makes up an addon document. | |||
* Request | * Request | ||
** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ||
** Parameters: | ** Parameters: | ||
*** <tt> | *** <tt>name</tt> - human readable name for the collection | ||
*** <tt> | *** <tt>description</tt> - human readable longer description for the collection | ||
*** <tt>nickname</tt> - unique nickname for collection usable in URLs | |||
*** <tt>listed</tt> - whether the collection should be listed in the directory (<tt>1</tt>) or not (<tt>0</tt>) | |||
* Response (on success) | * Response (on success) | ||
** Status: <tt> | ** Status: <tt>200 OK</tt> | ||
** Content-Type: | ** Content-Type: [[#Addon Collection]] | ||
** Response | ** Response content reflects changes to collection | ||
===== DELETE - Delete a collection ===== | ===== DELETE - Delete a collection ===== | ||
| Line 153: | Line 179: | ||
** Status: <tt>410 Gone</tt> | ** Status: <tt>410 Gone</tt> | ||
==== /api/sharing/collections/{uuid}/addons/{addon guid} ==== | ==== List of Addons in a Collection - /api/sharing/collections/{uuid}/addons/ ==== | ||
This resource represents addons in a collection. | |||
A concrete URL for this kind of resource can be acquired from the [[#Service Document]]. | |||
Note that the GET method is not currently implemented, because the parent | |||
collection doc provides the information that would conceivably be made | |||
available. | |||
===== POST - Add an addon to a collection ===== | |||
* Request | |||
** Content-Type: <tt>application/x-www-form-urlencoded</tt> | |||
** Parameters: | |||
*** <tt>guid</tt> - GUID of addon to add to list | |||
*** <tt>comments</tt> - (optional) human readable comments about the addon | |||
* Response (on success) | |||
** Status: <tt>201 Created</tt> | |||
** Content-Type: [[#Addon]] | |||
** Response body will contain the data for the freshly added addon. | |||
** Location header points to the URL of the addon resource in the collection. | |||
* Response (if addon already present in collection) | |||
** Status: 409 Conflict | |||
** Content-Type: [[#Error Document]] | |||
==== Addon in a Collection - /api/sharing/collections/{uuid}/addons/{addon guid} ==== | |||
This resource represents a single addon shared in a collection. | This resource represents a single addon shared in a collection. | ||
A concrete URL for this kind of resource can be acquired from an [[#Addon Collection]]. | |||
===== GET - Fetch details on an addon | ===== GET - Fetch details on an addon ===== | ||
* Response (on success) | * Response (on success) | ||
** Status: <tt>200 OK</tt> | ** Status: <tt>200 OK</tt> | ||
** Content-Type: [[#Addon | ** Content-Type: [[#Addon]] | ||
===== PUT - Update addon details ===== | |||
Note that this update is limited to collection-specific details, and cannot | |||
modify any of the other data that makes up an addon document. | |||
* Request | * Request | ||
** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ** Content-Type: <tt>application/x-www-form-urlencoded</tt> | ||
** Parameters: | ** Parameters: | ||
*** <tt> | *** <tt>comments</tt> - human readable comments about the addon | ||
* Response (on success) | * Response (on success) | ||
** Status: <tt>200 OK</tt> | |||
** Status: <tt> | ** Content-Type: [[#Addon]] | ||
** Response content reflects changes to addon in collection | |||
===== DELETE - Remove an addon from a collection ===== | ===== DELETE - Remove an addon from a collection ===== | ||
* Response (on success) | * Response (on success) | ||
** Status: <tt> | ** Status: <tt>303 See Other</tt> | ||
** Content-Type: [[#Addon Collection]] | |||
** Response body will reflect the change to the collection with addon added or updated. | |||
** Location header points to the URL of collection, which will reflect the addition or update of the addon. | |||
==== /api/sharing/email ==== | ==== Email Sharing - /api/sharing/email ==== | ||
This resource offers a general-purpose interface to notification | This resource offers a general-purpose interface to notification | ||
functionality for sharing addons via email messages. | functionality for sharing addons via email messages. | ||
A concrete URL for this of resource can be acquired from the [[#Service Document]]. | |||
===== POST - Request an email sharing notification ===== | ===== POST - Request an email sharing notification ===== | ||
| Line 197: | Line 253: | ||
*** <tt>to</tt> - comma-separated list of email addresses for notification | *** <tt>to</tt> - comma-separated list of email addresses for notification | ||
*** <tt>guid</tt> - GUID of addon to share | *** <tt>guid</tt> - GUID of addon to share | ||
*** <tt> | *** <tt>comments</tt> - human readable personal comments to be included in notification | ||
* Response (on success) | * Response (on success) | ||
** Content-Type: empty body | ** Content-Type: empty body | ||
** Status: <tt>202 Accepted</tt> | ** Status: <tt>202 Accepted</tt> | ||
=== Status Codes === | |||
Based on [http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html HTTP/1.1 Status Code Definitions]. | |||
* <tt>200 OK</tt> - Request OK, response body follows. | |||
* <tt>201 Created</tt> - New resource created, response body follows with new content, watch for <tt>Location:</tt> header containing new resource URL | |||
* <tt>202 Accepted</tt> - The request has been accepted for processing, but the processing has not been completed. Expect an empty response body. | |||
* <tt>302 Found</tt> - The desired resource is more appropriately found at URL supplied by <tt>Location:</tt> header. | |||
* <tt>303 See Other</tt> - The response reflecting results of this request is found at URL supplied by <tt>Location:</tt> header. | |||
* <tt>304 Not Modified</tt> - The resource has not changed with respect to the given <tt>If-Modified-Since</tt> header in the request. | |||
* <tt>400 Bad Request</tt> - The request is bad, usually due to invalid fields. | |||
* <tt>401 Unauthorized</tt> - Authentication details not accepted. | |||
* <tt>403 Forbidden</tt> - Authentication details accepted, but request not allowed. | |||
* <tt>404 Not Found</tt> - Resource not found. | |||
* <tt>405 Method Not Allowed</tt> - The method specified is not applicable to the resource. | |||
* <tt>409 Conflict</tt> - The request conflicts with the state of the resource. | |||
* <tt>410 Gone</tt> - Usually the status of a successful DELETE request. | |||
* <tt>415 Unsupported Media Type</tt> - Request type not supported - generally only <tt>application/x-www-form-urlencoded</tt> is accepted. | |||
* <tt>500 Internal Server Error</tt> - Something unexpected went wrong. | |||
=== Representations === | === Representations === | ||
==== Error Document ==== | |||
Most errors will be indicated by an HTTP Status in the 400s or 500s, and will | |||
be accompanied by further details in an XML document like the following: | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<error xmlns="http://addons.mozilla.org/" | |||
reason="some_reason_for_error" | |||
details="further details for error" /> | |||
Reason values to expect include: | |||
* <tt>invalid_parameters</tt> | |||
* <tt>collection_unknown</tt> | |||
* <tt>not_collection_owner</tt> | |||
* <tt>unknown_addon_guid</tt> | |||
* <tt>addon_already_in_collection</tt> | |||
* <tt>addon_not_in_collection</tt> | |||
* <tt>{GET,POST,DELETE,PUT}_not_allowed</tt> | |||
* <tt>unauthorized</tt> | |||
* <tt>not_writable</tt> | |||
==== Service Document ==== | ==== Service Document ==== | ||
| Line 219: | Line 317: | ||
<collection | <collection | ||
href="collections/98404f20-f2e0-11dd-9121-3307c31c9566" | href="collections/98404f20-f2e0-11dd-9121-3307c31c9566" | ||
name="My Laptop Addons" | |||
description="Longer description yay" | |||
creator="lorchard@mozilla.com" | creator="lorchard@mozilla.com" | ||
writable="yes" subscribed="yes" | writable="yes" subscribed="yes" | ||
lastmodified="2009-01-04T00:10:00Z" /> | lastmodified="2009-01-04T00:10:00Z"> | ||
<addons href="collections/98404f20-f2e0-11dd-9121-3307c31c9566/addons/" /> | |||
</collection> | |||
<collection | <collection | ||
href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" | href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" | ||
name="Joe's Blogging Addons" | |||
description="Longer description yay" | |||
creator="joe@example.com" | creator="joe@example.com" | ||
writable="no" subscribed="yes" | writable="no" subscribed="yes" | ||
lastmodified="2009-01-04T00:10:00Z" /> | lastmodified="2009-01-04T00:10:00Z"> | ||
<addons href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4/addons/" /> | |||
</collection> | |||
<collection | <collection | ||
href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" | href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" | ||
name="Invisible Addon Collection" | |||
description="Longer description yay" | |||
creator="lorchard@mozilla.com" | creator="lorchard@mozilla.com" | ||
writable="yes" subscribed="no" | writable="yes" subscribed="no" | ||
lastmodified="2009-01-04T00:10:00Z" /> | lastmodified="2009-01-04T00:10:00Z"> | ||
<addons href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4/addons/" /> | |||
</collection> | |||
</collections> | </collections> | ||
</sharing> | </sharing> | ||
| Line 242: | Line 349: | ||
<?xml version="1.0" encoding="utf-8" ?> | <?xml version="1.0" encoding="utf-8" ?> | ||
<collection xmlns="http://addons.mozilla.org/" | <collection xmlns="http://addons.mozilla.org/" | ||
xml:base="http://addons.mozilla.org/api/1.3/sharing/collections/98404f20-f2e0-11dd-9121-3307c31c9566/"> | |||
href="collections/98404f20-f2e0-11dd-9121-3307c31c9566" | |||
name="My Laptop Addons" | |||
description="Longer description yay" | |||
writable="yes" subscribed="yes" | |||
<addon href=" | lastmodified="2009-01-04T00:10:00Z"> | ||
<addons href="addons/"> | |||
<addon href="addons/AE93811A-5C9A-4d34-8462-F7B864FC4696"> | |||
<meta> | |||
<added>2009-01-04T00:00:12Z</added> | |||
<comments>Here are my nifty comments</comments> | |||
<addedby>Les Orchard</addedby> | |||
</meta> | |||
<name>StumbleUpon</name> | |||
<type id="1">Extension</type> | |||
<guid>{AE93811A-5C9A-4d34-8462-F7B864FC4696}</guid> | |||
<version>50706</version> | |||
<status id="4">Public</status> | |||
<authors> | |||
<author>StumbleUpon </author> | |||
</authors> | |||
<summary> | |||
StumbleUpon discovers web sites based on your interests, learns | |||
what you like and brings you more. | |||
</summary> | |||
<description> | |||
With StumbleUpon you can also connect with friends and share | |||
your discoveries, meet people that have similar interests, and | |||
check out what other people are discovering. | |||
</description> | |||
<icon>https://addons.mozilla.org/en-US/firefox/images/addon_icon/138/1216845032</icon> | |||
<thumbnail>https://addons.mozilla.org/en-US/firefox/images/t/23099/1215517056</thumbnail> | |||
<rating>5</rating> | |||
<learnmore>https://addons.mozilla.org/addon/138</learnmore> | |||
</addon> | |||
<addon> | |||
< | <meta> | ||
<added>2009-01-02T00:00:12Z</added> | |||
<addedby>Nick Nguyen</addedby> | |||
< | <comments>You should really use this.</comments> | ||
< | </meta> | ||
< | <name>FoxyTunes</name> | ||
</ | <type id="1">Extension</type> | ||
< | <guid>{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}</guid> | ||
<version>50845</version> | |||
<status id="4">Public</status> | |||
<authors> | |||
<author>Alex Sirota</author> | |||
< | <author>Yahoo! Inc. </author> | ||
</authors> | |||
<summary> | |||
Do you listen to Music while surfing the Web?^M^MFoxyTunes lets | |||
< | you control almost any media player and find lyrics, covers, | ||
videos, bios and much more with a click right from your | |||
browser. | |||
</summary> | |||
<description> | |||
Do you listen to Music while surfing the Web?FoxyTunes lets | |||
< | you control almost any media player and find lyrics, covers, | ||
videos, bios and much more with a click right from your | |||
</ | browser.Supports WinAmp, iTunes, Yahoo Music Engine, | ||
Pandora, foobar2000, Windows Media Player, Xbox Media Center, | |||
Musicmatch, Quintessential, J. River, jetAudio, XMPlay, | |||
MediaMonkey, Media Player Classic, Sonique, wxMusik, Real | |||
Player, XMMS, Noatun, Juk, Amarok, Music Player Daemon, | |||
Rhythmbox and many other players.Just click on the orange | |||
note and select your player.CNET Editor's Rating: 5/5 | |||
starsPC Magazine: Top 15 Firefox ExtensionsPC World: Top | |||
Download Picks | |||
</description> | |||
<icon>https://addons.mozilla.org/en-US/firefox/images/addon_icon/219/1226633195</icon> | |||
<thumbnail>https://addons.mozilla.org/en-US/firefox/images/t/20256/1209472104</thumbnail> | |||
<rating>5</rating> | |||
<learnmore>https://addons.mozilla.org/addon/219</learnmore> | |||
</addon> | |||
</addons> | |||
</collection> | </collection> | ||
| Line 309: | Line 430: | ||
<?xml version="1.0" encoding="utf-8" ?> | <?xml version="1.0" encoding="utf-8" ?> | ||
<addon | <addon xml:base="http://addons.mozilla.org/api/1.3/sharing/collections/98404f20-f2e0-11dd-9121-3307c31c9566/addons/AE93811A-5C9A-4d34-8462-F7B864FC4696"> | ||
<meta> | <meta> | ||
<added>2009-01-04T00:00:12Z</added> | <added>2009-01-04T00:00:12Z</added> | ||
<addedby>Les Orchard</addedby> | |||
<comments>Here are my nifty comments</comments> | <comments>Here are my nifty comments</comments> | ||
<collection href=".." /> | |||
</meta> | </meta> | ||
<categories> | <categories> | ||
| Line 367: | Line 488: | ||
os="ALL">https://addons.mozilla.org/downloads/file/34258/stumbleupon-3.26-fx+mz+sm.xpi</install> | os="ALL">https://addons.mozilla.org/downloads/file/34258/stumbleupon-3.26-fx+mz+sm.xpi</install> | ||
</addon> | </addon> | ||
=== Examples / Walkthrough === | |||
This API can be exercised using [http://curl.haxx.se/ cURL] at a command line. | |||
The service URL used in all these examples is: | |||
http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/ | |||
However, this URL will change depending on the actual AMO instance used. | |||
==== Using Cookie Auth ==== | |||
You can use session cookie auth with cURL, though it's a little painful. | |||
You'll need an extension like Firebug paired with FireCookie to check cookies | |||
and headers in your browser. | |||
Once you have those, try logging into an AMO install. You should get a | |||
cookie named "AMOv3". Copy the value of that cookie and assign it to a | |||
variable in your shell like so: | |||
$ AUTH_COOKIE=6735160d21d97131f34d86bb1fa5c096 | |||
The User-Agent header is another important component, since AMO invalidates | |||
session cookies from a user agent that differs from the one used to login. | |||
This shouldn't be an issue in extension development, but it can cause | |||
destroyed sessions (ie. the user is logged out) when using cURL. | |||
So, check the request header for your User-Agent and assign it to another | |||
shell variable: | |||
$ USER_AGENT="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6 FirePHP/0.2.4" | |||
Then, you can make your first request to fetch the service document: | |||
$ curl -sD - -A "$USER_AGENT" -H "Cookie: AMOv3=${AUTH_COOKIE};" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/' | |||
You should see a response like the following: | |||
HTTP/1.1 200 OK | |||
Date: Thu, 19 Feb 2009 21:49:07 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Thu, 19 Feb 2009 21:49:07 GMT | |||
Expires: Thu, 19 Feb 2009 22:49:07 GMT | |||
Content-Length: 273 | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<sharing xmlns="http://addons.mozilla.org/" xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/"> | |||
<email href="email" /> | |||
<collections href="collections/"> | |||
</collections> | |||
</sharing> | |||
==== Using HTTP Basic Auth ==== | |||
When trying out the API with cURL, HTTP Basic Auth is a much easier way to | |||
go. You can fetch the service document like so: | |||
$ USER="nobody@mozilla.org" | |||
$ PASSWD="test" | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/' | |||
==== Creating a new collection ==== | |||
To create a new collection, first fetch the service doc: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/' | |||
HTTP/1.1 200 OK | |||
Date: Thu, 19 Feb 2009 21:51:30 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Thu, 19 Feb 2009 21:51:31 GMT | |||
Expires: Thu, 19 Feb 2009 22:51:31 GMT | |||
Content-Length: 273 | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<sharing xmlns="http://addons.mozilla.org/" | |||
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/"> | |||
<email href="email" /> | |||
<collections href="collections/"> | |||
</collections> | |||
</sharing> | |||
Note the <tt>xml:base</tt> attribute on <tt>sharing</tt> and the <tt>href</tt> | |||
attribute on <tt>collections</tt>. Use those together to resolve an | |||
absolute URL, and that's the collections resource URL: | |||
http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/ | |||
Now, you can POST to that URL to create a new collection, like so: | |||
$ curl -sD - -u "$USER:$PASSWD" -XPOST \ | |||
-d 'nickname=foobar&name=Foo+Bar&description=collection+of+foobar+addons&listed=1' \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/' | |||
HTTP/1.1 201 Created | |||
Date: Thu, 19 Feb 2009 22:02:36 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Location: http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/ | |||
Content-Length: 0 | |||
Content-Type: text/html | |||
The creation of the collection was successful. Note the URL in the <tt>Location:</tt> | |||
header. That's the URL to the newly created collection resource. | |||
Try fetching it: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109' | |||
HTTP/1.1 200 OK | |||
Date: Thu, 19 Feb 2009 22:04:19 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Thu, 19 Feb 2009 22:04:19 GMT | |||
Expires: Thu, 19 Feb 2009 23:04:19 GMT | |||
Content-Length: 396 | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<collection xmlns="http://addons.mozilla.org/" | |||
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/" | |||
name="Foo Bar" | |||
description="collection of foobar addons" | |||
creator="Sancus" | |||
listed="yes" writable="yes" subscribed="no" | |||
lastmodified="2009-02-19T19:05:55-05:00"> | |||
<addons href="addons/"> | |||
</addons> | |||
</collection> | |||
==== Adding an addon to a collection ==== | |||
Notice that the new collection offers an <tt>addon</tt> element with an | |||
<tt>href</tt> attribute. Once resolved using <tt>xml:base</tt>, you can POST | |||
to this URL to add an addon: | |||
$ curl -sD - -u "$USER:$PASSWD" -XPOST \ | |||
-d 'guid=farming%40microfarmer.org&comments=I+really+like+this+addon' \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/' | |||
HTTP/1.1 201 Created | |||
Date: Thu, 19 Feb 2009 22:10:50 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Location: http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org | |||
Content-Length: 0 | |||
Content-Type: text/html | |||
And you can GET the URL in the <tt>Location:</tt> header: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org' | |||
HTTP/1.1 200 OK | |||
Date: Thu, 19 Feb 2009 22:12:15 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Thu, 19 Feb 2009 22:12:15 GMT | |||
Expires: Thu, 19 Feb 2009 23:12:15 GMT | |||
Transfer-Encoding: chunked | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<addon xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org"> | |||
<meta> | |||
<added>2009-02-19T17:10:50-05:00</added> | |||
<addedby>Sancus</addedby> | |||
<comments>I really like this addon</comments> | |||
<collection href=".." /> | |||
</meta> | |||
<categories> | |||
<category id="12">Organizer</category> | |||
<category id="13">Web Data</category> | |||
</categories> | |||
<name>MicroFarmer</name> | |||
<type id='1'>Extension</type> | |||
<guid>farming@microfarmer.org</guid> | |||
<version>9</version> | |||
<!-- details omitted... --> | |||
</addon> | |||
A GET request to the collection will show that the addon has been added: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/' | |||
HTTP/1.1 200 OK | |||
Date: Thu, 19 Feb 2009 22:12:15 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Thu, 19 Feb 2009 22:12:15 GMT | |||
Expires: Thu, 19 Feb 2009 23:12:15 GMT | |||
Transfer-Encoding: chunked | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<collection xmlns="http://addons.mozilla.org/" | |||
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/" | |||
name="Foo Bar" | |||
description="collection of foobar addons" | |||
creator="Sancus" | |||
listed="yes" writable="yes" subscribed="no" | |||
lastmodified="2009-02-19T19:05:55-05:00"> | |||
<addons href="addons/"> | |||
<addon href="addons/farming%40microfarmer.org"> | |||
<meta> | |||
<added>2009-02-19T17:10:50-05:00</added> | |||
<addedby>Sancus</addedby> | |||
<comments>I really like this addon</comments> | |||
</meta> | |||
<categories> | |||
<category id="12">Organizer</category> | |||
<category id="13">Web Data</category> | |||
</categories> | |||
<name>MicroFarmer</name> | |||
<type id='1'>Extension</type> | |||
<guid>farming@microfarmer.org</guid> | |||
<version>9</version> | |||
<!-- details omitted... --> | |||
</addon> | |||
</addons> | |||
</collection> | |||
==== Updating an addon in a collection ==== | |||
Later, if you want to make an update to this addon in the collection, you | |||
can make a PUT request to the addon URL: | |||
$ curl -sD - -u "$USER:$PASSWD" -XPUT \ | |||
-d 'comments=This+addon+is+really+swell' \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org' | |||
HTTP/1.1 200 OK | |||
Date: Fri, 20 Feb 2009 00:10:32 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Fri, 20 Feb 2009 00:10:32 GMT | |||
Expires: Fri, 20 Feb 2009 01:10:32 GMT | |||
Transfer-Encoding: chunked | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<addon xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org"> | |||
<meta> | |||
<added>2009-02-19T17:10:50-05:00</added> | |||
<addedby>Sancus</addedby> | |||
<comments>This addon is really swell</comments> | |||
<collection href=".." /> | |||
</meta> | |||
<categories> | |||
<category id="12">Organizer</category> | |||
<category id="13">Web Data</category> | |||
</categories> | |||
<name>MicroFarmer</name> | |||
<type id='1'>Extension</type> | |||
<guid>farming@microfarmer.org</guid> | |||
<version>9</version> | |||
<!-- details omitted... --> | |||
</addon> | |||
==== Deleting an addon from a collection ==== | |||
Finally, if you want to remove this addon from the collection, make a DELETE | |||
request to the addon URL: | |||
$ curl -sD - -u "$USER:$PASSWD" -XDELETE \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/129/addons/farming%40microfarmer.org' | |||
HTTP/1.1 410 Gone | |||
Date: Fri, 20 Feb 2009 00:12:18 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Content-Length: 0 | |||
Content-Type: text/html | |||
The addon URL can no longer be found: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org' | |||
HTTP/1.1 404 Not Found | |||
Date: Fri, 20 Feb 2009 00:12:57 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Fri, 20 Feb 2009 00:12:58 GMT | |||
Expires: Fri, 20 Feb 2009 01:12:58 GMT | |||
Content-Length: 120 | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<error xmlns="http://addons.mozilla.org/" reason="addon_not_in_collection" /> | |||
And, the addon no longer appears in the collection: | |||
$ curl -sD - -u "$USER:$PASSWD" -XGET \ | |||
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/' | |||
HTTP/1.1 200 OK | |||
Date: Fri, 20 Feb 2009 00:13:55 GMT | |||
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 | |||
X-Powered-By: PHP/5.2.6 | |||
X-AMO-ServedBy: quadshot-2.local | |||
Cache-Control: public, max-age=3600 | |||
Last-modified: Fri, 20 Feb 2009 00:13:55 GMT | |||
Expires: Fri, 20 Feb 2009 01:13:55 GMT | |||
Content-Length: 440 | |||
Content-Type: text/xml | |||
<?xml version="1.0" encoding="utf-8" ?> | |||
<collection xmlns="http://addons.mozilla.org/" | |||
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/" | |||
name="Foo Bar" | |||
description="collection of foobar addons" | |||
creator="Sancus" | |||
listed="yes" writable="yes" subscribed="no" | |||
lastmodified="2009-02-19T19:05:55-05:00"> | |||
<addons href="addons/"> | |||
</addons> | |||
</collection> | |||
Latest revision as of 20:23, 31 March 2009
Bandwagon API
Implementation Notes
Use URLs as resource identifiers
This API spec uses the REST pattern of including resource URLs in responses, rather than database IDs or other identifiers. This allows the server to control its own namespace - so please use the URLs found in href attributes to access the API, rather than constructing them on the client side from templates.
The only URL that should be hardcoded (or preferably kept in a user preference) in the client application is the URL to the service document. This will not only make it easier to switch between production, staging, and dev instances of the API, it will also make the client resilient to other more granular changes in the server URL space.
Use xml:base to resolve relative URLs
The URLs in response data may be supplied as relative paths, or relative with respect an URL indicated by an xml:base attribute, usually supplied by the root node of the response document.
Use conditional GET
For GET requests, be sure to retain the value of the Last-Modified header in responses and include it as If-Modified-Since in requests. This enables conditional GET and may result in 304 Not Modified responses that indicate the resource has not changed since the last fetch. This can save in both CPU consumption and bandwidth in preparing and sending the response data.
HTTP Method Override Hack
This API uses the HTTP methods GET, POST, PUT, DELETE, and OPTIONS. Some incomplete HTTP clients support only GET and POST methods. So, this API supports the use of POST as a stand-in for any method other than GET, with the actual desired HTTP method supplied via one of the following conventions:
- A URL query parameter named _method
- A POST parameter named _method
- The value of a header named X-HTTP-Method-Override
Authentication
All API access requires authentication.
AMOv3 cookie session ID
If a Cookie: header is sent with the value of an AMOv3 login session ID, that value will be validated first in authenticating the user.
Example header, with the AMOv3 cookie among other cookies:
Cookie: foo=bar; AMOv3=865ikpjmn6bqh897msr3o5hv12; baz=quux
The primary use-case for this means of authentication is in a browser extension with access to the user's cookie jar and the ability to extract the same cookie used for website login.
HTTP basic auth with email/pass
If no AMOv3 cookie header is found, or if it is invalid, an attempt to authenticate the user with HTTP basic auth will be made. The username is expected to be an email address registered with AMO and the correct password for that account must be supplied.
An example use case for this authentication method is for simpler testing without the need to perform a website login and get a cookie.
Authorization
In general, the client will not be given the URLs of resources to which the authenticated user does not have at least some access (ie. GET-only).
Attempts to manipulate resources to which the authenticated user does not have any permission do to so will receive a response with a 403 Forbidden status code.
Attempts to manipulate resources for which the user has some permission will receive responses with a 405 Method Not Allowed status code, and the Allow: header will list which methods are allowed.
Resources
The following is a catalog of the kinds of resources made available by the API. The URL paths used as headers are conceptual examples, not intended for literal use as templates in the client application.
Also note that not all HTTP methods are avalable for every resource.
Service Document - /api/sharing/
This service document is the main entry point URL for the API. Polling it periodically, with proper attention to Last-Modified and If-Modified-Since headers, should offer a relatively efficient way to track collection subscriptions and what subscriptions are writable.
Beyond collections, the service document will supply URLs leading into the rest of the API. (eg. email sharing)
Concrete examples of this URL might look something like the following:
http://localhost/~lorchard/addons/api.php?action=service_doc http://dev.addons.mozilla.com/en-US/firefox/api/1.3/sharing https://preview.addons.mozilla.org/en-US/firefox/api/1.3/sharing https://addons.mozilla.org/en-US/firefox/api/1.3/sharing
GET - Fetch the service document
- Response
- Status: 200 OK
- Content-Type: #Service Document
- Response body varies according to authenticated user's context
Collections List - /api/sharing/collections/
This resource represents the set of all shared collections. A concrete URL for this resource can be acquired from the #Service Document.
Note that the GET method is not currently implemented, because the service doc and individual collection docs provide the information that would conceivably be made available. Someday, this could be an interface on the public collection directory.
POST - Create a new collection
- Request
- Content-Type: application/x-www-form-urlencoded
- Parameters:
- name - human readable name for the collection
- description - human readable longer description for the collection
- nickname - unique nickname for collection usable in URLs
- listed - whether the collection should be listed in the directory (1) or not (0)
- Response
- Status: 201 Created
- Content-Type: #Addon Collection
- Response body will contain the data for the freshly created collection.
- Location header points to the URL of new collection.
Collection - /api/sharing/collections/{uuid}
This resource represents a single collection of shared addons. A concrete URL for this kind of resource can be acquired from the #Service Document.
GET - Fetch contents of a collection
- Response
- Status: 200 OK
- Content-Type: #Addon Collection
PUT - Update collection details
Note that this update is limited to collection-specific details, and cannot modify any of the other data that makes up an addon document.
- Request
- Content-Type: application/x-www-form-urlencoded
- Parameters:
- name - human readable name for the collection
- description - human readable longer description for the collection
- nickname - unique nickname for collection usable in URLs
- listed - whether the collection should be listed in the directory (1) or not (0)
- Response (on success)
- Status: 200 OK
- Content-Type: #Addon Collection
- Response content reflects changes to collection
DELETE - Delete a collection
- Response (on success)
- Status: 410 Gone
List of Addons in a Collection - /api/sharing/collections/{uuid}/addons/
This resource represents addons in a collection. A concrete URL for this kind of resource can be acquired from the #Service Document.
Note that the GET method is not currently implemented, because the parent collection doc provides the information that would conceivably be made available.
POST - Add an addon to a collection
- Request
- Content-Type: application/x-www-form-urlencoded
- Parameters:
- guid - GUID of addon to add to list
- comments - (optional) human readable comments about the addon
- Response (on success)
- Status: 201 Created
- Content-Type: #Addon
- Response body will contain the data for the freshly added addon.
- Location header points to the URL of the addon resource in the collection.
- Response (if addon already present in collection)
- Status: 409 Conflict
- Content-Type: #Error Document
Addon in a Collection - /api/sharing/collections/{uuid}/addons/{addon guid}
This resource represents a single addon shared in a collection. A concrete URL for this kind of resource can be acquired from an #Addon Collection.
GET - Fetch details on an addon
- Response (on success)
- Status: 200 OK
- Content-Type: #Addon
PUT - Update addon details
Note that this update is limited to collection-specific details, and cannot modify any of the other data that makes up an addon document.
- Request
- Content-Type: application/x-www-form-urlencoded
- Parameters:
- comments - human readable comments about the addon
- Response (on success)
- Status: 200 OK
- Content-Type: #Addon
- Response content reflects changes to addon in collection
DELETE - Remove an addon from a collection
- Response (on success)
- Status: 303 See Other
- Content-Type: #Addon Collection
- Response body will reflect the change to the collection with addon added or updated.
- Location header points to the URL of collection, which will reflect the addition or update of the addon.
Email Sharing - /api/sharing/email
This resource offers a general-purpose interface to notification functionality for sharing addons via email messages. A concrete URL for this of resource can be acquired from the #Service Document.
POST - Request an email sharing notification
- Request
- Content-Type: application/x-www-form-urlencoded
- Parameters:
- to - comma-separated list of email addresses for notification
- guid - GUID of addon to share
- comments - human readable personal comments to be included in notification
- Response (on success)
- Content-Type: empty body
- Status: 202 Accepted
Status Codes
Based on HTTP/1.1 Status Code Definitions.
- 200 OK - Request OK, response body follows.
- 201 Created - New resource created, response body follows with new content, watch for Location: header containing new resource URL
- 202 Accepted - The request has been accepted for processing, but the processing has not been completed. Expect an empty response body.
- 302 Found - The desired resource is more appropriately found at URL supplied by Location: header.
- 303 See Other - The response reflecting results of this request is found at URL supplied by Location: header.
- 304 Not Modified - The resource has not changed with respect to the given If-Modified-Since header in the request.
- 400 Bad Request - The request is bad, usually due to invalid fields.
- 401 Unauthorized - Authentication details not accepted.
- 403 Forbidden - Authentication details accepted, but request not allowed.
- 404 Not Found - Resource not found.
- 405 Method Not Allowed - The method specified is not applicable to the resource.
- 409 Conflict - The request conflicts with the state of the resource.
- 410 Gone - Usually the status of a successful DELETE request.
- 415 Unsupported Media Type - Request type not supported - generally only application/x-www-form-urlencoded is accepted.
- 500 Internal Server Error - Something unexpected went wrong.
Representations
Error Document
Most errors will be indicated by an HTTP Status in the 400s or 500s, and will be accompanied by further details in an XML document like the following:
<?xml version="1.0" encoding="utf-8" ?> <error xmlns="http://addons.mozilla.org/" reason="some_reason_for_error" details="further details for error" />
Reason values to expect include:
- invalid_parameters
- collection_unknown
- not_collection_owner
- unknown_addon_guid
- addon_already_in_collection
- addon_not_in_collection
- {GET,POST,DELETE,PUT}_not_allowed
- unauthorized
- not_writable
Service Document
The service document is the main entry point, or "front door" to the API, providing links to other resources exposed by the API and offering an overview of what particular resources are made available to the authenticated user.
<?xml version="1.0" encoding="utf-8" ?> <sharing xmlns="http://addons.mozilla.org/" xml:base="http://addons.mozilla.org/api/1.3/sharing/"> <email href="email" /> <collections href="collections"> <collection href="collections/98404f20-f2e0-11dd-9121-3307c31c9566" name="My Laptop Addons" description="Longer description yay" creator="lorchard@mozilla.com" writable="yes" subscribed="yes" lastmodified="2009-01-04T00:10:00Z"> <addons href="collections/98404f20-f2e0-11dd-9121-3307c31c9566/addons/" /> </collection> <collection href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" name="Joe's Blogging Addons" description="Longer description yay" creator="joe@example.com" writable="no" subscribed="yes" lastmodified="2009-01-04T00:10:00Z"> <addons href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4/addons/" /> </collection> <collection href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4" name="Invisible Addon Collection" description="Longer description yay" creator="lorchard@mozilla.com" writable="yes" subscribed="no" lastmodified="2009-01-04T00:10:00Z"> <addons href="collections/9f534614-f2e5-11dd-a55a-2bd072fc4ff4/addons/" /> </collection> </collections> </sharing>
Addon Collection
<?xml version="1.0" encoding="utf-8" ?> <collection xmlns="http://addons.mozilla.org/" xml:base="http://addons.mozilla.org/api/1.3/sharing/collections/98404f20-f2e0-11dd-9121-3307c31c9566/"> href="collections/98404f20-f2e0-11dd-9121-3307c31c9566" name="My Laptop Addons" description="Longer description yay" writable="yes" subscribed="yes" lastmodified="2009-01-04T00:10:00Z"> <addons href="addons/"> <addon href="addons/AE93811A-5C9A-4d34-8462-F7B864FC4696"> <meta> <added>2009-01-04T00:00:12Z</added> <comments>Here are my nifty comments</comments> <addedby>Les Orchard</addedby> </meta> <name>StumbleUpon</name> <type id="1">Extension</type> <guid>{AE93811A-5C9A-4d34-8462-F7B864FC4696}</guid> <version>50706</version> <status id="4">Public</status> <authors> <author>StumbleUpon </author> </authors> <summary> StumbleUpon discovers web sites based on your interests, learns what you like and brings you more. </summary> <description> With StumbleUpon you can also connect with friends and share your discoveries, meet people that have similar interests, and check out what other people are discovering. </description> <icon>https://addons.mozilla.org/en-US/firefox/images/addon_icon/138/1216845032</icon> <thumbnail>https://addons.mozilla.org/en-US/firefox/images/t/23099/1215517056</thumbnail> <rating>5</rating> <learnmore>https://addons.mozilla.org/addon/138</learnmore> </addon> <addon> <meta> <added>2009-01-02T00:00:12Z</added> <addedby>Nick Nguyen</addedby> <comments>You should really use this.</comments> </meta> <name>FoxyTunes</name> <type id="1">Extension</type> <guid>{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}</guid> <version>50845</version> <status id="4">Public</status> <authors> <author>Alex Sirota</author> <author>Yahoo! Inc. </author> </authors> <summary> Do you listen to Music while surfing the Web?^M^MFoxyTunes lets you control almost any media player and find lyrics, covers, videos, bios and much more with a click right from your browser. </summary> <description> Do you listen to Music while surfing the Web?FoxyTunes lets you control almost any media player and find lyrics, covers, videos, bios and much more with a click right from your browser.Supports WinAmp, iTunes, Yahoo Music Engine, Pandora, foobar2000, Windows Media Player, Xbox Media Center, Musicmatch, Quintessential, J. River, jetAudio, XMPlay, MediaMonkey, Media Player Classic, Sonique, wxMusik, Real Player, XMMS, Noatun, Juk, Amarok, Music Player Daemon, Rhythmbox and many other players.Just click on the orange note and select your player.CNET Editor's Rating: 5/5 starsPC Magazine: Top 15 Firefox ExtensionsPC World: Top Download Picks </description> <icon>https://addons.mozilla.org/en-US/firefox/images/addon_icon/219/1226633195</icon> <thumbnail>https://addons.mozilla.org/en-US/firefox/images/t/20256/1209472104</thumbnail> <rating>5</rating> <learnmore>https://addons.mozilla.org/addon/219</learnmore> </addon> </addons> </collection>
Addon
<?xml version="1.0" encoding="utf-8" ?> <addon xml:base="http://addons.mozilla.org/api/1.3/sharing/collections/98404f20-f2e0-11dd-9121-3307c31c9566/addons/AE93811A-5C9A-4d34-8462-F7B864FC4696"> <meta> <added>2009-01-04T00:00:12Z</added> <addedby>Les Orchard</addedby> <comments>Here are my nifty comments</comments> <collection href=".." /> </meta> <categories> <category id="1">Feeds, News & Blogging</category> <category id="13">Search Tools</category> <category id="22">Bookmarks</category> <category id="71">Social & Communication</category> <category id="92">Toolbars</category> </categories> <name>StumbleUpon</name> <type id="1">Extension</type> <guid>{AE93811A-5C9A-4d34-8462-F7B864FC4696}</guid> <version>50706</version> <status id="4">Public</status> <authors> <author>StumbleUpon </author> </authors> <summary> StumbleUpon discovers web sites based on your interests, learns what you like and brings you more. </summary> <description> With StumbleUpon you can also connect with friends and share your discoveries, meet people that have similar interests, and check out what other people are discovering. </description> <icon>https://addons.mozilla.org/en-US/firefox/images/addon_icon/138/1216845032</icon> <compatible_applications> <application> <name>Firefox</name> <application_id>1</application_id> <min_version>1.0</min_version> <max_version>3.1a2pre</max_version> <appID>{ec8030f7-c20a-464f-9b0e-13a3a9e97384}</appID> </application> <application> <name>SeaMonkey</name> <application_id>59</application_id> <min_version>1.0</min_version> <max_version>2.0a1</max_version> <appID>{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}</appID> </application> </compatible_applications> <all_compatible_os> <os>ALL</os> </all_compatible_os> <eula></eula> <thumbnail>https://addons.mozilla.org/en-US/firefox/images/t/23099/1215517056</thumbnail> <rating>5</rating> <learnmore>https://addons.mozilla.org/addon/138</learnmore> <install hash="sha256:2e69bcd3db46521e83eb2d5fdf37724c2af33bb1742f86d0e2cbd938c9bcfae4" os="ALL">https://addons.mozilla.org/downloads/file/34258/stumbleupon-3.26-fx+mz+sm.xpi</install> </addon>
Examples / Walkthrough
This API can be exercised using cURL at a command line.
The service URL used in all these examples is:
http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/
However, this URL will change depending on the actual AMO instance used.
Using Cookie Auth
You can use session cookie auth with cURL, though it's a little painful. You'll need an extension like Firebug paired with FireCookie to check cookies and headers in your browser.
Once you have those, try logging into an AMO install. You should get a cookie named "AMOv3". Copy the value of that cookie and assign it to a variable in your shell like so:
$ AUTH_COOKIE=6735160d21d97131f34d86bb1fa5c096
The User-Agent header is another important component, since AMO invalidates session cookies from a user agent that differs from the one used to login. This shouldn't be an issue in extension development, but it can cause destroyed sessions (ie. the user is logged out) when using cURL.
So, check the request header for your User-Agent and assign it to another shell variable:
$ USER_AGENT="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.6) Gecko/2009011912 Firefox/3.0.6 FirePHP/0.2.4"
Then, you can make your first request to fetch the service document:
$ curl -sD - -A "$USER_AGENT" -H "Cookie: AMOv3=${AUTH_COOKIE};" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/'
You should see a response like the following:
HTTP/1.1 200 OK Date: Thu, 19 Feb 2009 21:49:07 GMT Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 X-Powered-By: PHP/5.2.6 X-AMO-ServedBy: quadshot-2.local P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Cache-Control: public, max-age=3600 Last-modified: Thu, 19 Feb 2009 21:49:07 GMT Expires: Thu, 19 Feb 2009 22:49:07 GMT Content-Length: 273 Content-Type: text/xml <?xml version="1.0" encoding="utf-8" ?> <sharing xmlns="http://addons.mozilla.org/" xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/"> <email href="email" /> <collections href="collections/"> </collections> </sharing>
Using HTTP Basic Auth
When trying out the API with cURL, HTTP Basic Auth is a much easier way to go. You can fetch the service document like so:
$ USER="nobody@mozilla.org"
$ PASSWD="test"
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/'
Creating a new collection
To create a new collection, first fetch the service doc:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/'
HTTP/1.1 200 OK
Date: Thu, 19 Feb 2009 21:51:30 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Thu, 19 Feb 2009 21:51:31 GMT
Expires: Thu, 19 Feb 2009 22:51:31 GMT
Content-Length: 273
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<sharing xmlns="http://addons.mozilla.org/"
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/">
<email href="email" />
<collections href="collections/">
</collections>
</sharing>
Note the xml:base attribute on sharing and the href attribute on collections. Use those together to resolve an absolute URL, and that's the collections resource URL:
http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/
Now, you can POST to that URL to create a new collection, like so:
$ curl -sD - -u "$USER:$PASSWD" -XPOST \
-d 'nickname=foobar&name=Foo+Bar&description=collection+of+foobar+addons&listed=1' \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/'
HTTP/1.1 201 Created
Date: Thu, 19 Feb 2009 22:02:36 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Location: http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/
Content-Length: 0
Content-Type: text/html
The creation of the collection was successful. Note the URL in the Location: header. That's the URL to the newly created collection resource.
Try fetching it:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109'
HTTP/1.1 200 OK
Date: Thu, 19 Feb 2009 22:04:19 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Thu, 19 Feb 2009 22:04:19 GMT
Expires: Thu, 19 Feb 2009 23:04:19 GMT
Content-Length: 396
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<collection xmlns="http://addons.mozilla.org/"
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/"
name="Foo Bar"
description="collection of foobar addons"
creator="Sancus"
listed="yes" writable="yes" subscribed="no"
lastmodified="2009-02-19T19:05:55-05:00">
<addons href="addons/">
</addons>
</collection>
Adding an addon to a collection
Notice that the new collection offers an addon element with an href attribute. Once resolved using xml:base, you can POST to this URL to add an addon:
$ curl -sD - -u "$USER:$PASSWD" -XPOST \
-d 'guid=farming%40microfarmer.org&comments=I+really+like+this+addon' \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/'
HTTP/1.1 201 Created
Date: Thu, 19 Feb 2009 22:10:50 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Location: http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org
Content-Length: 0
Content-Type: text/html
And you can GET the URL in the Location: header:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org'
HTTP/1.1 200 OK
Date: Thu, 19 Feb 2009 22:12:15 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Thu, 19 Feb 2009 22:12:15 GMT
Expires: Thu, 19 Feb 2009 23:12:15 GMT
Transfer-Encoding: chunked
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<addon xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org">
<meta>
<added>2009-02-19T17:10:50-05:00</added>
<addedby>Sancus</addedby>
<comments>I really like this addon</comments>
<collection href=".." />
</meta>
<categories>
<category id="12">Organizer</category>
<category id="13">Web Data</category>
</categories>
<name>MicroFarmer</name>
<type id='1'>Extension</type>
<guid>farming@microfarmer.org</guid>
<version>9</version>
</addon>
A GET request to the collection will show that the addon has been added:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/'
HTTP/1.1 200 OK
Date: Thu, 19 Feb 2009 22:12:15 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Thu, 19 Feb 2009 22:12:15 GMT
Expires: Thu, 19 Feb 2009 23:12:15 GMT
Transfer-Encoding: chunked
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<collection xmlns="http://addons.mozilla.org/"
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/"
name="Foo Bar"
description="collection of foobar addons"
creator="Sancus"
listed="yes" writable="yes" subscribed="no"
lastmodified="2009-02-19T19:05:55-05:00">
<addons href="addons/">
<addon href="addons/farming%40microfarmer.org">
<meta>
<added>2009-02-19T17:10:50-05:00</added>
<addedby>Sancus</addedby>
<comments>I really like this addon</comments>
</meta>
<categories>
<category id="12">Organizer</category>
<category id="13">Web Data</category>
</categories>
<name>MicroFarmer</name>
<type id='1'>Extension</type>
<guid>farming@microfarmer.org</guid>
<version>9</version>
</addon>
</addons>
</collection>
Updating an addon in a collection
Later, if you want to make an update to this addon in the collection, you can make a PUT request to the addon URL:
$ curl -sD - -u "$USER:$PASSWD" -XPUT \
-d 'comments=This+addon+is+really+swell' \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org'
HTTP/1.1 200 OK
Date: Fri, 20 Feb 2009 00:10:32 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Fri, 20 Feb 2009 00:10:32 GMT
Expires: Fri, 20 Feb 2009 01:10:32 GMT
Transfer-Encoding: chunked
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<addon xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org">
<meta>
<added>2009-02-19T17:10:50-05:00</added>
<addedby>Sancus</addedby>
<comments>This addon is really swell</comments>
<collection href=".." />
</meta>
<categories>
<category id="12">Organizer</category>
<category id="13">Web Data</category>
</categories>
<name>MicroFarmer</name>
<type id='1'>Extension</type>
<guid>farming@microfarmer.org</guid>
<version>9</version>
</addon>
Deleting an addon from a collection
Finally, if you want to remove this addon from the collection, make a DELETE request to the addon URL:
$ curl -sD - -u "$USER:$PASSWD" -XDELETE \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/129/addons/farming%40microfarmer.org'
HTTP/1.1 410 Gone
Date: Fri, 20 Feb 2009 00:12:18 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Content-Length: 0
Content-Type: text/html
The addon URL can no longer be found:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/addons/farming%40microfarmer.org'
HTTP/1.1 404 Not Found
Date: Fri, 20 Feb 2009 00:12:57 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Fri, 20 Feb 2009 00:12:58 GMT
Expires: Fri, 20 Feb 2009 01:12:58 GMT
Content-Length: 120
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<error xmlns="http://addons.mozilla.org/" reason="addon_not_in_collection" />
And, the addon no longer appears in the collection:
$ curl -sD - -u "$USER:$PASSWD" -XGET \
'http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/'
HTTP/1.1 200 OK
Date: Fri, 20 Feb 2009 00:13:55 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.7l DAV/2 PHP/5.2.6
X-Powered-By: PHP/5.2.6
X-AMO-ServedBy: quadshot-2.local
Cache-Control: public, max-age=3600
Last-modified: Fri, 20 Feb 2009 00:13:55 GMT
Expires: Fri, 20 Feb 2009 01:13:55 GMT
Content-Length: 440
Content-Type: text/xml
<?xml version="1.0" encoding="utf-8" ?>
<collection xmlns="http://addons.mozilla.org/"
xml:base="http://dev-bandwagon.addons.mozilla.org/en-US/firefox/api/1.3/sharing/collections/109/"
name="Foo Bar"
description="collection of foobar addons"
creator="Sancus"
listed="yes" writable="yes" subscribed="no"
lastmodified="2009-02-19T19:05:55-05:00">
<addons href="addons/">
</addons>
</collection>