Get Started
Documentation
More information
|
Request with token in bodyWhen performing the HTTP requests from ONLYOFFICE Document Server the token is added to the parameters to validate the data. When performing the HTTP requests to ONLYOFFICE Document Server the token must be added to the parameters to validate the data. Starting with version 5.2 it is possible to use the token in body parameters with Document Server. To enable it set the services.CoAuthoring.token.inbox.inBody and services.CoAuthoring.token.outbox.inBody in configuration file to true.
Token in body is used for POST requests only.
For the GET requests token in header is used.
Parameters
Sample local.json configuration
{ "services": { "CoAuthoring": { "token": { "inbox": { "inBody": true, }, "outbox": { "inBody": true } } } } } The payload for the JSON Web Token contains the request body parameters. Incoming requestValidation is performed for incoming requests with the commands from the document storage service to the document command service. Sample parameters of request to receive the status of the edited document
{ "c": "info", "key": "Khirz6zTPdfd7" } These parameters must be encoded into the token so that the request looked like this: Sample of request to receive the status of the edited document
POST coauthoring/CommandService.ashx HTTP/1.1 Host: documentserver Content-Type: application/json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjIjoiaW5mbyIsImtleSI6IktoaXJ6NnpUUGRmZDcifQ.r_6sThjFABsHMNHhkVdHDSz4jwkbXRQNYdvawkBGJgg" } As you can see there is no need to include the above parameters into the request body, as all of them are already encoded into the token and sent within it. Validation is performed for incoming requests with the commands from the document storage service to the document conversion service. Sample parameters of request to convert the document
{ "filetype": "docx", "key": "Khirz6zTPdfd7", "outputtype": "pdf", "title": "Example Document Title.docx", "url": "https://example.com/url-to-example-document.docx" } Where the example.com is the name of the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. Sample of request to convert the document
POST ConvertService.ashx HTTP/1.1 Host: documentserver Content-Type: application/json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJmaWxldHlwZSI6ImRvY3giLCJrZXkiOiJLaGlyejZ6VFBkZmQ3Iiwib3V0cHV0dHlwZSI6InBkZiIsInRpdGxlIjoiRXhhbXBsZSBEb2N1bWVudCBUaXRsZS5kb2N4IiwidXJsIjoiaHR0cDovL2V4YW1wbGUuY29tL3VybC10by1leGFtcGxlLWRvY3VtZW50LmRvY3gifQ.U-YAfuuy7clWjn-xOncfJ-sxVG5DlcYn0AOzJYkoR0M" } Where the example.com is the name of the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. Validation is performed for incoming requests with the commands from the document storage service to the document builder service. Sample parameters of request to document builder service
{ "async": true, "url": "https://example.com/url-to-example-script.docbuilder" } Where the example.com is the name of the server where document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. Sample of request to document builder service
POST docbuilder HTTP/1.1 Host: documentserver Content-Type: application/json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhc3luYyI6dHJ1ZSwidXJsIjoiaHR0cHM6Ly9leGFtcGxlLmNvbS91cmwtdG8tZXhhbXBsZS1zY3JpcHQuZG9jYnVpbGRlciJ9.dzoTbRzSMa95Fpg34CjnF3ZUPdGA2CnBedFL_qOOxAs" } Where the example.com is the name of the server where document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. Outgoing requestsValidation is performed for outgoing requests to "callbackUrl" address by document editing service. Sample parameters of request to "callbackUrl" address by document editing service when the last user closed the document for editing without changes
{ "key": "Khirz6zTPdfd7", "status": 4 } Sample of request to "callbackUrl" address by document editing service when the last user closed the document for editing without changes
POST url-to-callback.ashx HTTP/1.1 Host: example.com Content-Type: application/json { "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJrZXkiOiJLaGlyejZ6VFBkZmQ3Iiwic3RhdHVzIjo0fQ.gCyNKPpg6ISAnhvFQmRiY6BRqG6WPcEGgnK79hREdkU" } Where the example.com is the name of the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. When performing the GET requests from ONLYOFFICE Document Server an authorization header with the token is added. Validation is performed for outgoing requests to document storage service for file download. Sample payload of request to document storage service for file download
{ "url: "http://example.com/url-to-example-document.docx" } Sample of request to document storage service for file download
GET url-to-example-document.docx HTTP/1.1 Host: example.com Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwOi8vZXhhbXBsZS5jb20vdXJsLXRvLWV4YW1wbGUtZG9jdW1lbnQuZG9jeCJ9.-DBTpvYH2srNUc3Xy2N4QozEXO6VF1XS89K7Li0JM68 Where the example.com is the name of the server where document manager and document storage service are installed. See the How it works section to find out more on Document Server service client-server interactions. The token includes the payload (the full URL to the document, in the example above it is {"url: "http://example.com/url-to-example-document.docx"}), which is also duplicated in the header as the Host (example.com) and the document address the GET request is sent to (url-to-example-document.docx). |
||||||||||||
© Ascensio System SIA 2021. All rights reserved
|