...
OAuth2 is used for authentication. With (almost) each request to an endPoint a an OAuth token needs needs to be provided. The token is retrievable from Archie - see OAuth 2.0 authorization in Archie. The API queries Archie for permissions using the token.
...
OPTIONS is available on all endPoints. It is mainly implemented for the purpose of CORS (Cross-origin resource sharing). When sending an OPTIONS to any andPoint a 200 (OK) will be returned with the following headers:
- Access-Control-Allow-Origin - returns a list of sources that can access the API. Currently accessable by all ("*" is returned)
- Access-Control-Allow-Headers - returns a list of headers allowed. Currently returning: Authorization, Content-Type, Accept, If-None-Match, If-Modified-Since
- Access-Control-Allow-Methods - returns a list of REST methods allowed for the specific endPoint. This is a comma separated list, eg: OPTIONS,GET,POST,PUT,PATCH,DELETE. Depending on the endPoint, 1-6 methods will be listed
- Access-Control-Max-Age - returns number of seconds the response should cache values (current default value is 3600)
- Access-Control-Expose-Headers - returns a list of exposed headers. Currently returning: Content-Type, Cache-Control, Link, Total-Count, ETag
...
Type | Header | Description |
HAL+JSON | Application/hal+json | Returns JSON enclosed with Review Database API |
HAL+XML | Application/hal+xml | Returns XML enclosed with Review Database API |
JSON | Application/json | Returns JSON |
XML | Application/xml | Returns XML |
CSV | Text/csv | Returns CSV |
Smile | Application/x-jackson-smile | Returns Smile |
If multiple Accept-headers are in the response – the API will prioritize the Accept-header closest to the top of the above list.
...
Code | Title | Description | ||||||
| Bad Request | Could not parse request | ||||||
| Unauthorized | No authentication credentials provided or authentication failed | ||||||
| Forbidden | Authenticated user does not have access | ||||||
| Not Found | Resource not found | ||||||
| Unsupported Media Type | The Media type supplied in the Accept header is not supported | ||||||
422 | Unprocessable Entry | A request to modify or create a resource failed due to a validation error | ||||||
| Too Many Requests | Request rejected due to rate limiting | ||||||
| An internal server error occurred |
Entry Points
All endPoints are documented in Swagger on the following url:
https://test-api.cochrane.org/api-docs
All endPoints are camelCased. For all endPoints integrity checks are made to ensure valid data.