The Alfresco API

The Alfresco API

Steven GloverGethin JamesPeter Monks

Agenda

1. Introductory presentation – 10 mins2. Developer portal – 10 mins3. Coding exercise – 60 mins4. Where to get help – 5 mins5. Future direction – 5 mins6. Q&A – as time permits

Objective:To leave this session with a functioning Alfresco Cloud application of your own.

Format:Short introductory presentation followed by lengthy coding exercise.

Logistics:These two sessions are being run as a single session without a formal break. Please feel free to take breaks whenever you’d like!

USB drives are being distributed through the audience – please copy the files on them to your local machine, then pass the drive on.

The Alfresco APIFolder, file, content and metadata

manipulation and search

Networks, sites, people,

comments, tags, activities, …

OAuth2

What is OAuth2?• Defined in RFC-6749• Secure authentication

•3rd party apps don’t ever see the user’s password

• Unambiguously identifies:•API provider (e.g. Alfresco)•Client application (e.g. your application)•End-user (e.g. an Alfresco Cloud user)

How are we using it in Alfresco?• Used to secure the Alfresco API• Only authentication mechanism provided for APIs in Alfresco Cloud

OAuth2 – Registering an App

ApplicationDeveloper

AlfrescoDeveloper Portal

Creates developer

profile

Assigns an API key and secret

for that app

Signs up on developer

portal

Registers an application

OAuth2 – Authorisation

Application Alfresco End-UserLinks to Alfresco

authorisation page, passing

API key & secret

Asks the user to authorise

the appUser authorises

the app to access their

accountRedirects to your app’s callback URL, passing authorisation

code

Exchanges the authorisation code for an

access tokenReturns access

and refresh tokensSecurely

persists the access and

refresh token for that user

OAuth2 – API Calls

Calls APIs, passing the

access token in the Authorization

HTTP header

Identifies user from access

token, executes API

call

Application Alfresco

OAuth2 – Refresh Flow

Calls APIs, passing the

access token in the Authorization

HTTP header

Returns 401 error,

indicating access token has expired

Refreshes access token,

passing refresh token

Returns new access token

Application Alfresco

Calls APIs, passing the

access token in the Authorization

HTTP header

Identifies user from access

token, executes API

call

Developer Portal

Coding Exercise

Where to Get Help

Ply Steve, Gethin and Peter with these:

Resources• Alfresco API forum• #alfresco on freenode IRC• Alfresco Technical Discussion Google Group

Source Code• Code from This Session• Spring Social Alfresco Library• Peter’s Grails Example• Jeff’s Java Examples• Jeff’s Python Examples

CMIS & Apache Chemistry in Action

• Everything you need to know about CMIS 1.0 & 1.1

• Lots of Groovy and Java examples

• Also covers Python, Android, & iOS

• Now on MEAP!• 37% off with code “12cmisal”

Future Direction

More APIs:• CMIS 1.1• User provisioning• Transformation• Workflow• Records Management• Rich Media Management

More than APIs:• Community & Enterprise• Client SDKs• Content models• Workflow definitions• Rule definitions• UI extensions

Alfresco Confidential

Disclaimer: This list is NOTcommitted to the roadmap yet!

QUESTIONS?