{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"fe4a90dd-70f1-4a59-b0ff-50878c83d055","name":"Curator API V1 (1.0)","description":"<br>\r\n<h1>Welcome to Curator API</h1>\r\n<p>The Curator REST API enables you to interact with Curator programmatically. Use this API to build apps, script interactions with Curator, or develop any other type of integration. This page documents the REST resources currently available in Curator API, including the HTTP response codes and example requests and responses.</p>\r\n<h1>OpenAPI</h1>\r\n<p>OpenAPI Specification is an API description format for REST APIs. Curator REST API conforms to <a href=\"https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md\" target=\"_blank\">OpenAPI 3.0 Specification</a>.</p>\r\n<p>Curator REST OpenAPI specification can be downloaded using the link above and imported into tools such as <a href=\"https://www.postman.com/\" target=\"_blank\">Postman</a> for testing or <a href=\"https://swagger.io/tools/swagger-codegen/\" target=\"_blank\">Swagger Codegen</a> for SDK code generation.</p>\r\n<h1>Schema</h1>\r\n<p>All API access is accessed from https://[host]/CuratorGateway/api/v1. All data is sent and received as JSON.</p>\r\n<p>Blank fields are included as <code>null</code> instead of being omitted.</p>\r\n<p>All timestamps return in ISO 8601 format and are UTC without timezone information:</p>\r\n<p><code>YYYY-MM-DDTHH:MM:SSZ</code></p>\r\n<h1>Version and URI</h1>\r\n<p>This documentation is for <b>version 1</b> of the Curator REST API, which is the latest version.</p>\r\n<p>The URIs for resources have the following structure:</p>\r\n<p><code>https://[host]/CuratorGateway/api/v1/<resource-name></code></p>\r\n<p>For example, <code>https://[host]/CuratorGateway/api/v1/assets/00000000000000000000000001162429</code></p>\r\n<h1>Root Endpoint</h1>\r\n<p>You can issue a <code>GET</code> request to the root endpoint to get all the endpoint categories that the Curator REST API v1 supports:</p>\r\n<p><code>https://[host]/CuratorGateway/api/v1</code></p>\r\n<h1>Hypermedia</h1>\r\n<p>All resources may have one or more <code>href</code> properties linking to other resources. These are meant to provide explicit URLs so that proper API clients don't need to construct URLs on their own. It is highly recommended that API clients use these. Doing so will make future upgrades of the API easier for developers. All URLs are expected to be proper RFC 6570 URI templates.</p>\r\n<p>Such as:</p>\r\n<p>\r\n<pre>\r\n{\r\n\t\"href\": \"https://[host]/CuratorGateway/api/v1/assets/5be52a09-e43f-4a48-b41b-5c33b95ee53a/metadata/MyMetadataName\",\r\n\t\"displayName\": \"My Metadata Name\",\r\n\t\"values\": [\r\n\t\t\"My Metadata Value\"\r\n\t],\r\n\t\"type\": \"Text\",\r\n\t\"name\": {\r\n\t\t\"href\": \"https://[host]/CuratorGateway/api/v1/metadatanames/MyMetadataName\"\r\n\t}\r\n}\r\n</pre>\r\n</p>\r\n<h1>Status Codes</h1>\r\n<p>The Curator REST API uses the standard <a href=\"https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html\" target=\"_blank\">HTTP status codes</a>.</p>\r\n<p>Operations that return an error status code may also return a response body containing details of the error or errors. The schema for each response code can be found under each API request.</p>\r\n<h1>OAuth2 Authentication</h1>\r\n<p>When interaction with the Curator API, your application will access Curator on behalf of your users.</p>\r\n<p>Curator API uses <a href=\"https://oauth.net/2/\" target=\"_blank\">OAuth 2.0</a>, an open specification, to authorise access to a user's data and Curator API resources. The primary goal of OAuth is to allow developers to interact with Curator API without requiring them to store sensitive credentials.</p>\r\n<p>Curator API supports common OAuth 2.0 scenarios such as those for web server, client-side, installed, and limited-input device applications.</p>\r\n<p>Once complete, the OAuth flow returns an access token to your client application. This access token should be added to all Curator API requests in the <code>Authorization</code> HTTP header in this format <code>Bearer [access token]</code>.</p>\r\n<h3>Registering a Client Application</h3>\r\n<p>In order for your application to request an access token on behalf of a user, you must first register it with Curator. This can be done via the Curator Gateway admin console (Authentication -> Clients).</p>\r\n<p>Once you have registered your client application you will be issued a <code>client_id</code>.</p>\r\n<h3>API Resource Scopes</h3>\r\n<p>When you add your client application you will be asked which API Resources <a href=\"https://oauth.net/2/scope/\" target=\"_blank\">scopes</a> that you client application needs access to. The selected scopes are applied to your access token and determine which API calls your application is allowed to execute. Each Curator API request below documents which API Resoure scopes are required.</p>\r\n<p>Below is a list of example API resource scopes:</p>\r\n<ul>\r\n    <li><code>Curator.Server.API</code></li>\r\n    <li><code>Curator.Gateway.API</code></li>\r\n    <li><code>Curator.ProcessEngine.API</code></li>\r\n</ul>\r\n<p>See the Authentication section below for a complete list of supported API resource scopes.</p>\r\n<h3>Authorisation Code Grant Type</h3>\r\n<p>In OAuth 2.0, the term “grant type” refers to the way an application gets an access token. OAuth 2.0 defines several grant types which Curator supports.<p>\r\n<p>The <a href=\"https://oauth.net/2/grant-types/authorization-code/\">Authorization Code</a> is the recommended OAuth grant type for all applications. When you register your client application you can specifiy the supported grant types.</p>\r\n<p>At a high level, the Authorisation Code flow has the following steps:</p>\r\n<ul>\r\n    <li>The client application makes a request to the <code>authorize</code> endpoint.</li>\r\n    <li>Curator redirects the user to the login screen.</li>\r\n    <li>The user is redirected back to the client application with an authorisation code in the query string.</li>\r\n    <li>The client application exchanges the authorisation code for an access token using the <code>token</code> endpoint.</li>\r\n</ul>\r\n<h3>Requesting an Access Token</h3>\r\n<p>To request an access token using the authorisation code grant type.</p>\r\n<p>1. Make a GET request to the <code>authorize</code> endpoint.</p>\r\n<pre>https://[host]/CuratorGateway/connect/authorize?client_id=0a677a41c5f7491d949c9eb4b1098ab0&redirect_uri=https://myapp.com&response_type=code&grant_type=authorization_code&scope=Curator.Server.API Curator.Gateway.API</pre>\r\n<ul>\r\n    <li><code>response_type=code</code> - This tells the Curator that the application is initiating the authorisation code flow.</li>\r\n    <li><code>client_id</code> - Your client application id.</li>\r\n    <li><code>redirect_uri</code> - Tells the Curator where to send the user back to after they approve the request.</li>\r\n    <li><code>scope</code> - One or more space-separated strings indicating which permissions the application is requesting. See the authentication section below for a complete list of API resource scopes.</li>\r\n</ul>\r\n<p>2. The user will then be redirected to the Curator login screen and asked if they would like to authorise your client application.</p>\r\n<p>3. If the user approves the authorisation request, Curator will redirect back to the <code>redirect_uri</code> specified in step 1., adding <code>code</code> to the query string.</p>\r\n<pre>https://myapp.com?code=CDD37395D64516E883615AD8862862585A5765C07E890E1022B708A43C2C04F7</pre>\r\n<p>4. The <code>code</code> can now be exchanged for an access token using the <code>token</code> endpoint.</p>\r\n<p>The client application makes a POST request to the Curator's token endpoint with the following parameters:</p>\r\n<ul>\r\n    <li><code>grant_type=authorization_code</code> - This tells the Curator that the application is using the authorisation code flow.</li>\r\n    <li><code>code</code> - The application includes the authorisation code it was given in the redirect.</li>\r\n    <li><code>redirect_uri</code> - The same redirect URI that was used when requesting the code.</li>\r\n    <li><code>client_id</code> - The application’s client ID.</li>\r\n    <li><code>client_secret</code> - The application’s client secret. This should be the same as the <code>client_id</code>.</li>\r\n</ul>\r\n<p>The response will include the <code>access_token</code> which can then be used to make Curator API requests.</p>\r\n<pre>\r\n{\r\n    \"access_token\": \"A52CF2278F7749B914102FA39C8D6A1834C676EBA2D86AE7710A816FDA9E4D11\",\r\n    \"expires_in\": 3600,\r\n    \"token_type\": \"Bearer\",\r\n    \"scope\": \"Curator.Server.API Curator.Gateway.API\"\r\n}\r\n</pre>\r\n<h3>Authentication Q&A</h3>\r\n<p><b>Can I use the simpler 'resource owner password' grant type?</b></p>\r\n<p>\r\n    The 'OAuth 2.0 Security Best Current Practice' disallows the password grant entirely. This\r\n    grant type insecurely exposes the credentials of the user\r\n    to the client. Even if the client is benign, this results in an\r\n    increased attack surface (credentials can leak in more places than\r\n    just the Curator Gateway) and users are trained to enter their credentials in\r\n    places other than the Curator Gateway.\r\n    Also, features such as multi-factor authentication, single sign-on and federation are not possible.\r\n</p>\r\n<p><b>What about the 'client credentials' server-to-server grant type?</b></p>\r\n<p>\r\n    All Curator API requests require a users identity to be included in the access token\r\n    so that Curator can evaluate the acting users permissions. The process for obtaining access tokens on-behalf of a user\r\n    is described above. Although supported by Curator Gateway, grant types like 'client credentials' should not be used.\r\n</p>\r\n<h1>Pagination</h1>\r\n<p>The Curartor REST API uses pagination to improve performance. Pagination is enforced for operations that could return a large collection of resources.</p>\r\n<p>When a request is made for paged resources, <code>offset</code> and <code>limit</code> query string parameters can be used to define the position and size of the resultset, such as:</p>\r\n<code>https://[host]/CuratorGateway/api/v1/users?offset=5&limit=10</code>\r\n<p>When you make a request to a paginated resource, the response wraps the returned array of values in a JSON object with paging metadata.</p>\r\n<ul>\r\n    <li><code>offset</code> - The offset into the list of items.</li>\r\n    <li><code>limit</code> - The limit/size of items requested.</li>\r\n    <li><code>size</code> - The total number of resources.</li>\r\n    <li><code>next</code> - The link relation for the immediate next page of results.</li>\r\n    <li><code>last</code> - The link relation for the last page of results.</li>\r\n    <li><code>first</code> - The link relation for the first page of results.</li>\r\n    <li><code>previous</code> - The link relation for the immediate previous page of results.</li>\r\n</ul>\r\n<pre>\r\n{\r\n    \"href\": \"https://[host]/CuratorGateway/api/v1/users?offset=5&limit=10\",\r\n    \"rel\": [\r\n        \"collection\"\r\n    ],\r\n    \"offset\": 5,\r\n    \"limit\": 10,\r\n    \"size\": 23,\r\n    \"first\": {\r\n        \"href\": \"https://[host]/CuratorGateway/api/v1/users?offset=5&limit=10\",\r\n        \"rel\": [\r\n            \"collection\"\r\n        ]\r\n    },\r\n    \"previous\": {\r\n        \"href\": \"https://[host]/CuratorGateway/api/v1/users?offset=5&limit=10\",\r\n        \"rel\": [\r\n            \"collection\"\r\n        ]\r\n    },\r\n    \"next\": {\r\n        \"href\": \"https://[host]/CuratorGateway/api/v1/users?offset=15&limit=10\",\r\n        \"rel\": [\r\n            \"collection\"\r\n        ]\r\n    },\r\n    \"last\": {\r\n        \"href\": \"https://[host]/CuratorGateway/api/v1/users?offset=20&limit=10\",\r\n        \"rel\": [\r\n            \"collection\"\r\n        ]\r\n    },\r\n    \"value\": [\r\n\t...\r\n    ]\r\n}\r\n</pre>\r\n<h1>Asynchronous Operations</h1>\r\n<p>Some Curator REST API operations may trigger long-running or computationally expensive tasks. In these cases, the operation will schedule an asynchronous task and return a <a href=\"https://en.wikipedia.org/wiki/HTTP_302\"><code>302</code></a> response, indicating the location of the queued task in the <code>Location</code> header. You can query the task by making requests to <code>Get Task</code> for progress updates.</p>\r\n<p>When the task finishes, the response object will contain the <code>results</code> field. The content of the field is specific to the operation that created the task.</p>\r\n<p>Note that asynchronous tasks are not guaranteed to be run in order. In other words, if you need your tasks to execute in a certain order, you should start a task only after the prerequisite task(s) have finished.</p>\r\n<h1>Support Portal</h1>\r\n<p>If further information is required, please contact us via our <a href=\"http://docs.ipv.com/\" target=\"_blank\">Support Portal</a> or visit the <a href=\"https://ipvltd.zendesk.com/\" target=\"_blank\">Documentation Hub</a>.</p>\n\nContact Support:\n Name: IPV\n Email: support@ipv.com","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"2965282","collectionId":"fe4a90dd-70f1-4a59-b0ff-50878c83d055","publishedId":"TVKD1xGG","public":true,"publicUrl":"https://documenter-api.postman.tech/view/2965282/TVKD1xGG","privateUrl":"https://go.postman.co/documentation/2965282-fe4a90dd-70f1-4a59-b0ff-50878c83d055","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"303030"},"documentationLayout":"classic-double-column","customisation":null,"version":"8.10.1","publishDate":"2020-09-21T15:18:29.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/768118b36f06c94b0306958b980558e6915839447e859fe16906e29d683976f0","favicon":""},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://documenter.gw.postman.com/view/metadata/TVKD1xGG"}