About Oktawave Webservice API
Posted by Maciej Kuźniar on 10.08.2012 21:42
Oktawave API is an interface layer that allows all customers to manage their own services using external tools. It also allows developers of partner applications to connect with the Oktawave system and to create their own access programme.
From the application that uses the Oktawave API you can perform all the operations that are possible in the Oktawave system within your customer account (end user) and Partner account (administrative unit).
All services and data are kept in Oktawave data centres, however, both the Customer and the Partner have the opportunity to manage them remotely. Partner's billing of his customers (including the determination of tariffs) is entirely in his discretion.
What can be done using the API Oktawave?
As mentioned above, using the API Oktawave makes it possible to implement all the operations that can be performed directly by the customer and by partner on the set of his customers. This applies to the following two levels of organization.
1. Customer level
What is the philosophy of communication with Oktawave?
API Oktawave method calls occur on the external application or script. API Oktawave does not initiate any communication.
Shared methods are multiple - they can pursue both download of data (e.g. "take the names of all the machines belonging to John Doe"), and perform operations (such as "turn an instance Y").
Regardless of the methods of authorization and authentication on a technical level API allow you to operate only on the objects to which the user has permission (in the context of which API method is called). For example, the user can not turn on the machine belonging to a different customer than himself (one customer can have multiple users). He will also not be able to submit a service order, unless the customer, to whom it belongs, does not have the appropriate permissions.
External application or script based on data collected from the API Oktawave displays its interface (e.g. web application, mobile application, CLI), and allows operations on the returned objects. There is no need to permanently store any data on the services on the side of an application or a script – they all there on the Oktawave.
Of course, the application used by the Customer or a Partner, can cache the data and also store additional information needed for example for billing their clients.
API Oktawave is made available as Web services, according to universal standards based on SOAP. Services are available over HTTPS, and access is possible after the authentication of the connection on the basis of HTTP basic authorization.
The account under which the connection is performed should reflect the context of the user currently logged on to the external application. Only then it will be possible to identify the correct user-side API and to apply appropriate mechanisms for authorizing.
It is important not to pursue methods of managing individual customer service with your Partner account. This scenario brings the risk of a proper management of permissions to Partner’s application.
Security and Authentication
Confidentiality of data exchanged between the external systems with the corresponding API Oktawave is protected by transport layer based on SSL. Communication and authorization are based on any valid account created in Oktawave.
It is not necessary in any case to create additional access to API, and it doesn’t require any additional account of other privileges.
Therefore, the connection to be established should be done in the context of the user logged on to an external application, not the Partner account. In this context all further operations are performed in the Oktawave.
Authentication mechanism on the side of API uses the AD protocol based on LDAP (MS Active Directory) and Kerberos. This means that each order accepted and implemented by the API is performed only in the context of the user who called the method. There is never a master account, with wider privileges acting on behalf of the user.
API Oktawave does not maintain the user session; it is completely on the external application or script. API authenticates only the single method calls based on the context passed to the transport layer. API Oktawave can be used as an external authorization mechanism for any application.