ruQueue API

Overview

ruQueue system administrators can provide programmers with an API for basic ticket manipulation based on XML sent over HTTP. This document describes:

1. Using the ruQueue API (for Programmers)
2. Configuring the ruQueue API (for System Administrators)

---

Using the ruQueue API

Before you can use the API you should get the following values from your ruQueue system administrator:

• SHARED_SECRET
• HOST (server)
• PATH
• username
• host (client)

The capitalization above for the first three values implies actual variables that you will set in your Client API code. The meaning of these first three values should become clear as you read this document. You do not need to set the remaining two variables above in your code. Just note that the username is the value ruQueue will store for any ticket your API will interact with and the host is the network name of the machine (i.e. your IP address or hostname) where your API will run.

The best way to learn how to use the ruQueue API is to directly study the following:

1. API Document Type Definition (DTD)
2. Example Use Cases in XML

(When viewing either of the above be sure to view the source with your browser.)

This portion of the document will discuss and provide example PHP code to send XML to an instance of ruQueue to get a session code and then use that session code to create a ticket. You should then be able to apply the Example Use Cases in XML and read the DTD above to manipulate tickets in other ways.

Foundation

The client for this example will be web-based and written in PHP. You'll want to start by making sure access is limited. See security.php for a basic example.

Sending XML to the server and getting XML back is essential. See send.php and the RunXML() function in index.php.

The client is in index.php. Note the constants defined at the top of this file. You will want to modify them for your application. Your system administrator should have told you the SHARED_SECRET as well as the HOST and URL where the API is installed.

Getting a Session

The API will only process requests if you have a session. You can get a session by sending some XML with the AUTH attribute. The GetSessionXML() function contains XML to do this (derived from the DTD). Note the use of the SHARED_SECRET in this code. Once we have the session we will use it for future transactions.

The following code stores Client Session XML in $Csession_xml and and stores the server's response in $Ssession_xml. Note the second argument passed to RunXML which prints both the input and output XML for debugging (be sure to view source in your browser to see it). Not passing any value for this argument will not display the input and output which is desirable for when your client goes into production.

$Csession_xml = GetSessionXML();
$Ssession_xml = RunXML($Csession_xml, 1);

Once we have the session stored in XML we need to parse the XML to extract a session code that we can pass for future transactions:

$session = GetSessionArray($Ssession_xml);

Note that this function returns an array whose contents contain the following:

Array
(
    [session_key] => 1$rT$awFxz$xKMpeP9PRwZEMQJQXjUSl5.
    [username] => joeuser
    [status] => 0
    [idle_exp_time] => 04/06/2006 10:39:36
    [sess_exp_time] => 04/06/2006 10:39:36
)

We will pass this array to the next function that we call which will extract the the session_key and username.

The GetSessionArray() function makes calls to functions in the class-xml_api.php file. This file is a part of ruQueue's API server and is included in this client so that the XML can be handled the same way on both sides. This file uses PHP's DOM XML library to parse the XML. Note that this example is based on PHP4 (not 5).

Creating a Ticket

Once we have a session we will create a ticket with it. The GetSessionArray() function will return an empty array if it was unable to authenticate so we only create a ticket if we have a session:

if (count($session) > 0) {
  ...
}

The create ticket usecase shows the attributes we need. We can define those attributes in an array:

  $ticket_in = array(
                  'mode' => "create",
                  'queue' => "Test 2",
                  'subject' => "XML New Ticket" ,
                  'owner' => "joeuser",
                  'requester' => "joeuser@domain.tld",
                  'body' => "Testing"
                  );

and then pass this array and the session array to GetTicketXML():

  $Cticket_xml = GetTicketXML($session, $ticket_in);

$Cticket_xml should now contain XML like the one in the create ticket usecase but with your current session and ticket data. We then use the familiar pattern of running the client XML on the server, getting the server XML back, and then parsing the server XML to get an array of attributes:

  $Sticket_xml = RunXML($Cticket_xml);
  $ticket_out = GetTicketArray($Sticket_xml);

The example client then prints the contents of $ticket_out. Note that the id is the ticket number:

Array
(
    [mode] => create
    [queue] => Test 2
    [subject] => XML New Ticket
    [owner] => joeuser
    [requester] => joeuser@domain.tld
    [id] => 13
    [status] => 0
)

You should now be able to extend the client to take this ticket number and session to add a new comment to the ticket. You should also have a basic idea of how to write a client based on the DTD.

---

Configuring the ruQueue API

This portion of the document assumes you have a working version of ruQueue based on the configuration chapter of the documentation and that you want to configure the API for a programmer. We will discuss the ruQueue web tree, the database, and define some fields that an API user will expect you to tell him/her.

The web-interface directory should contain a directory called api. If you have an earlier release of ruQueue this directory might not be in the web-interface directory. If this is the case get the full contents of this directory from CVS.

An API user will want to know the URL where the api is as well as the server name. If your server is called ruqueue.domain.tld you can tell your API user to use http://ruqueue.domain.tld/api/xml_api.php. To relate this URL to the actual variables provided in the sample code you can tell the API user to use:

HOST   ruqueue.domain.tld
PATH   /api/xml_api.php

Note that the URL is a combination of the HOST and PATH.

Your user will also want to know the SHARED_SECRET. This is a password that you will store in your database. We will discuss how to set this password shortly.

The API expects the following table to exist:

CREATE TABLE api_users (
  username varchar(15) NOT NULL default '',
  host varchar(255) NOT NULL default '',
  shared_key varchar(32) NOT NULL default '',
  PRIMARY KEY  (username,host)
) TYPE=MyISAM;

If the SQL command DESC api_users gives you an 1146 error about the api_users table not existing, execute the create table command above.

Once you have have an api_users table you can setup an account for the API user. You will need to work out the values of the following with your API user:

• username: This is the username of who will be associated with actions on tickets when the API is executed. E.g. if the username value is richard and the API is used to create a ticket then ruQueue will log insert richard in the subject of that ticket. The same applies to who makes comments on a ticket.
• host: This is the hostname or IP address of the system where the API is allowed to be used from. If you substitute '%' for this value any host can be used. It is recommended that you grant these accounts to certain machines only.
• password: This is the SHARED_SECRET. Work out a value that will be difficult to guess and share it with your user so they can store this value in their client API.

Once the above values are established you can install them in your system by running the following MySQL query:

INSERT INTO api_users VALUES ('$username','$host','$password');

Note that you must substitute the dollar-signed fields above with the actual values.

To support multiple hosts for the same username and password run the above query for each host. I.e. create multiple entries in the api_users table with a single host in each entry.

Now that you have created the user for the API you need to create the user for ruQueue. What the user of the API can do in ruQueue can be controlled via the same set of rights that a user can have when using the web-interface. See Appendix A of the documentation to see what rights are available. Then see chapter 3 (Setting Up Access To ruQueue) of the documentation to use the web-interface to add and grant rights for this user. Note that you can set a password for this user if you are using local authentication but the API user won't need this password. If you don't follow this step users will be able to get a session but will not be able to do much with it.

If you are troubleshooting the API it is handy to store what XML came in and what XML was sent out as a response for each transaction. This will help rule out if the XML did not make it to the server. To do this edit web-interface/api/api_log.php and set the logging variable to true. The top of this file also contains the definition for the api_log table which you might need to create. Each transaction will be stored in this table.

To summarize, you need to tell the API user:

• SHARED_SECRET
• HOST (server)
• PATH
• username
• host (client)

The capitalization above for the first three values implies actual variables that the API user will set in his/her Client API code.

[TOP]

---

For questions or comments about this site, contact webmaster@nbcs.rutgers.edu

© 2009 Rutgers, The State University of New Jersey. All rights reserved.