API Security

The API Security screen allows you to:

  1. Specify the locations from which third-party programs, web pages, or portals may invoke Argos reports via the Argos API.
  2. Generate an access token for APIs.

Security checking prevents arbitrary computers from executing reports, even if they have the correct URL and Report Unique Identifier.

This image shows the MAPS Interface when the API HTTP Referrer option is selected.

Enabling API Security Restriction Checking

When the Enable API security restriction checking option is enabled, an API call will only work if the machine or location making the call is included in the list of valid security restrictions. It is enabled by default when you install MAPS. If you disable this, users can make API calls to Argos reports from any location that is able to access Argos.

Adding an API Restriction

To add a location from which programs or web pages can invoke Argos reports.

Dialog for adding HTTP Referrer.

  1. Click the Add Restriction button at the top of the screen. Give the restriction a descriptive name.
  2. If desired, specify a set of credentials (username and password) to be used for all API calls coming through this restriction. If you do not specify credentials here, the third-party application or webpage may include the credentials in the API call, or a set of credentials may be specified within each report. Any credentials passed in via GET or POST forms, MAPRAPI, or specified in the report definition will override the default credentials supplied for the restriction.
  3. Click the Add URL button on the right to add each location that you wish to be able to execute reports. Make sure to include the http:// or https:// part of the URL. You may add as many URLs as you wish for each restriction. (Type URL into Referrer URL)

Adding a New API Token

To generate a token for MAPRAPI:

Dialog for adding API token.

  1. Click the Add Restriction button at the top of the screen to open the Add API Restriction dialog.
  2. Set the Restriction Type to API Token. If desired, specify a set of credentials (username and password) to be used for the token.
  3. Click Generate to generate a unique token, and select Copy to save it in your preferred location, as it will not be visible again once this dialog is closed. If this token is lost you can regenerate a new token.
  4. Click Okay to save.

Sample MAPRAPI Call

Depending on your configuration, a call to MAPRAPI will look similar to:

maprapi maps.school.edu 27467 'http://maps.school.edu:8080/mrr?report=DOJM5WFD6ALRNAFMTQTHYOCF2K6KVWHTZSVL6LWQYXKFJIOAWEFJIF&PARAMETER1=AAA&PARAMETER2=BBB&REPORTFORMAT=PDF' ReportOutput.pdf timeout=60 apitoken=(the token generated from config)