Keeper
Archiving
Keeper is our Archiving product. Architected for the Cloud and built for scale and speed.
Overview
The Keeper API has been developed using open standards and covers the necessary methods for communicating with the Keeper services, and pushing and pulling information, metadata and documents to the Keeper platform.
The base address of the API is https://auth.atkeeper.com. The API provides a set of endpoints, each with its own unique path.
Requests
The keeper API is based on REST principles. Data is accessed via standard HTTP requests in UTF-8 format to an API endpoint. Where possible, the API uses appropriate HTTP verbs for each action:
| Method | Action |
|---|---|
| GET | Retrieves resources |
| POST | Creates resources |
| PUT | Replaces resources |
| PATCH | Modify resources |
| DELETE | Remmoves resources |
Responses
The API returns all response data as a JSON object. See the API Object Model for a description of all the retrievable objects.
Timestamps
Timestamps are returned in ISO 8601 format as Coordinated Universal Time (UTC) with a zero offset: YYYY-MM-DDTHH:MM:SSZ.
Pagination
Some endpoints support a way of paging the dataset, taking ‘page’ and ‘results_per_page’ as query parameters:
$ curl https://api.atkeeper.com/v1/documents/(docid)/history?page=2results_per_page=5
In this example, in a list of 20 (total) history records assoicated with the specific document: Display page 2, with 5 results per page, i.e. history records 6 to 10, inclusive.
Note: Omitting the page parameter returns the first page, and pages default to 10 results per page. Requests that return an array of items are automatically paginated if the number of items vary.
Conditional Requests
Some API responses contain appropriate cache-control headers set to assist in client-side caching:
- If you have cached a response, do not request it again until the response has expired.
- If the response contains an ETag, set the If-None-Match request header to the ETag value.
- If the response has not changed, the Keeper service responds quickly with 304 Not Modified status, meaning that your cached version is still good and your application should use it.
Response Status Codes
The API uses the following response status codes, as defined in RFC 2616 and RFC 6585:
| Status Code | Description | |
|---|---|---|
| 200 | OK | The request has succeeded. The client can read the result of the request in the body and the headers of the response. |
| 201 | Created | The request has been fulfilled and resulted in a new resource being created. |
| 202 | Accepted | The request has been accepted for processing, but the processing has not been completed. |
| 204 | No Content | The request has succeeded but returns no message body. |
| 304 | Not Modified | See Conditional requests. |
| 400 | Bad Request | The request could not be understood by the server due to malformed syntax. The message body will contain more information. |
| 401 | Unauthorized | The request requires user authentication or, if the request included authorization credentials, authorization has been refused for those credentials. |
| 403 | Forbidden | The server understood the request, but is refusing to fulfill it. |
| 404 | Not Found | The requested resource could not be found. This error can be due to a temporary or permanent condition. |
| 429 | Too Many Requests | Rate limiting has been applied. |
| 500 | Internal Server Error | You should never receive this error, obviously :) |
| 502 | Bad Gateway | The server was acting as a gateway or proxy and received an invalid response from the upstream server. |
| 503 | Service Unavailable | The server is currently unable to handle the request due to a temporary condition which will be alleviated after some delay. You can choose to resend the request again. |
Error Responses
Apart from the response code, unsuccessful responses return a JSON object containing the following information:
| Key Value | Type | Description |
|---|---|---|
| status | integer | The HTTP status code that is also returned in the response header. For further information, see Response Status Codes. |
| message | string | A short description of the cause of the error |
Authentication
All requests to Web API require authentication. This is achieved by sending a valid OAuth access token in the request header. [RFC 6749, Section 4.1] (https://tools.ietf.org/html/rfc6749#section-4.1)
Step 1: The GET request is sent to the authorize endpoint of the Keeper service:
GET https://auth.atkeeper.com/authorize
| Query Parameter | Inclusion | Value |
|---|---|---|
| client_id | Required | When you register your application, Keeper provides you a Client ID. |
| response_type | Required | Set to code. |
| redirect_uri | Required | The URI to redirect to after the user grants or denies permission. This URI needs to have been entered in the Redirect URI whitelist that you specified when you registered your application. The value of redirect_uri here must exactly match one of the values you entered when you registered your application, including upper or lowercase, terminating slashes, and such. |
| state | Optional, but strongly recommended | The state can be useful for correlating requests and responses. Because your redirect_uri can be guessed, using a state value can increase your assurance that an incoming connection is the result of an authentication request. If you generate a random string, or encode the hash of some client state, such as a cookie, in this state variable, you can validate the response to additionally ensure that both the request and response originated in the same browser. This provides protection against attacks such as cross-site request forgery. See [RFC 6749] (https://tools.ietf.org/html/rfc6749). |
| scope | Optional | A space-separated list of scopes. |
| show_dialog | Optional | Whether or not to force the user to approve the app again if they’ve already done so. If false (default), a user who has already approved the application may be automatically redirected to the URI specified by redirect_uri. If true, the user will not be automatically redirected and will have to approve the app again. |
If the user accepts your request, the response query string contains the following parameters:
| Parameter | Value |
|---|---|
| code | An authorization code that can be exchanged for an access token. |
| state | The value of the state parameter supplied in the request. |
When the authorization code has been received, you will need to exchange it with an access token by making a POST request to the Keeper service, this time to its token endpoint: POST https://auth.atkeeper.com/token. The body of this POST request must contain the following parameters encoded in application/x-www-form-urlencoded as defined in the OAuth 2.0 specification.
If the user does not accepted your request or an error has occurred, the response query string contains the following parameters:
| Parameter | Value |
|---|---|
| state | The value of the state parameter supplied in the request. |
| error | The reason authorization failed, for example: “access_denied” |
Step 2: Request refresh and access tokens
Header
| Parameter | Inclusion | Value |
|---|---|---|
| Authorization | Required | Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic <base64 encoded client_id:client_secret> |
Request Body
| Parameter | Inclusuon | Value |
|---|---|---|
| grant_type | Required | As defined in the OAuth 2.0 specification, this field must contain the value “authorization_code”. |
| code | Required | The authorization code returned from the initial request to the Account /authorize endpoint. |
| redirect_uri | Required | This parameter is used for validation only (there is no actual redirection). The value of this parameter must exactly match the value of redirect_uri supplied when requesting the authorization code. |
An alternative way to send the client id and secret is as request parameters (client_id and client_secret) in the POST body, instead of sending them base64-encoded in the header. On success, the response from the Keeper service has the status code 200 OK in the response header, and the following JSON data in the response body:
| Parameter | Type | Value |
|---|---|---|
| access_token | string | An access token that can be provided in subsequent calls, for example to Keeper services. |
| token_type | string | How the access token may be used: always “Bearer”. |
| scope | string | A space-separated list of scopes which have been granted for this access_token. |
| expires_in | int | The time period (in seconds) for which the access token is valid. |
| refresh_token | string | A token that can be sent to the Keeper service in place of an authorization code. (When the access code expires, send a POST request to the Accounts service /api/token endpoint, but use this code in place of an authorization code. A new access token will be returned. A new refresh token might be returned too.) |
Step 3: Use the access token to access the Keeper api (example)
Step 4. Request a refreshed access token
Access tokens are deliberately set to expire after a short time, after which new tokens may be granted by supplying the refresh token originally obtained during the authorization code exchange.
The request is sent to the token endpoint of the Keeper service:
POST https://auth.atkeeper.com/token
The header of this POST request must contain the following parameter:
Header
| Parameter | Inclusion | Value |
|---|---|---|
| Authorization | Required | Base 64 encoded string that contains the client ID and client secret key. The field must have the format: Authorization: Basic <base64 encoded client_id:client_secret> |
The body of this POST request must contain the following parameters encoded in application/x-www-form-urlencoded as defined in the OAuth 2.0 specification:
Request Body
| Parameter | Inclusion | Value |
|---|---|---|
| grant_type | Required | Set it to refresh_token. |
| refresh_token | Required | The refresh token returned from the authorization code exchange. |
Keeper API Object Reference
Overview
The Keeper API has been developed using open standards and covers the necessary methods for communicating with the Keeper services, and pushing and pulling information, metadata and documents to the Keeper platform.
The base address of the API is https://api.atkeeper.com. The API provides a set of endpoints, each with its own unique path.
All API endpoints return data using the JSON format.
When a collection of objects is returned and the number of objects is variable, the collection is wrapped in a paging object to simplify retrieval of further objects. The paging object will contain zero to n objects, where n is the number of objects per page.
Requests
| Request Name | Returned Result |
|---|---|
| Paging Object | Contains multiple objects |
| Document Object | Contains a document located by the submitted search criteria |
| History Object | Contains the activity audit trail related to a document |
| Note Object | Contains note associated with a document |
| Attachment Object | Contains attachment associated with a document |
Paging Object
The paging object is a container for a set of objects. It contains a key called objects (whose value is an array of the requested objects) along with headers and other keys like link, page and total_pages that can be useful in future calls.
| Key Value | Type | Location | Value Description |
|---|---|---|---|
| num_results | integer | Body | Total number of objects available to return |
| page | integer | Body | Current page number |
| total_pages | integer | Body | Total number of pages |
| objects | array | Body | The requested data |
| link | string | Header | Navigation to the next and last pages of the results |
Example Query:
https://api.atkeeper.com/v1/document?q={"filters":[{"name":"fullname","op":"like","val":"%Hall 25%"}]}&results_per_page=5
(The filter params are detailed later in this document.)
Example Response:
HTTP/1.0 200 OK
Content-Type: application/json
Link: <https://api.atkeeper.com/v1/document?page=2&results_per_page=5>; rel="next", <https://api.atkeeper.com/v1/document?page=3&results_per_page=5>; rel="last"
{
"num_results": 11,
"objects": [
{
"age": 73,
"attachments": [],
"created_at": "2018-05-01T06:00:00",
"datejoin": "2009-07-06",
"docid": "a75ee551-0e5d-421f-8150-dd591edc15ea",
"fullname": "Brad Hall 25",
"history": [],
"id": 26,
"membernum": "4053857",
"notes": []
},
{
"age": 65,
"attachments": [],
"created_at": "2018-05-01T06:00:00",
"datejoin": "2013-10-15",
"docid": "41d8db5b-a836-43de-ae83-138e5a7b7ab6",
"fullname": "Brad Hall 250",
"history": [],
"id": 251,
"membernum": "4074113",
"notes": []
},
{
"age": 68,
"attachments": [],
"created_at": "2018-05-01T06:00:00",
"datejoin": "2013-10-17",
"docid": "3b4dc20a-e5ee-4eef-94c7-26d00c66373a",
"fullname": "Brad Hall 251",
"history": [],
"id": 252,
"membernum": "4074160",
"notes": []
},
{
"age": 59,
"attachments": [],
"created_at": "2018-05-01T06:00:00",
"datejoin": "2013-10-21",
"docid": "f363a0ce-0062-4f2e-b2dd-7399058042ed",
"fullname": "Brad Hall 252",
"history": [],
"id": 253,
"membernum": "4074191",
"notes": []
},
{
"age": 59,
"attachments": [],
"created_at": "2018-05-01T06:00:00",
"datejoin": "2013-10-21",
"docid": "a2c9b83b-3f24-47b4-bbbb-498adf4ee607",
"fullname": "Brad Hall 253",
"history": [],
"id": 254,
"membernum": "4074192",
"notes": [
{
"created_at": "2018-05-01T06:00:00",
"document_id": 254,
"id": 1,
"notedata": "This is a test",
"user_id": "Aaron"
}
]
}
],
"page": 1,
"total_pages": 3
}
Document Object
Document Object (example, actual structure is dependent on source)
| Key Value | Type | Value Description |
|---|---|---|
| docid | string | Binary document unique identifier |
| policyno | string | Policy number |
| documenttype | enum string | Document Type |
| documentdate | date | Document date |
| created_at | datetime | Timestamp for this document |
To turn a docid into actual binary data, use the document endpoint:
https://api.atkeeper.com/v1/bin/(docid)
This endpoint will return a signed URL that links directly to the document, valid for a configurable short period of time (typically minutes)
History Object
| Key Value | Type | Value Description |
|---|---|---|
| id | string | History ID |
| document_id | integer | Points to the document record |
| document | nested object | Document record |
| userid | string | User that caused this history record to be created |
| histcat | enum string | Category of history record [Document, Note, Attachment] |
| histtype | enum string | Type of history record [Create, Read, Update, Delete] |
| histmeta | string | Optional metadata about this event (e.g. specific record id) |
| created_at | datetime | Timestamp for this event/data |
Note Object
| Key Value | Type | Value Description |
|---|---|---|
| id | string | Note ID |
| document_id | integer | Points to the document record |
| document | nested object | Document record |
| userid | string | User that caused this note record to be created |
| notedata | string | The note text |
| created_at | datetime | Timestamp for this event/data |
Example Query:
https://api.atkeeper.com/254/notes
Example Response:
HTTP/1.0 200 OK
Content-Type: application/json
{
"num_results": 1,
"objects": [
{
"document": {
"age": 59,
"created_at": "2018-05-01T06:00:00",
"datejoin": "2013-10-21",
"docid": "a2c9b83b-3f24-47b4-bbbb-498adf4ee607",
"fullname": "Brad Hall 253",
"id": 254,
"membernum": "4074192"
},
"created_at": "2018-06-01T06:00:00",
"document_id": 254,
"id": 1,
"notedata": "This is a test",
"user_id": "Aaron"
}
],
"page": 1,
"total_pages": 1
}
Attachment Object
| Key Value | Type | Value Description |
|---|---|---|
| id | string | Attachment ID |
| document_id | integer | Points to the document record |
| document | nested object | Document record |
| userid | string | User that caused this note record to be created |
| attid | string | Binary attachment unique identifier |
| created_at | datetime | Timestamp for this event/data |
To turn an attachmement id into actual binary data, use the attachment endpoint:
https://api.atkeeper.com/v1/bin/(attid)
This endpoint will return a signed URL that links directly to the attachment, valid for a configurable short period of time (typically minutes).
Query Params
| Key Value | Type | Location | Value Description |
|---|---|---|---|
| page | integer | URL | Page number to return |
| results_per_page | integer | URL | Number of objects to include in each page |
| q | json object | URL | Search parameters |
Search Params
| Key Value | Type | Location | Value Description |
|---|---|---|---|
| filters | array of json objects | Search parameters object | List of search filters to apply to the request |
Filters
| Key Value | Type | Location | Value Description |
|---|---|---|---|
| name | string | Filter Object | Field name to apply filter to |
| op | string | Filter Object | Operator for filter (eq, neq, gt, lt, ge le, in, not_in, is_null, is_not_null, like, has, any) |
| val | string | Filter Object | Filter value |
Example Query (from earlier in this document):
https://api.atkeeper.com/v1/document?q={"filters":[{"name":"fullname","op":"like","val":"%Hall 25%"}]}&results_per_page=5