This document describes how to configure, connect to, and interact with the API. For information on expanding the API with your own custom code see Extending the API. All examples are presented using PHP.
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Configuration
Before you begin using the API you must first create a set of API credentials for the company you wish to connect to. For information on creating API credentials consult the System > API Access section of the User Manual.
...
Info | ||
---|---|---|
| ||
To request a specific model of a plugin format your request as /plugin.model/method.format |
Formats
The API supports XML, JSON, and PHP serialization formats. By default JSON formatting is used. So if there is an error detecting the format of the request (due to a bad URL, for example) the error response will be returned in JSON format.
...
Sending invalid parameters will result in a 400 Bad Request response.
No Format HTTP/1.1 400 Bad Request Content-Length: 161 { "model": 137 { "message":"The request cannot be fulfilled due to bad syntax.", "errors": { "field": { "code":"Error message." } } } }
Providing invalid credentials will result in a 401 Unauthorized response.
No Format HTTP/1.1 401 Unauthorized Content-Length: 67 {"message":"The authorization details given appear to be invalid."}
Attempting to access a resource that is not callable will result in a 403 Forbidden response.
No Format HTTP/1.1 403 Forbidden Content-Length: 55 {"message":"The requested resource is not accessible."}
Attempting to access a resource that does not exist will result in a 404 Not Found response.
No Format HTTP/1.1 404 Not Found Content-Length: 52 {"message":"The requested resource does not exist."}
Requesting a format that is not supported will result in a 415 Unsupported Media Type response.
No Format HTTP/1.1 415 Unsupported Media Type Content-Length: 66 {"message":"The format requested is not supported by the server."}
If an unexpected error occurs a 500 Internal Server Error will result. If this error is encountered consult the documentation for the method you are requesting.
No Format HTTP/1.1 500 Internal Server Error Content-Length: 42 {"message":"An unexpected error occured."}
If an unexpected error occurs that specifies that it "Failed to retrieve the default value" then you likely encounter this issue due to IonCube in Blesta. You can work-around this issue by ensuring that you specify all optional arguments to your API call.
No Format HTTP/1.1 500 Internal Server Error Content-Length: 108 {"message":"An unexpected error occured.","response":"Internal error: Failed to retrieve the default value"}
When Blesta is under maintenance mode, the API will return a 503 Service Unavailable response.
No Format HTTP/1.1 503 Service Unavailable Content-Length: 81 {"message":"The requested resource is currently unavailable due to maintenance."}
...
The API supports Basic Authentication for web requests. When connecting to the API via a command line the API credentials must be passed as parameters. See Using the Command Line Interface for more information on connecting to the API via command line.
Note | |||||
---|---|---|---|---|---|
| |||||
Update your .htaccess file to pass an environment variable to Blesta so it can capture the basic authentication details as per the following snippet:
|
If running PHP-FPM, set CGIPassAuth On in your .htaccess, or within your httpd.conf like the example:
Code Block |
---|
<FilesMatch \.php$>
CGIPassAuth On
SetHandler proxy:unix:/var/php-fpm/166630281728629.sock|fcgi://127.0.0.1
</FilesMatch>
|
Connecting
There are a number of ways to connect to the API. Choose the option that best fits your environment.
...
To connect remotely, first determine the URL of the API for your installation. The default path is http://yourdomain.com/installpath/api/. Where yourdomain.com is the domain you've installed Blesta in, and installpath is the path to Blesta. If your server does not support .htaccess then the URL should instead appear as http://yourdomain.com/installpath/index.php/api/.
Warning | ||
---|---|---|
| ||
Because each request contains your API key, and may contain additional sensitive information, you should only process requests remotely over a secure connection (i.e. only use HTTPS) |
The following example illustrates how to connect to the API using cURL.
Info | ||
---|---|---|
| ||
The SDK includes an API processor that makes it super easy to work with the API. |
Section | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||
firstline | 1 |
|
Locally
Using the Command Line Interface
...
No Format |
---|
php index.php api/users/get.json -u USER -k KEY -m GET -p '"user_id=1'" |
Within the Blesta environment
If you're working with or have created code within the Blesta environment, there's no need to use the API at all. All of the methods available in the API are first and foremost available to Blesta, in the form of models. To use these models, simply load the model within your environment.
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
// from somewhere in your controller... $this->uses(array("ModelName")); // Now invoke it $this->ModelName->someMethod($param1, $param2); |
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
// from any other class... Loader::loadModels($this, array("ModelName")); // Now invoke it $this->ModelName->someMethod($param1, $param2); |
...
The API encourages the proper use of GET, POST, PUT, and DELETE when interacting with the API. For all POST requests the API will pass only post parameters to the requested resource. For PUT only put parameters will be passed. Similarly, for all GET and DELETE requests, the API will pass only get parameters to the requested resource.
Warning | ||
---|---|---|
| ||
It is highly discouraged to use GET or DELETE for API requests where you are providing sensitive information. That sensitive information will be included as plain-text as get parameters in the URI. Instead, use POST or PUT to pass that sensitive information securely in the request body rather than the URI. |
POST
Use POST requests when creating new records. For example, when adding a new user record via api/users/add.json.
...
The API supports hundreds of requests, and many more through API extensions, so we can't document them all here. Instead, check out the source code documentation. All public model methods are callable through the API. To find documentation on a particular request pull up the related model and method from the source code documentation.
Examples
Below are a few basic examples to get you started.
API Request | Description | PHP | CURL | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
encryption/systemEncrypt | Encrypts the given value using 256-bit AES in CBC mode using a SHA-256 HMAC hash as the key, based on the system configured setting in Blesta.system_key |
|
| ||||||||||||||||||
encryption/systemDecrypt | Decrypts the given value using 256-bit AES in CBC mode using SHA-256 HMAC hash as the key, based on the system configured setting in Blesta.system_key |
|
| ||||||||||||||||||
invoices/add | Creates a new invoice using the given data |
|
| ||||||||||||||||||
users/auth | Determines whether the user credentials are valid to be authenticated with Blesta |
|
|
How to Read the Source Docs
The source code documentation contains documentation on everything in Blesta, but the API only supports calling Model methods. You can find all core model methods under blesta > app > models, however plugin model methods are also callable through the API.