This document describes how to configure, connect to, and interact with the API. For information on expanding the API with your own custom code see Extending the API. All examples are presented using PHP.
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Configuration
Before you begin using the API you must first create a set of API credentials for the company you wish to connect to. For information on creating API credentials consult the System > API Access section of the User Manual.
...
Sending invalid parameters will result in a 400 Bad Request response.
No Format HTTP/1.1 400 Bad Request Content-Length: 137 { "message":"The request cannot be fulfilled due to bad syntax.", "errors": { "field": { "code":"Error message." } } }
Providing invalid credentials will result in a 401 Unauthorized response.
No Format HTTP/1.1 401 Unauthorized Content-Length: 67 {"message":"The authorization details given appear to be invalid."}
Attempting to access a resource that is not callable will result in a 403 Forbidden response.
No Format HTTP/1.1 403 Forbidden Content-Length: 55 {"message":"The requested resource is not accessible."}
Attempting to access a resource that does not exist will result in a 404 Not Found response.
No Format HTTP/1.1 404 Not Found Content-Length: 52 {"message":"The requested resource does not exist."}
Requesting a format that is not supported will result in a 415 Unsupported Media Type response.
No Format HTTP/1.1 415 Unsupported Media Type Content-Length: 66 {"message":"The format requested is not supported by the server."}
If an unexpected error occurs a 500 Internal Server Error will result. If this error is encountered consult the documentation for the method you are requesting.
No Format HTTP/1.1 500 Internal Server Error Content-Length: 42 {"message":"An unexpected error occured."}
When Blesta is under maintenance mode, the API will return a 503 Service Unavailable response.
If an unexpected error occurs that specifies that it "Failed to retrieve the default value" then you likely encounter this issue due to IonCube in Blesta. You can work-around this issue by ensuring that you specify all optional arguments to your API call.
No Format HTTP/
No Format HTTP/1.1 503500 ServiceInternal UnavailableServer Error Content-Length: 81 108 {"message":"The requested resource is currently unavailable due to maintenance."}
All error response objects contain an array of input parameters that produced errors. From the example above "field" is the parameter name. Each field may contain one or more error codes along with a related message. Common codes are empty, exists, format, length, and valid, but many more are available. The error code is always the index of the error message, and is used primarily in identifying the type of error encountered.
Timestamps
An unexpected error occured.","response":"Internal error: Failed to retrieve the default value"}
When Blesta is under maintenance mode, the API will return a 503 Service Unavailable response.
No Format HTTP/1.1 503 Service Unavailable Content-Length: 81 {"message":"The requested resource is currently unavailable due to maintenance."}
All error response objects contain an array of input parameters that produced errors. From the example above "field" is the parameter name. Each field may contain one or more error codes along with a related message. Common codes are empty, exists, format, length, and valid, but many more are available. The error code is always the index of the error message, and is used primarily in identifying the type of error encountered.
Timestamps
The API returns all timestamps in UTC time using the following ISO 8601 format:
...
The API supports Basic Authentication for web requests. When connecting to the API via a command line the API credentials must be passed as parameters. See Using the Command Line Interface for more information on connecting to the API via command line.
Note | |||||
---|---|---|---|---|---|
| |||||
Update your .htaccess file to pass an environment variable to Blesta so it can capture the basic authentication details as per the following snippet:
|
Connecting
There are a number of ways to connect to the API. Choose the option that best fits your environment.
Remotely
If running PHP-FPM, set CGIPassAuth On in your .htaccess, or within your httpd.conf like the example:
Code Block |
---|
<FilesMatch \.php$>
CGIPassAuth On
SetHandler proxy:unix:/var/php-fpm/166630281728629.sock|fcgi://127.0.0.1
</FilesMatch>
|
Connecting
There are a number of ways to connect to the API. Choose the option that best fits your environment.
Remotely
To connect remotely, first determine the URL of the API for your installation. The default path is To connect remotely, first determine the URL of the API for your installation. The default path is http://yourdomain.com/installpath/api/. Where yourdomain.com is the domain you've installed Blesta in, and installpath is the path to Blesta. If your server does not support .htaccess then the URL should instead appear as http://yourdomain.com/installpath/index.php/api/.
Where yourdomain.com is the domain you've installed Blesta in, and installpath is the path to Blesta. If your server does not support .htaccess then the URL should instead appear as http://yourdomain.com/installpath/index.php/api/.
Warning | ||
---|---|---|
| ||
Because each request contains your API key, and may | ||
Warning | ||
| ||
Because each request contains your API key, and may contain additional sensitive information, you should only process requests remotely over a secure connection (i.e. only use HTTPS) |
...
Section | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
No Format |
---|
php index.php api/users/get.json -u USER -k KEY -m GET -p '"user_id=1'" |
Within the Blesta environment
If you're working with or have created code within the Blesta environment, there's no need to use the API at all. All of the methods available in the API are first and foremost available to Blesta, in the form of models. To use these models, simply load the model within your environment.
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
// from somewhere in your controller... $this->uses(array("ModelName")); // Now invoke it $this->ModelName->someMethod($param1, $param2); |
Code Block | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
// from any other class... Loader::loadModels($this, array("ModelName")); // Now invoke it $this->ModelName->someMethod($param1, $param2); |
...
The API encourages the proper use of GET, POST, PUT, and DELETE when interacting with the API. For all POST requests the API will pass only post parameters to the requested resource. For PUT only put parameters will be passed. Similarly, for all GET and DELETE requests, the API will pass only get parameters to the requested resource.
POST
Warning | ||
---|---|---|
| ||
It is highly discouraged to use GET or DELETE for API requests where you are providing sensitive information. That sensitive information will be included as plain-text as get parameters in the URI. Instead, use POST or PUT to pass that sensitive information securely in the request body rather than the URI. |
POST
Use POST requests when creating new records. Use POST requests when creating new records. For example, when adding a new user record via api/users/add.json.
...
The API supports hundreds of requests, and many more through API extensions, so we can't document them all here. Instead, check out the source code documentation. All public model methods are callable through the API. To find documentation on a particular request pull up the related model and method from the source code documentation.
Examples
Below are a few basic examples to get you started.
Examples
Below are a few basic examples to get you started.
API Request | Description | PHP | CURL | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
encryption/systemEncrypt | Encrypts the given value using 256-bit AES in CBC mode using a SHA-256 HMAC hash as the key, based on the system configured setting in Blesta.system_key |
|
| ||||||||||||||||||
encryption/systemDecrypt | Decrypts the given value using 256-bit AES in CBC mode using SHA-256 HMAC hash as the key, based on the system configured setting in Blesta.system_key |
|
| ||||||||||||||||||
invoices/add | Creates a new invoice using the given data |
|
| ||||||||||||||||||
users/auth | Determines whether the user credentials are valid to be authenticated with Blesta |
|
|
|
|
|
|
How to Read the Source Docs
...