REST API

The Digital Enterprise Suite exposes a REST API for system integration. The full documentation of the REST resources can be accessed under using the live documentation available at https://<instance>.trisotech.com/publicapi/doc. The documentation is also available here.

When calling the REST API, it is important to include the proper HTTP headers to indicate that JSON should be produced:

Accept: application/json
By default, if the Accept header is not defined, the API produces XML results for legacy support. This format is deprecated, not documented anymore, and should not be used for integration.

The REST API is protected using the OAuth 2 standard and require the creation of a Client Application to represent the application connecting to the Digital Enterprise Suite. This is accessible in the Admin interface.

Client Apps

A client app identifies an application that wishes to integrate with the API. It is recommended to have a different Client App for each integration. The Client App defines which access the external application will require, these are called grants.

Bearer Token

A bearer token is used to authorize an API call. A bearer token should be kept secret and is the equivalent of a username/password combination. Bearer tokens grant an external system limited (by the grants of the Client App) access to the API on behalf of the user that generated it. Bearer tokens are tied to a specific user and a specific Client App.

The Digital Enterprise Suite Admin interface also gives the relevant OAuth URL for Authorization and Token exchange to integrate with an external system supporting OAuth 2. Using these URLs, a system can request a Bearer token on behalf of a user following the standard OAuth 2 flows.

For systems that do not support OAuth, they can bypass the normal OAuth flows and a user can manually generate a Bearer token. The Digital Enterprise Suite Admin interface offers a convenient way to directly generate a Bearer token in the graphical interface by clicking the button next to the Client App definition.

Once a Bearer token was obtained (either through standard OAuth flow or manually), the Bearer token must be passed using the Authorization header on each API call. For instance, if the Bearer token is secret-bearer the following HTTP header is required:

Authorization: Bearer secret-bearer

Not sending the Authorization header will result in an error message (except for the Public API Login resource).