What is a token

A token is a string of random characters that is added to an API call to Secure Reporter to authenticate your access. Example HTTP header:

Authorization: Basic b25lLXdlZWs6OGMxOWE2ODAtOTViYi00YTU4LWFlNGEtYTU2YjkzYTdmYzIy

When you call one of the available API calls inside Secure Reporter you must supply a valid token.

Please don’t use the api.user token as that is reserved for internal duties.

Creating a token

To create a token for external API access to Secure Reporter open the Tokens admin page and click on the + Add button.

  1. Add a name
  2. Choose an expiry period
  3. Add all groups that will be used by the token
  4. Click on Add Token

Once the token is created copy the token string to use in your API calling system. Click on the clipboard icon on the bottom of a card to copy a string suitable for a HTTP header. Tokens cannot be altered after creation. If you make a mistake delete and re-create the token.

Using a token

Call any report by using the HTTP GET method. 

/api/call/<report_id>/

<report_id> can be the name (in slug format) or the id number of the report. When you open a report in a page you’ll see the name or id in the address bar.

Authorization

Pass the authorization using the Basic authorization method in a request header.

The result will be returned as JSON.

Example code:

    import requests

    report_id = 123

    response = requests.get(
     f"https://secure-reporter.data.company.com/api/call/{report_id}/",
      headers={"Authorization: Basic b25lLXdlZWs6OGMxOWE2ODAtOTViYi00YTU4LWFlNGEtYTU2YjkzYTdmYzIy"},
      data={
        "_select_test_one": 1,
      },
    )

JSON Format

Will return a JSON response.

field description
message string: any message from the query. Usually will be blank unless of error
ok boolean: true/false - When in error will be false.
records Pandas DataFrame. A list of row result objects. One field per column value.

Formatted as in this example:

{
  "message": "",
  "ok": true,
  "records": [
    {
      "active": "Y",
      "age_days": 7,
      "created": "2023-07-15 14:01:20.841126",
      "created_by": "test-user@example.com",
      "expiry": "2023-12-02 03:48:56.812027",
      "groups": "*",
      "name": "one-week"
    },
    {
      "active": "Y",
      "age_days": 32,
      "created": "2023-07-15 13:59:31.700652",
      "created_by": "test-user@example.com",
      "expiry": "2023-12-27 03:42:50.331656",
      "groups": "*",
      "name": "one-month"
    }
  ]
}

Parameters

Use HTTP GET parameters with the same name as the bind variable in the query to specify parameters.

Example:

select * from test_table where value = :_value

Call using:

/api/call/123/?_value=456

Slug format for report name

Instead of using the report id number use the name of the report in the slug format. Slug format is all lower case with spaces replaced with - hyphens. IE: GST Balance becomes gst-balance. It is recommended to use the name of the report as the id can change on updates or replacements. Most every endpoint can use a report name instead of the numerical report id.

What can I do?

Almost every HTTP method in Secure Reporter can be called using a token. Most of them are not that useful for reporting. Here are a few that may be useful.

end point method description
/api/call/<report_id>/ GET Get a JSON result of running the given report id.
/api/choices/<int:report_field_id>/ GET get the choices of a report field
/api/server_time/ GET get the current time on the server as utc
/api/server_iso_time/ GET get the current server time as an ISO standard string
/template/<report_id>/ GET call with ?template_only=Y to return the template type report contents in HTML.
/report/get/<int:report_id> get the report definition with the report fields sorted by “field_order”
/report/mail/<report_id>/ POST Run a report and send to email using report_id. Parameters must be given as FORM data

NOTE: Secure Reporter will usually have a trailing / on all end points.