Overview of the x360Sync API v1 and v2
The x360Sync API v1 and v2 gives you the ability to harness x360Sync directly. The API allows you to securely read and write files, create/edit/delete accounts and organizations, update and view activity, access and create roots, and retrieve machine information. All of the functionality of x360Sync is at your fingertips through the x360Sync API.
x360Sync API v2
IMPORTANT: Our API v2 is organized around REST, and is designed to have predictable, resource-oriented URLs, and to use HTTP response codes to indicate API errors. We encourage partners to refer to the API v2 Reference page for information, resources, and examples. For legacy partners who still require API v1 documentation, please reference the information below.
Getting Started with the x360Sync API v1 (for Legacy Partners)
To access any files, we need to know who you are so we know what permissions you have. To do that, you post your username/password to our auth URL, and it will give you a token that you can pass to other methods. The primary URLs needed are the same as the Dropbox API's account/info and metadata URLs.
Getting API Token
To get the API token, the HTTP POST request must contain the username and password for authentication; the session API token is then served up with a success or an error message.
Note: You can set a time limit for API tokens using policy settings. In the administrative web portal, click the Settings tab, and then click the Policies button. Scroll down to the API Token Settings section of the Policies page, and enter a number of hours to wait until deactivating an API token. By default, API tokens expire after 30 days.
For example, suppose your server is hosted at 10.211.55.3. To request a session token provide your username and password as GET variables in the following URL (note the use of the /1/, which is the API version number):
https://10.211.55.3/1/auth USERNAME = 'api@domain.com' PASSWORD = 'Tester01'
A successful response looks like this:
{
"success":true,
"session_token":
"GWObmeSrkWxGtCje0Mv27PcIkkwMydPSrY2d8yksfjonP7jg6eHgscUrBtMnoV584FFCyQPGXbHyetKmjWvBVIppUqQirBUVZCeJnLoIJgtabS4jyl1zsrcimqJCp7RY"
}
Omitting the username and password posting variables results in this error:
{
"message": "You must provide a username and password",
"success": false
}
An incorrect username and password pair will result in this error:
{
"message": "Invalid username or password",
"success": false
}Two-Step Authentication
If the username and password are correct, but Two-Step Authentication is enabled for the account, the following response will be returned:
{
"message": "Missing auth_code parameter",
"two_step_mode": "{email|sms|authenticator}",
"success": false
}
The request will trigger an authentication code notification; the authentication request must then be repeated with the auth_code parameter added:
POST /1/auth/ username=x&password=y&auth_code=z
If the authentication code is incorrect, the following response will be returned:
{
"message": "Invalid authentication code",
"two_step_mode": "{email|sms|authenticator}",
"success": false
}
Otherwise, a successful response containing the session token will be returned.
{
"success":true,
"session_token":
"GWObmeSrkWxGtCje0Mv27PcIkkwMydPSrY2d8yksfjonP7jg6eHgscUrBtMnoV584FFCyQPGXbHyetKmjWvBVIppUqQirBUVZCeJnLoIJgtabS4jyl1zsrcimqJCp7RY"
}
The API token is good for the current session only and a new one is needed for each session. Additionally, create, read, update, and delete functionality is limited to the scope of the API token requester. For example, if a system admin requests an API token, she has access to all organizations and actions therein. But if a user requests an API token, she is barred from creating new organizations, setting policies, and otherwise altering organizational level content.
Let's take a look at some examples of what we can do with the token.
Examples
Get Account Info
To grab the account information for the current user (i.e. the API token requester) use the URL format /1/account/info/. The full URL request will look like this (using the example IP for the host above):
http://10.211.55.3/1/account/info/?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
The response will look something like this:
{
"id": 1,
"first_name": "Larry",
"last_name": "Kubin",
"display_name": "Larry Kubin",
"email": "larry.kubin@gmail.com"
"root_id": 1,
"space_usage": 3169361,
"space_usage_formatted": "3.02M",
"space_quota": null,
"space_quota_formatted": null,
"roots":
[ {
"type": "backup",
"space_used": 718334,
"id": 4,
"name": "C:\\Projects\\backups\\greensnake\\greensnake\\static\\images"
}, {
"type": "backup",
"space_used": 150048,
"id": 5,
"name": "C:\\Projects\\dropdav"
}, {
"type": "backup",
"space_used": 1596688,
"id": 6,
"name": "C:\\Projects\\wsgidav"
}, {
"type": "sync",
"space_used": 704291,
"id": 1,
"name": "Files"
}, {
"type": "share",
"space_used": 0,
"id": 2,
"name": "Team Share 1"
}, {
"type": "share",
"space_used": 0,<
"id": 3,
"name": "Team Share 2"
}
],
"success": true,
}List files & folders in a root
To list files and folders in the personal root (i.e. the files/folders in the SyncedFolder), use the following URL GET request:
http://10.211.55.3/1/metadata/1/?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
This will have a response like this:
{
"hash": "71595dc2e15ae7b9924b60662f166108ccc588c3",
"rev": 0,
"thumb_exists": false,
"modified_unix_timestamp": 0,
"path": "/",
"is_dir": true,
"client_mtime": 0,
"size": "0B",
"is_deleted": false,
"bytes": 0,
"modified": 0,
"contents": [ {
"rev": 0,
"thumb_exists": false,
"modified_unix_timestamp": 0,
"path": "/documents",
"is_dir": true,
"client_mtime": 0,
"size": "0B",
"is_deleted": false,
"bytes": 0,
"modified": 0,
"icon": "folder",
"root": 1
}, {
"rev": 0,
"thumb_exists": false,
"modified_unix_timestamp": 0,
"path": "/pictures",
"is_dir": true,
"client_mtime": 0,
"size": "0B",
"is_deleted": false,
"bytes": 0,
"modified": 0,
"icon": "folder",
"root": 1
}, {
"rev": 10,
"thumb_exists": false,
"modified_unix_timestamp": 1353459846,
"path": "/anchor.jpg",
"is_dir": false,
"client_mtime": "2012-11-20T17:04:06",
"size": "1.91k",
"is_deleted": false,
"bytes": 1953,
"modified": "2012-11-20T17:04:06",
"icon": "page_white_picture",
"root": 1
}
],
"status_code": 200,
"icon": "folder",
"root": 1
}
List files & folders in a directory of a given root
To list files and folders in a directory of your specifying use the following URI formatting: /1/metadata/*root_id*/*path*/>session_token=*session_token*. Here's an example:
http://10.211.55.3/1/metadata/1/documents/?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
Here the personal root (/1/) is specified, and the "documents" folder is in the personal root.
Create share and download links
To create a share link to an entire root use this URI:
http://10.211.55.3/1/shares/create_link/1/?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
To create a share link to a folder within a root:
http://10.211.55.3/1/shares/create_link/1/documents/?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
To create a share link to a specific file in a folder in a root:
http://10.211.55.3/1/shares/create_link/1/documents/abc.txt?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
To create a link to download a specific file:
http://10.211.55.3/1/files/1/documents%2Fabc.txt?session_token=DFx9Hm5K2IQ8PK2s5Qwd5gY72EyHblYKbJSRhk04QxkyYl7nRptnE0psCjKtElPkKRjvXl0O6uzekLj6x3YWX6M9aSPQFrx5iVqHigoofeTu6PJoeWTfwJFbjCN625sv
Implemented Endpoints
Base URI
/<api_version>/management/
Error responses will look like the following and will have a HTTP response code matching the status_code:
{
"status_code": 404,
"message": "unknown root with id 20",
"code": "error"
}{
"status_code": 500,
"message": "missing required field activity_type_id",
"code": "error"
}
Person
/person/ - retrieves information for the current user.
/person/<id>/ - retrieves information for the user with the specified id, if the current user has permission.
/person/<id>/full/ - retrieves "full" information for the user with the specified id, if the current user has permission. for example is that the company is populated instead of just returning the company's id.
/person/create/- creates a new person with the following parameters:
Name |
Required |
Info |
company_id |
yes |
company id for the new person |
first_name |
yes |
new person's first name |
last_name |
yes |
new person's last name |
yes |
new person's email address |
|
password |
yes |
new person's password |
space_quota |
no |
integer representation of the new user's space quota |
mobile_phone |
no |
new user's mobile phone number |
mobile_service_provider_id |
no |
new user's mobile service provider id |
site_admin |
no |
true or false to give the new user site_admin privileges |
system_admin |
no |
true or false to give the new user system_admin privileges |
create_root |
no |
true or false to have a root automatically created for the new user |
Sample successful response:
{
"full_uri": "/1/management/person/31/full/",
"root_created": false,
"code": "success",
"id": 31,
"uri": "/1/management/person/31/"
}
/person/update/- updates an existing person with the following parameters (id is the only required parameter):
Name |
id |
first_name |
last_name |
company_id |
space_quota |
password |
mobile_phone |
mobile_service_provider_id |
system_admin |
site_admin |
Sample successful response:
{
"full_uri": "/1/management/person/31/full/",
"code": "success",
"id": 31,
"uri": "/1/management/person/31/"
}
/person/delete/- deletes an existing person with the following parameters:
Name |
Required |
Info |
id |
yes |
<user_id> |
remove_server_files |
no |
true/false |
remove_user_files |
no |
true/false |
remove_dept_files |
no |
true/false |
Activity
/activity/types/ - lists the types of activities in the system.
Sample response:
[
{
"id": 1,
"activity": "added account",
"machine_scope": false,
"user_scope": false,
"system_scope": false
},
{
"id": 10,
"activity": "added auth source to",
"machine_scope": false,
"user_scope": false,
"system_scope": false
},
....
}
/activity/<entity_type>/<id>/ - returns the activities for an entity_type of "organization" or "person" with the specified id. Returns up to 10 activities along with the total activities, current page number, and number of pages. see sample response below.
/activity/<entity_type>/<id>/page/<page_num>/ - same as above, but returns page_name of the paged activity results, instead of page 1.
Sample response:
{
"activities" : [
{
"id": 69,
"acted_on_type": "person",
"acted_on_text": "api_created_first api_created_last",
"actor_type": "person",
"actor_company_id": null,
"actor_machine_id": null,
"actor_person_id": 2,
"actor_text": "Mike Lansing",
"data_text": null,
"created": "2012-10-17T16:23:26.598000+00:00",
"acted_on_machine_id": null,
"acted_on_company_id": 2,
"acted_on_person_id": 20,
"acted_on_root_id": null,
"num_alerts": 0,
"action_text": "removed account"
},
....
],
"total_activities": 25,
"total_pages": 3,
"page": 1
}
/activity/<id>/ - retrieves the activity with specified id.
Sample response:
{
"id": 3,
"actor_type": null,
"actor_text": "System",
"actor_company_id": null,
"actor_machine_id": null,
"actor_person_id": null,
"action_text": null,
"acted_on_type": "site",
"acted_on_text": "All Organizations",
"acted_on_company_id": 1,
"acted_on_machine_id": null,
"acted_on_person_id": null,
"data_text": "C:/AnchorDBStore",
"activity_type_id": 22,
"created": "2012-10-04T22:40:37.182000+00:00",
"acted_on_root_id": null
}
/activity/create/- creates an activity with the following parameters.
Name |
Required |
Info |
activity_type_id |
yes |
activity type id |
actor_id |
yes |
id of the actor, interpreted according the to actor_type param |
actor_type |
yes |
type of actor, currently must be one of 'person', 'site', 'machine' |
acted_on_id |
yes |
id of the acted-upon entity, interpreted according to the acted_on_type param |
acted_on_type |
yes |
type of acted-upon entity, currently must be one of 'person', 'site', 'machine', 'root' |
actor_text |
no |
optional additional text |
acted_on_text |
no |
optional additional text |
data_text |
no |
optional additional text |
Sample response:
{
"code": "success",
"id": 34,
"uri": "/1/management/activity/34/"
}
Policy
/policy/<id>/ - retrieves the policy specified by id, currently is a company_id but will most likely change in the future.
Sample response:
{
"space_quota": 1073741824,
"max_file_size": "300",
"purge_deleted": false,
"trim_revisions": false,
"excluded_extensions": ".$$,.$db,.113,.3g2,.3gp,...."
"company_id": 2,
"purge_deleted_frequency": "",
"user_trim_revisions": false,
"user_create_backups": false,
"id": 2,
"trim_revisions_x": ""
}
/policy/update/- update a policy with the supplied parameters:
Name |
Required |
*Info |
id |
yes |
id of the policy to update currently this corresponds directly with a company id |
space_quota |
no |
must be an integer |
max_file_size |
no |
must be an integer |
purge_deleted |
no |
must be either 'true' or 'false' if provided |
trim_revisions |
no |
must be either 'true' or 'false' if provided |
excluded_extensions |
no |
comma-separated list of file extensions, ex: "*.mp3,*.ogg,*.avi" |
user_purge_deleted |
no |
must be either 'true' or 'false' if provided |
purge_deleted_frequency |
no |
integer deletion purge frequency |
user_trim_revisions |
no |
must be either 'true' or 'false' if provided |
user_create_backups |
no |
must be either 'true' or 'false' if provided |
trim_revisions_x |
no |
integer trim revision cutoff |
Root
/root/<id>/ - retrieves the root specified by id.
Sample response:
{
"id": 1,
"name": "Files",
"description": "",
"company_id": 2,
"person_id": 1,
"dept_share": false,
"backup": false
}
/root/create/ - creates a new root with the supplied parameters:
Name |
Required |
Info |
company_id |
yes |
company id for the new root |
name |
yes |
name for the new root |
person_id |
no |
optional person id for the root |
default |
no |
true or false to set the new root as a personal root for the specified person |
description |
no |
optional description for the new root |
dept_share |
no |
true or false to set the new root as a Team Share |
/root/update/ - update a root with the supplied parameters:
Name |
Required |
Info |
id |
yes |
id of the root to be updated |
company_id |
no |
company id for the root |
name |
no |
name for the root |
description |
no |
description for the root |
person_id |
no |
person who will own the root |
default |
no |
true or false to set the root as the person's personal root |
/root/delete/ - delete a root with the supplied parameters. Only applies to Team Shares and Backups:
Name |
Required |
Info |
id |
yes |
id of the root to be deleted |
remove_files |
yes |
True or False to remove folder from machine (will only remove folder if removing a Team Share) |
/guest/create/ - Create a guest account with the supplied parameters:
Name |
Required |
Info |
company_id |
yes |
Company id that the guest account will belong to |
first_name |
yes |
First name for user |
last_name |
yes |
Last name for user |
yes |
Email address for user |
|
password |
no |
Specify password for user |
generate_password |
no |
True to send account a generated password |
Retrieve information about: GET 1/management/guest/<guest_id>
/guest/update/ - Update a guest account with the supplied parameters:
Name |
Required |
Info |
id |
yes |
Id of Guest account |
first_name |
no |
First name for user |
last_name |
no |
Last name for user |
no |
Email address for user |
|
password |
no |
Specify password for user |
generate_password |
no |
True to generated password |
/guest/delete/ - delete a guest account with the supplied parameters:
Name |
Required |
Info |
id |
yes |
Id of Guest account |
Implemented Endpoints
/machine/<id>/ - retrieves the machine specified by id.
Sample response:
{
"status_code": 200,
"code": "success",
"result":
{
"id": 24,
"dns_name": "Davids-MacBook-Pro",
"nickname": null,
"last_login": "2014-10-31T12:00:03.076000-07:00",
"last_disconnect": null,
"guid": "a0a7f478-dace-40ff-8d86-3d497784ddf8",
"security_key": "d42c12ee-da76-43e5-abc7-72c83f026a0e",
"created": "2014-10-31T12:00:03.030000-07:00",
"os_type": "osx",
"os_version": "Mac OS X 10.9.5",
"agent_version": "2.1.1.617 (0d11f28bd493) (78540a15b566)",
"locked": false,
"bandwidth_throttle": null,
"throttle_exception_days": null,
"throttle_exception_start": null,
"throttle_exception_end": null,
"throttle_exception_throttle": null,
"throttled": false,
"policy_id": null,
"machine_type": "agent",
"health_report_period_minutes": null,
"manual_collisions": true,
"throttle_exception_dow": null
}
}
/machine/update/- update a machine with the supplied parameters:
Name |
Required |
Info |
id |
yes |
id of the machine to update |
bandwidth_throttle |
no |
integer specifying the bandwidth throttle |
throttle_exception_dow |
no |
must be a parseable list of integers representing days of the week, with 0=Monday, 6=Sunday. example: [0,1,2,3] |
throttle_exception_days |
no |
if provided, must be either 'weekdays' or 'weekends' which will set throttle_exception_dow to [0,1,2,3,4] or [5,6] respectively, and will override any value sent for throttle_exception_dow |
throttle_exception_start |
no |
time value of the form 'HH:mm' or 'HH:mm:ss' |
throttle_exception_end |
no |
time value of the form 'HH:mm' or 'HH:mm:ss' |
throttle_exception_throttle |
no |
integer specifying the throttle exception value |
Organizations
/organization/<id>/ - retrieves the organization specified by id.
Sample response:
{
"id": 2,
"parent_id": 1,
"name": "Default Organization",
"slug": "default-organization",
"description": "",
"email": "titaniumlou@gmail.com",
"hostname": "localhost",
"policy": "{ .... }",
"created": "2012-10-04T16:35:04.701000-06:00",
"email_server_id": null,
"psa": null,
"bandwidth_throttle": null,
"throttle_exception_days": null,
"throttle_exception_start": null,
"throttle_exception_end": null,
"throttle_exception_throttle": null,
"throttled": false,
"active": true,
"throttle_exception_dow": null
}
/organization/<id>/organizations/ - retrieves organizations underneath the organization specified by id. results are returned 10 at a time.
/organization/<id>/organizations/page/<page_num>/ - retrieves page_num page of 10 results.
Sample response:
{
"total_pages": 1,
"page": 1,
"total_organizations": 3,
"organizations": [
{
"id": 2,
"parent_id": 1,
"name": "Default Organization",
"slug": "default-organization",
"description": "",
"email": "titaniumlou@gmail.com",
"hostname": "localhost",
....
},
{....}
}
/organization/<id>/roots/ - retrieves roots underneath the organization specified by id.
/organization/<id>/roots/page/<page_num>/ - retrieves page_num page of 10 results.
Sample response:
{
"total_roots": 16,
"total_pages": 2,
"page": 1,
"roots": [
{
"company_id": 2,
"company_name": "Default Organization",
"root_id": 16,
"name": "api_updated",
"physical_space": 0,
"file_count": 0,
"revision_count": 0,
"created": "2012-10-18T15:38:24.293000-06:00",
"dept_share": false,
"backup": false,
"person_id": null,
"first_name": null,
"last_name": null,
"username": null,
"email": null
},
{ .... }
]
}
/organization/<id>/machines/ - retrieves machines underneath the organization specified by id.
/organization/<id>/machines/page/<page_num>/ - retrieves page_num page of 10 results.
/organization/<id>/persons/ - retrieves persons underneath the organization specified by id.
/organization/<id>/persons/page/<page_num>/ - retrieves page_num page of 10 results.
Sample response:
{
"total_persons": 30,
"total_pages": 3,
"page": 1,
"persons": [
{
"id": 31,
"first_name": "Louis",
"last_name": "API",
"email": "titaniumlou+louisapi2@gmail.com",
"use_ldap": false,
"username": ""
},
{ .... }
]
}
/organization/create/- creates an organization with the following parameters:
Name |
Required |
Info |
name |
yes |
name for the new organization |
hostname |
no |
defaults to an empty string |
description |
no |
defaults to an empty string |
contact_email |
yes |
contact email address for the organization |
slug |
yes |
slug for the organization |
policy |
yes |
policy for the organization |
parent_id |
yes |
id of the parent organization |
bandwidth_throttle |
no |
integer specifying the bandwidth throttle |
throttle_exception_dow |
no |
must be a parseable list of integers representing days of the week, with 0=Monday, 6=Sunday. example: [0,1,2,3] |
throttle_exception_days |
no |
if provided, must be either 'weekdays' or 'weekends' which will set throttle_exception_dow to [0,1,2,3,4] or [5,6] respectively, and will override any value sent for throttle_exception_dow |
throttle_exception_start |
no |
time value of the form 'HH:mm' or 'HH:mm:ss' |
throttle_exception_end |
no |
time value of the form 'HH:mm' or 'HH:mm:ss' |
throttle_exception_throttle |
no |
integer specifying the throttle exception value |
user_trim_revision |
no |
True or False to allow users to trim revisions |
user_create_backups |
no |
True or False to allow users to create backups |
user_create_shares |
no |
True or False to allow users to share files |
admin_browse_remote |
no |
True or False to allow admins to remote browse machines |
admin_browse_files |
no |
True or False to allow admins to browse files |
admin_create_users |
no |
True or False to allow admins to create accounts |
file_server_enabled |
no |
True or False to allow File Server Enablement |
backups_enabled |
no |
True or False to allow back up creation for organization |
branding_enabled |
no |
True or False to allow branding for an organization |
webdav_enabled |
no |
True or False to allow WebDav for an organization |
num_orgs_maximum |
no |
Integer specifying the max number of sub-organizations that can be created |
change_password_frequency |
no |
Integer specifying how often users need to change their password |
/organization/update/- updates an organization with the following parameters:
Name |
Required |
Info |
id |
yes |
id of the organization to update |
name |
no |
new name for the organization, must be unique in the system |
description |
no |
new description for the organization |
contact_email |
no |
new email for the organization |
slug |
no |
new slug for the organization, must be unique in the system |
policy |
no |
new policy for the organization |
Share Link Functionality
- Basic share URL: https://<server>/1/sharelink/1/<folder name>/<document name>?&session_token=<authenticated token>
- Parameters:
- download_notify = 0 or 1 --> defines whether to notify the share creator when the shared file is downloaded: 1 notifies, 0 does not; default is 0
- download_limit = <integer> --> defines the number of times a file can be downloaded: default is unlimited
- subscribers = comma separated list of email addresses --> defines the share recipient list where read-only access is provided: default is none
- expires = date in format of YYYY-MM-DD --> defines the expiration date for the share link: default is none
How to Subscribe a User to a Team Share via the API
This is a POST request that takes the following form variables:
- root_id of the Team Share
- person_id of the user being subscribed
- machine_id of the machine being subscribed
- all_subscriptions: When true Web, WebDav and Future machines will be enabled
Note: Not passing machine_id will only subscribe Web & WebDav
How to Unsubscribe a User to a Team Share via the API
This is a POST request that takes the following form variables:
- root_id of the Team Share
- person_id of the user being subscribed
- machine_id of the machine being subscribed
- remove_files = True to remove Team Share from machine
Authentication Source
To attach an AD source to an existing organization, use POST URL 1/management/ad/create/ with the following variables:
Name |
Required |
host |
yes |
domain |
yes |
login |
no |
password |
no |
company_id |
yes |
machine_id |
no |
To import a user from an AD source, use 1/management/ad/import_user/ with the following variables:
Name |
Required |
Username |
yes |
no |
|
first_name |
yes |
last_name |
yes |
company_id |
yes |
auth_source_id |
yes |
Use the GET call to list users from an authentication source: /ad/list_users/<auth_source_id>/.
Updated: January 2015