41 lines
2.2 KiB
Markdown
41 lines
2.2 KiB
Markdown
OpenSupports can work completely fine without a frontend. You could only use this API to manage the system.
|
|
This documentation is intended for application developers who are looking to integrate OpenSupports with other applications.
|
|
|
|
## Request/Response Interface
|
|
The API server is located in the `api/` folder of your OpenSupports' instance folder.
|
|
**All the requests must be done via POST method**, with the exception of the path `/system/download`.
|
|
|
|
The response object has the following JSON structure:
|
|
|
|
```
|
|
{
|
|
status: ["success"/"fail"],
|
|
message: [String],
|
|
data: [Object/Array/String]
|
|
}
|
|
```
|
|
|
|
* `status` indicates `"success"` if the request succeeded, else contains `"fail"`
|
|
* `message` contains the message in case of failure.
|
|
* `data` contains the returned data of the request.
|
|
|
|
For each path, we will document first the *Parameters*, then the *success* content of the property `data`, and finally the possible error messages it can return.
|
|
|
|
## Session Permissions
|
|
Some paths will not work if you're not logged in.
|
|
All paths have documented a *"Permission"* that can be:
|
|
* *any:* anyone can do a request, even if it's not logged in.
|
|
* *user:* only logged regular users can do the request.
|
|
* *staff1:* only a logged staff member with at least level 1 can do the request.
|
|
* *staff2:* only a logged staff member with at least level 2 can do the request.
|
|
* *staff3:* only a logged staff member with at least level 3 can do the request.
|
|
|
|
To login, user or staff, you have to make a request to [/user/login](#api-User-Login)
|
|
This request will return you the session data with an `userId` and a `token`. You will use these to validate the session every time you make a request that requires a logged user.
|
|
|
|
**All the paths that have permission `user`, `staff1`, `staff2` or `staff3`, require *userId* and *token* to be passed as parameter**. You need to pass them as `csrf_userid` and `csrf_token` respectively.
|
|
|
|
If you don't pass the userId and token, a `NO_PERMISSION` error will be returned.
|
|
|
|
Additionally, if there is no users (only staff members), you can check a ticket you created by providing your email and the ticketNumber to the `/ticket/check` path. This path will return you a `token` and `ticketNumber` you will use to comment, retrieve, or do any other operations to the ticket.
|