The Argus REST API consists of a number of API modules, for different parts of the system.

Each module has a name and a version, e.g. /events/v1 or /case/v2.

Compatibility and Deprecation

When an API module is publicly released, the request and response model are guaranteed to stay consistent and backwards compatible.
Breaking changes will not be done in a released version, instead we will release a new version of the module, which may have a different structure and contract.

We may add fields and functionality to a published module by adding endpoints or adding input/output fields, but that will always be done in a backwards compatible manner. 

Deprecation and changes will be announced on the mailinglist argus-api-changes@mnemonic.no. Please contact mnemonic to be added to this mailinglist.
In addition, deprecations will be announced on the API documentation page for the relevant API module. 

Authentication and API-keys

To use the API, you need to obtain an API-key.

Please see Authentication and API-keys

Access restrictions

Each operation towards Argus is restricted by Access Control rules. If the requested operation violates an Access Control rule, the user will be rejected with a 403 Access Denied
This may be because the operation is not permitted for the requested object, or because the operation is not permitted for the user at all. 

In addition, some operations are not permitted to be used using API-key, because they require a higher Security Level.

To use privileged operations, the user needs to have such permissions enabled, and use a session authentication with a higher Security Level. Contact mnemonic for details. 

API documentation

All published endpoints are documented using Swagger. The documentation can be seen here.

If logged in, the endpoints can be used directly in Swagger without using an API-key, since the request will use the current session.

If entering an API-key in the swagger API-key field, this API-key will be used for all requests. 
Please note that due to the fact that API-keys have a lower Security Level than two-factor sessions, some operations may be rejected using API-key even though they worked using the logged-in session.

Thus, all testing to create scripts based on API-keys should be done using API-keys also in Swagger. 

General endpoint structure

The Argus API uses a REST structure, with a general layout.

Please see General integration guide - Endpoint structure

API Validation and Sanitation

This section describes how API fields are sanitized, and how clients should use/integrate fields in the API to their own use.

Please see API Validation and Sanitation

Simple searching

Simple search is using the GET method, and is accepting a set of basic query parameters for filtering, sorting, and limit/offset.

Please see Simple Search

  • No labels