EditMe Web API
Introduction
EditMe sites provide a web-based API that responds to web queries with XML formatted data. Unlike the server-side JavaScript API, which is meant to be embedded into Scripted Pages, this API can be used remotely over HTTP and enforces EditMe's built-in access control features. This API is also useful for implementing Ajax functionality within EditMe sites.
A Work in Progress
This API became available with the release of the new tabbed editing interface, which uses this API via Ajax to provide a more streamlined user experience. As such, it is being built as it is needed. This API does not yet provide full access to a site's data, but over time will grow to provide more and more functionality. If you are building an application that would benefit from functionality missing from this API, let us know. We can either add it for you or provide you with a script that you can customize to your needs.
It should also be noted that this API is implemented as a scripted page. In other words, all of this functionality can be created using EditMe's server-side JavaScript API. This means that a developer working on an EditMe site can create any web based API needed. If you're developing on an EditMe sie, we're happy to provide you with the source code for this API to use as a reference or starting point.
Accessing the API
The name of the script is /_xmlapi. All requests to the script will begin with http://YOURSITE.editme.com/_xmlapi
All actions exposed are indicated in the form of a "do" parameter. Additional fields required as input to the specified action are appended as additional parameters. For example, this request would return an XML representation of the Home page using the GetPage action: http://YOURSITE.editme.com/_xmlapi?do=GetPage&name=Home
Actions that return but do not modify data can be accessed using the GET or POST methods. All actions that modify data must be accessed using POST.
Access Control & Logging In
This API uses the same authentication mechanism as normal EditMe pages. That is, actions will be performed as the user that is currently logged in. If you are accessing this API from your browser, you can log in using the site's Login form. If you are accessing the site using a programmable HTTP client, you'll need to provide cookie support and login the client before accessing protected data. This is done by posting to /_Login just like the built-in Login form does.
The _Login mechanism can accept a login command for a given user name and password using GET or POST. It will set cookies within your HTTP client required to establish your authenticated session. By default, it will redirect to your site's default page, but you can also specify a URI to redirect to.
Here is an example login: http://YOURSITE.editme.com/_Login?mode=login&user-username=USER&user-password=PASSWORD&redirect=Home
If you change Home to be some other URL, like /xml_api?do=GetPage&name=Home, you'll need to URL encode the URI passed to the redirect parameter.
Returned Data & CDATA Sections
All data is returned in XML format. The root node is always <response>...</response>. If an error was encountered in serving the request, it will be in an <error>...</error> node under the root node. The text within the error node will describe the error condition.
If a response includes HTML, such as comment or page content, it may be included in a CDATA section (see example output for the action in question to determine whether this is the case). XML rules dictate that CDATA sections cannot include CDATA sections, but page content can include CDATA sections. To get around this, the API will escape CDATA sections within CDATA sections. This is done by replacing <![CDATA[ with [CDATA_START[ and replacing ]]> with ]CDATA_END]. Your script will need to unescape these as needed. The following code can be used to do this:
function unescapeCDATA(s) {
s = s.replace(/\[CDATA_START\[/g, '<!'+'[CDATA[');
s = s.replace(/\]CDATA_END\]/g, ']'+']>');
return s;
}
Date Formatting
All responses that will include a date value will accept a dateFormat parameter. Dates are always returned in the JavaScript default string representation, and in a second <fdate>...</fdate> tag. The dateFormat parameter controls the format of the fdate value. Accepted formatting commands are the same as the Java SimpleDateFormat class. The default fdate format is a string-sortable date representation: yyyy-MM-dd HH:mm:ss.
Actions
The following actions are currently supported. They are grouped into functional areas. In the descriptions below, bold actions are required and all others are optional.
Pages
Attachments
Users & Groups
Page Drafts
GetPage
Returns an XML representation of a page, optionally including its comment and attachments.
Parameters:
- name - The name of the page to return
- version - A specific version number to return. Default is 0, or current version.
- comments - Indicate true or false to indicate whether comments should be included in the response. Default is false.
- attachments - Indicate true or false to indicate whether attachments should be included in the response. Default is false.
- forEdit - Indicate true or false to indicate whether page content should be processed, as in double-bracket links. Default is false.
Example: http://YOURSITE.editme.com/_xmlapi?do=GetPage&name=Home&comments=true&attachments=true
Error conditions:
- Page not found.
- Access denied to username.
GetPagesByType
Returns a list of pages that have a specified MIME type.
Parameters:
- type - The MIME type to filter by. For example, text/html
Example: http://YOURSITE.editme.com/_xmlapi?do=GetPagesByType&type=text%2fhtml
Pages are returned in in a flat list under the root node and in the same format shown in the GetPage example output, but without comments and attachments.
Error conditions:
- PagesByType requires type parameter
GetPageVersions
Returns a list of all the versions of a specified page. Optional count and offset parameters allow paging of returned content, as pages can have thousands of versions. If omitted, all versions will be returned.
Parameters:
- name - The name of the page
- count - The number of versions to return
- offset - The first version to start with. 0 will start with the first version available.
Example: http://YOURSITE.editme.com/_xmlapi?do=GetPageVersions&name=Home
- Response Attached (note meta data attributes in root node)
Error conditions:
- Missing parameter name
- Access denied to username
UpdatePage
Creates a new version of a page. Only the name of the page is required. All other attributes will be updated if specified, or remain as they were in the previous version, template or default page. Admin only attributes will only be taken from parameter values if the user is an Administrator; these will otherwise be ignored. The user attribute of the page will be automatically set to the name of the logged-in user.
Parameters:
- name - The name of the page to update.
- version - The version to use as a basis. Default is 0, or the current version.
- template - The template page to use as a basis (can be any page).
- content - Page content.
- deleted - true or false to indicate whether the page is marked as deleted.
- description - The change description. Begin with (minor edit) to make it a minor edit.
- editorMode - Any of the values valid for the page.editorMode parameter.
- title - The title of the page.
- commentsDisabled - true or false to indicate whether comments are disabled. Admin only attribute.
- hidden - true or false to indicate whether the page is hidden. Admin only attribute.
- layout - Page name of a layout to assign to the page. Admin only attribute.
- stylesheet - Page name of a style sheet to assign to the page. Admin only attribute.
- mimeType - The MIME type value to assign to the page. For example, text/html. Admin only attribute.
- raw - true or false to indicate whether the page content should be served without the surrounding layout. Admin only attribute.
- security - Any of the two-letter security options (AA, PR, etc.) OR the ID of a Policy to assign to the page. Admin only attribute.
Example: http://YOURSITE.editme.com/_xmlapi?do=UpdatePage&name=Home&version=10&description=Revert+to+version+10
This example would revert the Home page to version 10.
The UpdatePage action returns the new version of the page using the same format as GetPage and without comments or attachments.
Error conditions:
- Missing required parameter: name.
- Page does not exist and user cannot create pages.
- Edit access denied.
- Invalid policy ID.
GetAttachmentVersions
Returns a version history of a specified attachment.
Parameters:
- page - The name of the page the file is attached to.
- name - The file name of the attachment.
Example: http://YOURSITE.editme.com/_xmlapi?do=GetAttachmentVersions&page=Home&name=home.jpg
Returns a list of <attachment> tags as formatted in a GetPage response under the root <response>tag.
Error conditions:
- None
UpdateAttachment
Returns an XML representation of an attachment's meta data and optionally updates one or more attachment attributes. Note that GetPage can be used to retrieve a list of all attachments on a page.
Parameters:
- page - The name of the page the file is attached to.
- name - The file name of the attachment.
- description - A description of the attachment.
- hidden - A value of true or false to indicate whether the attachment should be listed on the page.
- deleted - A value of true or false to indicate whether the attachment should be deleted. Note that this only marks the attachment as deleted.
Example: http://YOURSITE.editme.com/_xmlapi?do=UpdateAttachment&page=Home&name=home.jpg&hidden=false
The result of this call is a single <attachment> node in the same format provided by GetPage indicating the updated attachment.
Error conditions:
- Missing required parameters page and name.
- Page not found.
- Access denied to username.
- Attachment filename not found.
GetPolicies
Returns a list of policies defined on the site. Each policy includes a list of associated groups with permissions specified on it.
Parameters:
- None
Example: http://YOURSITE.editme.com/_xmlapi?do=GetPolicies
Error conditions:
- Access denied to username. (Access to this method is granted to Administrators only.)
GetPageDraft
Returns a temporary draft of a page, if one has been saved. Returns an empty response if no draft is found. Calling this action will delete a page draft if it is found, but expired (older than 24 hours). The response includes the generated key to the data entry that contains the page draft.
Parameters:
- name - Page name.
Example: http://YOURSITE.editme.com/_xmlapi?do=GetPageDraft&name=XMLAPI
Error conditions:
- None
SavePageDraft
Creates a data entry on the site containing a draft page content. Multiple calls to this by the same user will overwrite the existing data entry.
Parameters:
- name - The name of the page to save.
- title - The title of the page.
- editorMode - Either R, C or P for Rich Text, Code or Plain Text, respectively.
- content - The content of the page.
Example: http://YOURSITE.editme.com/_xmlapi?do=SavePageDraft&name=Home&title=test&editorMode=Rich%Text
Returns the same result as GetPageDraft.
Error conditions:
- Missing parameter name
DeletePageDraft
Deletes a page draft data entry. This is done automatically by EditMe when a page is saved via a post to _Edit. This action should be used if UpdatePage is called instead to update the content.
Parameters:
- name - The name of the page.
Example: http://YOURSITE.editme.com/_xmlapi?do=DeletePageDraft&name=Home
Returns a <deleted>1</deleted> element if a draft was deleted.
Error conditions:
- Draft not found.
CleanUpDrafts
Deletes expired draft data entries (for all users and pages) on the site.
Parameters:
- None
Example: http://YOURSITE.editme.com/_xmlapi?do=CleanUpDrafts
<response><deleted>N</deleted></response> - where N is the number of drafts deleted.
Error conditions:
- None