Overview of PPM RESTful Web Services
Using the PPM-supported REST APIs, developers can retrieve and perform CRUD (create, read, update, delete) operations on the related entities.
- For the REST APIs whose URIs are prefixed with
http(s)://server:port/itg/rest2/, see Interactive REST API Help.
For the REST APIs whose URIs are prefixed with
http(s)://server:port/itg/rest/, see the following:
The Web Application Description Language (WADL) descriptor that lists all supported PPM RESTful Web services can be found at the following location:
Starting from PPM version 9.13, the following line is added to the
websecurity.conf file to enable RESTful web services:
Check and make sure whether the above line is already there. If not, simply copy and paste it to the
websecurity.conf file, which is located in the
All requests to the RESTful Web services interfaces (URLs) must be authenticated. PPM supports the following three authentication types for RESTful Web services:
HTTP Basic Access Authentication
When you use the HTTP Basic Access Authentication, an authorization HTTP header is sent along with the request, containing the base64-encoded username and password.
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
For more information about HTTP Basic Access Authentication, see RFC 2617.
HTTP Request Query String
When you use the HTTP Request Query String, you must specify the username and password parameters in the URL.
Lightweight Single Sign-on (LWSSO)
For details, see the Installation and Administration Guide
HTTPS is preferred whenever you use RESTful Web services by Basic Access Authentication or Request Query String authentication in order to prevent username and password to be transmitted over the network.
Since Request Query String authentication requires your username and password as the parameters in the URL, your username and password will be logged in the log file if the web server is configured to log URLs. This will cause a security flaw.
PPM supports the following two messaging types for RESTful Web services:
To enable JSON messaging type, you have to append the string
alt=application/json to the parameter list of the URL.