Knowledge Base
  • Select Role
  • English
  • Login

JSON API

The JSON API allows you to interact with Joget's platform by accessing data and integrating external systems. This guide provides basic steps and examples to help you get started quickly.

Check out the API Builder! A brand new custom builder plugin made for Joget DX.

The API Builder introduces the simple drag-and-drop principle similar to the Form Builder, as a no-code/low-code alternative to create your own customized JSON APIs for Joget apps.

Have access to more APIs out-of-the-box, preview APIs quickly, greater API access management, support for custom API authenticators, and more.

API elements & API authenticators are extensible via plugins too.

To see detailed information about this plugin, check the API Builder page.

Download the plugin from the Joget Marketplace.

The API Domain Whitelist setting in General Settings needs to be configured to allow JSON API requests. If a request is from a non-whitelisted domain, the response will be an HTTP 400 Bad Request.

JSON API Authentication

Authenticate by Passing Parameters

Do NOT expose clear text passwords in the URL or DOM.

For JSON API authentication purposes, the following parameters can be posted to each of the JSON API URLs:
  • j_username
  • j_password
  • hash

Example:

Assuming the username and password required is "user1" and "password1" respectively, we can post the username and password to the JSON API using following script.

Sample Call
curl --location --request POST --data 'j_username=user1&j_password=password1' 'http://localhost:8080/jw/web/json/workflow/assignment/list'
Sample Result
{"total" : 12 }

If you prefer to use a hashed password, you can use the following script.

Note that the support on Hashed Password is based on the Directory Manager you are using. Some Directory Manager Plugin may not supporting this type of authentication method.

The format and hashing method may vary for each Directory Manager as well.

Sample Call
curl --location --request POST --data 'j_username=user1&hash=D012B772672A55A0B561EAA53CA7734E' 'http://localhost:8080/jw/web/json/workflow/assignment/list/pending'
Sample Result
{"total" : 12 }

Master Login Username and Password

Do NOT expose clear text passwords in the URL or DOM.

When authentication using parameters, you are allowed to using a Master Credential to login as other user to performance workflow activities. 

To use it, set a Master Login Username and Master Login Password under System Settings > General Setting. By setting these values, a different user can be specified by passing in the "loginAs" parameter.

Note that only enable this when it is necessary. Leaking of your Master Credential will allows others to performs all the unwanted JSON API calls.

Assuming the master login username and master login password is "master" and "master" respectively, the master login hash will be "E505CF727D214A68CB03DA25DA978500".

The following example showcases how to use a Master Credential to login as "user1".

Sample Call
curl --location --request POST --data 'j_username=master&j_password=master&loginAs=user1' 'http://localhost:8080/jw/web/json/workflow/assignment/list'
Sample Result
{"total" : 12 }

Using master login hash:

Sample Call
curl --location --request POST --data 'j_username=master&j_password=master&loginAs=user1' 'http://localhost:8080/jw/web/json/workflow/assignment/list'
Sample Result
{"total" : 12 }

Basic Http Authentication

Since V4, Joget supports Basic HTTP Authentication in JSON API authentication so you can pass the credentials in the header.

Example:

Assuming the username and password required is "user1" and "password1" respectively, we can set the Basic Auth header to the JSON API using following script. 

Sample Call
curl --location --request POST 'http://localhost:8080/jw/web/json/workflow/assignment/list/pending' --header 'Authorization: Basic dXNlcjE6cGFzc3dvcmQx'
Sample Result
{"total" : 12 }

Hashed Password

Description

  • Used in JSON API authentication and JavaScript Single Sign ON (SSO)

  • Prevents a user's password from being directly exposed during authentication

  • This Hashed Password method is only supported by Joget Internal Directory Manager.

Please note that LDAP Directory Manager & Security Enhanced Directory Manager does not support Hashed Password in JSON API authentication.

Formula

md5(username + "::" + md5Base16(password));

E.g.: Assuming that the username is “admin” and the password is “admin”, the resulting hash should be “14ACD782DCFEB2BCDE2B271CCD559477”.

Sample Code (Java)

public static String md5(String content) {
    try {
        MessageDigest m = MessageDigest.getInstance("MD5");
        byte[] data = content.getBytes();
        m.update(data, 0, data.length);
        BigInteger i = new BigInteger(1, m.digest());
        return String.format("%1$032X", i);
    } catch (Exception ex) {}
    return "";
}
 
public static String md5Base16(String content) {
    try {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte[] bytes = md.digest(content.getBytes());
        StringBuffer sb = new StringBuffer();
        for (int i = 0; i < bytes.length; i++) {
            byte b = bytes[i];
            String hex = Integer.toHexString((int) 0x00FF & b);
            if (hex.length() == 1) {
                sb.append("0");
            }
            sb.append(hex);
        }
        return sb.toString();
    } catch (Exception e) {}
    return "";
}
Created by Marcos Last modified by Aadrian on Dec 17, 2024
Tags:
Previous API & Methods Reference NextApp