TIBCO Spotfire® Web Services API Overview
Last updated:
1:21pm Apr 10, 2019

Back to Extending Spotfire page


SOAP Web Services

TIBCO Spotfire® Server offers the following SOAP web services APIs: 

  • Information Model Service

    Updates the configuration of an Information Model data source.

  • Library Service

    Manages the TIBCO Spotfire Server Library. Read more.

  • License Service

    Manages Licenses and License Functions.

  • User Directory Service

    Manages users and groups. Read more.

  • Update Analysis Service

    Updates a Spotfire Web Player analysis externally. Read more.


TIBCO Spotfire® Server offers the following REST APIs: 

    • Automation Services REST API

      Executes Automation Services jobs. Available since version 7.13. Read more.

    • Library REST API

      Uploads content to the Spotfire Library. Available since version 10.2. Read more

    API Documentation

    Migrating from legacy (7.12 and previous) to OAuth 2.0-based (7.13 and later) SOAP Web Services API

    To migrate an existing solution that uses the SOAP Web Service API available under /spotfire/ws/pub to use the SOAP Web Service API available under /spotfire/api/soap (available from 7.13), follow the following steps:.

    1) Update the URLs:

    • http[s]://<host>[:<port>]/spotfire/ws/pub/InformationModelService -> http[s]://<host>[:<port>]/spotfire/api/soap/InformationModelService
    • http[s]://<host>[:<port>]/spotfire/ws/pub/LibraryService -> http[s]://<host>[:<port>]/spotfire/api/soap/LibraryService
    • http[s]://<host>[:<port>]/spotfire/ws/pub/LicenseService -> http[s]://<host>[:<port>]/spotfire/api/soap/LicenseService
    • http[s]://<host>[:<port>]/spotfire/ws/pub/SecurityService -> <no replacement>
    • http[s]://<host>[:<port>]/spotfire/ws/pub/UpdateAnalysisService -> http[s]://<host>[:<port>]/spotfire/api/soap/UpdateAnalysisService
    • http[s]://<host>[:<port>]/spotfire/ws/pub/UserDirectoryService -> http[s]://<host>[:<port>]/spotfire/api/soap/UserDirectoryService

    2) Register an OAuth2 API client using the register-api-client command. Make sure to specify the scopes needed for the services that you're accessing. Se API documentation for details.

    3) Update the code so that it before making a request to any of the API services obtains an OAuth2 access token (according to the instructions in the API documentation and RFC 6749).

    4) Update the code so that it includes the access token from step 3 in an Authorization header (as described in RFC 6750) with every request. The server may respond with 401 if the access token is no longer valid - step 3 must then be repeated.

    5) Remove any code for handling other forms of authentication.

    6) Remove any code for handling CSRF and sessions (the new API doesn't utilize HTTP sessions and therefore has no need for CSRF protection).