SOAP Web Services
TIBCO Spotfire® Server offers the following SOAP web services APIs:
- Information Model Service
Updates the configuration of an Information Model data source.
- Library Service
Manages the TIBCO Spotfire Server Library. Read more.
- License Service
Manages Licenses and License Functions.
- User Directory Service
Manages users and groups. Read more.
- Update Analysis Service
Updates a Spotfire Web Player analysis externally. Read more.
TIBCO Spotfire® Server offers the following REST APIs:
- Automation Services REST API
Executes Automation Services jobs. Available since version 7.13. Read more.
- Library REST API
Uploads content to the Spotfire Library. Available since version 10.2. Read more.
Migrating from legacy (7.12 and previous) to OAuth 2.0-based (7.13 and later) SOAP Web Services API
To migrate an existing solution that uses the SOAP Web Service API available under /spotfire/ws/pub to use the SOAP Web Service API available under /spotfire/api/soap (available from 7.13), follow the following steps:.
1) Update the URLs:
- http[s]://<host>[:<port>]/spotfire/ws/pub/InformationModelService -> http[s]://<host>[:<port>]/spotfire/api/soap/InformationModelService
- http[s]://<host>[:<port>]/spotfire/ws/pub/LibraryService -> http[s]://<host>[:<port>]/spotfire/api/soap/LibraryService
- http[s]://<host>[:<port>]/spotfire/ws/pub/LicenseService -> http[s]://<host>[:<port>]/spotfire/api/soap/LicenseService
- http[s]://<host>[:<port>]/spotfire/ws/pub/SecurityService -> <no replacement>
- http[s]://<host>[:<port>]/spotfire/ws/pub/UpdateAnalysisService -> http[s]://<host>[:<port>]/spotfire/api/soap/UpdateAnalysisService
- http[s]://<host>[:<port>]/spotfire/ws/pub/UserDirectoryService -> http[s]://<host>[:<port>]/spotfire/api/soap/UserDirectoryService
2) Register an OAuth2 API client using the register-api-client command. Make sure to specify the scopes needed for the services that you're accessing. Se API documentation for details.
3) Update the code so that it before making a request to any of the API services obtains an OAuth2 access token (according to the instructions in the API documentation and RFC 6749).
4) Update the code so that it includes the access token from step 3 in an Authorization header (as described in RFC 6750) with every request. The server may respond with 401 if the access token is no longer valid - step 3 must then be repeated.
5) Remove any code for handling other forms of authentication.
6) Remove any code for handling CSRF and sessions (the new API doesn't utilize HTTP sessions and therefore has no need for CSRF protection).