REST Api Docs - User
A user is an authenticated entity accessing Gliffy
Method Summary
- Get Users in an account
- Create a User
- Update a User's information
- Delete a User
- Create a User's OAuth Token
- Delete a User's OAuth Token
- Get Folders that a User has access to
Get Users in an account
Request URL
| HTTP METHOD | URL |
|---|---|
| GET or POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users.xml?action=get |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | get | Get the users in an account. |
Example Response containing <users>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true">
<users>
<user id="209">
<username>barney</username>
<email>barney@BurnsODyne.apiuser.gliffy.com</email>
</user>
<user id="205">
<username>bart</username>
<email>bart@BurnsODyne.apiuser.gliffy.com</email>
</user>
<user id="210">
<username>discostu</username>
<email>discostu@BurnsODyne.apiuser.gliffy.com</email>
</user>
<user id="204">
<username>homer</username>
<email>homer@BurnsODyne.apiuser.gliffy.com</email>
</user>
</users>
</response>
Create a user
Create this user explicitly. If you wish to auto-provision a user into your Gliffy account when they log into your application, a more expedient way of creating the user would be to simply create their login token.
Request URL
| HTTP METHOD | URL |
|---|---|
| POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users.xml?action=create&userName=$USERNAME |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | create | Create a user in the account. |
| userName | Yes | any string | The username of a user, unique in the account. Should contain no spaces. |
Example of successful <response>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <response xmlns="http://www.gliffy.com" success="true" />
Update a user's information
Updates the user's meta data. By default, users created via the API cannot log into Gliffy via www.gliffy.com. If you wish to allow certain users to do so, they will need a unique email address and a password. Users are given a fake email address when provisioned, so you are free to use that, coupled with a password of your choice, if you do not wish to store a user's actual email address with Gliffy.
Request URL
| HTTP METHOD | URL |
|---|---|
| POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME.xml?action=update |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | update | Update a user in the account. |
| no | an email address | the new email address | |
| password | no | any string | their user password for logging into Gliffy Online |
| admin | no | true | false | "true" to grant user with administrative privileges on the account. "false" to remove administrative privileges. |
Example of successful <response>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <response xmlns="http://www.gliffy.com" success="true" />
Delete a user
Deletes the user. This cannot be undone. Documents they created will not be deleted; their ownership will be given to an admin of the account. For un-owned documents where changes (revisions) were made by this user, those changes will now be assigned to the admin as well.
Request URL
| HTTP METHOD | URL |
|---|---|
| DELETE or POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME.xml?action=delete |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | delete | Delete a user in the account. |
Example of successful <response>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <response xmlns="http://www.gliffy.com" success="true" />
Create a User's OAuth Token
Most calls to gliffy require the user to be identified via a short-lived OAuth Token. When you create a user OAuth Token, you are essentially logging a user in. Every request in which you use this token means you are making the request on behalf of the user. This token will also be part of the OAuth signature. You can also provision users this way. This keeps your application from having to check if a given user has a Gliffy user already. You simply access the user's OAuth Token at the start of their session and Gliffy will provision them if needed.
The username can be anything, and may contain the "@" sign (i.e. an email address).
This call also requires a 'description' parameter. This is a string that describes the Home Application making the request (i.e. "Media Wiki Plugin")
This returns a new OAuth Token if it hasn't expired. It will also return the OAuth Token Secret used for signing requests with the OAuth Token. If the user doesn't exist, provisions them, creates a token and returns it. If your account has already reached its maximum number of users, this call will fail if the username provided is not known to Gliffy.
This method does not require an OAuth Token
Request URL
| HTTP METHOD | URL |
|---|---|
| POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME/oauth_token.xml?action=create |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | create | Gets a user token. |
| description | Yes | Any string | Short description of Home Application making the request. |
Example Response containing <oauth-token-credentials>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response success="true">
<oauth-token-credentials>
<oauth-token>140a1b58c248d13872499df769606766</oauth-token>
<oauth-token-secret>481830f5827e35b0644a32c1caac5245</oauth-token-secret>
<create-date>1236204382765</create-date>
</oauth-token-credentials>
</response>
If the token request requires provisioning a user (i.e. you are getting the token for a new user), and your account has reached the maximum number of users, the error response you receive will have an http-status-code of 401. This is the only instance where the request for a token will return that code, unless there was a problem with the request specific to the OAuth specification (i.e. bad timestamp or nonce, invalid signature, etc.)
Example <response> when user provisioning has failed
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="false">
<error http-status-code="401">Your account has reached the maximum number of users</error>
</response> Delete a User's OAuth Token
When you delete a user OAuth Token, you are essentially logging a user out.
The username can be anything, but should not contain the "@" sign, nor should it be entirely numeric. It may contain spaces.
Request URL
| HTTP METHOD | URL |
|---|---|
| POST | $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME/oauth_token.xml?action=delete |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | delete | Gets a user token. |
Example of successful <response>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <response xmlns="http://www.gliffy.com" success="true" />
Get folders that a user has access to
Returns folders in this account that this user has rights to access
Request URL
| HTTP METHOD | URL |
|---|---|
| GET or POST | $API_ROOT/accounts/$YOUR_ACCOUNT_NAME/users/$USERNAME/folders.xml?action=get |
Parameters
| PARAMETER | REQUIRED | POSSIBLE VALUES | DESCRIPTION |
|---|---|---|---|
| action | Yes | get | Gets a user token. |
Example Response containing <folders>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true">
<folders>
<folder is-default="true">
<name>ROOT</name>
<path>ROOT</path>
<folder is-default="false">
<name>Tulacca Camp</name>
<path>ROOT/Tulacca Camp</path>
</folder>
<folder is-default="false">
<name>Simpsons Family</name>
<path>ROOT/Simpsons Family</path>
<folder is-default="false">
<name>Homer's Secrets</name>
<path>ROOT/Simpsons Family/Homer's Secrets</path>
</folder>
</folder>
</folder>
</folders>
</response>
