Gliffy Online REST API: User

A user is an authenticated entity accessing Gliffy

Method Summary

Get Users in an account

Request URL

HTTP METHOD URL
GET or POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users.xml?action=get

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes get Get the users in an account.

Example Response containing <users>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true">
    <users>
        <user id="209">
            <username>barney</username>
            <email>barney@BurnsODyne.apiuser.gliffy.com</email>
        </user>
        <user id="205">
            <username>bart</username>
            <email>bart@BurnsODyne.apiuser.gliffy.com</email>
        </user>
        <user id="210">
            <username>discostu</username>
            <email>discostu@BurnsODyne.apiuser.gliffy.com</email>
        </user>
        <user id="204">
            <username>homer</username>
            <email>homer@BurnsODyne.apiuser.gliffy.com</email>
        </user>
    </users>
</response>

Create a user

Create this user explicitly. If you wish to auto-provision a user into your Gliffy account when they log into your application, a more expedient way of creating the user would be to simply create their login token.

Request URL

HTTP METHOD URL
POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users.xml?action=create&userName=$USERNAME

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes create Create a user in the account.
userName Yes any string The username of a user, unique in the account. Should contain no spaces.

Example of successful <response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true" />

Update a user's information

Updates the user's meta data. By default, users created via the API cannot log into Gliffy via www.gliffy.com. If you wish to allow certain users to do so, they will need a unique email address and a password. Users are given a fake email address when provisioned, so you are free to use that, coupled with a password of your choice, if you do not wish to store a user's actual email address with Gliffy.

Request URL

HTTP METHOD URL
POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME.xml?action=update

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes update Update a user in the account.
email no an email address the new email address
password no any string their user password for logging into Gliffy Online
admin no true | false "true" to grant user with administrative privileges on the account. "false" to remove administrative privileges.

Example of successful <response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true" />

Delete a user

Deletes the user. This cannot be undone. Documents they created will not be deleted; their ownership will be given to an admin of the account. For un-owned documents where changes (revisions) were made by this user, those changes will now be assigned to the admin as well.

Request URL

HTTP METHOD URL
DELETE or POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME.xml?action=delete

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes delete Delete a user in the account.

Example of successful <response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true" />

Create a User's OAuth Token

Most calls to gliffy require the user to be identified via a short-lived OAuth Token. When you create a user OAuth Token, you are essentially logging a user in. Every request in which you use this token means you are making the request on behalf of the user. This token will also be part of the OAuth signature. You can also provision users this way. This keeps your application from having to check if a given user has a Gliffy user already. You simply access the user's OAuth Token at the start of their session and Gliffy will provision them if needed.

The username can be anything, and may contain the "@" sign (i.e. an email address).

This call also requires a 'description' parameter. This is a string that describes the Home Application making the request (i.e. "Media Wiki Plugin")

This returns a new OAuth Token if it hasn't expired. It will also return the OAuth Token Secret used for signing requests with the OAuth Token. If the user doesn't exist, provisions them, creates a token and returns it. If your account has already reached its maximum number of users, this call will fail if the username provided is not known to Gliffy.

This method does not require an OAuth Token

Request URL

HTTP METHOD URL
POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME/oauth_token.xml?action=create

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes create Gets a user token.
description Yes Any string Short description of Home Application making the request.

Example Response containing <oauth-token-credentials>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response success="true">
    <oauth-token-credentials>
        <oauth-token>140a1b58c248d13872499df769606766</oauth-token>
        <oauth-token-secret>481830f5827e35b0644a32c1caac5245</oauth-token-secret>
        <create-date>1236204382765</create-date>
    </oauth-token-credentials>
</response>
		

If the token request requires provisioning a user (i.e. you are getting the token for a new user), and your account has reached the maximum number of users, the error response you receive will have an http-status-code of 401. This is the only instance where the request for a token will return that code, unless there was a problem with the request specific to the OAuth specification (i.e. bad timestamp or nonce, invalid signature, etc.)

Example <response> when user provisioning has failed

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="false">
    <error http-status-code="401">Your account has reached the maximum number of users</error>
</response> 

Delete a User's OAuth Token

When you delete a user OAuth Token, you are essentially logging a user out.

The username can be anything, but should not contain the "@" sign, nor should it be entirely numeric. It may contain spaces.

Request URL

HTTP METHOD URL
POST $API_ROOT/accounts/$YOUR_ACCOUNT_ID/users/$USERNAME/oauth_token.xml?action=delete

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes delete Gets a user token.

Example of successful <response>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true" />

Get folders that a user has access to

Returns folders in this account that this user has rights to access

Request URL

HTTP METHOD URL
GET or POST $API_ROOT/accounts/$YOUR_ACCOUNT_NAME/users/$USERNAME/folders.xml?action=get

Parameters

PARAMETER REQUIRED POSSIBLE VALUES DESCRIPTION
action Yes get Gets a user token.

Example Response containing <folders>

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<response xmlns="http://www.gliffy.com" success="true">
    <folders>
        <folder is-default="true">
            <name>ROOT</name>
            <path>ROOT</path>
            <folder is-default="false">
                <name>Tulacca Camp</name>
                <path>ROOT/Tulacca Camp</path>
            </folder>
            <folder is-default="false">
                <name>Simpsons Family</name>
                <path>ROOT/Simpsons Family</path>
                <folder is-default="false">
                    <name>Homer's Secrets</name>
                    <path>ROOT/Simpsons Family/Homer's Secrets</path>
                </folder>
            </folder>
        </folder>
    </folders>
</response>