The App Orchestration API is implemented as a REST-style API. To access the API, you issue HTTP requests to an API endpoint. The type of request is determined by the HTTP method used:
- GET: Reads data, and never makes modifications to the configuration.
- PUT: Updates existing objects in the system.
- DELETE: Deletes objects in the system. Note that Delete operations are often two-phase. See the section on [Two-Phase Deletes] for more information.
- POST: Typically, creates objects in the system. Also used for executing actions, and occasionally for read-only queries with input that may exceed the maximum allowable for GET operations.
By default, the root endpoint is located at:
https://[server]/cam/api
where [server] is the FQDN of any of the App Orchestration configuration servers. For example, if your server name is “srv01.my.com” and you wish to read information about the tenants configured in the system, you would issue a GET request to:
https://srv01.my.com/cam/api/Tenants
See the API section for full details about the query paths and options for each API call.
All APIs require Authentication and Authorization.
Once authorized, the caller is issued a Session Token which may be used to bypass further authorization challenges during a time period, as long as the client remains active.
To prevent Cross-Site Request Forgery attacks, calling an API without using explicit authorization requires the use of an Anti-Forgery Token.