Skip to content

Session API

Session API is an API that issues session tokens and provides session functions and access to various APIs using the tokens.

Execution Procedure

Session API uses JSON-RPC v2.0.

To execute Session API using JSON-RPC, POST the request data (string) described in JSON format to the URL of the web service endpoint provided by EvWH.

Request header

API key and secret key are required to use this API. Please apply to the system administrator to obtain them. They must be sent in the HTTP header section when sending an HTTP request, with the following header names respectively. - API key: APIKey - Private key: Secret

Session token specifications

The specifications and usage of session tokens issued by session.open_session are as follows.

  • The session token can be specified in the Xdata-Session-Token header.
  • Session tokens are authorized according to the Apikey and Secret used to issue them (session tokens are resolved to the associated Apikey and Secret).
  • If an APIKey Secret header is passed with the Xdata-Session-Token header, the Xdata-Session-Token header takes precedence.
  • The Xdata-Session-Token is internally resolved to a session Id and given as a Xdata-Session-Id header when requesting the backend.
  • The backend (currently dataproc only) uses the Xdata-Session-Id to realize sessions (implementation and usage varies from app to app).
  • Session tokens allow dataproc to use session directories (shared directories within a session that can only be accessed from the same session).

Future plans for session tokens

In the future, we are considering the ability to grant authorization scope and access control when dispensing session tokens. Currently, Apikey is responsible for this function, but we will organize the role of Apikey and session tokens so that it can only dispense session tokens, and aim for flexible operation with security.

We ask that you use session tokens for this purpose.

How to use session tokens

The following is an example of how session tokens (access tokens) issued by session.open_session are used.

curl -H "Content-type:application/json" -H "Xdata-Session-Token: 0df23f0d-44cb-4085-8ac9-158e6ced3056" -X POST -d '{"id":1, "jsonrpc": "2.0", "method": "dataproc.get_server_version","params": {}}' http://localhost/api/v1/dataproc/jsonrpc

The following is an example of using the Python client.

import os
import json
from xdata_session.client import ApiV2 as SessionApi
from xdata_dataproc.client import ApiV2 as DataprocApi

# Obtain a session token

if not os.path.exists("~/xdata_token.json"):
  # When issuing a new session token
  session_endpoint = "http://localhost/api/v1/session/jsonrpc"
  apikey = "xxx"
  secret = "xxx"

  session_client = SessionApi(session_endpoint, apikey, secret)
  result = session_client.open_session()

  # Save session tokens as needed
  with open("~/.xdata_cache/xdata_token.json", "w") as f:
    json.dump(result, f)
  else:
  # To load a session token saved in json format
  with open("~/.xdata_cache/xdata_token.json") as f:
    result = json.load(f)

session_token = result["access_token"]

# Run dataproc twice to save the two artifacts in the session directory
dataproc_endpoint = "http://localhost/api/v1/dataproc/jsonrpc"
dataproc_client = DataprocApi(dataproc_endpoint, session_token=session_token)

params = dict(
  module="test-module",
  method="session-test",
  input={},
  output={},
  params={},
)

result1 = dataproc_client.exec(**params)
result2 = dataproc_client.exec(**params)

Endpoints

The endpoint of this API is https:///api/v1/session/jsonrpc.