Set Up Guide
This topic will guide you through the steps you need to get started with the HotDocs Advance API, using the resource owner authentication flow.
Prerequisites
- You must have a site administrator user account to create a new API client.
1. Log into the API Client Management application
To view, create, and manage your API clients, you should log in to the HotDocs Advance API Management application:
- Open a web browser.
- Navigate to the application using the following URL:
https://{tenancymoniker}.yourorganization.com/HdaAuth
Where tenancymoniker is replaced with the tenancy you want to access and yourorganization.com is replaced with your own domain. - Type your username and password into the fields.
- Click the Login button; you are taken to the API Client Management landing page.
2. Create a new API client
A client is required to make requests to the Advance API. For this example, select a ResourceOwner flow type and Query scope.
- Log into the API Clients Management application.
- Click the Manage Client Credentials link.
- Click the Create a new client link.
- In the Create a new client form, enter the following information:
- DisplayName – a 'friendly' descriptive name for the client, used to identify the client in the UI
- FlowType – the type of authorization flow used by the client; select a flow type from the following options:
- ResourceOwner – the client gets tokens by impersonating a service account
- Implicit – the client gets a token as part of a sign-in process for a real user, without needing a secret
- Secret – the secret for the client, used for authentication
- ReturnUrl – the URL to which responses from the API are returned; not used by clients that use the Resource Owner flow
- LandingPage – the URL for the landing page to which new users are redirected from the provisioning e-mail; only used by users created via the API
- Token life span – the number of seconds for which the token is valid
- Scope – select from the following options:
- Query – the client can only make read requests to the API
- Command – the client can make read and write requests to the API
- Root – the client has full root access to Advance; it can issue user access tokens
- Click the Create button; the Client Details page appears.
- (Optional) Click Activate Client; if you do not want to make the client immediately available, you can activate it later.
3. Add a service principal to the client
The service principal is an account in Advance that acts on behalf of a client. Clients that use the resource owner flow require an associated service principal user.
You only need to add a service principal if your client uses the Resource Owner authentication flow.
- Open the details page for the client for which you need to add a service principal
- Click the Add a service principal button.
- Enter the following information into the Add a service principal for the client form:
- PrincipalName – the name of the new service principal
- (Optional) Password
– an automatically-generated password appears in this field; you
can change it to your own custom password, if necessary.
Note: You must remember this password; it cannot be viewed again beyond this page. You will require the password when making requests to the Advance API.
- (Optional) IsActive – check this box to make the service principal available for making requests to the API; you can activate the service principal later, if necessary.
Once the client and service principal are activated, you can use them to retrieve an access token from the API.
4. Get an access token
HotDocs Advance requires you to supply an access token with your API requests, to verify that you are authorized to make that request.
The access token request requires you to provide the following data:
- ClientName – the unique name for the client created earlier; you can find the client's unique name on the client details page
- PrincipalName – the name of the service principal associated with the client
- PrincipalPassword – the password for the service principal; you set the password when creating the service principal
To retrieve a token using the Resource Owner flow, use the example below to request an access token from the API.
using System; using System.Net.Http; using System.Text; using System.Threading.Tasks;
namespace HotDocsAdvanceApiExamples { public class ResourceOwnerAuthorization { // These are the credentials required for retrieving an access token using the resource owner flow. // You will replace these credentials with those for a client you create yourself, // using the Advance Client Management Application. See the API help guide for more information. private string clientName = "ab3e4544-b595-4681-b0ea-c7c18c9b63f6"; private string servicePrincipalName = "ExampleServicePrincipalA"; private string servicePrincipalPassword = "examplePassword";
public async Task<string> GetResourceOwnerToken() { // Create the access token request var request = CreateHttpRequestMessage();
//Send token request to Advance using (var client = new HttpClient()) { var response = await client.SendAsync(request);
// Return the retrieved access token return response.Content.ReadAsStringAsync().Result; } }
private HttpRequestMessage CreateHttpRequestMessage() { var tokenUrl = string.Format("https://yourtenancy.yourorganization.com/HdaAuth/Authorize/ServicePrincipalLogIn");
return new HttpRequestMessage { RequestUri = new Uri(tokenUrl), Method = HttpMethod.Post, Content = GetRequestContent() }; }
private StringContent GetRequestContent() { var json = "{" + string.Format("'ClientName' : '{0}', 'PrincipalName' : '{1}', 'PrincipalPassword' : '{2}'", clientName, servicePrincipalName, servicePrincipalPassword) + "}"; return new StringContent(json, Encoding.UTF8, "application/json"); } } }
5. Find your Advance API base URL
The Advance API URL is the base URL to which you make API requests.
The URL consists of the path to the Advance API application and the API version you want to use. The format of the URL is typically:
- https://{tenancyMoniker}.{serverName}.{yourDomain}/HdaApi/rest/v{apiVersionNumber}/
Where:
- tenancyMoniker – the name of the Advance tenancy against which you are making requests; for example, tenancy1
- serverName – the server on which Advance is installed; for example, testserver01
- yourDomain – the domain under which Advance is installed; for example, yourorganization.com
- apiVersionNumber – the version number of the Advance API you are using; the latest version is 1.1
You need to know this URL when looking up the API documentation and making requests to the API endpoints.
For example, the URL for a request to get all work items in the tenancy might look like:
- https://tenancy1.testserver01.yourorganization.com/HdaApi/rest/v1.1/WorkItems
Keep a note of this URL for the next step.
6. Making Requests
Once you have retrieved an access token, you can use it to sign the requests you make to the Advance API. For example, you can use the example below to create a new user. Make sure you change the createUserUrl to use your API base URL.
using System; using System.Net; using System.Net.Http; using System.Net.Http.Headers; using System.Text; using System.Threading.Tasks;
namespace HotDocsAdvanceApiExamples { public class UserRequest { public async Task<HttpStatusCode> CreateUser(string token) { // Create the 'create user' request var userId = Guid.NewGuid(); var request = CreateHttpRequestMessage(userId);
//Send create user request to Advance using (var client = new HttpClient()) { client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token); var response = await client.SendAsync(request); return response.StatusCode; } }
private HttpRequestMessage CreateHttpRequestMessage(Guid userId) { // Create the request for the 'create user' API endpoint var createUserUrl = string.Format("https://yourtenancy.yourorganization.com/HdaApi/rest/v1.1/Users/{0}", userId);
return new HttpRequestMessage { RequestUri = new Uri(createUserUrl), Method = HttpMethod.Post, Content = GetRequestContent() }; }
private StringContent GetRequestContent() { // Generate the JSON request body required by the 'create user' method var json = "{ 'firstName': 'Emma', 'lastName': 'MacDiarmid', 'emailAddress': 'emma.macdiarmid@example.com', 'roles': [ 'SiteAdministrator' ], 'sendEmail': true }"; return new StringContent(json, Encoding.UTF8, "application/json"); } } }
Next steps
See Using the API Overview for more details about using the API, including code examples for various requests.
The Advance API documentation also contains information about the types of requests you can make using the API.
You can view the latest reference documentation for the Advance API at https://yourorganization.com/HdaApi/rest/documentation/index.html, where yourorganization.com is the domain under which your Advance deployment is located.