Introduction to XDOC API Services


General Overview

XDOC provides various API services including:


Please start by reading these general service overviews. Next, browse the other Service specific pages depending on which Services you are interested in.

After you have done your initial review of the documentation, we can setup an API Introductory Call with your developer(s).


HTTP Server Service Method Collections

The HTTP Server Services Method Listing contains these collections of service methods:

  1. Application - HTTP Simple Services specification for the Application. Includes Service Method for Testing Connectivity and API Protocol Handshaking
  2. System - HTTP Simple Services specification for the System Service. Retrieving System level configuration such as Security Profile lists, XDOC Version Information, etc.
  3. Project - HTTP Simple Services specification for the Project Service. Retrieving Project level repository configuration such as list of Document Types, list of Document Stacks, Bundle Profiles, etc.
  4. Container - HTTP Simple Service specification for the Container Service. Retrieving lists of documents for a particular container (loan), downloading documents in TIF or PDF format, etc.
  5. Document - HTTP Simple Services specification for the Document Service. Adding Documents, Deleting Documents, etc.

Configuring API Settings in the XDOC User Interface

XDOC API Service Settings for a project can be found under Admin > Projects Tab > HTTP Server Service & UI Launch Service in the side menu:


Note: Access to the XDOC API Services is restricted by the IP Access list defined on this page. For an extra layer of security, a Security Token can also be used when making requests.


Generating Security and User Tokens

After configuring the API settings in the XDOC User Interface, the Security & User Tokens for use in API requests can be created. Here is a brief overview:

  1. The tokens are first constructed in plaintext using either XML or JSON.
  2. The plaintext tokens must then be encrypted according to the encryption standards chosen on the API settings page.
  3. The encrypted tokens must then be Base64 encoded.
  4. Finally, the tokens must also be URL encoded for use in API request URLs.

Sample XML Security Token:

<SecurityToken>
    <Context>MySecurityContext</Context>
    <AppId>MyAppId</AppId>
    <AppKey>MyAppKey</AppKey>
    <GenDT>2021-03-08T14:15:53-08:00</GenDT>
</SecurityToken>

Sample XML User Token:

<UserToken>
    <UserName>admin</UserName>
    <Display>John Doe</Display>
</UserToken>

Security Token Encrypted, Base64 Encoded, and Finally URL Encoded (XST Value):

"VVp57msUPMDgpqVqEdYN80PWgk8ek85nAasL3E26zUZ1t%2BMweH%2Fw%2BSSXMvkljE13E%2FbiIcu0%2BdXMwRIfEK9fplqH7JqAGOlqhqKmF%2BYVS1htqx8U7ZZZl2hUa4cS4ee9DGUBMPAvsgd4B1nhs%2F7loQ1GmLS0%2F%2BKfWdJGPUg4yiJNL5aQpDT6w7MCPNlNrTLfiHyRjef0A1TlpJ%2BwT0d7mQ%3D%3D"

For more information on Security Token Encryption, please see S4. Security Token Authentication in the HTTP Server Services API section.


User Token Encrypted, Base64 Encoded, and Finally URL Encoded (XUT Value):

"gWd0ky0DfSFt1wVAYJM4cVWANSkSjQv%2FCi%2BwdLlAh1Cya4i9MM4gMWYneTcbjVyo72QTv3It%2F0GezGRg%2BP2HG50zfUk%2BiGZRyb6VBiMD15A%3D"

For more information on User Token Encryption please see S4. Security Token & Security Considerations in the User Interface Service section.


Constructing Request URLs for HTTP and UI Launch Services

Here is a brief overview for constructing XDOC API request URLs.

  1. The domain for the XDOC Server will be used as the base for the API request.
  2. All HTTP Service Methods are accessible via the /XDocServerService.ashx? endpoint with the desired service method specified by input to the XM parameter.
  3. All UI Launch Links are accessible via the /XDocUIService.ashx? endpoint with the link type specified by input to the AppLink parameter.
  4. If a Security Context is defined (and set to be required) in user interface API settings page, it must be specified in requests by input to the XSC parameter.
  5. Finally, if using a Security Token or User token they must also be specified in requests by using the XST parameter for the Security Token & the XUT parameter for the User Token.

Sample Container.ContainerInfo Invoke URL:

https://xdoc.example.com/XDocServerService.ashx?XM=Container.ContainerInfo&ContainerKey=201001&XSC=MySecurityContext&XST=VVp57msUPMDgpqVqEdYN80PWgk8ek85nAasL3E26zUZ1t%2BMweH%2Fw%2BSSXMvkljE13E%2FbiIcu0%2BdXMwRIfEK9fplqH7JqAGOlqhqKmF%2BYVS1htqx8U7ZZZl2hUa4cS4ee9DGUBMPAvsgd4B1nhs%2F7loQ1GmLS0%2F%2BKfWdJGPUg4yiJNL5aQpDT6w7MCPNlNrTLfiHyRjef0A1TlpJ%2BwT0d7mQ%3D%3D

For more information on constructing invoke URLS please see S1. Method Invocation Syntax in the HTTP Server Services API section.


Sample APPDASHBOARD UI Launch URL:

https://xdoc.example.com/XDocUIService.ashx?AppLink=APPDASHBOARD&XSC=MySecurityContext&XUT=gWd0ky0DfSFt1wVAYJM4cVWANSkSjQv%2FCi%2BwdLlAh1Cya4i9MM4gMWYneTcbjVyo72QTv3It%2F0GezGRg%2BP2HG50zfUk%2BiGZRyb6VBiMD15A%3D

For more information on constructing Launch URLs please see S1. Service Invocation Syntax in the User Interface Service section.