The Web API is not yet open for external developers.

Artportalen Web API Help Page

The Web API is not yet open for external developers.

Introduction

ArtPortalen exposes some of its data through a REST API. This API provides access for the resources described below. The API supports both XML and JSON formats.

Authentication

The API has two parts. One part is public, the other requires authentication and SSL. For all calls made to the API, public or non-public, an access-key is required.

Access-key are sent in the HTTP Header, ex: request.Headers.Add("access-key", "yourPersonalAcessKey");

Authentication for the non-public part of the API is done using your regular login/password via HTTP Basic authentication.
http://en.wikipedia.org/wiki/Basic_access_authentication

When making an API call to URL [address]/token with login/pwd and access-key the server response is a unique "token".
The "token" returned may be used in following calls to the API in order to avoid a new login for every request.
A "token" is valid for a certain amount of time. When it expires the client has to request a new one by sending authentication information.

To send the unique token use "Authorization: Session " + [token] in the HTTP header.

HTTP Header example:
Content-Type: application/json
Authorization: Session eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
access-key: 1234518f8c284000832512383d2d353

[Unique token: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"] received from a request to [address]/token.
[access-key: "1234518f8c284000832512383d2d353"] received from ArtPortalen when register. (see below)

HTTP access control - CORS

The api implements HTTP access control - CORS. https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS If you want to access the API via javascript, you need to provide the domains to which ArtPortalen should grant access.

Specify Content-Type on POST requests

When creating a remote element, the Content-Type of the request must be specified:

  • for JSON content: Content-Type: application/json
  • for XML content: Content-Type: application/xml
  • for forms content (POST): Content-Type: application/x-www-form-urlencoded

What you need to be able to build a client.

Look at http://test-api.artportalen.se. We have a basic example of an implementation there.

To be granted access you need:

  • A valid Artportalen account. (email-address, alias)
  • An access-key, this will track how your client(s) accesses the API and are required for all clients.
  • If you are developing a web page that will access the API you need to notify us which CORS-origins that we should allow.
Send all this information to info@artportalen.se to be granted access to the API.

Response Codes

Following are the HTTP response codes our API may return.

  • 200 OK - It worked!
  • 201 Created - The request has been fulfilled and resulted in a new resource being created. The newly created resource can be referenced by the URI returned in the entity of the response.
  • 400 Bad Request - The request was invalid. You may be missing a required argument or provided bad data. An error message will be returned explaining what happened.
  • 401 Unauthorized - The authentication you provided is invalid.
  • 403 Forbidden - Data provided did not pass validation. An error message will be returned in the response trying to explain what happened.
  • 404 Not Found - You requested an invalid method.
  • 406 Not Acceptable - You requested an invalid content type.
  • 500 Internal Server Error - Something is wrong on our end. We'll investigate what happened. Feel free to contact us.
  • 503 Service Unavailable - The method you requested is currently unavailable (due to maintenance or high load).