Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
712:collector_data_rest_api [2025/09/16 16:22] – [Installation and Deployment] Iseler, Marc712:collector_data_rest_api [2026/02/18 09:33] (current) – [Cross-Origin Resource Sharing] Deutschmann, Niklas
Line 5: Line 5:
 To use a REST API endpoint a Stages User needs to install a respective Data collector first. By default there are no REST endpoints available. A data collector is technically realized via an Admin Job. Every Admin Job is populating exactly one REST endpoint. To use a REST API endpoint a Stages User needs to install a respective Data collector first. By default there are no REST endpoints available. A data collector is technically realized via an Admin Job. Every Admin Job is populating exactly one REST endpoint.
  
-{{ :712:datacollectorprocess.png?direct }}+{{ :712:data_collector_process.png?direct }}
  
 The framework allows to retrieve data for one or more workspaces in one call. Every call always requires an API token which is equipped with sufficient permissions to access the data provided by a REST API endpoint. The framework allows to retrieve data for one or more workspaces in one call. Every call always requires an API token which is equipped with sufficient permissions to access the data provided by a REST API endpoint.
Line 267: Line 267:
 </code> </code>
  
 +==== Cross-Origin Resource Sharing ====
 +Starting with Stages 7.12.5, CORS (Cross-Origin Resource Sharing) can be configured for collector data API requests. This configuration change is **only** needed when another web application needs to make **client-side HTTP requests** to the API (because the same-origin policy is only enforced in web browsers)
  
 +The following configuration can be added to ''web-customer.xml'' (at the beginning right after the opening ''<web-app>'' tag). The ''cors.allowed.origins'' parameter can **not** be set to "*", so you can not allow API requests from any origin.
 +<code xml>
 +<filter>
 +    <filter-name>CorsFilter</filter-name>
 +    <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
 +    <init-param>
 +        <!-- URLs of the web applications (comma-separated) for which API requests should be allowed -->
 +        <param-name>cors.allowed.origins</param-name>
 +        <param-value>https://stages-api-client1.example.com, https://stages-api-client2.example.com</param-value>
 +    </init-param>
 +    <init-param>
 +        <param-name>cors.support.credentials</param-name>
 +        <param-value>true</param-value>
 +    </init-param>
 +    <init-param>
 +        <param-name>cors.allowed.methods</param-name>
 +        <param-value>GET,OPTIONS</param-value>
 +    </init-param>
 +    <init-param>
 +        <param-name>cors.allowed.headers</param-name>
 +        <param-value>Origin,Authorization</param-value>
 +    </init-param>
 +</filter>
 +<filter-mapping>
 +    <filter-name>CorsFilter</filter-name>
 +    <url-pattern>/api/1/collectordata/*</url-pattern>
 +</filter-mapping>
 +</code>
 +
 +**Testing your configuration:**
 +
 +The best way to test the configuration:
 +  * Go to the website that should be the origin of the API requests (https://stages-api-client1.example.com in the example above)
 +  * Open the browser's developer tools (F12)
 +  * In the "Console" tab, execute the following request
 +
 +<code>
 +fetch("https://<Stages Server URL>/stages/api/1/collectordata/<Record Key>", { headers: { "Authorization": "Bearer <API Token>" }}).then(r => r.json()).then(console.log);
 +</code>