.. _rest-api:

Zoe REST API
============

Zoe can be used from the command line or the web interface. For more complex tasks also an API is provided, so that Zoe functionality can be accesses programmatically.

The API is provided by the zoe-api processes, on the same port of the web interface (5001 by default). Every URL of the API contains, after the hostname and port, the path ``/api/<api version>/``. **The current API version is 0.7**.

In case the request causes an error, an appropriate HTTP status code is returned. The reply will also contain a JSON document in this format::

    {
        "message": "missing or wrong authentication information"
    }

With an error message detailing the kind of error that happened.

Some endpoints require credentials for authentication. For now the API uses straightforward HTTP Basic authentication. In case credentials are missing or wrong a 401 status code will be returned.

Info endpoint
-------------

This endpoint does not need authentication. It returns general, static, information about the Zoe software. It is meant for checking that the client is able to talk correctly to the API server::

    curl http://bf5:8080/api/<api_version>/info


Will return a JSON document, like this::

    {
        "version" : "2017.06",
        "deployment_name" : "prod",
        "application_format_version" : 3,
        "api_version" : "0.7"
    }

Where:

* ``version`` is the Zoe version
* ``deployment_name`` is the name configured for this deployment (multiple Zoe deployment can share the same cluster)
* ``application_format_version`` is the version of ZApp format this Zoe is able to understand
* ``api_version`` is the API version supported by this Zoe and should match the one used in the request URL

ZApp validation endpoint
------------------------

This endpoint does not need authentication. Use this endpoint to validate ZApp descriptions against the deployed Zoe version.

Usage::

    curl -X POST --data-urlencode @filename http://bf5:8080/api/<api_version>/zapp_validate

Needs a JSON document passed as the request body::

    {
        "application": <zapp json>,
    }

Where:

* ``application`` is the full ZApp JSON document, the application description

Will return a 200 HTTP status in case the JSON document passes validation, 400 otherwise.

Execution endpoint
------------------

All the endpoints listed in this section require authentication.

Execution details
^^^^^^^^^^^^^^^^^

Request (GET)::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/execution/<execution_id>

Where:

* ``execution_id`` is the ID of the execution we want to inspect

Will return a JSON document like this::

    {
       "status" : "running",
       "description" : {
          "version" : 2,
          "will_end" : false,
    [...]
       },
       "error_message" : null,
       "time_start" : 1473337160.16264,
       "id" : 25158,
       "user_id" : "venzano",
       "time_end" : null,
       "name" : "boinc-loader",
       "services" : [
          26774
       ],
       "time_submit" : 1473337122.99315
    }

Where:

* ``status`` is the execution status. It can be on of "submitted", "scheduled", "starting", "error", "running", "cleaning up", "terminated"
* ``description`` is the full ZApp description as submitted by the user
* ``error_message`` contains the error message in case ``status`` is equal to error
* ``time_submit`` is the time the execution was submitted to Zoe
* ``time_start`` is the time the execution started, after it was queued in the scheduler
* ``time_end`` is the time the execution finished or was terminated by the user
* ``id`` is the ID of the execution
* ``user_id`` is the identifier of the user who submitted the ZApp for execution
* ``name`` is the name of the execution
* ``services`` is a list of service IDs that can be used to inspect single services

Terminate execution
^^^^^^^^^^^^^^^^^^^
This endpoint terminates a running execution.

Request (DELETE)::

    curl -X DELETE -u 'username:password' http://bf5:8080/api/<api_version>/execution/<execution_id>

If the request is successful an empty response with status code 200 will be returned.

Delete execution
^^^^^^^^^^^^^^^^
This endpoint deletes an execution from the database, terminating it if it is running.

Request (DELETE)::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/execution/delete/<execution_id>

If the request is successful an empty response with status code 200 will be returned.

List all executions
^^^^^^^^^^^^^^^^^^^

This endpoint will list all executions belonging to the calling user. If the user has an administrator role, executions for all users will be returned.

Request (GET)::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/execution

Will return a JSON document like this::

    {
       "25152" : {
          "time_submit" : 1473337122.87461,
          "id" : 25152,
    [...]
          "status" : "running",
          "time_start" : 1473337156.8096,
          "services" : [
             26768
          ],
          "time_end" : null,
          "name" : "boinc-loader",
          "error_message" : null
       },
       "25086" : {
          "time_start" : 1473337123.30892,
          "status" : "running",
          "user_id" : "venzano",
    [..]

It is a map with the execution IDs as keys and the full execution details as values.

Starting from verion 0.7 of the API, the execution list can be filtered.

You need to pass via the URL (GET parameters) the criteria to be used for filtering, for example::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/execution?status=terminated\&limit=1

Valid criteria that can be used are:

* status: one of submitted, scheduled, starting, error, running, cleaning up, terminated
* name: execution mane
* user_id: user_id owning the execution (admin only)
* limit: limit the number of returned entries
* earlier_than_submit: all execution that where submitted earlier than this timestamp
* earlier_than_start: all execution that started earlier than this timestamp
* earlier_than_end: all execution that ended earlier than this timestamp
* later_than_submit: all execution that where submitted later than this timestamp
* later_than_start: all execution that started later than this timestamp
* later_than_end: all execution that started later than this timestamp

All timestamps should be passed as number of seconds since the epoch (UTC timezone).

Start execution
^^^^^^^^^^^^^^^

Request (POST)::

    curl -X POST -u 'username:password' --data-urlencode @filename http://bf5:8080/api/<api_version>/execution

Needs a JSON document passed as the request body::

    {
        "application": <zapp json>,
        'name': "experiment #33"
    }

Where:

* ``application`` is the full ZApp JSON document, the application description
* ``name`` is the name of the execution provided by the user

Will return a JSON document like this::

    {
        "execution_id": 23441
    }

Where:

* ``execution_id`` is the ID of the new execution just created.

Service endpoint
----------------

All the endpoints listed in this section require authentication.

Service details
^^^^^^^^^^^^^^^

Request::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/service/<service_id>

Will return a JSON document like this::

    {
       "status" : "active",
       "service_group" : "boinc-client",
       "backend_status" : "started",
       "ip_address" : "10.0.0.94",
       "execution_id" : 25158,
       "name" : "boinc-client0",
       "backend_id" : "d0042c69b54e90327d9287e099304b6c25921d81f639803494ea744445d58430",
       "error_message" : null,
       "id" : 26774,
       "description" : {
    [...]
       }
    }

Where:

* ``status`` is the service status from Zoe point of view. It can be one of "terminating", "inactive", "active" or "starting"
* ``service_group`` is the name for the service provided in the ZApp description. When the ZApp is unpacked to create the actual containers a single service definition will spawn one or more services with this name in common
* ``backend_status`` is the container status from the point of view of the container backend. Zoe tries her best to keep this value in sync, but the value here can be out of sync by several minutes. It can be one of 'undefined', 'created', 'started', 'dead' or 'destroyed'
* ``ip_address`` is the IP address of the container
* ``execution_id`` is the execution ID this service belongs to
* ``name`` is the name for this service instance, generated from ``service_group``
* ``backend_id`` is the ID used by the backend to identify this container
* ``error_message`` is currently unused
* ``id`` is the ID of this service, should match the one given in the URL
* ``description`` is the service description extracted from the ZApp

Service standard output and error
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Request::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/service/logs/<service_id>

Will stream the service instance output, starting from the time the service started. It will close the connection when the service exits.

Discovery endpoint
------------------

This endpoint does not need authentication. It returns a list of services that meet the criteria passed in the URL. It can be used as a service discovery mechanism for those ZApps that need to know in advance the list of available services.

Request::

    curl http://bf5:8080/api/<api_version>/discovery/by_group/<execution_id>/<service_type>

Where:

* ``execution_id`` is the numeric ID of the execution we need to query
* ``service_type`` is the service name (as defined in the ZApp) to filter only services of that type

Will return a JSON document, like this::

    {
       "service_type" : "boinc-client",
       "execution_id" : "23015",
       "dns_names" : [
          "boinc-client0-23015-prod"
       ]
    }

Where:

* ``service_type`` is the name of the service as passed in the URL
* ``execution_id`` is the execution ID as passed in the URL
* ``dns_names`` is the list of DNS names for each service instance currently active (only one in the example above)

Statistics endpoint
-------------------

This endpoint does not need authentication. It returns current statistics about the internal Zoe status.

Scheduler
^^^^^^^^^
Request::

    curl http://bf5:8080/api/<api_version>/statistics/scheduler

Will return a JSON document, like this::

    {
       "termination_threads_count" : 0,
       "queue_length" : 0
    }

Where:

* ``termination_threads_count`` is the number of executions that are pending for termination and cleanup
* ``queue_length`` is the number of executions in the queue waiting to be started

OAuth2 endpoint
---------------

This endpoint aims to help users authenticate/authorize via an access token instead of raw username/password. It does need authentication when users require new access token. You can refresh an access token by a refresh token.

Request new access token
^^^^^^^^^^^^^^^^^^^^^^^^

Request::

    curl -u 'username:password' http://bf5:8080/api/<api_version>/oauth/token -X POST -H 'Content-Type: application/json' -d '{"grant_type": "password"}'

Will return a JSON document, like this::

    {
        "token_type": "Bearer",
        "access_token": "3ddbe9ba-6a21-4e4d-993b-70556390c5d3",
        "refresh_token": "9bab190f-e211-42aa-917e-20ce987e355e",
        "expires_in": 36000
    }

Where:

* ``token_type`` is the type of the token, **Bearer** is used as default
* ``access_token`` is the token used for further authentication/authorization with others api endpoints
* ``refresh_token`` is the token used to get new access token when the current one has expired
* ``expires_in`` is the duration of time (second) when the access_token would be expired

Refresh an access token
^^^^^^^^^^^^^^^^^^^^^^^

Request::

    curl  -H 'Authorization: Bearer 9bab190f-e211-42aa-917e-20ce987e355e' http://bf5:8080/api/<api_version>/oauth/token -X POST -H 'Content-Type: application/json' -d '{"grant_type": "refresh_token"}'

Will return a JSON document, like this::

    {
        "token_type": "Bearer",
        "access_token": "378f8d5f-2eb5-4181-b632-ad23c4534d32",
        "expires_in": 36000
    }

Where:

* ``access_token`` is the new access token after users issue a refresh

Revoke an access/refresh token
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Request::

    curl -u 'usernam:password' -X DELETE http://bf5:8080/api/<api_version>/oauth/revoke/<token>

Where:

* ``token`` is the access token or refresh token needs to be revoked

Will return a JSON document, like this::

    {
        "ret": "Revoked token."
    }

Authenticate other api endpoint
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Instead of sending raw username, password to request results from other api endpoints which require authentication, use an access token with header ``Authorization: Bearer <token>``

Example::

    curl -H 'Authorization: Bearer 378f8d5f-2eb5-4181-b632-ad23c4534d32' http://bf5:8080/api/<api_version>/execution

Login endpoint
--------------
Get back a cookie for further authentication/authorization with other api endpoints instead of using raw username, password

Request::

   curl -u 'username:password' -c zoe_cookie.txt http://bf5:8080/api/<api_version>/login

Will return a JSON document, like this::

    {
        "role": "admin",
        "uid": "admin"
    }

And a file named zoe_cookie.txt contains the cookie information.

Pass this cookie on each api request which requires authentication.

Example::

    curl -b zoe_cookie.txt http://bf5:8080/api/<api_version>/execution

Note:

- For zoe web interface, we require cookie_based mechanism for authentication/authorization.
- Every unauthorized request will be redirected to **http://bf5:8080/login**
- After successfully login, a cookie will be saved at browser for further authentication/authorization purpose.