This article contains the following topics:
This article contains the following topics:
Representational State Transfer (REST) is a style of software architecture for distributed hypermedia systems such as the World Wide Web. The CA SDM REST API lets application, integration, and web developers build UIs and applications for devices such as tablet computers and smartphones. Users such as analysts, employees, and customers can then use the UI or application on these devices. For example, application developers can develop a CA SDM UI that lets analysts use devices to update tickets.
The REST API accesses resources by using a Uniform Resource Identifier (URI) -- a character string that identifies a name or resource on the Internet. In CA SDM, resources can be objects such as tickets, assets, contacts, and so on. An application using the REST API makes an HTTP request to a URI and parses the response. Such identification enables interaction with representations of the resource over a network. Each client to server request contains all the information necessary to understand the request, and does not use any stored context on the server.
Developers use the REST API directly to send HTTP requests to the server for the resource they want to manipulate. Developers only need an HTTP client library, which is available with most programming languages. Because the REST API is based on open standards, you can use any Java programming language to access it.
For information about REST HTTP methods, see the REST HTTP Methods.
CA SDM provides REST and SOAP web services APIs. The audience for the REST API is a UI client whereas the audience for the SOAP API is a program. REST services are about resources (manipulating objects, changing object states, exchanging representations, and using nouns rather than verbs). SOAP services are about services (calling methods, using verbs, and doing actions).
REST provides the following advantages over SOAP:
  • REST is lightweight, HTTP-based, and stateless (for scalability).
  • REST supports client bookmarking and caching.
  • REST maintains data contract loosely.
  • REST is easily consumed by front-end technologies such as WEB 2.0 and AJAX.
  • REST supports XML and JSON data formats.
  • REST improves performance.
REST Security
Security uses multiple authentication mechanisms including a custom approach that uses shared secret keys.
The product supports the following security authentication schemes:
  • REST web services secret key authentication (uses SSL and HMAC for login)
  • REST basic authentication (clear text encoded username/password)
  • REST BOPSID authentication (validates CA SDM BOPSIDs)
  • External (CA EEM) artifact authentication (CA EEM artifact token)
CA SDM Secret Key Authentication
The CA SDM Secret Key authentication is a process that verifies the following:
  • The identity of the request sender.
  • That the sender is a registered user.
Secret Key authentication requires that each request includes information about the identity of the request sender. The request must also include additional information that CA SDM can use to verify the authenticity of the user. When the request passes this verification test, the request is determined to be authentic. During authentication for an Access Key request, CA SDM secret authentication does the following:
  1. Assigns an access key to a client. The access key identifies the client responsible for a request and uses the CA SDM session ID as the key value. Because an access key is sent as a request parameter, it is not secret. Anyone sending a request to CA SDM can use the request parameter, therefore, a secret key is needed.
  2. Assigns a secret key. A secret key is a 40-character alphanumeric sequence dynamically generated by CA SDM during login. The product encrypts this secret key before storing it in the database.
  3. Uses client-provided information (a request signature using the secret key) to identify the client and verify that the request is legitimate. This additional information protects users from impersonation and demonstrates possession of a shared secret known only to CA SDM and the sender of the request.