Getting Started

Introduction

The CX API documentation is broken into several sections to provide necessary information and examples. This page provides general knowledge about the CX API, authentication and the general response structure including error responses. 

Other Pages

File API: How to browse and manipulate a user or group's file tree.  

Transport API: How to upload and download files from CX.

User API: How to interact with user account data like "view profile"

Authentication

The CX API uses the three-step OAuth 2.0 authentication process for granting your application access to a user's data via an access token. Your application must never ask for or store the user's CX credentials - only the access token for the user.  

1. Redirect the user to the Authorization Page.

Send the user to our Authorization Page. On this page users will be given the opportunity to log in if they are not already

https://www.cx.com/mycx/oauth/authorize?client_id=[CLIENT_ID]&redirect_uri=[RedirectURI]

Note: the RedirectURI must be secure [ https ] - not http.
Note: the accept header must be set to: 'application/json' 

2. User approves your application.

Users are asked if they want to grant your application access. Once the user approves your application, they will be redirected to your RedirectURI with the Authorization Code in the code url parameter.

Example:

https://[yourapp.com/somePath]?auth_code=hn2wkyxqu2ab8uhv2zvhpfxz

If the user choses to deny authorization for your application, they are redirected to your RedirectURI with the url parameter deny set to true.

Example: 

https://[yourapp.com/somePath]?deny=true

3. Request the access_token for the user's account. 

With the Authorization Code, your application makes a request to CX for the access_token. 

curl -v -H "Authorization: Basic <base64 encoded CLIENT_ID:CLIENT_SECRET>" -d "grant_type=authorization_code&code=[AUTH_CODE]&redirect_uri=[RedirectURI]" 'https://api.cx.com/1/oauth/token'

Things to note:

  • The RedirectURI must be your same redirect uri from the authentication
  • You must POST the parameters
  • You must set the Authorization information in the Header of your request
  • The Content-Type must be multipart/form-data 

Example Request using curl:

auth_code=YOUR_AUTH_CODE
redirect=YOUR_REDIRECT_URI
client_id=YOUR_CLIENT_ID
client_secret=YOUR_CLIENT_SECRET  
secret=`echo "${client_id}:${client_secret}" | base64`

curl -v -H "Authorization: Basic ${secret}" \
   -d "grant_type=authorization_code&code=${auth_code}&redirect_uri=${redirect}" \
   'https://api.cx.com/1/oauth/token'

Example Request using Python:

import requests
import base64

#Your auth code from step 2   
auth_code=YOUR_AUTH_CODE

#Your Redirect URI, which must be the same as in in the Authorization step 
redirect=YOUR_REDIRECT_URI

#your Application API Key 
client_id=YOUR_CLIENT_ID

#Your Shared Secret  
shared_secret=YOUR_CLIENT_SECRET  

#need to set the header value for Authorization 
headers = {'Authorization': 'Basic ' + secret}

#create a dictionary for the form post elements  
tokenPayload = {'grant_type': 'authorization_code', 'code':auth_code, 'redirect_uri':redirect}

#set the url of the token request 
url = 'https://api.cx.com/1/oauth/token'

#using python requests object, post to the url with the dictionary value and headers 
r = requests.post(url, headers=headers, data=tokenPayload)


Example Response:

{"return_type":"json","access_token":"[Access Token]","token_type":"bearer"}

Unless otherwise specified, all requests will require the access_token parameter. 

API Requests

All data sent to and from CX must be over SSL

Requests will generally take the following format:

https://[subdomain].cx.com/[API Version]/[Resource]/[Method]?[URL Parameters]

Example:

https://api.cx.com/1/users/self?access_token=UserSpecificSecretAccessToken

There are two different CX subdomains that you will need to use as a client:

  • api.cx.com - Used for everything except upload/download.
  • data.cx.com - Used for upload/download.

The [API Version]  is currently 1

Important Types

UUID

Nearly all objects returned by CX will contain a UUID. These are always 22 character case-sensitive strings that may be referenced as UUID or ID. 

File Path

A complete path and filename to a file

  • Must be URL encoded
  • May contain UTF8 characters
  • Files and folder names are limited to 255 characters (This is also the  limit on OSX and Windows)

Is comprised of two parts as follows:

[UserUUID]:[/path/to/file]
-or- 
[GroupUUID]:[/path/to/file]
-or-
self:[/path/to/file]

Examples:

l6hkZxxCEeGQ1BIBPQhmWA:%2Fphotos%2F2353.jpg
-or- 
self:%2Fphotos%2F2353.jpg

UUID Path

An object UUID path will show up in a few places as a convenient way of accessing data. This is defined as follows

[UserUUID]:[ObjectUUID]
[GroupUUID]:[ObjectUUID]

Example:

l6hkZxxCEeGQ1BIBPQhmWA:ZdvTGn0mEeG34xIFOBql1A

API Responses

Error Handling

Every HTTP response by the server contains a JSON object in the body. A 200 response status code that is not accompanied with a valid JSON body is an error, and should be treated exactly the same as a status code 500.

In the case of an error, the client will recieve a non-200 status code and a JSON response of the following format: 

{
  errorType : "error type string",
  message : "high-level message"
}

And an example would be:

{
  "errorType":"AccessDenied",
  "message": "User does not have access to resource"
}

Status Codes

HTTP Status Code Meaning Within CX
200 OK
4xx  Indicates a problem with the request. 
5xx  Internal server error. The can retry the request.

Common Error Types

Some typical global errors:

  1. AccessDenied
  2. SuspendedAccount
  3. BadAuthToken

version 43 as of 10 months ago by Will Lowrey