How To

Introduction to the Swimlane REST API and Python Driver

background the swimlane platform provides a rest api with numerous endpoints to allow solution developers to harness and extend the platform's automation and orchestration power developers can use any programming tool with an http library/capability or, they can use the python library known as the swimlane driver, a client library that can reduce the effort required to implement custom solutions rest api here's a sample script for connecting to swimlane and creating a new record in a chosen application import requests from urlparse import urljoin s = requests session() \# authenticate host = 'host' base url = 'https //{0}' format(host) creds = {'username' 'username', 'password' 'password'} resp = s post(urljoin(base url, 'api/user/login'), json=creds) json content = resp json() token = json content pop('token', none) headers = { 'authorization' 'bearer {}' format(token) } s headers update(headers) \# retrieve the chosen application resp = s get(urljoin(base url, 'api/app')) apps = resp json() app obj = none for app in apps if app\['name'] == 'event' app obj = app break \# create a new record in the chosen application first find pertinent field id values in order to make correct field value assignments name field id = none msg field id = none for field in app obj\['fields'] if field\['name'] == 'event name' name field id = field\['id'] if field\['name'] == 'event message' msg field id = field\['id'] record = { 'applicationid' app obj\['id'], 'values' { '$type' 'system collections generic dictionary`2\[\[system string, mscorlib],\[system object, mscorlib]], mscorlib', name field id 'demo security event 1', msg field id 'this event is for demonstration purposes' } } result = s post(urljoin(base url, 'api/app/' + app obj\['id'] + '/record'), json=record) print result here is a sample script for fetching an existing record, modifying it, and persisting the changes import requests from urlparse import urljoin import json s = requests session() \# authenticate host = 'host' base url = 'https //{0}' format(host) creds = {'username' 'user', 'password' 'password'} resp = s post(urljoin(base url, 'api/user/login'), json=creds) json content = resp json() token = json content pop('token', none) headers = { 'authorization' 'bearer {}' format(token) } s headers update(headers) \# retrieve the chosen application resp = s get(urljoin(base url, 'api/app')) apps = resp json() app obj = none for app in apps if app\['name'] == 'event' app obj = app break \# find chosen field id msg field id = none for field in app obj\['fields'] if field\['name'] == 'event message' msg field id = field\['id'] break \# retrieve an existing record result = s get(urljoin(base url, 'api/app/' + app obj\['id'] + '/record/tracking/ev1 1')) \#print result rec = result json() \#print json dumps(rec, sort keys=true, indent=4, separators=(",", " ")) \# update the record rec\['values']\[msg field id] = 'i\\'ve been updated!!!' \# persist the alteration to the record result = s put(urljoin(base url, 'api/app/' + app obj\['id'] + '/record/' + rec\['id']), json=rec) print result here is the same script made more optimal by using http patch rather than http put to avoid rest api centric race conditions that can arise when two scripts are attempting to operate on the same record within the same span of time the use of patch reduces the chances of harmful, colliding alterations to the record import requests from urlparse import urljoin import json s = requests session() \# authenticate host = 'host' base url = 'https //{0}' format(host) creds = {'username' 'user', 'password' 'password'} resp = s post(urljoin(base url, 'api/user/login'), json=creds) json content = resp json() token = json content pop('token', none) headers = { 'authorization' 'bearer {}' format(token) } s headers update(headers) \# retrieve the chosen application resp = s get(urljoin(base url, 'api/app')) apps = resp json() app obj = none for app in apps if app\['name'] == 'event' app obj = app break \# find chosen field ids name field id = none msg field id = none tracking field id = none for field in app obj\['fields'] if field\['name'] == 'event name' name field id = field\['id'] if field\['name'] == 'event message' msg field id = field\['id'] if field\['name'] == 'tracking id' tracking field id = field\['id'] \# retrieve an existing record result = s get(urljoin(base url, 'api/app/' + app obj\['id'] + '/record/tracking/ev1 1')) print result rec = result json() \#print json dumps(rec, sort keys=true, indent=4, separators=(",", " ")) \# update the record rec\['values']\[msg field id] = 'i\\'ve been updated!!!' rec\['values'] pop(tracking field id, none) # the patch endpoint will throw error with a 400 response if the tracking id is present as a field value rec\['values'] pop(name field id, none) \#print json dumps(rec, sort keys=true, indent=4, separators=(",", " ")) \# persist the alteration to the record result = s patch(urljoin(base url, 'api/app/' + app obj\['id'] + '/record/' + rec\['id']), json=rec) print result # print result text if you want to see the error message that accompanies an http 400 response swimlane driver the above examples help to convey the power and appeal of the swimlane driver compare the above examples with their driver equivalents below from swimlane import swimlane \# connect swimlane client host = 'host' base url = 'https //{0}' format(host) swimlane = swimlane(base url, 'user', 'password', verify ssl=false) \# retrieve app by name app = swimlane apps get(name='event') \# create new record new record = app records create( { 'event name' 'demo security event 1', 'event message' 'this event is for demonstration purposes' }) and from swimlane import swimlane \# connect swimlane client host = 'host' base url = 'https //{0}' format(host) swimlane = swimlane(base url, 'username', 'password', verify ssl=false) \# retrieve app by name app = swimlane apps get(name='event') \# fetch existing record record = app records get(tracking id='ev1 4') \# modify record record\['event message'] = 'i\\'ve been updated!!!' \# persist the modification record patch() conclusion when authoring python scripts for the swimlane platform follow these guidelines when authoring scripts that will run outside of the platform, use the swimlane driver whenever possible and fall back on the unwrapped rest api when necessary when authoring scripts that will run inside of the platform, use the task api first, and then fall back on the driver and/or rest api when necessary