The Laboperator server offers an extensive HTTP based Application Programming Interface (API). This API is the recommended way of integrating third-party applications with the Laboperator ecosystem.
Who should use the API?
The API is the designated point of integration, for any data exchange with the Laboperator ecosystem. Creating, updating, deleting and querying records can - as far as the application allows - all be done using this REST API. All of the endpoints, however, are passive, so any information needs to be actively requested (pull behavior). To be proactively notified about changes or incoming data (push behavior) please refer to the Webhook feature.
The API uses a set of standards (referenced below) and best practices to make the interaction as easy as possible. Not only are standards a great way of benefitting from the collective experience of a large community that develops these standards, but also for users to rely on a vivid ecosystem of documentation and resources.
Data Exchange Format
The data exchange format is JSON. Some endpoints serve files, such as attachments, in other formats. The response format will always be specified in the response headers.
Starting with version two (v2.x) the API will be fully compliant to the JSON API standard. JSON API is an opinionated standard that specifies how to build JSON based APIs. It defines how message bodies should be formatted for RESTful requests. Head over to their website to find out more. Don't miss out on the large collection of client libraries that the community has produced. They'll help you to get started in the programming language of your choice in no time.
All API endpoints are automatically documented following the Open API specification. This documentation will continuously be improved on our side. You can find the machine-readable documentation of your instance at
- v1: yourhost/api/v1/swagger_doc
- v2: yourhost/api/v2/documentation(.json/.yml)
A human-readable documentation can be generated from these documents. Starting with API v2 the server will provide a human-readable format at 'yourhost/api/v2/documentation'. For API v1, you can ask us to provide you with a respective documentation for your server.
All requests against the API need to be authenticated. We use OAuth 2.0 to implement various authentication strategies. All OAuth strategies lead to an Access Token being issued that need to be included in the headers of API requests. Alternatively, requests will be excepted with valid session cookies. This means that while you are logged in to the web application requests to the API from another browser tab will automatically be authenticated.
To learn more about authenticating against the API click here.