API

The API provides access to the basic features and allows you to integrate Passwork in your infrastructure or develop your own client.

General

1. Data is sent by HTTP POST requests
2. API End Point — http://ah-hah.com/api2/
3. API uses JSON format
4. We strongly recommend to use an HTTPS connection

Libs

1. Javascript API Connector
2. .Net API Connector

Server reply

{
    'response' : { ... },
    'errorCode' : '...',
    'errorMessage' : '...'
}
                    

In case of an error, response is false.

All further examples relate to response field.

Open session

/api2/openSession

Creates a new session. Returns a session code, which has to be passed with each request. The session is automatically expired each few minutes.

Parameters:

email
User e-mail (login)

password
Authorization password

Server reply:

Success

{
    'code' : '...', // session code
    'hash' : '...'  // md5 hash of a master password
}
                    

Field сode has to be passed with each further request to the API.
Field hash helps to check if the master password is correct.

Errors:

response = false

Wrong login or password.

errorCode = ban

User is banned due to repeated failed attempts to open a new session.

Get data

/api2/getData

Gets all passwords

Parameters:

session
Session code

Server reply:

Data

{
    'user' : '...', // user id
    'groups' : [{  // array of vaults
        'id' : '...', // vault id
        'name' : '...', // vault name
        'passwordCrypted' : '...',  // encrypted vault invitation code
        'folders' :[{  // array of folders
            'id' : '...',  // folder id
            'name' : '...', // folder name
            'passwords' : [{ // array of passwords
                'id' : '...', // password id
                'categoryId' : '...', // folder id
                'groupId' : '...', // vault id
                'name' : '...', // password name
                'login' : '...',
                'url', : '...',
                'description' : '...',
                'cryptedPassword' : '...', // encrypted password
                }]
            }]
        }],
        'passwords' : [{ // array of passwords
            'id' : '...', // password id
            'categoryId' : '...', // folder id
            'groupId' : '...', // vault id
            'name' : '...', // password name
            'login' : '...',
            'url', : '...',
            'description' : '...',
            'cryptedPassword' : '...', // encrypted password
            }]
        }]
}
                    

Errors:

{
    'response' : false,
    'errorCode' : 'expired',
    'errorMessage' : 'Session expired'
}
                    

Session is expired. Needs opening a new session using openSession.

Update and insert

These API functions are in testing stage and will be published soon.

Example

1. Open a new session using openSession
2. Load all data using getData
3. Ask user for the master password
4. Decrypt vault invitation code (using the master password) groups[X].passwordCrypted
5. Decrypt data (using vault invitation code) groups[X].folders[Y].passwords[Z].cryptedPassword