Admin API Overview
Many classes have shortcut names used when creating (instantiating) a class with a
configuration object. The shortcut name is referred to as an alias (or xtype if the
class extends Ext.Component). The alias/xtype is listed next to the class name of
applicable classes for quick reference.
Framework classes or their members may be specified as private or protected. Else,
the class / member is public. Public, protected, and private are access
descriptors used to convey how and when the class or class member should be used.
Public classes and class members are available for use by any other class or application code and may be relied upon as a stable and persistent within major product versions. Public classes and members may safely be extended via a subclass.
Protected class members are stable public members intended to be used by the
owning class or its subclasses. Protected members may safely be extended via a subclass.
Private classes and class members are used internally by the framework and are not intended to be used by application developers. Private classes and members may change or be omitted from the framework at any time without notice and should not be relied upon in application logic.
static label next to the
method name. *See Static below.Below is an example class member that we can disect to show the syntax of a class member (the lookupComponent method as viewed from the Ext.button.Button class in this case).
Let's look at each part of the member row:
lookupComponent in this example)( item ) in this example)Ext.Component in this case). This may be omitted for methods that do not
return anything other than undefined or may display as multiple possible values
separated by a forward slash / signifying that what is returned may depend on the
results of the method call (i.e. a method may return a Component if a get method calls is
successful or false if unsuccessful which would be displayed as
Ext.Component/Boolean).PROTECTED in
this example - see the Flags section below)Ext.container.Container in this example). The source
class will be displayed as a blue link if the member originates from the current class
and gray if it is inherited from an ancestor or mixed-in class.view source in the example)item : Object in the example).undefined a "Returns" section
will note the type of class or object returned and a description (Ext.Component in the
example)Available since 3.4.0 - not pictured in
the example) just after the member descriptionDefaults to: false)The API documentation uses a number of flags to further commnicate the class member's function and intent. The label may be represented by a text label, an abbreviation, or an icon.
classInstance.method1().method2().etc();false is returned from
an event handler- Indicates a framework class
- A singleton framework class. *See the singleton flag for more information
- A component-type framework class (any class within the Ext JS framework that extends Ext.Component)
- Indicates that the class, member, or guide is new in the currently viewed version
- Indicates a class member of type config
- Indicates a class member of type property
- Indicates a class member of type
method
- Indicates a class member of type event
- Indicates a class member of type
theme variable
- Indicates a class member of type
theme mixin
- Indicates that the class, member, or guide is new in the currently viewed version
Just below the class name on an API doc page is a row of buttons corresponding to the types of members owned by the current class. Each button shows a count of members by type (this count is updated as filters are applied). Clicking the button will navigate you to that member section. Hovering over the member-type button will reveal a popup menu of all members of that type for quick navigation.
Getting and setter methods that correlate to a class config option will show up in the methods section as well as in the configs section of both the API doc and the member-type menus just beneath the config they work with. The getter and setter method documentation will be found in the config row for easy reference.
Your page history is kept in localstorage and displayed (using the available real estate) just below the top title bar. By default, the only search results shown are the pages matching the product / version you're currently viewing. You can expand what is displayed by clicking on the button on the right-hand side of the history bar and choosing the "All" radio option. This will show all recent pages in the history bar for all products / versions.
Within the history config menu you will also see a listing of your recent page visits. The results are filtered by the "Current Product / Version" and "All" radio options. Clicking on the button will clear the history bar as well as the history kept in local storage.
If "All" is selected in the history config menu the checkbox option for "Show product details in the history bar" will be enabled. When checked, the product/version for each historic page will show alongside the page name in the history bar. Hovering the cursor over the page names in the history bar will also show the product/version as a tooltip.
Both API docs and guides can be searched for using the search field at the top of the page.
On API doc pages there is also a filter input field that filters the member rows
using the filter string. In addition to filtering by string you can filter the class
members by access level and inheritance. This is done using the checkboxes at the top of
the page. Note that filtering out private members also filters the API class
navigation tree.
Clicking on an empty search field will show your last 10 searches for quick navigation.
Each API doc page (with the exception of Javascript primitives pages) has a menu view of metadata relating to that class. This metadata view will have one or more of the following:
Ext.button.Button class has an alternate class name of Ext.Button). Alternate class
names are commonly maintained for backward compatibility.Runnable examples (Fiddles) are expanded on a page by default. You can collapse and expand example code blocks individually using the arrow on the top-left of the code block. You can also toggle the collapse state of all examples using the toggle button on the top-right of the page. The toggle-all state will be remembered between page loads.
Class members are collapsed on a page by default. You can expand and collapse members using the arrow icon on the left of the member row or globally using the expand / collapse all toggle button top-right.
Viewing the docs on narrower screens or browsers will result in a view optimized for a smaller form factor. The primary differences between the desktop and "mobile" view are:
The class source can be viewed by clicking on the class name at the top of an API doc page. The source for class members can be viewed by clicking on the "view source" link on the right-hand side of the member row.
Sencha Web Application Manager Public Admin API is a REST based application program interface that provides a developer with programmatic access to administration interface, and could be used to help manage security, mobility, and app deployment in your environment.
Sencha Web Application Manager Public Admin API is a REST based API, using HTTPS POST and a custom keyed-HMAC (Hash Message Authentication Code) for authentication.
Public Admin API is exposed as a list of Web Services, each of them provides a number of methods. These methods are used as a final endpoints.
When accessing Sencha Web Application Manager Public Admin API using REST, submit all your
requests to https://api.space.sencha.com/json.rpc
using POST operation. Make sure your request has proper 'Date' HTTP header in RFC 1123 Time Format.
The following items must be provided in JSON format in your request:
Request example:
{
id : 1,
auth : '7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=',
service : 'org',
method : 'update',
params : { name : 'My org' },
signature : 'qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc='
}
Given the above, HTTPS request will look like:
POST /json.rpc HTTP/1.1
Host: api.space.sencha.com
Cache-Control: max-age=0,
Content-Type: application/json,
Date: Mon, 14 Jul 2014 23:23:57 GMT
{id:1,auth:'7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=',service:'org',method:'update',params:{name:'My org'},signature: 'qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc='}
Bulk requests are also supported, which means that you could send multiple API requests in single HTTPS POST request:
POST /json.rpc HTTP/1.1
Host: api.space.sencha.com
Cache-Control: max-age=0,
Content-Type: application/json,
Date: Mon, 14 Jul 2014 23:23:57 GMT
[{id:1,auth:'7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=',service:'org',method:'update',params:{name:'My org'},signature: 'qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc='},{id:2,auth:'7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=',service:'org',method:'get',params:{},signature: 'hMpd0Iko1eq0mQhz4nXEu+jl4UGOTE29hlANLQv8R1A='}]
When accessing Sencha Web Application Manager Public Admin API, you must provide an API Key (auth) and request Signature. In order to calculate Signature, you first concatenate elements of the request to form a string. You then use your secret access key to calculate the HMAC of that string. Finally, you add this signature as a parameter of the request by using the syntax described in previous section.
API Key & API Secret can be obtained via administration application: https://manage.sencha.com/#settings/api
When the system receives an authenticated request, it fetches the secret access key that you claim to have and uses it in the same way to compute a signature for the message it received. It then compares the signature it calculated against the signature presented by the requester. If the two signatures match, the system concludes that the requester must have access to the secret access key and therefore acts with the authority of the principal to whom the key was issued. If the two signatures do not match, the request is dropped and the system responds with an error message.
Following are the general steps for request signing:
Request signing example in node.js:
var crypto = require('crypto');
var request = {
id : 1,
auth : '7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=', // This is your API Key
service : 'org',
method : 'update',
params : { name : 'My org' }
}
var date = new Date().toUTCString(); // Don't forget to use this date in 'Date' HTTP header during request
var string_to_sign = '7Uh4KVwqVcsXXmyty/KnIc/h8GBw40SdUU1wrH+3Hhw=|org|update|'+ JSON.stringify(request.params)+'|'+date;
request.signature = crypto.createHmac('sha256', API_SECRET_KEY).update(string_to_sign).digest('base64');
Response is a JSON formatted string which contains results of execution of method in certain service which are specified in request. Response consists of:
Response example:
{
"result": {
"visits": 0,
"users": 1,
"groups": 0,
"apps": 14,
"devices": 0
},
"id": 42
}
In case of bulk request response is an array:
[{
"result": [1,0],
"id": 43
},
{
"result": [0,0],
"id": 44
},
{
"result": {
"total": 0,
"items": []
},
"id": 45
}]
When the Public Admin API returns error messages, it does so in JSON format as well. The following items are provided in error object:
Likewise, error object consists of:
Error response example:
{
"error": {
"param": "password",
"code": -32001,
"message": "Incorrect email or password, please try again"
},
"id": 1
}
In addition to descriptive error text, error messages contain machine-parseable codes. While the text for an error message may change, the codes will stay the same. The following table describes the codes which may appear when working with the API:
| Code | Description |
|---|---|
| -32001 | Invalid request parameter |
| -32002 | Invalid email validation token |
| -32003 | Expired email validation token |
| -32086 | Ivalid emails in invitation list |
| -32087 | UI customization is forbidden |
| -32088 | Import concurrency error |
| -32089 | Access to VPN is forbidden |
| -32090 | Advanced authentication is forbidden |
| -32091 | Max user qouta was reached |
| -32092 | Max app qouta was reached |
| -32093 | This device was remotely wiped by an administrator |
| -32094 | Max device quota was reached |
| -32095 | Authentication token expired |
| -32096 | Authentication token revoked |
| -32097 | This device was remotely blocked by an administrator |
| -32098 | Access for this user was revoked by an administrator |
| -32099 | User is not authorized to perform specified action |
Sencha Web Application Manager 6.0.0 | Terms of Use