Skip to content
Getting Started
/
/
/
Request/Refresh an access...

API Endpoint Reference (1.0)

Tenovos offers a REST API for partner and customer integrations. This API provides a RESTful endpoint, token-based authorization, HTTP methods for operations, and JSON-formatted payloads. Use this API to incorporate Tenovos functionality into your own application.

This API is up-versioned when a breaking change is introduced such as

  • a change in the format of the response data for one or more calls
  • a change in the request or response type (i.e. changing an integer to a float)
  • removing any part of the API.

This API is not up-versioned for non-breaking changes such as

  • new endpoints
  • new response parameters
  • new optional request parameters
Find out more about Tenovos
Download OpenAPI description
v1.json
v1.yaml
Overview
E-mail
product@tenovos.com
License
Tenovos Active Story Management
Terms of Service
Languages
Servers
https://enterprise.services.tenovos.io/content-store-v1
https://enterprise-2.services.tenovos.io/content-store-v1
https://enterprise3.services.tenovos.io/content-store-v1
https://enterprise-4.services.tenovos.io/content-store-v1

Action Operations

Invoke the Action API to retrieve information about invoked Actions.

Operations

Asset Operations

Invoke the Asset API to create, retrieve, manipulate, and share Assets. This API also provides operations to manage Asset relationships and download Asset content.

Operations

Authentication Operations

Invoke the Authentication API to generate, refresh, and revoke access tokens. An access token is required to perform any authorized API operation.

Operations

Request/Refresh an access token.

Request

Use this operation to request an access token to perform other API operations that require authorization.

The authentication response includes an accessToken which is used as the AccessToken request header when performing any authenticated operation.

This operation will also accept the previous authentication response as the request payload to return a refreshed access token. The access token expires after 1 hour and must be refreshed after expiration, using the included refreshToken. The refresh token can be used for up to 30 days to request new access tokens, or until the refresh token is revoked. Once the refresh token expires or is revoked, the user credentials must be provided again to generate a new access token and refresh token.

Security
BasicAuth and ApiKeyAuth
Headers
X-API-Keystringrequired

Customer-specific API key required to invoke API.

Content-Typestringrequired
Value"application/json"
Bodyapplication/jsonrequired

The Request Body must be a JSON-formatted string.

The following parameters are required to request an access token:

  • clientId
  • username
  • password

The following parameters are required to refresh the access token:

  • accessToken
  • refreshToken
clientIdstring

Use in new token request

usernamestring

Use in new token request

passwordstring

Use in new token request

sessionobject(AuthRequest_session)

Use this to refresh token

curl -i -X POST \
  -u <username>:<password> \
  https://enterprise.services.tenovos.io/content-store-v1/auth/token \
  -H 'Content-Type: application/json' \
  -H 'X-API-Key: YOUR_API_KEY_HERE' \
  -d '{
    "username": "user@co.com",
    "password": "XXXX",
    "clientId": "123355543"
  }'

Responses

Successful operation

Bodyapplication/json
endpointUrlstring
Example: "https://endpoint.url/v1"
clientIdstring
Example: "12345abc"
userPoolIdstring
Example: "us-east-1_123456789"
usernamestring
Example: "username"
passwordstring
Example: ""
sessionobject(AuthResponse_session)
Response
application/json
{
  "endpointUrl": "https://endpoint.url/v1",
  "clientId": "12345abc",
  "userPoolId": "us-east-1_123456789",
  "username": "username",
  "password": "",
  "session": {
    "authorization": "eyJraWQiOiJqQWNzNDFBdFBEcXdKTVN6Y0dzV01SNFR0T3hETDhcL3dtOW9qQ0JOWVdqcz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJhdWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjEzNzUyODE3LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9PU2dRdlRhVEEiLCJjb2duaXRvOnVzZXJuYW1lIjoiamVmZiIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJlbWFpbCI6ImplZmZAdGVub3Zvcy5jb20ifQ.kzu1AddXc-HIopmmsxnnXjDiKXhOLox6P2Hx5HCg0gzupbjW9hjbMWVl0NIZRgrLJIEkYjTl9zRUre_QpiJdeVdluMVPLi6OfMUy8XskeqrOAUFDr3nqrkt99uR-LSrVd_hI8NSGvRPXEcWXV6A35Nq8_xZ8tHHlWEanGhtNcEPzgWa1JU1LdQPDCtixgwQGhroevX2TByGC_yfbimn9l5JeveQGyWKNIfvUPR9zLu2g8bPgCzCUroNWU1QRh1o-p1-8lMVwyROl3mIiCfSTo_QwtLArcFTJi5MyMsWCwWHXV",
    "refreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.jkuKuQVDhGxbX04I3iczTCioh9ah2MA90YkOcY7DTyLS94XCvS_JpOhUSHhk70uM_ZNxLCU00OtahFm7Ktc-Zw_21qjuA40yf9Uf0KcQok5DEbv-9-_j8F4PAdChaS8Cok_-SjUoZmbiIgC-uF601vcczTHgC2SLs4FiOubdc-3tVjQrt6sf0k_W3cBBR-ajbYrDYMdHiJGEtetod88bO1WYJlSWhSddHXkjWOYE0-x3flkDswYJkEq1FKpc1lgqaeoVGShJ90H4S9Yj_FS9vHd0Yq8pwOUkCjIr_P3xFK4d9pRtEc35gkQ3QMbE1Nx93srzUx2rkI75_J2Hf3IltA.jlAjOx1FRapys-J-.YfjwTEQMsnp1wPXkKab_NvA_6lZp15ur2zNUEuX0NqC4hfQ6kbzzQXOl_nLujNwLI8YqqNgLni3l4Eu-luxHDCM2fHvjVaL6_ULJ9VThkBlkJYmxFQZX8c20EPWa1IBH630EPKslFNwPgYT113",
    "accessToken": "eyJraWQiOiJITk5BbmN6bW1NajFaMUlGNXE3SXdzM3RvbE1QWnFYRjBWVFVzUGQyTnc4PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2MTM3NTI4MTcsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX09TZ1F2VGFUQSIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJqdGkiOiI3NWJjZWYzZi03Njg3LTQ5MjgtOTY2Zi05MzM0MmQ0MjFmYjkiLCJjbGllbnRfaWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwidXNlcm5hbWUiOiJqZWZmIn0.COepDhay_VaqCHJwNOT",
    "expireEpoch": 1546300800000
  }
}

Expire an access token.

Request

Expire an access token before the token's expiration date and revoke access to the system.

Access tokens normally expire within an hour. This operation expires an access token upon request so that the token may no longer be used for future operations.

The Request Body must be a JSON object.
The following parameters are required to expire the access token:

{  
  "endpointUrl": "URL",  
  "clientId": "string",  
  "userPoolId": "string",
  "username": "string",
  "password": "string",
  "session":
  {
    "accessToken": "string",
    "refreshToken": "string",
    "authorization": "string"
  }
}
Security
ApiKeyAuth or BasicAuth
Headers
X-API-Keystringrequired

Customer-specific API key required to invoke API.

AccessTokenstringrequired

Provided by Authentication Token creation operation.

Content-Typestringrequired
Value"application/json"
curl -i -X DELETE \
  https://enterprise.services.tenovos.io/content-store-v1/auth/token \
  -H 'AccessToken: string' \
  -H 'Content-Type: application/json' \
  -H 'X-API-Key: YOUR_API_KEY_HERE'

Responses

Successful operation

Bodyapplication/json
endpointUrlstring
Example: "https://endpoint.url/v1"
clientIdstring
Example: "12345abc"
userPoolIdstring
Example: "us-east-1_123456789"
usernamestring
Example: "username"
passwordstring
Example: ""
sessionobject(AuthResponse_session)
Response
application/json
{
  "endpointUrl": "https://endpoint.url/v1",
  "clientId": "12345abc",
  "userPoolId": "us-east-1_123456789",
  "username": "username",
  "password": "",
  "session": {
    "authorization": "eyJraWQiOiJqQWNzNDFBdFBEcXdKTVN6Y0dzV01SNFR0T3hETDhcL3dtOW9qQ0JOWVdqcz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJhdWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjEzNzUyODE3LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9PU2dRdlRhVEEiLCJjb2duaXRvOnVzZXJuYW1lIjoiamVmZiIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJlbWFpbCI6ImplZmZAdGVub3Zvcy5jb20ifQ.kzu1AddXc-HIopmmsxnnXjDiKXhOLox6P2Hx5HCg0gzupbjW9hjbMWVl0NIZRgrLJIEkYjTl9zRUre_QpiJdeVdluMVPLi6OfMUy8XskeqrOAUFDr3nqrkt99uR-LSrVd_hI8NSGvRPXEcWXV6A35Nq8_xZ8tHHlWEanGhtNcEPzgWa1JU1LdQPDCtixgwQGhroevX2TByGC_yfbimn9l5JeveQGyWKNIfvUPR9zLu2g8bPgCzCUroNWU1QRh1o-p1-8lMVwyROl3mIiCfSTo_QwtLArcFTJi5MyMsWCwWHXV",
    "refreshToken": "eyJjdHkiOiJKV1QiLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAifQ.jkuKuQVDhGxbX04I3iczTCioh9ah2MA90YkOcY7DTyLS94XCvS_JpOhUSHhk70uM_ZNxLCU00OtahFm7Ktc-Zw_21qjuA40yf9Uf0KcQok5DEbv-9-_j8F4PAdChaS8Cok_-SjUoZmbiIgC-uF601vcczTHgC2SLs4FiOubdc-3tVjQrt6sf0k_W3cBBR-ajbYrDYMdHiJGEtetod88bO1WYJlSWhSddHXkjWOYE0-x3flkDswYJkEq1FKpc1lgqaeoVGShJ90H4S9Yj_FS9vHd0Yq8pwOUkCjIr_P3xFK4d9pRtEc35gkQ3QMbE1Nx93srzUx2rkI75_J2Hf3IltA.jlAjOx1FRapys-J-.YfjwTEQMsnp1wPXkKab_NvA_6lZp15ur2zNUEuX0NqC4hfQ6kbzzQXOl_nLujNwLI8YqqNgLni3l4Eu-luxHDCM2fHvjVaL6_ULJ9VThkBlkJYmxFQZX8c20EPWa1IBH630EPKslFNwPgYT113",
    "accessToken": "eyJraWQiOiJITk5BbmN6bW1NajFaMUlGNXE3SXdzM3RvbE1QWnFYRjBWVFVzUGQyTnc4PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2MTM3NTI4MTcsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX09TZ1F2VGFUQSIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJqdGkiOiI3NWJjZWYzZi03Njg3LTQ5MjgtOTY2Zi05MzM0MmQ0MjFmYjkiLCJjbGllbnRfaWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwidXNlcm5hbWUiOiJqZWZmIn0.COepDhay_VaqCHJwNOT",
    "expireEpoch": 1546300800000
  }
}

Impersonate a given user.Deprecated

Request

Use this operation to request an access token to perform other API operations that require authorization.

The authentication response includes an accessToken which is used as the AccessToken request header when performing any authenticated operation.

This operation will also accept the previous authentication response as the request payload to return a refreshed access token. The access token expires after 1 hour and must be refreshed after expiration, using the included refreshToken. The refresh token can be used for up to 30 days to request new access tokens, or until the refresh token is revoked. Once the refresh token expires or is revoked, the user credentials must be provided again to generate a new access token and refresh token.

Security
ApiKeyAuth or BasicAuth
Headers
X-API-Keystringrequired

Customer-specific API key required to invoke API.

Authorizationstringrequired

Provided by Authentication Token creation operation

AccessTokenstringrequired

JWT token provided by Authentication Token creation operation.

Content-Typestringrequired
Value"application/json"
Bodyapplication/jsonrequired

The Request Body must be a JSON-formatted string.

The following parameters are required to request an access token:

  • username

  • The credentials obtained after invoking this API will not be able to refresh tokens

usernamestring

Use in new token request

curl -i -X POST \
  https://enterprise.services.tenovos.io/content-store-v1/auth/impersonate \
  -H 'AccessToken: string' \
  -H 'Authorization: string' \
  -H 'Content-Type: application/json' \
  -H 'X-API-Key: YOUR_API_KEY_HERE' \
  -d '{
    "username": "user-name"
  }'

Responses

Successful operation

Bodyapplication/json
endpointUrlstring
Example: "https://endpoint.url/v1"
clientIdstring
Example: "12345abc"
userPoolIdstring
Example: "us-east-1_123456789"
usernamestring
Example: "username"
passwordstring
Example: ""
sessionobject(ImpersonateResponse_session)
Response
application/json
{
  "endpointUrl": "https://endpoint.url/v1",
  "clientId": "12345abc",
  "userPoolId": "us-east-1_123456789",
  "username": "username",
  "password": "",
  "session": {
    "authorization": "eyJraWQiOiJqQWNzNDFBdFBEcXdKTVN6Y0dzV01SNFR0T3hETDhcL3dtOW9qQ0JOWVdqcz0iLCJhbGciOiJSUzI1NiJ9.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJhdWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImlkIiwiYXV0aF90aW1lIjoxNjEzNzUyODE3LCJpc3MiOiJodHRwczpcL1wvY29nbml0by1pZHAudXMtZWFzdC0xLmFtYXpvbmF3cy5jb21cL3VzLWVhc3QtMV9PU2dRdlRhVEEiLCJjb2duaXRvOnVzZXJuYW1lIjoiamVmZiIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJlbWFpbCI6ImplZmZAdGVub3Zvcy5jb20ifQ.kzu1AddXc-HIopmmsxnnXjDiKXhOLox6P2Hx5HCg0gzupbjW9hjbMWVl0NIZRgrLJIEkYjTl9zRUre_QpiJdeVdluMVPLi6OfMUy8XskeqrOAUFDr3nqrkt99uR-LSrVd_hI8NSGvRPXEcWXV6A35Nq8_xZ8tHHlWEanGhtNcEPzgWa1JU1LdQPDCtixgwQGhroevX2TByGC_yfbimn9l5JeveQGyWKNIfvUPR9zLu2g8bPgCzCUroNWU1QRh1o-p1-8lMVwyROl3mIiCfSTo_QwtLArcFTJi5MyMsWCwWHXV",
    "refreshToken": "",
    "accessToken": "eyJraWQiOiJITk5BbmN6bW1NajFaMUlGNXE3SXdzM3RvbE1QWnFYRjBWVFVzUGQyTnc4PSIsImFsZyI6IlJTMjU2In0.eyJzdWIiOiI0ZmUwZTVhZi0yMjU1LTRiZDUtYjAwYS0yM2FkMTIxZTA2ZjIiLCJldmVudF9pZCI6IjQ1YWI3YzJjLTJjYWUtNDE2MS1hYmE4LWMyMmIxZmQ5NGViYyIsInRva2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiYXdzLmNvZ25pdG8uc2lnbmluLnVzZXIuYWRtaW4iLCJhdXRoX3RpbWUiOjE2MTM3NTI4MTcsImlzcyI6Imh0dHBzOlwvXC9jb2duaXRvLWlkcC51cy1lYXN0LTEuYW1hem9uYXdzLmNvbVwvdXMtZWFzdC0xX09TZ1F2VGFUQSIsImV4cCI6MTYxMzc1NjQyMCwiaWF0IjoxNjEzNzUyODIwLCJqdGkiOiI3NWJjZWYzZi03Njg3LTQ5MjgtOTY2Zi05MzM0MmQ0MjFmYjkiLCJjbGllbnRfaWQiOiI3c201amlsZG5iZnJyOGNncTNrZWRpZW83IiwidXNlcm5hbWUiOiJqZWZmIn0.COepDhay_VaqCHJwNOT",
    "expireEpoch": 1546300800000
  }
}

Collection Operations

Invoke the Collection API to create, retrieve, edit, and delete Collections. Collections are used to group and catalog related Assets for quick access and consumption. Collections can be configured as:

  • private: Visible only to the user who created the Collection.
  • secured: Visible to shared users with permission.

When retrieving the Assets within a Collection, the requesting user will only see the Assets that the user has access to view. For example, a librarian may see all Assets within a Collection, but a general consumer user may only see a portion of those Assets, due to limited security access.

Operations

Customer Operations

Invoke the Customer API to retrieve Customer account profile information.

Operations

Metadata Operations

Invoke the Metadata API to retrieve Metadata Template to be applied to Assets during Asset creation. A Metadata Template defines a set of Metadata Attributes of varying types, including Text, Date, Controlled Vocabulary, Tabular, and Cascading Attributes. When a Metadata Template is assigned to a new Asset, the corresponding Metadata Attributes will be available for population on the Asset.

Operations

Search Operations

Search for Collections by Collection name.

Perform Asset searches using keywords or Attribute-specific search terms using the Keyword Search endpoint.

Perform a scan on all assets based on search criteria using a cursor to page through the entire result set of assets.

Operations

Security Operations

Invoke the Metadata API to retrieve Security Template information to be applied to Assets during Asset creation or edit.

Operations

User Operations

Invoke the User API to retrieve User profile information.

Operations

Proof Operations

Operations

Cart Operations

Operations