=== modified file 'src/docbkx/en/dhis2_user_man_web_api.xml' --- src/docbkx/en/dhis2_user_man_web_api.xml 2012-03-20 20:23:52 +0000 +++ src/docbkx/en/dhis2_user_man_web_api.xml 2012-03-21 13:59:25 +0000 @@ -26,25 +26,26 @@ Example: Sending data values A common use-case for system integration is the need to send a set of data values from a third-party system into DHIS. In this example we will use the DHIS 2 demo on as basis and we recommend that you follow the provided links with a web browser while reading (log in with admin/district as username/password). We assume that we have collected case-based data using a simple software client running on mobile phones for the Mortality <5 years data set in the community of Ngelehun CHC (in Badjia chiedom, Bo district) for the month of January 2012. We have now aggregated our data into a statistical report and want to send that data to the national DHIS 2 instance. The entry point for the Web API running on the demo instance is . The entry point provides a convenient HTML page with links to all of the available resources in the Web API. The resource which is most appropriate for our purpose of sending data values is the dataValueSets resource. A data value set represents a set of data values which have a logical relationship, usually from being captured off the same data entry form. We follow the link to the HTML representation which will take us to . The default representation is a HTML page which provides us with useful instructions on how to interact with this resources. It tells us that we can use the POST verb to send values using a XML format defined by the http://dhis2.org/schema/dxf/2.0 namespace: - <dataValueSet xmlns="http://dhis2.org/schema/dxf/2.0" period="periodISODate" dataSet="dataSetID" orgUnit="orgUnitID"> + <dataValueSet xmlns="http://dhis2.org/schema/dxf/2.0" period="periodISODate" dataSet="dataSetID" orgUnit="orgUnitID"> <dataValue dataElement="dataElementID" value="1" /> <dataValue dataElement="dataElementID" value="2" /> <dataValue dataElement="dataElementID" value="3" /> -</dataValueSet> +</dataValueSet> Note: We have omitted the categoryOptionCombo attribute as it is optional and not needed for this example. From the example we can see that we need to identify the period, the data set, the org unit (facility) and the data elements for which to report. The dataValueSets resource description tells us that the identifier for monthly periods should be on the format yyyyMM which means that we will use 201201 for January 2012. To obtain the identifier for the data set we return to the the entry point at and follow the embedded link pointing at the dataSets resource located at . From there we find and follow the link to the Mortality < 5 years data set which leads us to . What we did was effectively to retrieve the HTML representation of our data set of interest, and from it we can easily see the identifier, which is pBOMPrpg1QX. The resource representation for the Mortality < 5 years data set conveniently advertises links to the data elements which are members of it. From here we can follow these links and obtain the identifiers of the data elements. For brevity we will only report on three data elements: Measles with id f7n9E0hX8qk, Dysentery with id Ix2HsbDMLea and Cholera with id eY5ehpbEsB7. What remains is to get hold of the identifier of the facility (org unit). Again the dataSet representation conveniently provides link to org units which report on it so we search for Ngelehun CHC and follow the link to the HTML representation at , which tells us that the identifier of this org unit is DiszpKrYNg8. From our case-based data we assume that we have 12 cases of measles, 14 cases of dysentery and 16 cases of cholera. We have now gathered enough information to be able to put together the XML data value set message: - <dataValueSet xmlns="http://dhis2.org/schema/dxf/2.0" period="201201" dataSet="pBOMPrpg1QX" orgUnit="DiszpKrYNg8"> + <dataValueSet xmlns="http://dhis2.org/schema/dxf/2.0" period="201201" dataSet="pBOMPrpg1QX" orgUnit="DiszpKrYNg8"> <dataValue dataElement="f7n9E0hX8qk" value="12" /> <dataValue dataElement="Ix2HsbDMLea" value="14" /> <dataValue dataElement="eY5ehpbEsB7" value="16" /> -</dataValueSet> +</dataValueSet> To perform functional testing we will use the cURL tool () which provides an easy way of transferring data using HTTP. First we save the data value set XML content in a file called datavalueset.xml . From the directory where this file resides we invoke the following from the command line: curl -d @datavalueset.xml "http://apps.dhis2.org/demo/api/dataValueSets" -H "Content-Type:application/xml" -u admin:district -v - The command will dispatch a request to the demo Web API with application/xml as content-type and authenticate with basic authentication using admin/district as username/password. If all goes well this will return a 200 OK HTTP status code. You can verify that the data has been received by opening the data entry module in DHIS 2 and select the org unit, data set and period used in this example. + The command will dispatch a request to the demo Web API, set application/xml as the content-type and authenticate using admin/district as username/password. If all goes well this will return a 200 OK HTTP status code. You can verify that the data has been received by opening the data entry module in DHIS 2 and select the org unit, data set and period used in this example. The API follows normal semantics for error handling and HTTP status codes. If you supply an invalid username or password, 401 Unauthorized is returned. If you supply a content-type other than application/xml, 415 Unsupported Media Type is returned. If the XML content is invalid according to the DXF namespace, 400 Bad Request is returned. If you provide an invalid identifier in the XML content, 409 Conflict is returned together with a descriptive message. + In this example, cURL will authenticate to the server through basic authentication using our supplied username and password as credentials. Basic authentication is a technique for clients to send login credentials over HTTP to a web server. Technically speaking, the username is appended with a colon and the password, Base64-encoded and supplied as the value of the Authorization HTTP header. An important note is that this authentication scheme provides no security since the username and password is sent in plain text and can be easily decoded. Using it is recommended only if the server is using SSL/TLS (HTTPS) to encrypt communication between itself and the client. In a real-world scenario, looking up identifiers, constructing and dispatching XML messages would be the task of the client software application. This software would probably interact with the more machine-friendly XML and JSON resource representations and not the human-friendly HTML representations like we did in this example. Developing creative and robust consumers of the Web API services begins here.
@@ -61,34 +62,46 @@ </users> </message> Since we want to send a message to our friend the mobile user we need to look up her identifier. We do so by going to the Web API entry point and follow the link to the users resource at . We continue by following link to the DHIS Administrator at where we learn that her identifier is PhzytPW3g2J. We are now ready to put our XML message together to form a message where we want to ask the mobile user whether she has reported data for January 2012: - <message xmlns="http://dhis2.org/schema/dxf/2.0"> + <message xmlns="http://dhis2.org/schema/dxf/2.0"> <subject>Mortality data reporting</subject> <text>Have you reported data for the Mortality data set for January 2012?</text> <users> <user id="PhzytPW3g2J" /> </users> -</message> +</message> To test this we save the XML content into a file called message.xml. We use cURL to dispatch the message the the DHIS 2 demo instance where we indicate that the content-type is XML and authenticate as the admin user: curl -d @message.xml "http://apps.dhis2.org/demo/api/messageConversations" -H "Content-Type:application/xml" -u admin:district -X POST -v If all is well we receive a 201 Created HTTP status code. Also note that we receive a Location HTTP header which value informs us of the URL of the newly created message conversation resource - this can be used by a consumer to perform further action. We will now pretend to be the mobile user and read the message which was just sent by dispatching a GET request to the messageConversations resource. We supply an Accept header with application/xml as the value to indicate that we are interested in the XML resource representation and we authenticate as the mobile user: curl "http://apps.dhis2.org/demo/api/messageConversations" -H "Accept:application/xml" -u mobile:district -X GET -v In response we get the following XML: - <messageConversations xmlns="http://dhis2.org/schema/dxf/2.0" link="http://apps.dhis2.org/demo/api/messageConversations"> + <messageConversations xmlns="http://dhis2.org/schema/dxf/2.0" link="http://apps.dhis2.org/demo/api/messageConversations"> <messageConversation name="Mortality data reporting" id="ZjHHSjyyeJ2" link="http://apps.dhis2.org/demo/api/messageConversations/ZjHHSjyyeJ2"/> <messageConversation name="DHIS version 2.7 is deployed" id="GDBqVfkmnp2" link="http://apps.dhis2.org/demo/api/messageConversations/GDBqVfkmnp2"/> -</messageConversations> +</messageConversations> From the response we are able to read the identifier of the newly sent message which is ZjHHSjyyeJ2. Note that the link to the specific resource is embedded and available for consumers to use. From the description at we learned that we can reply directly to an existing message conversation once we know the URL by including the message text as the request payload (body). We are now able to construct a URL for sending our reply: curl -d "Yes the Mortality data set has been reported" "http://apps.dhis2.org/demo/api/messageConversations/ZjHHSjyyeJ2" -H "Content-Type:text/plain" -u mobile:district -X POST -v If all went according to plan you will receive a 200 OK status code.
Example: Embedding reports in web pages - In this example we will see how we can build a simple web page where dynamic data such as tabular reports and charts is pulled from the DHIS Web API. - The Web API contains several resources which are useful for data analysis: report, reportTable, chart, map and document. Dispatching GET requests to the mentioned URLs will return the relevant meta-data information for each resource. For all of those resources it is valid to append /data to the URL. The response such GET-requests will convey information about the aggregated data related to the resource. This information can be represented in a variety of formats including HTML, PDF, Excel, PNG and Jasper, as we will see later. - We begin as usual at the Web API entrypoint at . We look for a relevant tabular report by following the reportTables link to . From this list we decide that we are interested in the "District Maternal Health" report and follow the link to . This resource provides meta-data information about the report table. It also advertises a link for retrieving analytical data which can be constructed by appending /data to the URL. Following this link will lead us to . As we can see we are provided with a report table in HTML format, which is the default representation format. - As stated in the introduction there are three ways of indicating which resource representation format you want for the response. The easiest alternative when used directly in web pages is to append a file suffix to the URL. We assume that we are interested in the PDF representation and indicate that by appending .pdf to our URL: . Go ahead and try out all valid extensions for this resource which are .html, .pdf, .xls and .csv. - Also note that the report table can be parameterized with an organisation unit and a period by supplying a ou and pe query parameter together with an organisation unit identifier and period string respectively in the URL. If not provided the Web API will use the top-most organisation unit in the hierarchy and the last time period for the report table content. The organisation unit identifier can be looked up by going to the Web API entrypoint, following the link to the organisationUnits resouce. For our example we will request that Bo district whith identifier O6uvpzGd5pu is used as the organisation unit: . - Autenticating to a DHIS instance from a web page can be done in many ways, and each method has advantages and downsides. + In this example we will see how we can build a simple web page where dynamic data such as tabular reports is pulled from the DHIS Web API. A full example on how this can done is available at . + The Web API contains several resources which are useful for data analysis: report, reportTable, chart, map and document. Dispatching GET requests to the mentioned resources will return meta-data information such as name and the date it was last updated. All these resources have an associated data resource which produces a data view of related aggregated data - also known as reports, charts and maps. You can follow the links or simply append /data to the URL to arrive at it. This information can be represented in a variety of formats including HTML, PDF, Excel, PNG and Jasper, as we will see in the next section. + We start as usual at the Web API entrypoint at . We look for a relevant report table by following the reportTables link to . We assume that we are interested in the "District Maternal Health" report and follow the link to . This resource provides meta-data information about the report table. From here we can follow the link to the default data view of aggregated data, which leads us to . As we can see we are provided with a report table in HTML format, which is the default representation format for report tables. + As stated in the introduction there are three ways of indicating which resource representation format you prefer for the response. The most suitable alternative for direct use in web pages is to append a file suffix to the URL. We assume that we are interested in the PDF representation and indicate that by appending .pdf to our URL: . Go ahead and try out all valid extensions for this resource which are .html, .pdf, .xls and .csv. + The report table can be parameterized with an organisation unit and a period by supplying a ou and pe query parameter accompanied with an organisation unit identifier and period string in the URL. If not provided the Web API will use the top-most organisation unit in the hierarchy and the last period for the report table content. The organisation unit identifier can be looked up by going to the Web API entrypoint and follow the link to the organisationUnits resouce. For our example we will use Bo district whith identifier O6uvpzGd5pu as the organisation unit: . From the HTML representation we can see that the report now contains data for Bo district. These URLs can simply be used in links embedded in the web page like this: + <a href="http://apps.dhis2.org/demo/api/reportTables/xIWpSo5jjT1/data.pdf?ou=O6uvpzGd5pu">Maternal Health Bo District 2012</a> + There are many ways to authenticate over the Web and each method has its advantages and disadvantages. For this example we will use an approach where we emulate a login from the web-based login form. To help us we will use the jQuery javascript library. This javascript code should be embedded in the head section of the Web page: + jQuery(document).ready(function() { + var base = "http://apps.dhis2.org/demo/"; + $.post( base + "dhis-web-commons-security/login.action",{ + j_username: "admin", j_password: "district" + }, + setLinks + ); +}); + In this code block we ask jQuery to send a POST request to the standard authentication point with two name-value pairs containing the username and password information. We assume that the user has the necessary authorities to view reports in the DHIS 2 Web API. If authentication was successful the server will send a HTTP cookie in the response with a session identifier. This will make sure that the current user is authorized to view reports for up to 60 minutes. + Caveat: The username and password will be present in the web page in plain text. Make sure you create a dedicated user in DHIS 2 for this purpose given only the minimum authorities required. + For a full example visit and view the page source in a browser. Note that the example web page is hosted within the same domain (apps.dhis2.org) as the demo DHIS 2 instance. This is done to avoid issues related to the "same origin policy", a concept which prevents scripts hosted on one domain to access resources running on another. While one can circumvent this through techniques such as CORS, there are none which have wide browser support at the moment. Therefore we recommend hosting web pages and portals on the same domain. Techniques using reverse proxies described in the "installation" chapter can be useful in this regard.