Overview
Version
Report Server Version | Open Platform BETA Plugin Version |
V10.0.19 | V1.3 |
V11.0 | V1.3 |
Application Scenarios
Based on the open platform, you can integrate the functions of FanRuan’s products and customize data service in your own business system by accessing the client and calling the corresponding API.
Functions
1. Secure, flexible, standardized, and effective web services are provided to help you quickly build applications. You can manage FanRuan system and FineReport, and use data services in your own business system.
2. Provide a unified platform configuration to manage client API permissions and security authentication.
3. Provide log management to realize the viewing of request and access status for API and clients.
Business Procedure
Public Interface
1. Official interface
Fanruan provides relevant API documents to help you understand and use the built-in interfaces of the open platform.
The following API documents are provided as examples for users who have the ability to integrate products independently. Our technical support team is not responsible for maintaining interface examples or answering the questions about their usage.
Note: The interfaces need to work with the open platform plugins.
There is no English version at the moment, but it will be maintained later. You can use the browser to translate the web page to view the document.
Classification | API Documents |
Platform | |
FineReport | |
FineBI |
2. Customized interface
When the built-in authentication or API cannot meet your business requirements, you can add authentication or API by custom development.
FanRuan provides custom development examples for reference. You can refer to the relevant documents and develop your own interfaces following the same development logic. For more details, see Open Platform Sub-Plugin Examples.
Note: There is no English version at the moment, but it will be maintained later. You can use the browser to translate the web page to view the document.
If you need official developers for related custom development, contact the sales manager for further consultation.
Plugin Introduction
Plugin Installation
FineReport 11.0 has the Open Platform BETA plugin installed by default. FineReport 10.0 needs you to install this plugin manually.
Click to download the plugin: Open Platform BETA Plugin
For details about installing designer plugins, see Designer Plugin Management.
For details about installing server plugins, see Server Plugin Management.
Note: When upgrading the plugin, if there are other plugins in the same series being used, you need to disable those plugins before upgrading, or restart the server after upgrading.
List of plugins in the same series: Open Platform-FineBI Interface, Open Platform-FineReport Interface, Open Platform-Platform Login Authentication Interface.
Page Introduction
After the plugin is successfully installed, the admin can log in to the decision-making platform, click Manage > Open Platform, and enter the function page.
Functions
Module | Functions |
Manage API | Interface viewing: interface functions, invocation, etc. Interface management: support for adding, deleting, modifying, querying, and copying interfaces. |
Manage Clients | When you create a client, the system automatically generates an client id and key as credentials for you to call API. |
Authentication Method | Three authentication methods are provided by default. You can also add custom ones. |
Manage Permissions | Open API call permissions for the clients created in Manage Clients. |
Manage Log | Show the interface call. |
Managing API
Manage API includes all configurations for data interaction services between third-party systems and FineReport.
1. Group management
On the left side of the Manage API page, there is the group list with some built-in groups.
You cannot delete or edit the built-in groups.
You can edit or delete the non-built-in groups. APIs in the deleted group will be automatically moved to the default group.
2. API management
Multiple APIs can be saved in each group. The platform has some commonly used APIs built-in, and you can also add APIs by yourself.
For the built-in APIs, you can only perform editing, copying, and group replacement operations, and cannot delete or disable them.
For non-built-in APIs, you can perform operations such as editing, copying, replacing groups, deleting, and disabling.
Managing Clients
1. Add clients
In Manage Clients, you can create clients by adding events.
Click Manage Clients > Add, set the relevant contents, and click OK to add a client.
The Client ID and Key automatically generated can be used for API authentication as access credentials for third-party systems.
Settings | Explanation |
Client Name | Required |
Client Description | Optional |
Alternative Authentication | Optional |
2. Manage clients
For the added clients, operations such as adding, editing, copying, disabling, deleting single item, and deleting in batches are supported. The key can be reset when editing.
Authentication Method
The authentication method provides relevant security guarantees for external services, and all application interfaces support self-issued token authentication.
In addition, the platform has three built-in alternative authentication methods, and you can add methods according to your needs..
1. Universal Authentication Method
Self-issued token authentication is supported by all application interfaces by default, whether you choose an alternative authentication or not, this method is supported.
This authentication method is for verifying login information, and you need to acquire the access_token by client_id and Key. The acquisition method is shown
below:
The token request address is: $HOST/sp/client/api/token.
The API method is: POST
Write client_id and Key into Query or Headers. For details about client ID and key, see section "Application Management".
Write the obtained access_token into VALUE of Headers. According to the configuration of the corresponding API, you can call the corresponding API interface by modifying the API method and URL.
2. Built-in Alternative Authentication Methods
The open platform has three built-in alternative authentication methods, which allow you to edit and copy rather than delete and disable.
Authentication Method | Introduction |
National secret SM2 signature authentication | Use the national secret SM2 ellipse algorithm for encryption and decryption. After you sign the client_id, secret and timestamp, authentication is performed through the signature and client_id. Configuration item priKey = secret, timeout=timeout time (seconds) Signature_sign_ = SM2 (client_id + secret + timestamp) + timestamp Add_sign_ = {calculated value}, client_id = {client_id} in Headers, then you will get the access to the application. |
Summary signature authentication | If you cannot use token authentication, you can turn to summary signature authentication (e.g. SM3/MD5/SHA256). After you sign the client_id, secret and timestamp, authentication is performed through the signature and client_id. Configuration item method = summary algorithm, timeout=timeout time (seconds) Signature_sign_ = summary algorithm (client_id + secret + timestamp) + timestamp Add_sign_ = {calculated value}, client_id = {client_id} in Headers, then you will get the access to the application. It is recommended to use this authentication method for higher security. Example:
Then the signature_sign_ = MD5 (client_id + secret + timestamp) + timestamp = EE6E14BCEC5724C3BC6FC08AFC5C2B111600166180321 |
AKSK direct authentication | You can call services by using the client_id and secret as the authentication basis. No configuration options. You cannot edit the configuration information in the editing interface of the authentication method by yourself. Add client_id = {client_id}, secret = {secret} in Headers, then you will get the access to the application. For security reasons, this authentication method is not recommended. |
3. Custom Alternative Authentication Methods
You can add authentication methods, and edit, delete single item, and delete in bathes.
Under Authentication Method, you can click Add to set related configuration items and click OK to add an authentication method.
Configuration items | Introduction |
Basic | You can distinguish the authentication methods by setting Authentication Name, Authentication Description and API Class. 1. The field Authentication Name is required and cannot be empty. 2. The field Authentication Description is optional. 3. API class is an example object of the authentication API that we need to implement. The same class can be changed into multiple authentication methods by changing the configuration. |
Configurations | You need to set some configurations fixed in the editing interface under Authentication Method, such as defining the Digest algorithm and Validity period for digest signature authentication. You can set the configuration as an encrypted item so that the encrypted information cannot be read from the front end even after it is saved. |
Default parameter | Custom parameter settings |
Note: In some environments with nginx, the underscore in client_id may be recognized as invalid.
Iteration compatibility have been completed, and both client_id and clientId can be recognized
Parameter Name | Alias |
client_id | clientId |
client_token | clientToken |
Manage Permissions
For non-open API, you need to verify your permission before calling the services. Different scenarios and applications have different ranges of callable interfaces. The admin has the right to configure permissions under Manage Permissions.
Public APIs can be called without permission verification constraints.
Note: There is no group permission, which means that even if you opened a group permission, you actually only assign the permission of the API under the current group to an application.
If an API group changes later, or an API is added to the group, the API permissions set previously remain.
For example, for an application, enabling the group permission under the directory tree is equivalent to enabling the permission of all subordinate APIs. If the API in this group is changed to another group, the permission of the API remains open. If a new API is added to the group under the directory tree, the permission of the API is disabled.
Manage Log
On this page, the admin can view the request frequency and detailed records of the API.
Global Settings
In the global settings page, the admin can set the Maximum query rate per second and Maximum traffic, and click Save to take effect.