Core (HTTP API)

The dmBridge HTTP API is a multi-format (XML/JSON), versioned API that embraces REST principles. The URI space is based on a general digital collections domain model. It is mostly read-only, except for social data.

The XML and JSON APIs return the same data, respond to the same request URIs, and send the same HTTP response codes. The only difference is the data encoding.

The HTTP API attempts to returns a content representation based on the preference ("Q value") supplied by the client in the HTTP Accept header. A representation can be forced by appending the appropriate file extension to the URI (.xml, .json, or .jsonp). If no extension is supplied, XML will be provided.

Full method-level documentation is not hosted on this website. If your dmBridge installation is live, you are hosting it yourself. Navigate to http://my_cdm_server/dmapi/ to view it.

Security

Normally, the HTTP API is fully exposed to the public Internet. This gives anyone on the internet the ability to use data from your digital collections in their own applications, mashups, etc. This might seem cause for alarm, but in reality, everyone on the Internet has already had this ability, either by harvesting your OAI-PMH content, or by screen-scraping your templates. Little, if any, information that was previously private is made public by the dmBridge HTTP API; it has just been made more convenient to access programmatically.

Present in the output of every HTTP API method is a copyright statement asserting your institution's copyright on the information being downloaded. This allows for widespread use of your content while protecting your legal rights. The copyright statement can be changed in the Feeds section of the Control Panel.

Still, some users might wish to restrict their HTTP API, for whatever reason. There is no built-in provision for access controls built into the HTTP API component itself. We recommend that you use the access control features built into your web server (Apache/IIS) to restrict access to your dmapi folder based on IP address. If you are using the templating engine on the same server as the HTTP API, it would be safe to block all hosts except for localhost.