Uploading a file
Uploading a file to Files.Warwick can be achieved by sending HTTP multipart POST data to the file upload API. For example, to upload a file to the filespace: https://files.warwick.ac.uk/sarah, we can send a POST to:
Note that only the path to the filespace/folder is specified - not the entire URL.
Also note that the top-level directory of a filespace is called Files, and it is explicitly required. I.e. if you want to upload a file to a folder called documents in your filespace joebloggs, the path specified should be joebloggs/Files/documents
We need to send the file itself as multipart data, so the request to upload a file test.txt to https://files.warwick.ac.uk/sarah/Files (with resulting filename final.txt) will be something like:
jo-dev-oracle$ curl -i -F email@example.com -u usercode "https://files.warwick.ac.uk/files/api/upload?forceBasic=true&path=sarah/Files&fileName=final.txt&fileuploadid=123"
Enter host password for user 'usercode':
HTTP/1.1 100 Continue
HTTP/1.1 100 Continue
HTTP/1.1 200 OK
Date: Wed, 21 Nov 2012 10:39:19 GMT
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: hashTag=""; Domain=.warwick.ac.uk; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID=F27A708C5041B32B8D697ABD371645E1; Path=/files
N.B. If the upload has been successful, a 200 will be returned (curl may first send some 100 responses as the file is being uploaded, as above). A 500 HTTP Response will be returned in case of error, with some explanatory error in the response text (e.g. a file already exists with that name, in that folder).
Important: Because of the way that HTTP Basic authentication sends an encrypted version of the username and password with every request, it is less secure than standard authentication through web sign-on. As well as this, by their very nature, automated programs require username and passwords to be stored on a computer in such a way that it would be a breach of the Terms and Conditions of IT Services accounts to store your actual ITS usercode and password in this way.
For automated systems that access Sitebuilder APIs, you must use an external user account for API access. You should not share an API account between multiple systems, and you should ensure that each account is granted the minimal permissions it needs to perform its tasks, and only on the pages where it needs to perform these tasks.
Getting an external user account for API access
In order to obtain an external user account for API access, please email webteam at warwick dot ac dot uk