The Aeon API allows developers to perform actions in Aeon and build integrations outside of the installed Aeon components. For example, the API allows the developers to connect to the database and change a transaction status.
Installation | Aeon API URL | Swagger Documentation | OData Support | Available Endpoints | Authentication | Additional Information
Installation
Certain Microsoft .NET components must also be installed on the Aeon Server to use the Aeon API. These components are provided by Microsoft and will need to be installed separately as they are not included in the default Aeon installation:
- Aeon 6.0, 5.2, and 5.1: The Aeon API requires the Microsoft ASP.NET Core 8.0 Runtime Hosting Bundle (download from Microsoft's website). This installer is provided by Microsoft and must be run separately.
Note: As of v5.1, the Aeon API is installed by default during the server installation/update process and does not need to be installed separately. However, the .NET Core components are not part of the default Aeon install and will still need to be installed separately.
Aeon API URL
The default Aeon API URL will vary depending on the version of Aeon that is currently installed:
- As of Aeon v6.0, the default URL for the Aeon API is https://servername/aeonapi/. The default path to the Aeon API is not customizable.
- For standard Aeon installations on Aeon v5.2 or earlier, the default URL for the Aeon API is https://servername/aeon/api/. However, your path to the API may differ if using a non-standard installation path for the Aeon API on your Aeon server.
Swagger Documentation
The Aeon API has developer-oriented documentation built-in. You can get to the API Swagger documentation at https://servername/aeonapi/swagger/ (Aeon 6.0) or https://servername/aeon/api/swagger/ (Aeon 5.2 or earlier).
Developers without access to an existing Aeon server can view Swagger documentation for the Aeon 6.0 API at https://partner.aeon.atlas-sys.com/aeonapi/swagger/index.html, however, please note that the "Try it out" feature for each endpoint is not supported in the public Swagger interface.
*Replace 'servername' with the IP address or DNS.
OData Support
OData query options are available to help filter result data for select Aeon API endpoints that return a list of objects.
Supported Endpoints
The list of endpoints supporting OData query option varies depending on the version of Aeon that is currently installed:
- Aeon 6.0+: See the odata section of the Aeon API Swagger documentation for a list of the supported endpoints.
- Aeon 5.2/5.1: OData is only supported for the Get Users endpoint.
Filtering
The $filter option allows filtering results by applying a Boolean expression. The filter expressions include logical and arithmetic operators, and string functions.
When using these operators, strings should be single-quoted, while dates and numbers must not be quoted. Multiple conditions can be combined with 'and' or 'or.'
Filter Operators
eq | Equal |
---|---|
ne | Not equal to |
gt | Greater than |
ge | Greater than or equal to |
lt | Less than |
le | Less than or equal to |
and | Logical and |
or | Logical or |
startswith(property, substring) | The property starts with the substring value |
endswith(property, substring) | The property ends with the substring value |
substringof(property, substring) | The property contains the substring value |
Example
Return users with email addresses ending in "gmail.com":
GET /<API URL>/Users?$filter=endswith(eMailAddress, '@gmail.com')
Pagination
OData pagination can be added to the query to limit the number of results returned by the endpoint using the following parameters:
skip | Specifies the number of items in the queried collection that are to be skipped and not included in the result |
---|---|
top | Specifies the number of items in the queried collection to be included in the result |
Examples
Return a list of the first 100 users:
GET /<API URL>/Users?$top=100
Return a list of users 101-200 (i.e., skipping the first 100 results):
GET /<API URL>/Users$top=100&skip=100
Return a list of users 201-300 (i.e., skipping the first 200 results):
GET /<API URL>/Users?$top=100&skip=200
Available Endpoints
Aeon 6.0
Developers can find the complete list and supporting documentation for the endpoints available in the Aeon 6.0 API in the Aeon Swagger documentation.
Aeon 5.2 & 5.1
Custom Fields | Queues | Reading Rooms | Requests | System Information | Token | Users
Custom Fields
Retrieve custom fields by context type
Get | /api/customFieldDefinitions/{contextType} | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Returns a list of custom fields defined for the specified context type. Parameters:
Properties of the information returned
Custom Fields Support in Other EndpointsTo include custom fields when creating a request via the POST Request endpoint, the Request JSON object must have a property named "CustomFieldsValues" containing all custom field values that will be supplied in the "ShortName:value" format. Response objects returned by the GET Request and POST Request endpoints and user objects returned by the GET User endpoint will contain a CustomFields property listing all defined fields for the given request, in the same "ShortName:value" format. Null values will be included. |
Queues
Retrieve queues | Retrieve a specific queue | Retrieve requests within a specific queue
Retrieve queues
Get | /api/Queues |
---|---|
Returns queues configured in Aeon. |
Retrieve a specific queue
Get | /api/Queues/{id} |
---|---|
Returns a Queue identified by ID. |
Retrieve requests within a specific queue
Get |
/api/Queues/{id}/requests |
---|---|
Returns requests associated with the queue identified by ID. |
Reading Rooms
Retrieve reading rooms | Retrieve a specific reading room | Retrieve closures for a specific reading room | Retrieve available appointment times for a specific reading room and date
Retrieve reading rooms
Get | /api/ReadingRooms | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Returns a list of reading rooms configured for appointment scheduling in Aeon. Parameters:
Properties of the information returned
|
Retrieve a specific reading room
Get | /api/ReadingRooms/{id} | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Returns information on a specified reading room identified by ID. Parameters:
Properties of the information returned
|
Retrieve closures for a specific reading room
Get |
/api/ReadingRooms/{id}/Closures |
---|---|
Returns a list of full closures for the specified reading room, limited to those occurring in the future. This endpoint reports both full closures (i.e. "Closed" exception types) and "partial" closures (i.e. "Reduced Availability" exception types) that reserve a number of seats greater than or equal to the reading room's total available seats. Parameters:
|
Retrieve available appointment times for a specific reading room and date
Get |
/api/ReadingRooms/{id}/AvailableAppointments/{date} |
||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Returns a list of available appointment times for the specified reading room on the specified date.
Note: This endpoint will ignore appointments with a status of Cancelled when determining the appointment availability for the room.
Parameters:
*Aeon 5.2 only Properties of the information returned
|
Requests
Retrieve a specific request | Retrieve next steps for a specific request | Create a new request | Route a request to a new status | Retrieve valid routing statuses for a request | Retrieve requests associated with a barcode | Reshelve request by barcode | Add note to a request | Retrieve notes for a specific request | Update request information
Retrieve a specific request
Get | /api/Requests/{id} |
---|---|
Returns a request identified by transaction number.
|
Retrieve next steps for a specific request
Get | /api/Requests/{id}/nextsteps |
---|---|
Returns next step process names for the transaction identified by ID. |
Create a new request
Post | /api/Requests/create/ |
---|---|
Creates Aeon requests for a specified user. API Call: At a minimum the username (user must be a valid user in the database) must be supplied; however, additional user information may be provided if supplied by the appropriate corresponding database column names.
Additional Notes
Example Call:
|
Route a request to a new status
Post
|
/api/Requests/{id}/route |
---|---|
Routes a transaction to the given transaction or photoduplication status. Routing rules will be applied. |
Retrieve valid routing statuses for a request
Get | /api/Requests/{id}/routes |
---|---|
Returns a list of the valid transactions and photoduplication queues a request may be routed to. |
Retrieve requests associated with a barcode
Post | /api/Requests/Batch/?{parameters} |
---|---|
Returns a list of requests for the given barcode. Unlike the RequestBarcodes/Reshelved endpoints, the endpoint allows for nonstandard characters. API Call:
|
Reshelve request by barcode
Post | /api/Requests/Batch/Reshelved |
---|---|
Reshelves request based on the given barcode. Unlike the RequestBarcodes/Reshelved endpoints, the endpoint allows for nonstandard characters. API Call:
|
Add note to a request
Post | /api/Requests/{transactionNumber}/notes |
---|---|
Adds a note to an existing request. Parameters (required):
API Call:
Example Call:
Example Response:
|
Retrieve notes for a specific request
Get | /api/Requests/{transactionNumber}/notes |
---|---|
Returns a list of notes associated with a specified request. Parameters (required):
Example Response:
|
Update request information
Patch | /api/Requests/{id} |
---|---|
Used to update information for a specific request. API Call:
Example Call: The following example will set the ItemAuthor field to Doe, John, the ItemVolume field to 456, the ItemTitle field to null, the ItemInfo5 field to ItemInfo, and a Transaction type custom field defined in the CustomFieldDefinitions table with the short name Container3 to Custom:
Additional Notes:
Response: The endpoint can return the following responses:
|
Post | /api/RequestBarcodes/{barcode}/reshelved |
---|---|
The RequestBarcode endpoints have been replaced by the Requests/Batch endpoints and are now considered deprecated.
Reshelves request based on the given barcode. API Call:
|
Post |
/api/RequestBarcodes/{id}/reshelved |
---|---|
The RequestBarcode endpoints have been replaced by the Requests/Batch endpoints and are now considered deprecated.
Reshelves request based on a given transaction number. API Call:
|
System Information
Retrieve Web API version
Get | /api/SystemInformation/Version |
---|---|
Returns the version of the Web API.
|
Token
Retrieve authentication token
Post | /api/Token |
---|---|
Retrieves an authentication token for the provided staff credentials.
|
Users
Retrieve a list of users | Retrieve a specific user | Retrieve requests for a specific user | Retrieve appointments for a specific user
Retrieve a list of users
Get | /api/Users |
---|---|
This endpoint supports OData filtering.
Retrieves a list of all users up to a maximum of 2000 results. The maximum number of users that can be retrieved by this endpoint is 2000. OData filtering and pagination can be used to limit the number and specify the type of user results returned by the endpoint. Note that custom fields defined in the CustomFieldDefinitions table are not supported for use with OData filters, but will be returned by the endpoint in the results.
|
Retrieve a specific user
Get | /api/Users/{username} |
---|---|
Returns a user identified by username.
|
Retrieve requests for a specific user
Get
|
/api/Users/{username}/requests
|
---|---|
Retrieves a list of all requests (or active requests only if the ActiveOnly parameter is used) for a specific user.
|
Retrieve appointments for a specific user
Get
|
/api/Users/{username}/appointments
|
---|---|
Returns a JSON object containing the list of appointments for a given user. The appointment object also contains the associated reading room object. Parameters:
|
Authentication
Most of the actions will require authentication. There are 2 ways to authenticate in the Aeon API: Aeon API Key or staff tokens.
API Key
You can create an API key in the Aeon Customization Manager. More information on API keys is available at Configuring the Aeon Web Platform.
The Base Webservice URL isn't relevant for the API so you can just enter the API URL: https://servername/aeonapi/ (Aeon 6.0) or https://servername/aeon/api/ (Aeon 5.2 or earlier).
Staff Token (Aeon 6.0+ only)
Note: The POST Token endpoint used in Aeon 5.1 and 5.2 has been deprecated and replaced by the endpoints described below due to timeout issues.
As of Aeon v6.0, users can authenticate to the Aeon API via their Aeon staff accounts through the generation of staff tokens. This method allows users to use the API directly or through a third-party application without needing an Aeon API key. When this method of authentication is used:
- Actions taken by users via the API will be attributed to their username in the History and Tracking tables, instead of to the "System."
- Certain API endpoints will be restricted only to users with specific permissions (as configured in the Aeon Staff Manager).
- Time-based authentication will be enforced, as opposed to API key authentication, which never expires.
Token Authentication Process
The staff token authentication process uses the access and refresh token pattern, and includes support for multi-factor authentication (MFA). When a user authenticates via the staff token process, they will be assigned roles that determine the endpoints to which they will have access (see User Roles below). The basic flow is as follows:
- User authenticates with Aeon username and password via the POST Token endpoint (URL: <api>/Token).
- When MFA is enabled on the Aeon Server (default setting), the API responds with an access token and refresh token and grants the user the ValidUser role.
- If MFA is disabled on the Aeon Server, the API response will also grant the additional appropriate roles to the user (StaffUser, StaffManager, and/or UserWebProxy) in addition to the ValidUser role.
- When MFA is enabled on the Aeon Server, the user must then submit a multi-factor authentication code/one-time password (OTP) via the POST MFA validation token endpoint (URL: <api>/Token/mfa/validate). The access token returned from step 1 must also be included in a Bearer authorization header in the format Authorization: Bearer <accessToken>.
- The API responds with an access token and refresh token granting the AuthenticatedUser role and any additional appropriate roles to the user (StaffUser, StaffManager, and/or UserWebProxy).
- This step will be omitted if MFA has been disabled on the Aeon Server. See Logging into the Aeon Web Client for details.
- The user can then submit API requests allowed for their role(s), which must contain their access token in a Bearer authorization header in the format Authorization: Bearer <accessToken>.
- When the user's access token expires, the user submits a refresh request containing the access and refresh tokens via the POST Token refresh endpoint (URL: <api>/Token/refresh). Note that the refresh token submitted via the endpoint cannot be expired.
- The API will respond with new access and refresh tokens for the user.
- Repeat steps 3 - 4 for as long as needed.
- (optional) User submits a logoff request via the POST token logoff endpoint (URL: <api>/Token/logoff), which invalidates any access or refresh tokens for that user.
For more details on the necessary parameters and the data returned for each endpoint, see the Token section fo the Aeon Swagger documentation.
User Roles
The following roles can be granted by an access token retrieved using the staff token authentication flow above:
- ValidUser: Indicates that the user has logged in with a valid Aeon staff account username and password
- AuthenticatedUser: Indicates that the user has logged in and submitted a valid MFA code
- StaffUser: Indicates that the user has authenticated and has Client access (as assigned in the Aeon Staff Manager)
- StaffManager: Indicates that the user has authenticated and has Staff Manager access (as assigned in the Aeon Staff Manager)
- UserWebProxy: Indicates that the user has permission to Logon to Web as an Aeon (non-staff) user (as assigned in the Aeon Staff Manager)
Authenticating via the API Key method will grant the ApiKeyUser role, which allows access to all endpoints.
A user may be granted multiple roles simultaneously depending on their user permissions and authentication status, as noted for each role above. The swagger interface will display which roles are required for each endpoint:
Testing the Authentication
To test in the swagger interface, you can click on Authorize in the top right corner of the swagger interface. A pop-up like an image shown below will appear.
- The first option (Name: X-AEON-API-KEY) is for the API Key; Just paste the API key directly into the value and click authorize.
- For the staff token authentication (Aeon 6.0+), POST to the Token operation (URL: <api>/Token) to get a JWT access token value. In the swagger interface, you would enter BEARER <JWT value from Token response>.
Additional Information
If there is specific functionality that you are looking to use to integrate with your services, we encourage you to submit enhancements & ideas to Uservoice at https://uservoice.atlas-sys.com/. Thanks!