POST /api/dropbox/readurl

Sends information about the URL, with authentication information if needed, to access a URL for an API description document, and uploads the document information to the Dropbox. Returns the dropbox file details.

Note: For this operation to be successful, the URL that the API description document is being uploaded from must be trusted. If the domain isn't trusted, this operation returns 403 Forbidden. To check the site settings for the developer portal, if you're a Site Admin, you can run the GET /api/tenants/{FedmemberID} operation and check the ForwardProxyAllowedHosts parameter. The default, *, allows all domains, but if it's set to specific domains, the upload domain must be on the list. If you need a domain to be added to the trusted list, contact a Site Admin.

Authorization Roles/Permissions: Must be logged in. Must be an authorized user for the resource.

This topic includes the following sections:

HTTP Method


Back to top



Back to top

Sample Request

The examples below show a request to read the specified file to the Dropbox. In this example, authentication is not required.

Request URL


Sample request headers #1

POST /api/dropbox/readurl HTTP/1.1
Host: {hostname}
Accept: application/vnd.soa.v81+json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Sample request body #1

Sample request headers #2: Postman example

The example below shows the URL and headers in Postman.

Dropbox service, readUrl, headers shown in Postman

Sample request body #2: Postman example

The example below shows the body in Postman.

Dropbox service, readUrl, body shown in Postman

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/vnd.soa.v81+json
Content-Type application/x-www-form-urlencoded
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
FileUrl Form string Required URL for the API description file.
userName Form string Optional Username for file access. Required if authentication is required for file access.
password Form string Optional Password for file access. Required if authentication is required for file access.

Back to top


If successful, this operation returns HTTP status code 200, with details about the API description document that's being uploaded to the Dropbox.

Back to top

Sample Response

The sample response below shows successful completion of this operation.

Sample response headers #1: application/vnd.soa.v81+json

HTTP/1.1 200 OK
Date: Tue, 01 Mar 2016 16:49:16 GMT
Content-Type: application/vnd.soa.v81+json

Sample response body #1: application/vnd.soa.v81+json

  "FileName" : "http://2Facmepaymentscorp/apidocs/cm/files/assets/example.raml",
  "FileType" : "raml",
  "ServiceDescriptorDocument" : [ {
    "FileName" : "http://acmepaymentscorp/apidocs/cm/files/assets/example.raml",
    "DescriptorType" : "raml",
    "ServiceName" : [ "AcmePaymentsCorp_Object_Query_API" ]
  } ]

Sample response body #2: Postman example

The example below shows the response in Postman.

Dropbox service, readUrl, response shown in Postman

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/vnd.soa.v81+json

Back to top

Response Body

Name Type Description
DropboxFileDetails DropboxFileDetails

Contains information about file contents that were loaded into the Dropbox.

The response includes FileName, FileType, and ServiceDescriptorDocument details.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
403 Forbidden. This operation returns 403 if the external URL is not a trusted domain according to the site settings. For more information, see note at top of page.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics