The Rock REST API
Rock features a REST-based web service that supports integration with third-party websites and applications. The REST API is also utilized by various internal Rock components to retrieve and modify data such as populating item pickers, displaying person badges, and showing charts for metrics. The API is also used for external applications that access Rock data, such as the check-scanner and the financial statement generator.
Accessing the REST API
One of the major advantages of using the REST API to interact with Rock is cross-platform support. REST messages can be sent and received in any application that supports HTTP communications.
Authorization
To access the REST API, you must first obtain authorization to do so. The REST API can be configured to allow access based on a HTTP Cookie or an Authorization-Token.
Using a HTTP Cookie
To access the REST API using an authorization cookie, you must first request the cookie from the web service and then include a reference to the content of that cookie in subsequent requests. The request must specify valid login credentials for an existing Rock user, and the validated response will contain a cookie named “.ROCK” with a value representing the authorization token. This token must be included in the header of subsequent requests to the REST API for the user session represented by the cookie.
Here is an example of obtaining and using an authorization cookie in a C# client application:
Using an Authorization Token
An authorization token can be used when an application requires access to the REST API without a specific user login.
To create a new REST authorization token in Rock, use the web interface and navigate to Home > Security > REST Keys.
After the token is created, you must add Rock security permissions to define the specific operations that are allowed for users of the token. It’s important to be aware that any agent with access to the token can perform operations on the REST API, and the token can be used until it is explicitly revoked – that is, it has no expiry. For these reasons, tokens must be stored securely and privately - for example, authorization tokens should never be stored in a public code repository.
To use the token from the caller application, set the Authorization-Token key in the header of your REST API HTTP request.
Here is an example of a request using an authorization token in C#:
Cross-Domain Access
If you are interacting with Rock from a web application hosted on a different domain than the Rock server, it’s important to be aware of Cross-Origin Resource Sharing (CORS). This is the mechanism used to inform web clients that your web application is allowed to access resources in a different domain.
To specify that a domain is permitted access to the Rock API, configure it in Rock by navigating to Home > Security > REST CORS Domains
and adding an entry for the web application that is accessing Rock.
Interacting with the REST API
The REST API supports a variety of methods for executing commands and retrieving data from Rock. Comprehensive information about these methods is beyond the scope of this document, however a complete list can be found by navigating to Home > Security > REST Controllers
.
View the detail page for a controller entry to view its individual methods and their associated parameters.
Retrieving Data with OData
One of the most common uses of the REST API is to retrieve data from Rock for use in your application. Rock supports the Open-Data (OData) protocol, an industry-standard method of creating powerful data queries that can be serviced by a REST service.
OData queries can be formed for most of the entities in Rock. To execute a data query that returns a list of matching entities, use the following format:
{RockSiteUrl}/api/{EntityName}?{ODataQuery}
The {RockSiteUrl}
parameter corresponds to the base URL of your Rock web application. For example, to access data from the Rock demonstration web service, use “https://rock.rocksolidchurchdemo.com”.
The {EntityName}
parameter is the name of the entity that will be returned by the query. For a complete list of the Entities available for OData queries in the Rock API, navigate to Home > Security > REST Controllers
The {ODataQuery}
parameter is a query string expressed in OData syntax that specifies the data to be returned. Below are examples of some common OData queries that can be used to return data from the Rock API. Refer to the OData website (https://www.odata.org/) for a complete guide to query syntax.
OData Query Examples
In these examples, the {RockSiteUrl}
parameter is represented by “~” to denote your Rock website URL. Replace the “~” with the appropriate base address of your website, such as “http://rock.rocksolidchurchdemo.com”
People with LastName of “Decker”
~/api/people?$filter=LastName eq 'Decker'
People with BirthYear between 1971 and 1981
~/api/people?$filter=Birthyear gt 1971 and Birthyear lt 1981
People with FirstName starting with “T”
~/api/people?$filter=startswith(NickName,'T')
People who are deceased.
~/api/People?$filter=IsDeceased eq true
Person with specific Guid value.
~/api/People?$filter=Guid eq guid'8FEDC6EE-8630-41ED-9FC5-C7157FD1EAA4'
People with a Record Status of Active.
~/api/People?$filter=RecordStatusValue/Value eq 'Active'
Financial Transactions greater than $20.
~/api/FinancialTransaction?$filter=Amount gt 20.00
Financial Transactions occurring after 22 October 2014 2:35PM
~/api/FinancialTransaction?$filter=TransactionDateTime ge datetime'2014-10-22T14:35:00'
Adult members of the Decker family.
~/api/GroupMembers?$filter=GroupRole/Name eq 'Adult' and Person/LastName eq 'Decker'
People with phone numbers starting with ‘602’.
~/api/people?$PhoneNumbers/any() and PhoneNumbers/all(a:startswith(a/Number, '602')
Paginating Data
You can limit the number of records retrieved to a specific page of data by using the $skip
and $top
parameters.
For example, to skip the first 20 items in the result set and return the next 10 records:
~/api/Attendances?$orderby=StartDateTime&$skip=20&$top=10
Shaping the Return Data
Use the $select
parameter to specify the fields to be returned in the result set.
Add the $expand
parameter to include one or more properties of a related child object in the result set.
For example, to return a selection of properties for Attendance records and include a property of the associated child Device:
Message:
Response:
Tools and Utilities
Postman (www.postman.com) is a free tool that is extremely useful for testing and troubleshooting issues with the Rock REST API. The Postman web app provides a workbench- for sending requests to a web service and inspecting the responses. This is very useful to verify the format and content of messages sent to and from the REST API, independent of the client you are using to call the service.
Last updated