In order to use the SmartVault REST API, you will need to sign up for a SmartVault Developer Account, then create and configure a SmartVault API Developer Client.
However, before you register for a developer account and start coding, you will need to consider an appropriate authentication scheme, the interaction method, and the integration model that is best suited to your needs.
If you’re building a server-to-server application, and you are not able to create a dynamic client secret, you will want to use OAuth 2.0. In general, OAuth 2.0 is suitable in situations where you cannot create a "secret" on demand.
Using this authentication scheme, your application will authenticate to SmartVault using public/private keys and all communication will be done over HTTPS using TLS 1.3.
If you’re building a server-to-server application, you will want to use Autonomous Authentication which is based on RSA keypairs. In general, Autonomous Authentication is suitable in situations where you can completely control a private key.
Using this authentication scheme, your application will authenticate to SmartVault using public/private keys and all communication will be done over HTTPS using TLS 1.3.
If you’re building a customer-facing web, rich, or mobile app, you will want to use PIN-Based Authentication.
Using this technique, the user inputs a PIN code into your application.
The mechanism for generating and capturing this PIN code varies based on your application’s ability to handle a callback from the SmartVault web server:
Direct EntryWith a rich application (e.g., a command-line or WinForms application), registering a callback can be difficult or impossible. In these situations, your application will make an API call to request a PIN on the user’s behalf. The SmartVault server will reply with a URI that the user can follow to retrieve a PIN, which is in turn manually entered into your application. The PIN is then used to authenticate each API call for that user.
Redirect URIWith a web or mobile application, you can register redirect URI (a callback) with the SmartVault API, and then use standard OAuth to have your application obtain the PIN. The user will be prompted to Allow or Deny your application to access his or her information, but is not required to manually enter any PIN code as in the "Direct Entry" approach.
The SmartVault REST API can be called directly and supports data exchange using JSON and XML. This approach is ideal for web applications.
We also have C# and Java wrapper libraries that can be downloaded here. The libraries use a binary transfer protocol using Google’s Protocol Buffers and make it easy to write applications in these languages by removing the need to create and parse API requests and replies. These libraries are ideal for rich applications as well as mobile applications, although such applications can certainly use the Direct method as well.
Generic ModelThis model is best viewed as a hard drive in the cloud. In this model, the SmartVault API allows you to CRUD folders and documents, invite users, and manipulate access control on the objects in the cloud. This approach is best when you need flexibility and want to manage provisioning and maintaining folder structures, determine where to store and find documents, and maintain the mapping between objects and documents.
Application ModelIn this model, you provide SmartVault a pre-defined mapping of your objects to a folder structure, and SmartVault will create and maintain that mapping for you. This model reduces some flexibility, but simplifies provisioning and maintaining folder structures and object-document mapping.
