User API Overview
The User API
The User API is a REST API that gets, adds and updates user/group/department information.
PROTOCOL | FORMAT | CHARACTER ENCODING | ESCAPE SEQUENCE |
---|---|---|---|
HTTPS | JSON | UTF-8 | Use \ |
User Authentication
The User REST API requires password authentication, with the appropriate Keys and Values set in the header of the request.
Authentication Priority
The priority of authentication is as follows.
- API token authentication
- Password authentication
- Session authentication
API Token Authentication
API token authentication is a method of authentication using an API token generated on the System Administration settings. To include your API token in your API requests, add it to the headers of each request as follows:
- Header Name:
Authorization
- Header Value:
Bearer USER_API_TOKEN
Replace USER_API_TOKEN with the actual token you received.
For example, when the API token is as follows:
|
|
The request header will be as follows:
|
|
Password Authentication
Password authentication is a method of authentication using a user's login name and password. To use password authentication, add it to the headers as follows:
- Header Name:
X-Cybozu-Authorization
- Header Value: A BASE64 encoded
LOGIN_NAME:PASSWORD
For example, when the login name is "Kintone" and your password is "developer", BASE64 encode "Kintone:developer" and set it on the header as follows:
|
|
Session Authentication
Session authentication is a method of authentication where a session ID is assigned to a user by the web server and saved as a cookie. This cookie is used to identify and authenticate the user.
Method 1: Using kintone.api()
When executing the Kintone REST API from a JavaScript code, session authentication can be used.
For more information on the Kintone REST API Request method, refer to the following article:
Kintone REST API Request
kintone.api()
cannot be used with APIs that upload or download files.
Method 2: Add the X-Requested-With
header and use the web browser's Fetch API or XMLHttpRequest
Add it to the headers as follows:
- Header Name:
X-Requested-With
- Header Value:
XMLHttpRequest
or strings that are not empty
For example, when the value is XMLHttpRequest
, set it on the header as follows:
|
|
For more information on the X-Requested-With
header, refer to the following article:
X-Requested-With
In addition to the X-Requested-With
header, CSRF tokens are necessary when using Session Authentication with POST
/PUT
/DELETE
methods. Refer to the following documentation for more details on retrieving a CSRF token:
Get CSRF Token
Basic Authentication (Legacy)
Warning
As of June 2020, Basic Authentication has been deprecated, and is no longer available for use.
If your Kintone environment has set the Basic authentication security feature, add Authorization in the request header, with the string Basic and a BASE64 encoded login name and password of the Basic authentication as the value.
If the basic authentication log in name is "chocolate" and the basic authentication password is "pudding", place "Basic" in the value, followed by a BASE64 encoded "chocolate:pudding" as follows:
|
|
Request Headers
These request headers are used for the REST API.
HEADER | REQUIRED | VALUE |
---|---|---|
Host | Required | {subdomain}.kintone.com:443 |
Content-Type | Conditional | application/json. Specify this only if the request body is in JSON format. |
X-Cybozu-Authorization | Conditional | login_name:password encoded in Base64.Only required when using Password Authentication. For more information on Password Authentication, refer to the following documentation: Password Authentication |
Authorization | Conditional | Basic followed by a Base64 encoded login_name:password .Only required when using deprecated Basic Authentication, which is no longer available as of June 2020. For more information on Basic Authentication, refer to the following documentation: Basic Authentication |
Request URI
PURPOSE | URI | DETAILS |
---|---|---|
General | https://{subdomain}.kintone.com/v1/{API_command}.json | This is the general format for User APIs. |
Responses
HTTP Status Codes
HTTP status code 200 denotes that the request was successful.
If the request fails, a status code other than 200 and an error response will be returned.
Error Response
An object with the following properties is returned in JSON format.
KEY | VALUE |
---|---|
code | The code of the error, to specify the type of error it is. |
id | The ID of the error. |
message | The error message. The language of the message will differ depending on the user's language settings of the Kintone user used for the authentication. Switching to Different Display Language |
Sample Error Response
|
|
Using JavaScript API to run the User API
Kintone REST API Request can be used to run the User API.
For more information on the Kintone REST API Request method, refer to the following article:
Kintone REST API Request
Notes
X-HTTP-Method-Override Header
- Add the
X-HTTP-Method-Override
header to work around the Request URI Too Large error that occurs when the request URI exceeds 4KB. All User APIs support this header. - If a
GET
request of a User API is sent using the Kintone REST API Request method, and the URI length exceeds 4KB, theX-HTTP-Method-Override
header will automatically be added and the request will be sent as aPOST
request. This allows User API requests with long URIs to be executed without errors.