The Web Service API allows developers to interact securely with their Vuzit account. You can easily
upload, download, remove, and retrieve attributes about documents. All you need is a
Vuzit account!
Please note that these are the raw Web Service APIs. For most
common functions we have already created client libraries in your
language of choice (e.g. .NET, PHP, Python, etc). Please check
the developer page for the latest
details on these client libraries.
The Web Service APIs conform as much as possible to the design principles of
REpresentational
State Transfer (REST) using the HTTP 1.1 protocol. Each Method (e.g. create, show, and destroy). uses a
corresponding HTTP Verb (e.g. GET, POST, DELETE) that is
passed in with the request.
Requests
The URL of the request determines the output format (JSON or XML), and
whether or not to use SSL transport
layer security. All requests return a 3-character HTTP response code, and
optionally return additional attributes in either XML or JSON
formats.
Failure Responses
Requests to the API may fail due to an invalid signature, expired timestamp,
or a number of other reasons. The format of the error response is the same for
all methods, where the Vuzit error code and a description of the
error are returned.
Example XML Response
412Access is denied. Invalid signature
Example JSON Response
{"err":{"code":"412","msg":"Access is denied. Invalid signature"}}
Access Control
Every document you upload to Vuzit can be displayed on a web page using your
Public Key, but only on the Sites that are authorized to use your Public Key.
Documents are stored with either Public or Private access control permissions.
Public documents have their content stored in a public storage area that can be
accessed and downloaded by anyone on the internet. Private documents can only
be accessed by securely authenticating each
request with a signature and timestamp [optionally] over an encrypted
connection.
Documents API Methods
For all methods, the URL of the request determines the output format (JSON
or XML), and whether or not to use SSL transport
layer security.
create
This method will upload a new document to your Vuzit account.
Method
create
HTTP Verb
POST
Parameter
Type
Description
upload
multipart POST
The file being uploaded
secure
string
Specifies whether the document (via the Vuzit viewer) should be public or private: 0 - Public 1 - Private
download_document
string
Specifies whether the uploaded document should be available for download: 0 - No 1 - Yes
download_pdf
string
Specifies whether a PDF should be generated and available for download: 0 - No 1 - Yes Note: Ignore this option if you are uploading a PDF file, and simply use the download_document parameter instead.
file_type (optional)
string
The short extension of the file type of the document to be uploaded (e.g. pdf, doc, ppt, etc.) This parameter
is required if the file does not have an extension in the filename, and specifying this parameter overrides any existing extension that appears in the filename.
A successful interaction returns an HTTP response code of
201, and an XML or JSON response with the
web_id of the newly created document. The web_id is a unique Vuzit
identifier string that is the primary identifier for the
document. The web_id is required in order to interact with the document
Example Successful XML Response
oc
Example Successful JSON Response
{"document":{"web_id":"oc"}}
Responses that return errors are covered in the Failure
Responses section.
Viewing Your Uploaded Documents
Uploaded documents can be managed in your
Dashboard,
and are ready to be integrated into web pages using the JavaScript API.
The
Viewer::fromId() function is
used to display the document using the web_id that was returned by the
create method. Example
JavaScript code is available to illustrate this method to display a public
document. For documents that are secure, you must send the signature and
timestamp authentication parameters into the Viewer constructer.
index
This method will retrieve or search all documents in your account (i.e.
repository search). A query string may be sent with the request, along with
desired formatting (minimal or summary). This interface requires the authentication parameters to be specified.
Method
index
HTTP Verb
GET
Parameter
Type
Description
query
string
Optional search query.
output
string
Optional formatting can be specified as minimal or complete. Minimal just returns the web_id of each document that contains the search query, and complete provides additional details that are useful for building search engine results pages (SERPs) in your application.
limit
integer
Optional. The maximum number of results to return. Can be used in conjunction with the offset parameter to slice the results as needed.
offset
integer
Optional. Skip the first N results, where N is the supplied offset. Can be used in conjunction with the limit parameter to slice the results as needed.
A successful interaction returns an HTTP response code of
200. The XML or JSON response contains a number of
attributes about the document. Responses that return errors are covered in the
Failure Responses section.
Example XML Request
This returns all documents stored in the account.
Method
show
HTTP Verb
GET
Format
XML
URL
http://vuzit.com/documents.xml
<?xml version="1.0" encoding="UTF-8"?>
edb3
Example JSON Request with Search
This returns all documents stored in the account that contain the string "Vuzit ROCKS"
This method will download a document in your account, or
retrieve associated information about that document.
Method
show
HTTP Verb
GET
Parameter
Type
Description
web_id
string
A unique Vuzit identifier returned from the create method. This parameter precedes the format in the URL of the request (e.g. http://vuzit.com/documents/oc.xml).
Only for downloading a PDF document, and entirely optional. This will place the specified string directly on each page of the document. Note: This parameter must also be added to the signature for authentication (see Generating a Signature).
signature
string
Optional for Public documents unless the watermark parameter is specified. Unique Base64-encoded HMAC-SHA1 (see Generating a Signature).
Download PDF with SSL (see create for permissions)
https://ssl.vuzit.com/documents/[web_id].pdf
Responses
A successful interaction returns an HTTP response code of
200. The XML or JSON response contains a number of
attributes about the document, and downloaded documents return a binary stream.
Responses that return errors are covered in the Failure
Responses section.
Example XML Request
Note that documents where the secure
flag is set require the authentication parameters.
Example Download Request (Microsoft Word Document)
This is an example where a Microsoft Word document was uploaded via create, and the download_document parameter
was specified as a 1 so it is available for download.
Note that documents where the secure flag is
set require the authentication
parameters.
This is an example where a Microsoft Word document was uploaded via create, and the download_pdf parameter was
specified as a 1 so a PDF is generated and available for
download. Alternatively this will work if a PDF is uploaded via create and the download_document parameter
was specified as a 1.
Note that documents where the secure flag is
set require the authentication
parameters. If the watermark parameter is specified, then you must specify the authentication parameters regardless of whether or not the secure flag is set.
This method will remove a document from your Vuzit account.
Method
destroy
HTTP Verb
DELETE
Parameter
Type
Description
web_id
string
A unique Vuzit identifier returned from the create method. This parameter precedes the format in the URL of the request (e.g. http://vuzit.com/documents/oc.xml).
A successful interaction returns an HTTP response code of
200. It does not return any
XML or JSON. Responses that return errors are covered in the Failure Responses section.
Pages API
The URL of the request determines the output format (JPG, JSON, or XML), and
whether or not to use SSL
transport layer security. Examples are given below, and more examples can be
found in our Javascript code
samples. This API does not contain a create or
destroy method and can only be performed on the entire
document using the Documents API.
index
This method returns the text that is contained on a page, and is ideal for
online marketing purposes (SEO and SEM). Note that documents where the
secure flag is set require the authentication parameters.
Method
index
HTTP Verb
GET
Parameter
Type
Description
web_id
string
A unique Vuzit identifier returned from the create method of the Documents API.
included_pages
string
The range of pages from which text should be returned. Indexing begins at 0. This can be something as complicated as: "0-1,4-6,81,83,96-103"
A successful interaction returns an HTTP response code of
200 with the JPEG file in the body of
the message. Errors are returned as an HTTP 403
Forbidden message.
We typically refer to the process of downloading an image from the Pages
API collectively as the Image API. This method will download
a page of a document at a particular zoom level. Currently Vuzit uses the JPEG file format. One of the
major benefits of the Image API is that it can be used directly in an HTML
<img> tag. Note that documents where the
secure flag is set require the authentication parameters.
Method
show
HTTP Verb
GET
Parameter
Type
Description
web_id
string
A unique Vuzit identifier returned from the create method of the Documents API.
page
string
The page number of the document. Indexing begins at 0.
z
string
Image API only. The zoom level of the document. Most Vuzit accounts have 3 zoom-levels plus a thumbnail image. Indexing begins at 0 (and typically up to z=2). This option cannot be used in conjunction with the t option to request a thumbnail.
t
string
Image API only. This option specifically requests a thumbnail image (e.g. t=thumb). This option cannot be used in conjuction with the z option to request a specific zoom level.
A successful interaction returns an HTTP response code of
200 with the JPEG file in the body of
the message. Errors are returned as an HTTP 403
Forbidden message.
Example JPEG Requests
Examples of downloading thumbnail and a particular zoom level
are given below. More examples can be found in our Javascript code
samples.
The URL of the request determines the output format (JSON or
XML), and whether or not to use SSL
transport layer security. The Events API does not contain a
show, create, or destroy method.
index
This method provides a search interface
where the search results are returned as either XML or JSON. You
can query for each event type that is supported by the viewer,
and the custom attributes that may have been applied (e.g.
typically used for a username in your application).
Method
index
HTTP Verb
GET
Parameter
Type
Description
web_id
string
A unique Vuzit identifier returned from the create method.
Optional. If you associated a custom attribute with your viewer instances, then you can query based on this field as well. This is typically used to associate a username in your application to a specific viewer instance.
limit
integer
Optional. The maximum number of results to return. Can be used in conjunction with the offset parameter to slice the results as needed.
offset
integer
Optional. Skip the first N results, where N is the supplied offset. Can be used in conjunction with the limit parameter to slice the results as needed.
The following events are currently tracked by the standard
Vuzit viewer, and have a number of attributes associated with them:
document_loaded: returns the IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the document is opened.
document_unload: returns the IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the document is closed.
page_view: returns the IP address, user agent, agent, referer, time requested (since EPOCH), seconds-on-page, and any custom attributes for each page view within a document
download_original_click: returns the IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the Download button is clicked.
download_pdf_click: returns the IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the Print PDF button is clicked.
zoom_in: returns the page number, IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the reader zooms-in on a particular page.
zoom_out: returns the page number, IP address, user agent, referer, time requested (since EPOCH), and any custom attributes when the reader zooms-out on a particular page.
Responses
A successful interaction returns an HTTP response code of
200. The XML or JSON response contains
all of the attributes described above. Responses that return
errors are covered in the Failure
Responses section.
Example XML Request (document_loaded)
Note that documents where the secure flag is set require
the authentication parameters.
76.124.109.32document_loaded7678141otohttps://ssl.vuzit.com/user/view/1oto?oid=3Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.51260307295
Example JSON Request (page_view)
Note that documents where the secure flag is set require
the authentication parameters.
Most requests require authentication which protects you from
unauthorized and malicious use of your account. This is achieved
by passing in your public key, a specially constructed signature,
and a timestamp. You may be able to skim the remainder of this
section and jump right to the Example Authentication Code.
The Vuzit REST API uses an HTTP authentication scheme based on a keyed-HMAC
(Hashing for Message Authentication) signature for authentication as defined by
RFC 2104. This scheme should
be familiar to developers of the popular Amazon S3 web service.
Public and Private Keys
Go to the Settings page to retrieve your keys (requires login).
The timestamp is used as part of the authentication process and ensures that
a request is only valid for a limited amount of time. The intention of these
restrictions is to limit the possibility that intercepted requests could be
replayed by an adversary. For even stronger protection against eavesdropping,
we offer an encrypted connection using SSL.
Generating a Signature
To authenticate a request, you first concatenate several parameters into a
string, and then apply the HMAC-SHA1 algorithm using your Private
Key to get the signature. This is informally called signing
the request, and we call the output the signature
because it simulates the security properties of a real signature.
The algorithm takes as input two byte-strings: a key and a message. The output
of HMAC-SHA1 is also a byte string, called the digest. The Signature request
parameter is constructed by Base64 encoding this digest.
The output of HMAC-SHA1 is also a byte string, called the digest. The Signature
request parameter is constructed by Base64 encoding this digest. The show and destroy methods must be
URL-encoded (i.e. CGI escaped), but not the create
method. The following procedure describes how to create the signature:
Produce the string_to_sign by concatenating the following parameters together into a single string without spaces:
Web Service APIs, in general, are language-agnostic so we have
provided some example code you can use in different server-side systems.
These examples will only generate the signature and timestamp
for you, and are not complete examples.
