Introducing LuxSci’s new API
LuxSci has just released it a new API for automated access to management of users and accounts. The new RESTful API has been re-written from the ground up with a focus on security and usefulness.
The old APIs work well, but are based on “old technology” (e.g. SOAP) which was the golden boy for API usage many years ago, but which has since been replaced by RESTful APIs as an industry standard. We are taking this opportunity to re-tool our APIs using REST and modern API security techniques, and then to expand these APIs to provide more and more integration pathways with LuxSci.
This first release replaces the now-deprecated SOAP-based “User API” and enables the API access to:
- Getting and updating user profile contact information
- Changing user passwords
- Retrieving user preferences
- ManagingWebAides (Contacts, Calendars, Tasks, Notes, and Links):
- Creating and deleting WebAide containers
- Creating, retrieving, deleting, and updating individual entries
- Creating, deleting, and updating entries in bulk
- Retrieving lists of entries
- Retrieving list of entries that have been added/updated/deleted since your last check (e.g. for writing synchronization programs)
Additionally, access to user-data can be had in either of the following two ways:
- Using your API codes + the user’s username and password, for when you need to distribute your API codes and want them to be unusable without the addition of a user password. This is great for App-based access to user data such as calendars.
- Using just your API codes, for when you will have full control over your API codes and thus can allow them administrative access to all of your users without additional information. This makes user management very simple.
Flexible Access Control
The new API has many layers of access control to enable you to lock down your API codes to whatever degree is necessary. Some of these include:
- IP Allow lists. Instead of allowing access from anywhere, you can restrict your API codes to be only accessible from specified IP addresses and ranges.
- Opt-in functionality. Only those aspects of the API that you have “opted in” to will be accessible for your API codes. E.g. you could make APIs that are “read only on Address Books” and no other functionality. APIs that only allow changing passwords, etc. You control the level of access for your API codes; your API will also not “gain scope” over time through the addition of new API commands unless you opt into their use.
- Protected users. Optionally select user(s) that are exempted from your API’s access. For example, you may wish to exempt your administrative accounts from API access for security reasons.
- Multiple APIs. You can define multiple sets of “API codes” with differing types of access for different purposes.
How do I use the API?
We have PDF guides for getting started and using all of the functions available in the API. These can be downloaded by anyone with a regular or trial LuxSci account here:
In the coming weeks, the new API will be expanded:
- The old SOAP- and CGI-based account APIs will be deprecated as the functionality for managing users, domains, aliases, and other account features is added in to the new API.
- Completely newfunctionalitywill be added, such as:;
- Sending email messages
- Single sign on
- Downloading reports
- and more…
What about the old APIs? These will still function, so those with existing scripts can continue to use them. However, we will no longer be supporting the old API and will not be adding any non-security-related updates to it going forward. We do recommend that folks migrate to the new API.
Do you wish you could do something specific with a LuxSci API? Let us know!