RefWorks REST Interface
Overview
Overview
This API exposes the majority of RefWorks functionality in a REST format.  The API is divided into several classes.  Each class handles a specific category of RefWorks functionality.  Within each class, there are one or more methods that provide specific functionality within a given class.  For instance to perform a Google-like search on a specific account you would make a call to the quick method of the Retrieve class.
Format of REST Call
Each call is broken into four sections: Base URL, Call Signature, Call Specific and Session ID.
Base URL
www.refworks.com/api2/
Call Signature
Each call is authenticated via a call signature which is created based on a RefWorks assigned AccessKeyID, SecretCode and other parameters.  This is described below in more detail.
Call Specific
Always includes at least a "class" and "method" parameter.
Session ID
Each Session is initiated with a call to newsess which returns a Session ID. Session ID are valid for up to 20 minutes after the last API call. The session id then must be passed in the sess parameter in all subsequent calls. The newsess function is one of the few API calls that does not require a Session ID
Signature - Authenticating REST Request
Each REST call must pass a Signature which is compared with a signature created on the server. If the 2 match than access is granted. A user of the Web services is provided an AccessKeyID which uniquely identifies auser. Also provided with this AccessKeyID is a Secret Access key which should be kept private by the user. Note that this is very similar to the signature used in Amazons S3 technology.
Query String Parameterexample valuedescription
accesskeyidwd$3wrfderddmlYour AccessKeyID.
expires1224866080931The time when the signature expires, specified as the number of milliseconds since the epoch (00:00:00 UTC on January 1, 1970). A request received after this time (according to the server), will be rejected. Note that an allowance of 5 minutes is made to account for server synchronization issues.
signatureqMUcsnrYm3CvmGkO5/rqiSkd0CEThe URI encoded signature which is describe in detail below

The Signature is created by concatenating <class of call>+ <AccessKeyID> + <expires> and then running the result through a Base64 encoding of the HMAC-SHA1, passing it   <secret Access Key> as the encoding key
For example, if your Secret Access Key = dfgwv$djfhe108, your AccessKeyID = wd$3wrfderddml and you are making a call to class=retrieve you should get the following signature:
class=retrieve&accesskeyid=wd$3wrfderddml&expires=1224873890294&signature=SAvNT7%2Fq9R3TflOqzaTSfB%2B6VJg%3D

If any aspect of the Signature authentication is incorrect the REST call will return a HTTP status value of 400 with a detailed description of the issue so as to aid the developer in debugging the issue.
Response XML
All responses begin with an RWResult element. This element contains the result, the processTime and a detail result message attributes.  The RWResult contains a CallInfo element which gives more generic details about the call.   This is then followed by function specific XML element which is defined in the function's documentation.
Classes
Attachments Class | Authentication Class | Authors,Descriptors,Periodicals,Folders Class | Batch Class | Deleted Class | ImportFilter Class | Manuscript Class | MyList Class | OutputStyle Class | Properties Class | PubMed Class | Reference Class | Retrieve Class | RSS Class | SavedSearch Class | ShareProperties Class | Subscriber Class | SubscriberPrefs Class | User Class | Utility Class | Z39 Class
Modifications
View All API Modifications


C O N F I D E N T I A L