Accessing Content via API
API Keys
API keys allow you to programmatically access content on Posit Connect and use the Connect Server API. They are a substitute for logging in to Connect to publish or access content.
All account types are able to use API keys, though the set of allowable operations varies according to the type of account and content sharing settings. Some example uses:
- Users with administrator accounts can use the Connect Server API to understand which users have logged into Connect.
- Users with publisher accounts can use
rsconnect-python
to publish Shiny applications to Connect. - Users with viewer accounts can write code to download data sets from a pin published by one of their colleagues.
An API key is associated with the user who creates it. API keys are not associated with any specific content item. API keys allow access to the Connect Server API and also to published content. An API key is granted a user role equal to or less than your own role. Your API key has the same rights and permissions as you, subject to role restrictions. If you are able to visit some content using the Connect dashboard, your API key can be used to programmatically interact with that same content.
You may create an API key with a more restrictive role than you by designating the role at creation time. For example, administrators can create “publisher” API keys which are not permitted to perform administration activities. A publisher can use a “viewer” API key to call a hosted Plumber API; that same key cannot publish content.
You may not create a key with a more permissive role than your own. You may not modify the role of a key after it is created. If your user account is ever demoted to a more restricted role (e.g., from administrator to publisher), any existing keys with a more permissive role belonging to your account are effectively restricted to your new role.
It is a recommended practice to create a new API key for each external tool that needs access to content hosted on Connect, and to give each key a name that helps you identify the tool that uses it. When the tool no longer needs access, or if you cannot trust the key at any time, you can quickly revoke access by deleting the key.
API keys need to be allowed through an authentication proxy in order to reach Connect. The Proxied Authentication section of the Posit Connect Admin Guide has more information about adding API key support to your proxy.
Note that RStudio handles authentication differently. For more information on connecting with the RStudio, see the Publishing from RStudio page.
To access content with an API key, you must provide an HTTP header whose key is Authorization
and value is Key THE_API_KEY
. The X-RSC-Authorization
header is also accepted in a similar fashion.
All requests to content must be made to the target URL of the published content. You can find the target URL by clicking the Open Solo button in the upper-right of the Content View page. (Note: on narrow screens, the Open Solo button might be located in the … menu in the upper-right of the Content View.)
Creating and deleting an API key
To create an API key, click on the circular picture in the top-right portion of the screen. The picture might have your username next to it if you are viewing Posit Connect on a large screen.
Click Manage Your API Keys in the menu that appears. This takes you to the API Keys page.
On the API Keys page, click New API Key and follow the prompt to name your API key and select its role.
After creating an API key, you can view the key and are given an opportunity to put it in a safe location. Once you close the dialog, you will not be shown the API key again. This helps to keep your user account safe.
If you have lost an API key, or if you simply don’t need to use the API key anymore, remove the API key by clicking the trash bin icon on the far right column of the API key list.
When you click the trash bin icon, Connect prompts you to confirm that you want to delete the API key. Successfully deleting the API key shows a green status message at the top of the screen.
Using an API key
This section contains examples of how to use API keys to obtain or interact with content deployed to Posit Connect. These examples assume that your Posit Connect API key is available in the environment variable CONNECT_API_KEY
.
export CONNECT_API_KEY=q9R4ylb3K3RPB7AB46il8mxjjcYsaClW
The examples in this section use the curl
command-line utility to perform basic authenticated API key requests against content hosted by Posit Connect.
The Using API keys from code section shows how to make these same requests from Python and R. The Connect Server API Cookbook contains recipes which interact with the Connect Server API using API keys.
Static content
You can use API keys to download resources associated with static content (plots and previously rendered HTML).
Assume you have published a plot to Posit Connect and it has the URL: http://connect.company.com/content/24/target.html
.
Download this content using your API key and the curl
command-line program:
curl -O -H "Authorization: Key ${CONNECT_API_KEY}" \
"http://connect.company.com/content/24/target.html"
The -O
option tells curl
to write a file named by the remote filename. In this case, it would write to the target.html
file.
Write to a different filename (output.html
in this example) using the -o
option:
curl -o output.html -H "Authorization: Key ${CONNECT_API_KEY}" \
"http://connect.company.com/content/24/target.html"
API content types
You can use API keys to make authenticated requests to API content such as Flask, Plumber, FastAPI, TensorFlow Models, and types that build off of those frameworks like Tableau Analytics Extensions and Vetiver.
Authenticated requests are required for API content set to either of the following sharing settings:
- All users - login required
- Specific users or groups
API content set to the “Anyone - no login required” setting (only available in select Connect licenses) does not require authenticated requests to access.
Plumber API example
Using the plumber
API definition:
## plumber.R
#* @get /mean
<- function(samples=10){
normalMean <- rnorm(samples)
data mean(data)
}
The function normalMean
is exposed through the /mean
endpoint. It takes an optional samples
query argument.
Assume this Plumber API is available on Posit Connect with the URL: http://connect.company.com/my-api/
.
You can call this API using an API key and the curl
command-line program:
curl -H "Authorization: Key ${CONNECT_API_KEY}" \
"http://connect.company.com/my-api/mean?samples=5"
Using API keys from code
This section shows how to use API keys from your Python and R code.
All of these examples assume that your Posit Connect API key is available in the environment variable CONNECT_API_KEY
and the base URL to your Posit Connect server is in the CONNECT_SERVER
environment variable.
These environment variables need to be set up in your local environment.
export CONNECT_API_KEY=q9R4ylb3K3RPB7AB46il8mxjjcYsaClW
export CONNECT_SERVER=https://connect.company.com/
Python with posit-sdk
The posit-sdk
package wraps the APIs of Posit’s professional products in a Pythonic interface. Many features of the Connect Server API, such as content and users, are exposed through classes and methods in the package, but you can also use it to make arbitrary requests of any endpoint on Connect.
If CONNECT_SERVER
and CONNECT_API_KEY
are specified in environment variables, you don’t need to pass them to the Client
constructor.
# -*- coding: utf-8 -*-
from posit import connect
= connect.Client()
client
= client.get("/content/24/mean", params = { "samples": 5 }).json() result
The result
object is defined by parsing the JSON response data. It contains the result computed by normalMean
in our Plumber API.
R with connectapi
The connectapi
package makes it easy to work with the Connect Server API from R. Like the Python SDK, there are many convenience functions defined, but you can also make requests of any endpoint.
Here as well, when CONNECT_SERVER
and CONNECT_API_KEY
are specified in environment variables, they are picked up automatically by connect()
.
library(connectapi)
<- Sys.getenv("CONNECT_SERVER")
connectServer <- Sys.getenv("CONNECT_API_KEY")
connectAPIKey
<- httr::GET(connectServer,
resp path = "/content/24/mean",
query = list(samples = 5),
add_headers(Authorization = paste0("Key ", connectAPIKey)))
<- httr::content(resp, as = "parsed") result
The result
object is defined by parsing the JSON response data. It contains the result computed by normalMean
in our Plumber API.