This repository contains the source code for the StatPro Revolution Web API Explorer web application.
The StatPro Revolution Web API Explorer allows users to extract their Revolution data from the Revolution Web API interactively, using a simple web interface. It allows you to explore the features of the Web API, and shows what types of data the Web API can (and by inference) can't extract.
The Web API Explorer exposes only a subset of available functionality of the StatPro Revolution Web API, intended for illustrative and tutorial purposes.
The source code for the Web API Explorer is provided as Open Source under the MIT License.
You should not expect the application as listed here to build and/or run successfully. Various items of information relating to security have been intentionally removed from this version.
The StatPro Revolution Web API allows client applications to access user data from the StatPro Revolution system programmatically.
User authentication and authorization is handled by StatPro OAuth2 Server, which in the case of Server-side Web applications (as well as Native applications) uses OAuth 2.0's 'Authorization Code' flow.
To run your own Server-side Web application, you must first register it with StatPro.
For more information:-
- Revolution Web API
- Revolution OAuth2 Server
- Registering your own application
- Server-Side Web applications
- OAuth 2.0
- OAuth 2.0 Threat Model and Security Considerations
- Revolution Web API and OAuth2 Support
The application's source code shows developers how to:-
- write a Server-side Web Application that interacts with the StatPro Revolution OAuth2 Server (using the OAuth 2.0 'Authorization Code' flow) to get access tokens and refresh tokens
- get data from the Web API using an access token
- follow the approved workflow for accessing resources that are exposed by the Web API
- get portfolios, analysis and results data from the Web API
- detect if the Web API has returned one of its specific errors
- detect if the Web API has rejected the access token because it has expired
- get a new access token from a refresh token
- re-prompt the user for access if getting an access token from a refresh token fails
- get requestable analytics measures programmatically, in XML format.
On the server-side, the application is written using C# 5, .NET 4.5 and ASP.NET MVC 4. The website's views use Razor.
It is on the server that the code talks to the OAuth2 Server and the Web API; the client-side code (i.e. JavaScript) is not able to do either of these things because:-
- the StatPro Revolution OAuth2 Server does not support the OAuth 2.0 'Implicit Grant' flow
- the browser's Same Origin policy only allows the JavaScript to talk to its own webserver via AJAX
- JSONP cannot be used to talk to the Web API due to the need to set to request headers (e.g. to specify the access token)
- the Web API does not support CORS.
The main logic of the application is in the client-side code, which essentially uses the webserver as a proxy for talking to the OAuth2 Server and the Web API. These two tasks are performed by the code in the following files:-
- Code\Decoupling\Implementations\OAuth2ServerAccess.cs
- Code\Decoupling\Implementations\WebApiAccess.cs
- Code\Decoupling\Implementations\GlobalStateAccess.cs
This repository may not reflect the latest version of the StatPro Revolution Web API Explorer website.
The Visual Studio solution in this repository is a cut-down version of the full solution. Various items of information relating to application security (including the OAuth 2.0 client secret) have been removed.
The Web API Explorer does not surface every single feature of the Revolution Web API. See the Web API's documentation website for full details of its capabilities.
(c) Copyright 2013-2022 StatPro Ltd. - a member of StatPro Group plc
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.