UDJ REST API 0.7

This page serves as general documentation for the UDJ REST API.

Methods

Methods are presented in the following form: [METHOD_TYPE] uri/to/method. When actually making calls to the API, all urls should be prefixed with /udj/0_7.

All timestamps are in UTC time and must be formatted according to the ISO 8601 format using this format:

YYYY-mm-ddTHH:MM:ss

Sections

1. JSON Data Structures
2. User Creation

Authentication

[POST] /auth

The auth method allows a client to authenticate with the webserver and must be executed before any further communication between the client and the server can take place. Included in the post information should be three parameters: username, password. If the username and password combination is valid, the server will return a JSON object containing a ticket hash and the user's assigned id.

Example response from the server:

{ 
  "ticket_hash" : assigned ticket hash, 
  "user_id" : id 
}

All subsequent requests must be sent with the given ticket in the header like so:

X-Udj-Ticket-Hash: assigned ticket hash

If any of the methods specified below are called without this ticked in the header, an HTTP 401 response will be returned. If any of the methods below are called with an invalid ticket in the header, an HTTP 401 response will be returned. In either case the WWW-Authenticate header will be set to the value ticket-hash. Ticket's may become invalid at any time.

If the username and password combination is invalid a 401 response will be returned. The WWW-Authenticate header will be set to password.

Server Capabilities

[GET] /sorting_algorithms

Retrieves a JSON Array of available playlist sorting algorithms JSON Objects.

Player Search Methods

[GET] /players/latitude/longitude{?radius=search_radius&max_results=max_search_results}

This method allows a client to retrieve a list of nearby, active players based on the current location of client. Supplied are the latitude and longitude which specify where to search for players (i.e. the location of the client). This method returns a JSON array of player objects.

An optional radius parameter may be specified, thus indicating the desired search radius for the query. The radius should be specified in kilometers. If no radius is specified, the server will fallback to it's own desired default.

An optional max_results parameter may be specified, thus indicating the desired maximum results for the server to return.

If the server finds the specified radius unaccepatable (i.e. it's too big or too small), an HTTP 406 response will be returned with the header X-Udj-Not-Acceptable-Reason set to bad-radius. The response will also contain a JSON object indicating the range (in dijkstra notation) of acceptable radii. The JSON object will have the following form:

{
  "min_radius" : Minimum search radius in kilometers (inclusive),
  "max_radius" : Maximum search radius in kilometers (exclusive)
}

[GET] /players?name=name_of_player{&max_results=max_search_results}

This method allows a client to retrieve a list of all active players that have a name similar to the name parameter. A JSON array of Player objects is returned. If no players are found matching the specified name, an array of length zero will be returned.

An optional max_results parameter may be specified, thus indicating the desired maximum results for the server to return.

Player Creation Methods

[PUT] /players/player

Creates a new player. The owner is set to the user calling this method. This method should be given the following JSON:

{
  "name" : name of player,
  "location":{
    "address": Address where player is located (optional),
    "locality": Locality/City where player is located (optional),
    "region": Regions, State, or Providence where player is located (optional),
    "postal_code": Postal code of where player is located,
    "country": Country in which the player is located,
  },
  "password" : password,
  "sorting_algorithm_id" : id of the sorting algorithm to be used for the playlist
}

The location, password, and sorting_algorithm_id attributes are optional. If successful, a 201 response will be returned with the body set to a Player JSON object representing the player that was created. Two permission groups for the player will also be automatically created: owner and all_users. The owner group will consist of just the player creater (the user calling this method) and the all_users group will consist of any user who happens to join the player. Permissions for the player will be set to defaults deemed reasonable by the server implementation.

If the user already has a player with the same name, a 409 response is returned. Note that the content-type header must be set to text/json, or the server will return a 415 error. If the JSON is malformed a 400 response will be returned with the response "Bad JSON". If no name for the player is given, a 400 repsonse will be returned with the response "No name given". If the location JSON is malformed, a 400 response will be returned with the response "Bad location". If the location given can't be found by the server, a 400 response will be returned with the resposne "Location not found". If the given password does not conform to what ever standards the server has set for passwords, a 400 response will be returned withe the body "Bad password". If the sorting_algorithm specified is unknown to the server, a 404 response will be returned with the X-Udj-Missing-Resource header set to sorting-algorithm.

Player Administration Methods

[GET] /players/player_id/enabled_libraries

Retrieves a JSON array of Library JSON objects representing the libraries that are enabled on the player specified by player_id.

[PUT] /players/player_id/enabled_libraries/library_id

Enabled the library specified by library_id for the player specified by player_id. The calling user must have permission to enable libraries on the player and must have read access to the library they're enabling otherwise an Http 403 response is returned.

[DELETE] /players/player_id/enabled_libraries/library_id

Disables the library specified by library_id for the player specified by player_id. The calling user must permission to disble libraries on the player otherwise an Http 403 response is returned.

[POST] /players/player_id/password

Changes the password of the player specified by player_id to the string specified by the password POST parameter. If the given password does not conform to what ever standards the server has set for passwords, a 400 response will be returned with the body "Bad password".

[DELETE] /players/player_id/password

Removes the password on the player specified by the player_id. If the player never had a password to begin with a 404 response is retured with the X-Udj-Missing-Resource header set to password.

[POST] /players/player_id/location

Changes the location of the player specified by player_id to the specified location. That means the POST must contain the following parameters: postal_code and country. The following additional parameters can be given to increase the accuracy of the resolved location: address, locality, and region. If the given location can not be found by the server then a 400 response is returned with the body set to 'Bad location'

[POST] /players/player_id/sorting_algorithm

Changes the sorting algorithm of the player specified by player_id to the specified algorithm id. That means the POST must contain the sorting_algorithm_id parameter. If the given an unknown sorting algorithm id the server will return a 404 response with the X-Udj-Missing-Resource header set to sorting-algorithm.

[POST] /players/player_id/state

Sets the state of the player. A call to this method must include a parameter called state. state must be one of the following values:

1. playing
2. paused
3. inactive

If state does not have one of the values or is not provided, a 400 response is returned.

[POST] /players/player_id/volume

Sets the current volume of the player. The parameter volume should be included and be a whole number in range 0 <= x <= 10 . If no number is provided, or a number outside of the range is provided a 400 response will be returned.

[PUT] /players/player_id/kicked_users/kick_user_id

This method kicks the user specified by the kick_user_id from the player specified by player_id. If no such user is currently participating with the player, an Http 404 response is returned with the X-Udj-Missing-Resource header set to user.

[PUT] /players/player_id/banned_users/ban_user_id

This method bans the user specified by the ban_user_id from the player specified by player_id. If the user is currently participating with the player, they are kicked. Upon successfully adding the user to a list of banned user, an Http 201 response is returned. If no such user exists an Http 404 response is returned with the X-Udj-Missing-Resource header set to user.

[DELETE] /players/player_id/banned_users/banned_user_id

This method removes the ban on the user specified by the banned_user_id from the player specified by player_id. If no such user was banned from the player, an Http 404 resposne is returned with the X-Udj-Missing-Resource header set to user.

[GET] /players/player_id/banned_users

Retrieves a JSON Array of User objects representing users that have been banned from the player.

[GET] /players/player_id/permissions

Retrieves a Player Permission objects representing all of the permission settings for this player.

[PUT] /players/player_id/permissions/permission_name

Adds groups to the permission specified by permission_name. The groups should be specified by their names in a JSON array. For example: if we wanted to add the groups "friends" and "admins" to the enable_library permission we would use

/udj/0_7/players/player_id/permissions/enable_library

With the body set to the JSON:

["friends", "admins"]

[DELETE] /players/player_id/permissions/permission_name

Removes groups from the permission specified by permission_name. The groups should be specified by their names in a JSON array. For example: if we wanted to remove the groups "enemies" and "non-admins" from the disable_library permission we would use:

/udj/0_7/players/player_id/permissions/disable_library

With the body set to the JSON:

["enemies", "non-admins"]

[POST] /players/player_id/permissions

Changes the permissions for the player. This call takes to parameters:

1. permissions is a JSON array of each permission to change.
2. groups is a JSON array of the group names that should be assigned to each permission in the permissions array.

Example: If we wanted to set set_location to only be allowed for members of the admin group and the ban_users to only be allowed for the owner and admin groups the following post parameters would be used:

permissions=["set_location", "ban_users"]&groups=[["admin"], ["owner","admin"]]

[GET] /players/player_id/permission_groups

Retrieves a JSON Array of Permission Group objects representing all of the permission groups this player has.

[PUT] /players/player_id/permission_groups/group_name

Creates a new group specified by group_name for the player specified by player_id.

[DELETE] /players/player_id/permission_groups/group_name

Deletes the group specified by group_name for the player specified by player_id.

[POST] /players/player_id/permission_groups

Adds and removes the groups specified by the to_add and to_remove parameters. The values for these parameters should be JSON arrays containing the group names to be added and removed respectively.

[GET] /players/player_id/permission_groups/group_name/members

Retrieves a JSON array of user ids corresponding to the users who are members of the group specified by group_name on the player specified by player_id.

[PUT] /players/player_id/permission_groups/group_name/members

Adds users to the group specified by group_name on the player specified by player_id. The body of the request should contain a JSON array of user ids that should be added to the group.

[DELETE] /players/player_id/permission_groups/group_name/members

Removes users to the group specified by group_name on the player specified by player_id. The body of the request should contain a JSON array of user ids that should be removed from the group.

[POST] /players/player_id/permission_groups/group_name/members

Adds and removes users from the groups specified by group_name on the palyer specified by player_id. The two parameters, to_add and to_remove should be JSON arrays containing the users to add and remove repsectively from the group.

Player Interaction Methods

In all the methods below, if the player exists but is currently inactive, a 404 response with the X-Udj-Missing-Resource header set to player and the X-Udj-Missing-Reason header set to inactive.

The initial participate method must be called by the user before any other methods on the player are called. The only exception to this is the owner of the player. It is assumed that if the player is currently active, the owner is participating. Note that admins must still call the initial participate method. If this method is not called, all other method calls will return a 401 response with the WWW-Authenticate header set to begin-participating.

If the user ceases interaction with the server for a certain period of time, the server MAY consider the user as no longer participating. Interaction is considered calling any of the player interactoin methods below. If the server decides to consider the user as no long participating, the user must call the initial participate method again before it can continue interaction with the player (otherwise all other palyer interaction methods will return a 401 response with the WWW-Autenticate header set to begin-participating).

At any point during participation, the user may be kicked from the player. The user must call the initial participate method again before it can continue interaction with the player (otherwise all other palyer interaction methods will return a 401 response with the WWW-Autenticate header set to kicked).

[PUT] /players/player_id/users/user

This method allows the user specified to start participating with the player specified by player_id. If the player requires a password, The request body should have the following JSON in it:

{
  'password' : 'password for player'
}

If successful, the server returns a 201 response. If the player requires a password and none was sent, a 401 response will be returned with the WWW-Authenticate set to player-password. Server's are also allowed to limit the number of participants in a given player. If the current player is full, an Http 403 response will be returned with the X-Udj-Forbidden-Reason set to player-full. If ther user has been banned from the player, an Http 403 response with the header X-Udj-Forbidden-Reason set to banned will be returned. If the owner attemps to call this method on their own player an Http 400 response will be returned. If the JSON provided is invalid for any reason this method will return an Http 400 response. If JSON is provided but the content-type header is not set to text/json and Http 415 response will be returned.

[DELETE] /players/player_id/users/user

This method informs the server that the calling user is no longer participating with the player. The client SHOULD call this method when they're done participating. If the user was never particiapting in the first place, an Http 404 response is returned with the X-Udj-Missing-Resource header set to user. If the owner attemps to call this method on their own player an Http 400 response will be returned

[GET] /players/player_id/users

Returns a JSON array of User objects corresponding to all of the users who are currently participating with the player identified by player_id.

[GET] /players/player_id/admins

Retrieves a JSON Array of User objects representing the admins for the given player.

[GET] /players/player_id/song_sets

Gets a JSON Array of Song Set JSON Objects on the player. If the player has no song sets an empty JSON Array will be returned.

[GET] /players/player_id/available_music?query=query{&max_results=maximum_number_of_results}

Get the available music for an player that matches the specified query and returns a JSON array of Library Entry objects. An optional maximum number of results can also specified but setting the max_results parameter. The query parameter may not be empty. If it is, a 400 response is returned.

[GET] /players/player_id/available_music/artists

Gets a JSON Array of strings containing all the artists on a given player. The Content-Range header field may be used to restrict the range of responses retrieved from the server.

[GET] /players/player_id/available_music/artists/artist_name

Gets a JSON Array of LibraryEntry JSON objects corresponding to all the songs that the player has which are by the artist specified by artist_name. May return an empty array if the player has not songs by the given artist.

[GET] /players/player_id/recently_played{?max_songs=maximum_number_of_songs}

Get's a JSON Array of Played Active Playlist Entry objects that have been recently played. They are sorted with the song most recently played being at the beginning of the list and the song least recently played at the end of the list. The client may specify the maximum number of Played Active Playlist Entry objects it would like to receive with the max_songs parameter. The server reserves the right to arbitrarily cap the maximum number of results it returns.

[GET] /players/player_id/available_music/random_songs{?max_randoms=number_desired}

Get a random set of songs from the set of available music on the player specified by player_id. A JSON array of Library Entry objects is returned. The number of Library Entry objects returned will be some default value set on the server, but can also be specified using the max_randoms parameter. This parameter will ensure no more than number_desired results are returned. That said, the server may return less than number_desired. number_desired must not be 0. If it is, a 400 response is returned.

For example, if a client wished to retrieve no more than 20 random songs from a player with a player_id of 3, they would use the following URI:

/udj/0_7/players/3/available_music/random_songs?number_of_randoms=20

The server may also reserves the right to arbitrarily cap the maximum number of random songs it will return. However, this cap may not be any lower than 20.

[POST] /players/player_id/current_song

Sets the currently playing song to the song specified by the id and library_id parameter. This method can only be run by the owner of the player or a player admin (otherwise an Http 403 response is returned). If the lib_id parameter is not specified, a 400 response is returned. If the specified lib_id is not currently on the playlist, a 404 response is returned with the X-Udj-Missing-Resource header set to song. Note that if an admin calls this method but is not active, an Http 401 response will be returned with the WWW-Authenticate header set to begin-participating

[DELETE] /players/player_id/current_song

Informs the server the the currently playing song has finished playing. This method can only be run by the owner of the player or a player admin (otherwise an Http 403 response is returned). If no song is currently playing, a 404 response is returned with the X-Udj-Missing-Resource header set to song. Note that if an admin calls this method but is not active, an Http 401 response will be returned with the WWW-Authenticate header set to begin-participating

Active Playlist Methods

[GET] /players/player_id/active_playlist

Returns a JSON Object containing the song that is currently playing and all songs queued in the active playlist. The current song is in the from of a Played Active Playlist Entry JSON Object. The songs queued in the active playlist are in the form of a JSON Array of Active Playlist Entry JSON objects. The entire playlist is returned in the current expected order of play. The user_priority for each Active Playlist Entry is the priority of that song for the user making the call to this method.

Also appended on the response is the current volume of the player (from 0 to 10) and it's current state (either playing or paused).

Example JSON response:

{
  "state" : state of the player (will either be playing or paused),
  "volume" : the current volume of the player (will be a value between 0 and 10),
  "current_song" : Played Active Playlist Entry JSON object,
  "active_playlist" : JSON array of Active Playlist Entries
}

If there is no current song being played, the current_song JSON object will be empty (i.e. {}). If there are no songs queued on the active playlist then the JSON array will have not entries.

[PUT] /players/player_id/active_playlist/songs/library_id/id

Adds the song specified by id belonging to the library specified by library_id to the active playlist on the player specified by player_id. If successful this method returns a 201 response. If the given song is already on the playlist, the server will vote the song up on the users behalf. If the song is already playing, the request is just ignored and a 200 response is returned. If the player does not have a song corresponding to the given idavailable a 404 response is returned with theX-Udj-Missing-Resourceheader set tosong. If the player does not have a library with given library_ida 404 response is returned with theX-Udj-Missing-Resourceheader set tolibrary`.

[DELETE] /players/player_id/active_playlist/songs/library_id/id

Deletes the library entry with the id specified by the id parameter which is in the library specified by the library parameter from the active playlist of the player specified by the player_id parameter. May only be called by the player owner or player admin (otherwise an Http 403 response is returned). If the song specified by the id and library_id is not on the playlist, a 404 is returned with the X-Udj-Missing-Resource header set to the value song.

[POST] /players/player_id/active_playlist

Modifies the active playlist associated with the player specified by player_id. The post must include two parameters, to_add and to_remove. to_add should be a JSON array of Simple Library Entry JSON objects that should be added to the active playlist. to_remove should be an JSON Array of Simple Library Entry JSON objects which correspond to library entries which should be removed from the playlist. At least one parameters must be specified (otherwise an Http 400 response is returned). If successful this method returns a 200 response. If any of the to_add entries are already on the playlist, they will be upvoted. If any of the to_add entries happen to be the currently playing song, they will be ignored.

If any of the library entry ids to be removed or added can not be found, a 404 response is returned with the X-Udj-Missing-Resource header set to song along with a JSON array of all the Simple Library Entry JSON objects that couldn't be found. If the JSON given is malformed, a 400 response is returned. If the to_remove parameter is not an empty JSON Array and the calling user is not the player owner or a player admin, this method will return an Http 403 response. In any of these error cases, no changes to the active playlist are made.

[PUT] /players/player_id/active_playlist/songs/library_id/id/upvote

Votes up the song specified by id parameter in the library specified by the library_id parameter on the active playlist for the player specified by the player_id parameter. Users may only up vote once per song. Additional up vote requests are treated as duplicates and ignored. If a song that has been up voted is then down voted, the initial up vote is removed. If the song specified by id and library_id is not on the playlist a 404 is returned with the X-Udj-Missing-Resource header set to the value song.

[PUT] /players/player_id/active_playlist/songs/library_id/id/downvote

Votes down the song specified by id parameter in the library specified by the library_id parameter on the active playlist for the player specified by the player_id parameter. Users may only down vote once per song. Additional down vote requests are treated as duplicates and ignored. If a song that has been down voted is then up voted, the initial down vote is removed. If the song specified by id and library_id is not on the playlist a 404 is returned with the X-Udj-Missing-Resource header set to the value song.

[POST] /players/player_id/active_playlist/songs/library_id/id/priority

Updates the priority of the song to the value specified by the priority post parameter. Higher priorities indicate that the user wants to hear the song sooner. Lower priorities indicate the opposite. Priorities are relative to one another and used only for ordinal pruposes. They must be a number between 0 and 65,535.

Favorite Methods

[PUT] /favorites/players/player_id/library_id/id

Adds the song specified by id in the library specified by library_id on the player specified by player_id to a user's list of favorite songs. If the player specified by player_id does not exist an Http 404 Response is returned with the X-Udj-Missing-Resource header set to player. If the library specified by library_id does not exists for the specified player then an Http 404 response is returned with the X-Udj-Missing-Resource header set to library If the song specified by id does not exist in the given library an Http 404 Response is returned with the X-Udj-Missing-Resource header set to song.

[DELETE] /favorites/players/player_id/library_id/id

Removes the song specified by id in the library specified by library_id on the player specified by player_id from a user's list of favorite songs. If the player specified by player_id does not exist an Http 404 Response is returned with the X-Udj-Missing-Resource header set to player. If the library specified by library_id does not exists for the specified player then an Http 404 response is returned with the X-Udj-Missing-Resource header set to library If the song specified by id does not exist in the given library an Http 404 Response is returned with the X-Udj-Missing-Resource header set to song.

[GET] /favorites/players/player_id

Retrieves a JSON Array of Library Entry JSON objects representing songs the user has indicated are their favorites on the player specified by player_id. If the user has no songs indicated as favorites for the player specified by player_id, an empty JSON Array is returned.

Ban Music Methods

These methods may only be called by the owner of a player or one of the player's admins (other wise and http 403 response is returned).

[PUT] /players/player_id/ban_music/library_id/id

Bans the song specified by id in the library specified by library_id on the player specified by player_id from being played. If no song with that id is found a 404 response is returned with the X-Udj-Missing-Resource header set to song. If no library with the id specified by library_id for the player is found an Http 404 response is returned with the X-Udj-Missing-Resource header set to library.

[DELETE] /players/player_id/ban_music/library_id/id

Removes the ban on the song specified by id in the library specified by library_id on the player specified by player_id from being played. If no song with that id is found a 404 response is returned with the X-Udj-Missing-Resource header set to song. If no library with the id specified by library_id for the player is found an Http 404 response is returned with the X-Udj-Missing-Resource header set to library.

[POST] /players/player_id/ban_music

Takes two POST parameters: to_ban and to_unban. Both should be a JSON Array of Simple Library Entry JSON objects that should be banned and unbanded respectively. At least one parameter must be specified (if they are not an Http 400 response is returned). If any of the songs specified in to_ban or to_unban do not exists this method will fail, no changes will be made, and a 404 response with a JSON array of the unknown Simple Library Entry JSON objects will be returned with the X-Udj-Missing-Resource header set to song. If any of the songs specified in to_ban or to_unban have libraries that do not exist for the player this method will fail, no changes will be made, and a 404 response with a JSON array of the unknown Simple Library Entry JSON objects will be returned with the X-Udj-Missing-Resource header set to library.

Song Set Modification Methods

All of the methods in this section may only be called by the owner of the specified song set, the owner of the player, or one of the player's admins (otherwise an Http 403 response is returned). If the player has disabled the ability for ordinary users to create/modify songsets then calling any of the methods below will result in an Http 403 response. In any of the methods below if the specified player does not exists an Http 404 response is returned with the X-Udj-Missing-Resource set to player.

[PUT] /players/player_id/song_set

Creeats a new song set for the player specified by player_id. This method should be given the following JSON:

{
  "name" : name of song set,
  "description" : a short description of the song set
  "date_created" : a timestamp indicating when the song set was created
}

If succesfull this method returns an Http 201. If the content-type header is not set to text/json this method will return an Http 415 Response. If the player already has a song set with given name and different descriptions and/or date_created an Http 409 response will be returned. If any of the name, description, or date_created parameters are missing or the JSON is improperly formatted an Http 400 response will be returned. In order for non-admin/non-owner users to call this method the following conditions must be true:

1. The Player is currently Active
2. The User is currently participating with the player

If neither one or both of these conditions are not true an Http 403 response is returned. Note that as described above the player must also be currently allowing non-admin/non-owner users to create/modify song sets (otherwise an Http 403 response is returned).

[DELETE] /players/player_id/song_set/song_set_name

Delets the song set specified by song_set_name for the player specified by player_id. If a song set with the specified name does not exist an Http 404 response is returned with the X-Udj-Missing-Resource header set to song-set.

[PUT] /players/player_id/song_set/song_set_name/library_id/id

Adds the song specified by id in the library specified by library_id to the song set specified by song_set_name on the player specified by player_id. If a song set with the specified name does not exist an Http 404 response is returned with the X-Udj-Missing-Resource header set to song_set. If the specified song does not exists an Http 404 response is returned with the X-Udj-Missing-Resource header set to song. If the specified library does not exist for the player an Http 404 response is returned with the X-Udj-Missing-Resource header set to library.

[DELETE] /players/player_id/song_set/song_set_name/library_id/id

Deletes the song specified by id in the library specified by library_id from the song set specified by song_set_name on the player specified by player_id. If a song set with the specified name does not exist an Http 404 response is returned with the X-Udj-Missing-Resource header set to song_set. If the specified song does not exists an Http 404 response is returned with the X-Udj-Missing-Resource header set to song. If the specified library does not exist for the player an Http 404 response is returned with the X-Udj-Missing-Resource header set to library

[POST] /players/player_id/song_set/song_set_name

Modifies the songs set specified by song_set_name for the player specified by player_id. This method requires two parameters, to_add and to_remove. Both parameters should be JSON Arrays of Simple Library Entry JSON objects to be added and removed respectively. At least one parameter must be specified (otherwise an Http 400 response is returned). If any of the specified songs do not exists an Http 404 response is returned with the X-Udj-Missing-Resource header set to song. If any of the specified libraries do not exist for the player an Http 404 response is returned with the X-Udj-Missing-Resource header set to library.

[POST] /players/player_id/song_set/song_set_name/description

Set the description of the song set specified by song_set_name for the player specified by player_id to the value specified by the description POST parameter. If a song set with the specified name does not exist an Http 404 response is returned with the X-Udj-Missing-Resource header set to song-set.

Library Modification Methods

Libraries have two permissions, read and write. Read persmissions allow the calling user to query the library and associate it with a player. Write permissions allow the calling user to modify the contents of the library and modify it's permissions. These permissions may take on one of the following levels:

• None: permission is restricted completly.
• Owner: permission is restricted to only the owner of the library.
• Admin: permission is restricted to only the owner and admins of the library.
• User: permission is restricted to only the owner, admin, and any associated users. (there are two seperate lists of associated users; one for users who can read, and one for users who can write).
• Public: permission is not restricted at all.

[GET] /owned_libraries

Returns a JSON Array of Library JSON objects reprsenting all of the libraries owned by the calling user.

[GET] /available_libraries

Returns a JSON Array of Library JSON objects reprsenting all of the libraries to which the calling user has at least read access.

[GET] /players/player_id/enabled_libraries

Returns a JSON Array of Library JSON objects reprsenting all of the enabled libraries associated with the given player.

[PUT] /owned_library

Creates a new library owned by the calling user. The put should contain:

{
  "name": name of library,
  "descirption" : description of library,
  "public_key" : The 2048 bit RSA public key for the library
}

The created library object is returned. The library is enabled by default.

[DELETE] /libraries/library_id

Deletes the library specified by library_id for the player specified by player_id (consequently this disables it on any players it is currently enabled on). The calling user must have write access on the library otherwise an Http 403 response will be returned.

[POST] /libraries/library_id/public_key

Takes the value of the public_key POST parameter and sets the libraries public key to the given value. The calling user must have write access on the library otherwise an Http 403 response will be returned.

[GET] /libraries/library_id/admins

Retreives JSON array of users associated with the library specified by library_id are admins of the library. The calling user must have write access on the library otherwise an Http 403 response is returned.

[PUT] /libraries/library_id/admins/user_id

Adds the user specified by user_id to the list of admins for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[DELETE] /libraries/library_id/admins/user_id

Removes the user specified by user_id from the list admins for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[POST] /libraries/library_id/admins

Takes two parameters to_add and to_remove. They should each be JSON Arrays of user ids to be added and removed from the list of admins for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[POST] /libraries/library_id/permissions

Sets the permissions for read and write the the levels specified by the read and write parameter values. The calling user must have write access on the library otherwise an Http 403 response is returned.

[PUT] /libraries/library_id/songs

In order to call this method the calling user must have write permission on library otherwise an Http 403 respons is returned.

Takes a JSON Array of JSON Library Entry objects and adds them to the library specified by library_id on the player specified by player_id. If called successfully a 201 response will be returned.

Note the content-type header must be set to text/json, otherwise a 415 response will be returned. If the JSON is malformed a 400 response will be returned. IDs should be unique among all songs for a given player (not including songs that have been deleted). If a request is sent containing a song id the server already knows about with different song information, a 409 response is returned along with the a JSON array containing the conflicting ids.

Example JSON sent by client:

[
  {
    "id" : "50"
    "title" : "Graduate",
    "artist" : "Third Eye Blind",
    "album" : "Third Eye Blind",
    "genre" : "Rock",
    "track" : 5,
    "duration" : 189
  }
]

[DELETE] /players/player_id/libraries/library_id/songs/lib_id

In order to call this method the calling user must have write permission on library otherwise an Http 403 respons is returned.

Deletes the library entry specified by lib_id from the library specified by library_id on the player specified by player_id for the user specified by user_id. If no song with that lib_id is found a 404 response is returned with the X-Udj-Missing-Resource header set to song. If the song to be deleted is currently queued in the active playlist for the given player, it will be removed from the playlist. If this player is se

[POST] /players/player_id/libraries/library_id

In order to call this method the calling user must have write permission on library otherwise an Http 403 respons is returned.

Modifies the library specified by library_id and associated with the player specified by player_id. The post must include two parameters, to_add and to_delete. to_add should be a JSON array of LibraryEntry JSON objects that should be added to the library. to_delete should be an JSON array of library ids which correspond to library entries which should be deleted. At least one parameter must be specified (otherwise an Http 400 resposne is returned). If successful this method returns a 200 response. If any of the songs to be deleted are currently queued in the active playlist for the given player, they will be removed from the playlist.

If any one of the LibraryEntry JSON objects has an id already in use for that player but with different song data, a 409 response is returned. The body of the 409 response contains a JSON array of ids that were given to the server, but the server already has library entries for. If any one of the library entry ids to be deleted can not be found, a 404 response is returned with the X-Udj-Missing-Resource header set to song. If the JSON given is malformed, a 400 response is returned. In any of these error cases for this method, no modification the library's contents is made on the server.

Read/Write User lists

Note these lists are only relevant when the read and/or write permission levels are set to users.

[GET] /libraries/library_id/read_users

Retreives JSON array of users associated with the library specified by library_id who can read from the library. The calling user must have read access on the library otherwise an Http 403 response is returned.

[PUT] /libraries/library_id/read_users/user_id

Adds the user specified by user_id to the list of users with read permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[DELETE] /libraries/library_id/read_users/user_id

Removes the user specified by user_id from the list of users with read permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[POST] /libraries/library_id/read_users

Takes two parameters to_add and to_remove. They should each be JSON Arrays of user ids to be added and removed from the list of users with read permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[GET] /libraries/library_id/write_users

Retreives JSON array of users associated with the library specified by library_id who can write from the library. The calling user must have write access on the library otherwise an Http 403 response is returned.

[PUT] /libraries/library_id/write_users/user_id

Adds the user specified by user_id to the list of users with write permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[DELETE] /libraries/library_id/write_users/user_id

Removes the user specified by user_id from the list of users with write permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

[POST] /libraries/library_id/write_users

Takes two parameters to_add and to_remove. They should each be JSON Arrays of user ids to be added and removed from the list of users with write permission for the library specified by library_id. The calling user must have write access on the library otherwise an Http 403 response is returned.

Library Access Tokens

Access tokens can be used for libraries to validate that communication coming from any unknown source is indeed allowed communication. If a client wishes to interact with a library, they can obtain a read or write access token. Then any communication they do with the library can be validated by the library by examining the access token provided by the client. The library does this by querying the server as to whether or not the provided access token is valid.

[GET] /libraries/library_id/read_access_token

Provides the calling user with a read access token for the library if they have permission to read from the specified library. An Http 403 is returned otherwise.

[GET] /libraries/library_id/write_access_token

Provides the calling user with a write access token for the library if they have permission to write to the specified library. An Http 403 is returned otherwise.

[GET] /libraries/library_id/read_access_token/validity

Returns a JSON true value if the read access token is valid for the given library. May only be called by owners and admin.

[GET] /libraries/library_id/write_access_token/validity

Returns a JSON true value if the read access token is valid for the given library. May only be called by owners and admin.

Events

[PUT] /events

Creates a new event from the given JSON and returns an Event JSON object representing the created event.

Example input:

{
  "name" : name of event,
  "player_id" : id of player which will be used for the event,
  "start_time" : time the event starts,
  "end_time" : time the event ends
  "hosts" : JSON array of user id's representing the hosts of the event.
}

Caller must have create even permission for player. Hosts must all have host even permissions. Returns an event id.

[POST] /events/event_id/start_time

Change the event specified by event_id to have the start time specified by the start_time POST parameter.

[POST] /events/event_id/end_time

Change the event specified by event_id to have the end time specified by the end_time POST parameter.

[POST] /events/event_id/hosts

Should contain a single post parameter hosts which is JSON array of hosts for the event. Caller must have modify event permissions and hosts must all have event host permissions.

Special Web Socket Calls

WebSockets allow for easy, bi-directional communication between clients and servers. UDJ uses WebSockets to push notifications about resource changes as they happen on the server.

[GET] /players/player_id/active_playlist/updates

This call opens up a WebSocket which will receive the active playlist for specified player every time the playlist is updated. An EOF will be sent by the server if the player goes inactive.

[GET] /players/player_id/users/updates

This call opens up a WebSocket which will receive the list of users for a specified player every time the list is updated. An EOF will be sent by the server if the player goes inactive.

[json][/07API/JSON-DataStrctures.md]