Professional Documents
Culture Documents
Revision 1.2
Revision history
This document outlines the usage and integration of the WatchDox document
protection API. This API is intended for partners wishing to integrate WatchDox
solutions in their sites or applications.
Using the WDP API, WatchDox partners may incorporate document tracking and
protection in applications, allowing partners to programmatically protect
documents, assign permissions to documents and users, and access the audit-trail
collected for documents .
In order to use the WatchDox API, prospective partners should contact WatchDox in
order to enroll into the WatchDox API partnership program. After Enrollment,
partner will receive a private identification token (enrollment token) used to
authenticate with the WatchDox servers. For more details, please contact
partners@confidela.com.
This document is organized as follows. The main facilities implemented in the API
are listed in section “Facilities”. In section “Use-Cases” we describe sample uses of
the API in order to perform common tasks such as document protection, permission
editing and user management. Last, API is detailed in the section “Detailed Function
Listing”.
Facilities
The WatchDox API is divided into several facilities. Each Facility is a collection of
related operations.
• Login
•
• Document Management
• Partner Setup
This section may need to go to the end. It’s also not necessary in every case – for
example Symantec integrating into a DLP system. Our system should rely on the
DLP system to provide the document owner’s email+document+permissions. There
is no need to authenticate anything. We trust the integration into the DLP or into
any other partner system. So to sum up – this section is not required in many cases.
In order to use the WatchDox API, partners may want to associate an email address
with a password. This email and password pair is then used to authenticate with the
WatchDox service. A WatchDox partner may register an email address associated
with their domain by calling the Register User function. This function receives the
authentication token, the requested email and the requested password. Upon
completion, the new email and password can use the Login facility in order to
authenticate with the system.
The Register User API can only be used to register email addresses within a
partner’s domain. Partners wishing to register an email address outside their
domain must undergo an authentication process. Such a process is required, for
instance, if a partner wishes to integrate WatchDox onto a mail program running on
an unsupported mobile device.
Usage Example:
Login
The Login API is the mechanism used by partner application to identify a registered
user to the WatchDox system. It is performed by issuing a call to the “Login”
function with the username and password for a user (See User Management about
creating users to use with the WatchDox API). The “Login” function returns a
session identifier which is used in subsequent calls to other API functions.
In order to signal that a given session is ended and no more operations will follow,
the partner’s program should call the “Logout” function.
Usage Example:
Isn’t the first step to provide the document’s owner’s email? (only if it’s in the
scenario that a user is identified and the call is done from his/her machine this will
not be required) – think a DLP system… they find a document, identify the owner
and then want to upload it with some pre-defined policy they have.
This API is used to protect documents with the WatchDox service. Using the “Upload
Document” function, a partner’s application may upload a document to the
WatchDox service in order to perform the protection operation. Once uploaded, the
document is converted into the WatchDox proprietary secure format as well as
encrypted in its original format (to allow a download option). The upload process
returns a file identifier that can later be used to access this file, download its
protected version, track it and modify permissions.
Last, a partner may wish to notify the authorized recipients that a document
became available by using the “Send Notification Email” API. This function will send
an email to a list of recipients (if permitted to the document) including a link to view
the document online (or download its protected version). The notification email
contains several customizable components. The body of the message is set for each
email and is taken as a parameter of the “Send Notification Email” function. In
addition, each email contains a logo, a textual header and textual footer. In order to
customize the logo, header and footer see the “Partner Setup” facility.
Usage Example:
3. The partner’s application calls “Get Document Info” with <SID>, <File ID>
and retrieves the URL where the document can be viewed at
“www.watchdox.com/document/document_url
4. The application sends out an email with the link to the document to a certain
user (optional).
In order to obtain the list of permissions effective for a document, a partner may
use the “Get Permission” function.
Usage Example:
Document Management
The document management facility is used to obtain information on documents that
the user either owns or is permitted to view.
• List Folders - This operation lists the set of folders in a given folder (If no
source folder is given, the root folder is used)
Usage Example:
Partner Setup
1. I don’t think I want an API here. This we would do for the partner or automate
via a portal. I don’t want to become a dynamic list server service. If they want
to customize each email they should send their own.
2. If this section stays here, I’d add info about CSS and subdomain support (not
required right now).
The Partner Setup facility is used to modify various parameters that affect the
configuration of the send process. The partner setup facility is used to customize
the logo and textual content of the emails sent by the system. The Partner Setup
facility requires that WatchDox API support enables the customization features. The
partner setup facility exposes the following operations.
• Set Notification Email– This operation is used to to set the logo (fixed-size
XXX 200x400 image), the header and the footer of notification emails sent
by the “Send Notification Email” function.
This function is called with the enrollment token, the logo image, and the
header and footer texts.
• Test Notification Email – This functions is used to test the logo, header and
footer before applying them with the “Set Notification Email” function. This
function gets the same parameters as the “Set Notification Email” and an
additional email, and sends a test email to the supplied address.
Adi: What a “secure viewer” API that is called and then streamed into an iFrame?
Can you write something about that? – not a priority. If we can just write one
paragraph about it fine, but it’s not a priority.
Use-Cases
Document Protection:
1. Invoke the login API with the user and password. Obtain a session identifier (SID)
2. Invoke the protection API. Supply the SID, File Name & Content and list of
recipients. This operations returns an identifier for the protected file
3. Invoke the protection API with the SID and file identifier. This operation returns
the URL accessible for the list of recipients supplied in step 2.
[12:22:15 PM] Yonatan Amit: * Use-Cases and example: Full cycle integration: Sending a
document for a pre-registered owner.
[12:22:31 PM] Yonatan Amit: * Use-Case 2: Chaging permissions for an existing documents I
own
[12:22:49 PM] Yonatan Amit: * Use-Case 3: Getting the Audit-Trail for a document I own
[12:23:14 PM] Yonatan Amit: * Use-Case 4: Adding a new owner to my organization so I can
send documents that he owns
[12:28:00 PM] Yonatan Amit: replace the word "use-cases" above, let's add "Integrating with a
DLP system",[M.R.>] “integrating with my content generating or content management
application (e.g. engineering assets)”* and "Publishing a document on the web to allowed
users"
[12:29:40 PM] Yonatan Amit: ?VDR?[M.R.>] - the APIs should allow to build a desktop
application to upload documents to a VDR.
[12:36:04 PM] Yonatan Amit: Use-Case for Blackberry: Enroll an email address by using email
authentication mechanism
[12:37:07 PM] Yonatan Amit: Use-Case 1.5: Getting my list of documents and tracked
documents.