I have figured out how to use the REST API to return data in a json format, but I cannot seem to figure out how to get an actual URL to use in an AJAX call in a javascript file to pull in as an object to be manipulated. I downloaded the firefox REST plugin and have used it to access the data I need but I don't know how to include the header authentications with the URI I'm requesting.
Are you doing this in Node? It's not secure to make REST API calls directly from the user's browser since you're giving up a private credential. It's my understanding that the Tessitura APIs are not designed to be public APIs. (Theoretically you could provision a "public" account with limited security, but I don't think that's recommended.)
If you look up the API for whatever tool you're using to make the HTTP request you should find how to add headers to the request before you send it.
I guess that would be were I'm a bit in over my head. I only have experience using public APIs or ones that can grant you a key that you just include in your URL, in an AJAX call.
I'm not sure what Node is, but as of right now I have successfully made the request through the firefox RESTClient plugin and the Tessitura REST services site. I see the data that I wish to access but I guess I dont know how I could go about accessing that data directly. Is that not possible with a private API?
From a security perspective, this isn't any different: the basic authentication header is your key, and you still don't want to give that key up to the user's browser.
Consider it this way. If you are writing some javascript that is deployed on your website so that it runs in the user's browser, and that JavaScript is making calls to an API using a key that has been granted to you in order to identify requests using that key as coming from you, a specific developer, then anyone who loads your webpage now has that key, and they can spam the API with it, pretending to be you.
The Tessitura REST services are designed to be a developer API (that's probably a less confusing way of putting it) — it's not designed to serve requests directly from your users' browsers. If you'd like to do AJAX stuff on your website, that should be between the user's browser and your web server. If you need Tessitura REST data, you'd be making those calls from your web application server (with your secret key stored securely in your web application server environment). I know a few people have customized CMSs like WordPress or Drupal to do this, and lots of people have websites built with ASP .NET, so those are the server-side platforms being used to make the REST service calls. (Node is a way to run a web server on JavaScript.)
Ok, this is starting to make a bit more sense to me. We use TNEW, and I dont know much about how our main webpage is hosted, so I may have to look into other options, but I do have a better feel for what the API does.
Thanks for the help.