API

Purpose

The purpose of the CoCalc API (application programming interface) is to make essential operations within the CoCalc platform available to automated clients. This allows embedding of CoCalc services within other products and customizing the external look and feel of the application.

Protocol and Data Format

Each API command is invoked using an HTTPS POST request. All commands support request parameters in JSON format, with request header Content-Type: application/json. Many commands (those that do not require lists or objects as parameters) also accept request parameters as key-value pairs, i.e. Content-Type: application/x-www-form-urlencoded.

Responses are formatted as JSON strings. Note that it is possible for a request to fail and return a response code of 200. In that case, the response string may contain helpful information on the nature of the failure. In other cases, if the request cannnot be completed, a response code other than 200 may be returned, and the response body may be a generic HTML message rather than a JSON string.

Authentication

A valid API key is required on all API requests.

To obtain a key manually, log into CoCalc and click on Settings (gear icon next to user name at upper right), and look under Account Settings. With the API key dialogue, you can create a key, view a previously assigned key, generate a replacement key, and delete your key entirely.

It is also possible to obtain an API key using a javascript-enabled automated web client. This option is useful for applications that embed CoCalc in a custom environment, for example juno.sh, the iOS application for Jupyter notebooks. Visiting the link https://cocalc.com/app?get_api_key=myapp, where “myapp” is an identifier for your application, returns a modified sign-in page with the banner “CoCalc API Key Access for Myapp”. The web client must sign in with credentials for the account in question. Response headers from a successful sign-in will include a url of the form https://authenticated/?api_key=sk_abcdefQWERTY090900000000. The client should intercept this response and capture the string after the equals sign as the API key.

Your API key carries access privileges, just like your login and password. Keep it secret. Do not share your API key with others or post it in publicly accessible forums.

Additional References

API Message Reference

The remainder of this guide explains the individual API endpoints. Each API request definition begins with the path of the URL used to invoke the request, for example /api/v1/change_email_address. The path name ends with the name of the request, for example, change_email_address. Following the path is the list of options. After options are one or more sample invocations illustrating format of the request as made with the curl command, and the format of the response.

The following two options appear on all API messages (request parameters are often referred to as ‘options’ in the guide):

  • event: the command to be executed, for example “ping”
  • id: uuid for the API call, returned in response in most cases. If id is not provided in the API message, a random id will be generated and returned in the response.

API Examples & Howto

Embedding in an IFrame

Here are notes on integrating CoCalc in an IFrame in a web application using the CoCalc API. You should be able to create a proof of concept using the API introduction above and these notes.

  1. You need an account with an API key. You can get an API key via the UI or here using the create_account API call.
  2. You can create several accounts. If you are running the CoCalc Docker image, you probably want one account to be an admin and then have additional accounts for each actual user of your platform.
  3. You have to create at least one project. Note: The production website runs each project in their own container. This means you might want to create several projects to get proper isolation.
  4. With the API, you can copy files between projects or write to a file. It’s also possible to run arbitrary commands.
  5. To show a notebook to a user (and just the notebook) you need to do this:
    • get a fresh auth token
    • make an IFrame in your website, which points to a project and file, and ends with ?auth_token=...&fullscreen=kiosk. The parameter fullscreen=kiosk removes the UI. A full example might look like this https://cocalc.com/projects/.../files/calculate.ipynb?auth_token=...&fullscreen=kiosk&session=

IFrame communication

This is a communication channel to improve working with an embedded CoCalc instance. It gives the parent page the ability to send command-messages to CoCalc (e.g. opening a specific page, etc.) and receiving responses.

The underlying technology is window.postMessage.

The parent page must be served using https!

Note

This is beta and only available for specific domains. Please contact us if you want to use this.

To get started, you just have to embed the main /app endpoint in an IFrame’s src like that:

https://cocalc.com/app?auth_token=......&fullscreen=kiosk&session=

Once CoCalc is ready, the loading screen shows a green banner of confirmation.

Sending messages Use postMessage on the contentWindow of CoCalc’s IFrame to send messages. E.g. if your IFrame has the id="cocalc", run cocalc = document.getElementById("cocalc").contentWindow; and then cocalc.postMessage(payload, "https://cocalc.com"). payload is the message, which is explained below.

Receiving message

  1. write a callback function like function replies(mesg) { console.log(mesg.data); }.
  2. Possibly check if mesg.origin is really CoCalc’s domain.
  3. Hook up this callback via window.addEventListener("message", replies, false);.

Messages sent to CoCalc have the following structure. The action field is mandatory.

{
  action: "[command]",
  field1: ...,
  field2: ...
}

Each message has a response, usually containing {status: "ack|done|error", ...}.

In particular, error responses have the structure {status: "error", mesg: "[error message]", ...}.

Available commands and their responses:

  • open – open a specific file in a project.
    • fields:
      • project_id – the UUID of the project
      • path – the location relative to the home directory. e.g. notebook.ipynb or subdir1/file.md.
    • responses:
      1. acknowledgement of command (project will start, file will open): { status: "ack", ... }
      2. file editor is opened and loading of content starts: { status: "done", ... }
  • closeall – this closes all open files
    • response: {status: "done", mesg: "all files are closed"}
  • status – returns a snapshot of CoCalc’s overall status. In particular during starting CoCalc, querying this for a response is useful to know when CoCalc is available and connected to the front-end servers.
    • response:
      • connection – more detailed information about the connection quality, ping time, etc.
      • open_files – mapping of project_id to a list of paths.