Connecting to the QRS API

Any technology that can consume REST web services can connect to the Qlik Sense Repository Service (QRS) API. Each request must:

  • be authenticated
  • include the Xrfkey parameter and header to prevent cross-site scripting attacks

QRS API URLs

Connections to the Qlik Sense Repository Service (QRS) API paths are made using HTTPS by default. The exact path used depends on the method used to communicate and authenticate with the API. There are two ports for accessing the QRS API endpoints: port 443 of the proxy and port 4242 of the QRS. Apart from the Personal API, the proxy does not present any API on port 443; it simply routes calls to the Repository service. If you access QRS endpoints via the proxy at port 443, you must always specify the virtual proxy prefix in the path. Virtual proxies only exist on the outside of the proxy, that is port 443 facing the browsers. The prefix of the default virtual proxy is an empty string. Port 4242 is used to access the QRS API endpoints from behind the proxy in the trusted zone (this call requires client and server cert authentication).

Let's take a look at how a request is sent to a QRS API endpoint through the proxy. When a call such as https://hostname/virtualproxy/qrs/about is made, the connection is set up from the browser to the proxy port 443 (Port 443 is the default port; it is not necessary to specify this port in the path if it has not changed). Using mutual TLS, the proxy sets up a back end connection to the QRS port 4242. The messages that arrive on port 443 from the browser are transferred to the QRS through port 4242 (The proxy simply forwards the incoming traffic from the browser to the internal connection that has been set up to the QRS through port 4242).

If you access QRS endpoints via the proxy at port 443, you must always specify the virtual proxy prefix in the path. Port 4242 is used to access the QRS API endpoints from behind the proxy in the trusted zone.

When communicating with the QRS API from behind the proxy in the trusted zone, the URL is as follows:

https://<QRS machine name>:4242/<path>

When communicating with the QRS API from outside the proxy (calling port 443 from the browser), the URL is as follows:

https://<proxy machine name>/<path>

In both cases, <path> is a path as described in the following sections:

Ports overview

Did this information help you?

Can you tell us why it did not help you and how we can improve it?