Connecting to the QRS API
Any technology that can consume REST web services can connect to the Qlik Sense Repository Service (QRS) API. Each request must:
- be authenticated
- include the Xrfkey parameter and header to prevent cross-site scripting attacks
QRS API URLs
Connections to the Qlik Sense Repository Service (QRS) API paths are made using HTTPS by default. The exact path used depends on the method used to communicate and authenticate with the API. There are two ports for accessing the QRS API endpoints: port 443 of the proxy and port 4242 of the QRS. Apart from the Personal API, the proxy does not present any API on port 443; it simply routes calls to the Repository service. If you access QRS endpoints via the proxy at port 443, you must specify the virtual proxy prefix in the path unless you want to use the default virtual proxy, which has no prefix. Virtual proxies only exist on the outside of the proxy, that is port 443 facing the browsers. Port 4242 is used to access the QRS API endpoints from behind the proxy in the trusted zone (this call requires client and server cert authentication).
Let's take a look at how a request is sent to a QRS API endpoint through the proxy. When a call such as https://hostname/virtualproxy/qrs/about is made, the connection is set up from the browser to the proxy port 443 (Port 443 is the default port; it is not necessary to specify this port in the path if it has not changed). Using mutual TLS, the proxy sets up a back end connection to the QRS port 4242. The messages that arrive on port 443 from the browser are transferred to the QRS through port 4242 (The proxy simply forwards the incoming traffic from the browser to the internal connection that has been set up to the QRS through port 4242).
If you access QRS endpoints via the proxy at port 443, you must specify the virtual proxy prefix in the path unless you want to use the default virtual proxy, which has no prefix. Port 4242 is used to access the QRS API endpoints from behind the proxy in the trusted zone.
When communicating with the QRS API from behind the proxy in the trusted zone, the URL is as follows:
https://<QRS machine name>:4242/<path>
When communicating with the QRS API from outside the proxy (calling port 443 from the browser), the URL is as follows:
https://<proxy machine name>/<path>
In both cases, <path> is a path as described in the following sections: