Cytomic Orion API Specification

All calls to the Cytomic Orion API must include the access token you got by following the steps in Authentication, Authorization, and Access Token Generation through the Authorization: Bearer {token} header.

This section describes the various calls to the Cytomic Orion API, their syntax, the meaning of the parameters used and their format, as well as the results returned.

Cytomic Orion uses a REST interface to exchange information between the platform and third-party applications: The protocol for transferring messages between both terminals is HTTPS, whereas the format used to encapsulate complex data types is JSON.

General Structure of a Call

In each call to the Cytomic Orion API, the third-party application must specify some or all of these parameters:

  • HTTPS method: The HTTP command used in the request:

    • GET: The call requests information. The required parameters are passed only in the URL.

    • POST: The call requests information. The required parameters are passed in the HTTP message body and optionally in the URL.

  • URL: Resource path. The path includes parameters specified in square brackets in the specification. Optional parameters are specified with the “query string” format.

  • Body: The area of the HTTP message where the data is included. The body comes after the headers. It contains complex type parameters in POST calls.

  • HTTP return code: Specifies whether the call was successful or failed. For a list of the codes returned by each call to the Cytomic Orion API, see Return Codes.

Data Types

Most parameters are integers or character strings. You can pass these parameters to a call either in the URL path or in querystring format. In the response, they appear in the message body.

All date-type parameters require the UNIX Timestamp format in milliseconds. If an analyst enters a date in seconds, Cytomic Orion converts it automatically to milliseconds.

Both in calls and responses, lists of one to "n" JSON objects are used for the most complex data types in the body of the HTTP message.

Return Codes

Return codes are common to all calls and are specified in the status header of the HTTP message, in the status: code format:

Code Description

200

Operation completed successfully.

400

Missing or malformed parameter.

401

Authentication failed.

403

Authorization failed.

Return codes