API Gateway features

The XProtect VMS offers a number of APIs to support integrations. The full functionality is currently available through a plug-in environment, through native .NET libraries, and through various SOAP and native protocols. These APIs are used internally by XProtect VMS, and a large number of integrations have been developed using these APIs. But they are not practical for integrations in a cloud environment:

  • The SOAP-based protocols relies on Windows Communication Framework (WCF) which is part of .NET Framework, making it difficult to implement non-Windows integrations.

  • Media data streaming uses a proprietary protocol.

  • To use the protocols, your integration must keep track of a number of service endpoints.

The API Gateway simplifies this by providing a single entry point for all services. The API Gateway acts as broker, routing requests and responses between external clients and the various downstream XProtect VMS services.

The APIs are implemented in part by each specific VMS server component, and the API Gateway can simply pass-through these requests and responses, while for other requests, the API Gateway will convert requests and responses as appropriate.

Authentication and authorization

The API Gateway relies on an OpenID Connect and OAuth 2.0 Identity Provider (IDP) for authentication and authorization.

To use the API Gateway, a client first authenticates and requests an access token from the Identity Provider. The client receives a bearer token that grants privileges to access services and to perform operations, as determined by the user's roles.

The client now uses the bearer token in the authorization header in subsequent requests. The client renews the bearer token before it expires by posting a new access token request with the same credentials.

User credentials, bearer tokens, and other sensitive data are transmitted in cleartext if you do not set up certificates and use HTTPS.

RESTful APIs

Currently, the following RESTful APIs are available through the API Gateway:

  • Configuration API

  • Alarms API

  • Events API

  • Bookmarks API and Evidence Locks API

WebSocket APIs

Currently, the following WebSocket APIs are available through the API Gateway:

  • Event and State API

  • Messages API

WebRTC

WebRTC is a peer-to-peer real-time communication framework, for example for video media data, based on open protocols (RTP, RTCP, and SCTP). WebRTC is attractive for cloud-based services because:

  • most modern web browsers support WebRTC, eliminating the need for installing plug-ins,

  • in many cases, media traffic can be routed directly between the peers, reducing the need for intermediary servers.

The API Gateway supports:

  • A WebRTC signaling server that offers a simple RESTful API for establishing WebRTC connections.

  • Playback and live streaming H.264 encoded video from a camera installed on a recording server through the WebRTC connection.