Univer Server Integration Protocol

Introduction to USIP

USIP: Univer Server Integration Protocol

Glossary

USIP Client: The end that initiates USIP requests, generally is the Univer Server
USIP Server: The end that implements USIP and provides services

USIP refers to the protocol that must be followed when integrating a third-party system with Univer Server, specifically requiring implementation of a series of USIP-defined interfaces.

Based on these protocols, Univer Server can access third-party systems to obtain the results required by clients.

In this way, while ensuring that data remains within the third-party client system, Univer Server can successfully integrate into the yourself system.

Prerequisites

The integrating party needs to maintain the relationship between users and documents on their own. Univer Server acts as the client to obtain user permissions under documents through an interface.
Implementation: Upon successfully creating a document by calling Univer Server, it returns a unitID as document ID. The integrating party needs to store this ID to manage their own document management operations effectively. This API in it.

Required Interfaces

🚨

Important

Only the Credential verify api will forward credential headers information for authenticating external browser web calls; another apis are used for internal business purposes and will not be forwarded.
userID should be of string type.
Be sure USIP server network is work, and can be called by Univer server.
If you have some trouble when verify your usip server, you can add some logs in USIP server, check the Univer server logs and compare your code to this document api define (like response struct is error or response value type is error).

Credential verify: Verify user identity legality (AuthN)

The Univer Server interface verifies user identity by forwarding all request HTTP headers to the USIP server’s credential verify interface for authentication.
If the credential verify interface validates successfully, it needs to return User structured data, including the user’s unique identifier userID, which will be used in subsequent Univer Server operations.

curl -X GET \
  -H "authorization: xx" \
  -H "cookie: xx" \
  -H "YOUR-CUSTOM-HEADER: xx" \
  "http://localhost:8080/credential"
    
# response
{
  "user": {
    "userID": "xxx",
    "name": "xxx",
    "avatar": "xxx",
  }
}

Bulk User Info Retrieval

The Bulk User Info Retrieval interface accepts a userIDs string array parameter where each element represents a user identifier userID.
The interface returns an array of User objects.
The userIDs array max size is 100.
After 0.2.9 version (not include 0.2.9) this api of GET method will be deprecated.

curl -X POST "http://localhost:8080/userinfo" \
  -H 'content-type: application/json' \
  --data-raw '{"userIDs":["1","2"]}'
 
# response
{
  "users": [
    {"userID": "1", "name":"xxx", "avatar":"https://xxxx"},
    {"userID": "2", "name":"xxx", "avatar":"https://xxxx"},
  ]
}

Permission role: Retrieving Specific User Permissions for Specific Documents (AuthZ)

The USIP server is responsible for managing user permissions on documents. Currently, Univer Server has predefined several roles:

Role	Description
owner	Manages the document
editor	Can edit the document
reader	Can view the document

The Permission role interface accepts a unitID parameter identifying the document ID and a userID parameter identifying the user.

curl -X GET "http://localhost:8080/role?unitID=xxx&userID=xxx"
 
# response
{
  "userID": "xxx",
  "role": "owner"
}

Get Collaborator List: Retrieve the list of collaborators for a document

The Get Collaborator List interface should accept a unitIDs string array parameter, allowing retrieval of collaborator lists for multiple documents simultaneously.
The unitIDs array max size is 100.
After 0.2.9 version (not include 0.2.9) this api of GET method will be deprecated.

curl -X POST "http://localhost:8080/collaborators" \
  -H 'content-type: application/json' \
  --data-raw '{"unitIDs":["AA","BB"]}'
 
# response
{
  "collaborators": [
    {
      "unitID":"AA",
      "subjects":[
        {
          "subject": {
            "id": "1",
            "name": "xx",
            "avatar": "xxx",
            "type": "user"
          },
          "role":"owner"
        },
        {
          "subject": {
            "id": "2",
            "name": "xx",
            "avatar": "xxx",
            "type": "user"
          },
          "role":"editor"
        },
      ]
    },
  ]
}

Univer Server Service Configuration

To enable USIP functionality, configure the above interface addresses in the .env file located in the docker-compose directory, and then restart the service.

# usip about
USIP_ENBALED=true
USIP_URI_CREDENTIAL=http://192.168.1.100:8080/credential
USIP_URI_USERINFO=http://192.168.1.100:8080/userinfo
USIP_URI_ROLE=http://192.168.1.100:8080/role
USIP_URI_COLLABORATORS=http://192.168.1.100:8080/collaborators

Troubleshooting

If you want to make unit can be edit/read to everyone in default, you can set this in .env:

AUTH_PERMISSION_ENABLED=true
AUTH_PERMISSION_DEFAULT_SHARE_SCOPE=public
AUTH_PERMISSION_DEFAULT_SHARE_ROLE=editor

AUTH_PERMISSION_DEFAULT_SHARE_ROLE: support setting is editor, reader.

AUTH_PERMISSION_ENABLE_OBJ_INHERIT control if file owner can have all permission, true or false.

Demo

You can try our usip demo in docker compose version: set USIP_ENBALED=true in .env, then run bash run.sh && bash run.sh start-demo-usip, if success you can open http://localhost:8080 to try.

View the usip-example for reference.

Deploy to Kubernetes Import And Export