Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@kintone/rest-api-client
Advanced tools
API client for Kintone REST API. It supports both browser environment (Kintone customization & plugin) and Node.js environment.
KintoneRestAPIClient
npm
This library is distributed on npm
.
npm install @kintone/rest-api-client
You can then use require
or import
to import the library.
// CommonJS
const { KintoneRestAPIClient } = require("@kintone/rest-api-client");
// ES modules
import { KintoneRestAPIClient } from "@kintone/rest-api-client";
This library also provides two Universal Module Definition (UMD) files:
After loading this, you can use KintoneRestAPIClient
directly.
In Kintone customization, please add this URL in "JavaScript and CSS Customization" setting of your app.
NOTE: The UMD links are using the latest
tag to point to the latest version of the library. This pointer is unstable, it shifts as we release new versions. You should consider pointing to a specific version, such as 1.0.0
.
IE | Edge | Firefox | Chrome | Safari |
---|---|---|---|---|
IE11 | Latest version | Latest version | Latest version | Latest version |
Here is a sample code that retrieves records of an app.
const client = new KintoneRestAPIClient({
baseUrl: "https://example.cybozu.com",
// Use password authentication
auth: {
username: process.env.KINTONE_USERNAME,
password: process.env.KINTONE_PASSWORD,
},
// Use API token authentication
// auth: { apiToken: process.env.KINTONE_API_TOKEN }
// Use OAuth token authentication
// auth: { oAuthToken: process.env.KINTONE_OAUTH_TOKEN }
// Use session authentication if `auth` is omitted (in browser only)
});
client.record
.getRecords({ app: "1" })
.then((resp) => {
console.log(resp.records);
})
.catch((err) => {
console.log(err);
});
Name | Type | Description |
---|---|---|
version | String | Provides the used version of KintoneRestAPIClient. |
KintoneRestAPIClient
Name | Type | Required | Description |
---|---|---|---|
baseUrl | String | Conditionally Required | The base URL for your Kintone environment. It must start with https . (e.g. https://example.kintone.com) Required in Node.js environment. If you omit it in browser environment, location.origin will be used. |
auth | Object | Conditionally Required | The object for authentication. See Authentication. |
guestSpaceId | Number or String | The guest space ID. If you are dealing with apps that are in guest spaces, please specify this. | |
basicAuth | Object | If your Kintone environment uses Basic authentication, please specify its username and password. | |
basicAuth.username | String | The username of Basic authentication. | |
basicAuth.password | String | The password of Basic authentication. | |
clientCertAuth | Object | This parameter is available only in Node.js environment. If your Kintone environment uses Client Certificate authentication, please specify the certificate file and password. | |
clientCertAuth.pfx | Buffer | The client certificate file. Required, unless you specify pfxFilePath . | |
clientCertAuth.pfxFilePath | String | The path to client certificate file. Required, unless you specify pfx . | |
clientCertAuth.password | String | The password of client certificate. | |
proxy | Object | This parameter is available only in Node.js environment. If you use a proxy, please specify its configuration. | |
proxy.host | String | The host of the proxy server. | |
proxy.port | Number | The port of the proxy server. | |
proxy.auth | Object | If the proxy server requires Basic authentication, please specify its username and password. | |
proxy.auth.username | String | The username of Basic authentication for the proxy server. | |
proxy.auth.password | String | The password of Basic authentication for the proxy server. | |
userAgent | String | This parameter is available only in Node.js environment. A User-Agent HTTP header | |
featureFlags | Object | Feature flags that you can configure. See Feature flags. |
The client supports three authentication methods:
The required parameters inside auth
are different by the methods.
The client determines which method to use by passed parameters.
Name | Type | Required | Description |
---|---|---|---|
username | String | Yes | |
password | String | Yes |
Name | Type | Required | Description |
---|---|---|---|
apiToken | String or String[] | Yes | You can pass multiple api tokens as an array of string. |
Name | Type | Required | Description |
---|---|---|---|
oAuthToken | String | Yes | An OAuth access token you get through the OAuth process flow. |
Supported in browser environment only.
If you omit auth
parameter, the client uses Session authentication.
Session authentication is available in Garoon customization.
Name | Type | Default | Description |
---|---|---|---|
enableAbortSearchError | boolean | false | An option of whether to throw KintoneAbortSearchError or not. |
See Error Handling
FAQs
Kintone REST API client for JavaScript
The npm package @kintone/rest-api-client receives a total of 5,080 weekly downloads. As such, @kintone/rest-api-client popularity was classified as popular.
We found that @kintone/rest-api-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.