Get Started with Prolaborate REST APIs
With the release of Prolaborate V5.4.0, we have published Prolaborate APIs as public APIs to allow admin to perform automated actions. Prolaborate use REST APIs, authenticate with OAuth 2.0 access tokens and return responses encoded in JSON with the HTTP response codes.
The following actions can be performed with the help of Prolaborate REST APIs that are accessible to the public in Prolaborate V5.4.0.
- Create, update, and delete Prolaborate specific users.
- Generate sharable links for elements, diagrams, and packages.
- Add Repositories in Prolaborate.
Let’s explore the steps in detail.
Step 1: Generate Client ID and Client Secret
Prolaborate APIs can be integrated with other applications with the help of a ‘Client ID’ (Application ID) and ‘Client Secret’ (Token) to authenticate API calls. Prolaborate offers an Open Authorization (OAuth) method to make it more secure.
Prerequisites
The user should be a Prolaborate administrator to generate Client ID (Application ID) and Client Secret (Token).
Generate Security Token
Log in to Prolaborate as an administrator. Click on Menu > Integrated Applications – Access Management under Portal Settings.

Click on Add Application.

Enter the following details in the respective fields.
Field | Description |
---|---|
Name | Enter a suitable name |
Application ID or Client ID | Enter a suitable text as Application ID (Client ID) |
Authorization | Select both ‘Client Credentials’ and ‘AuthorizationCode’ from the drop-down |
Scope | Select both ‘OpenID’ and ‘Profile’ as Scope from the drop-down |
API Permission | Select the required Calls which you would like to access from external tools |
Generate Security Token | This option should be enabled to generate security token (Client Credentials) |
Enhance Security using PKCE | If it is Enabled in Prolaborate, the option prevents malicious attacks. It adds one more security layer to the authorization code flow in OAuth and OpenID Connect. |
Redirect URL’s | Skip this field |
Post Logout URL’s | Skip this field |

Once the values are entered, click on Save to save the configuration.
A token (Client Secret) will be generated automatically to each Application.

Copy or download the Token and Application ID to use it.
Regenerate Security Token
In case if you would like to regenerate token for an Application ID follow the below guideline.
To regenerate a token for an application, click on the Key icon. If the token is regenerated, it should be updated in all the places where the previous token is used for seamless work experience.

Step 2: Generate Access Token
The next step is to generate an access token based on the Client ID (Application ID) and Client Secret (Token). The access token authenticates your application when calling the Prolaborate REST APIs.
In this example, we are showing you on how to generate access token using Postman.
Open the Postman application and execute the following steps:
- Select request type as POST.
- Enter the API endpoint with your domain name as the request URL. Example: https://localhost/connect/token
- Navigate to the Authorization tab and select the type as Bearer Token.

4. Navigate to the Body tab. Select the x-www-form-urlencoded option and input the following request parameters.
Key | Value |
---|---|
grant_value | client_credentials |
client_id | Copy & Paste the Application ID from Prolaborate |
client_secret | Copy & Paste the Application ID from Prolaborate |
5. Click on Send to initiate the request.
Prolaborate returns an access token and the number of seconds the access token is valid.

Note:
- The access token must be generated again once it expires. By default, the token will be expired after 4 minutes.
- To modify the token expiry time, refer to the section ‘Manage Open ID Connect Configurations’.
Step 3: Add bearer token in APIs during request initiation
The next step is to add the bearer token to the APIs when sending a new request.
- Copy the access token generated in step 2.
- In the new request, navigate to the Authorization tab. Select the Auth type as Bearer Token and paste the access token in the token field.
- Verify the details pasted in the API request body and then initiate the request.

Note:
- The access token must be generated again once it expires. By default, the token will be expired after 4 minutes.
- If the Client ID or Client Secret is changed in Prolaborate, one must update the details and then generate the access token again.
List of APIs accessible in Prolaborate 5.4
Name | Method | Endpoints |
---|---|---|
Create a user in Prolaborate | POST | {{scheme}}://{{ domain }}:{{port}}/api/user/AddUsersFromPortal |
Update a user detail in Prolaborate | PUT | {{scheme}}://{{ domain}}:{{port}}/api/user/UpdatePortalUserUpdate |
Delete a user in Prolaborate | DELETE | {{scheme}}://{{host}}:{{port}}/api/repository/Delete |
Create a user to a particular repository in Prolaborate | POST | {{scheme}}://{{ domain }}:{{port}}/api/user/CreateRepositoryUsers |
Update a user detail to a particular repository in Prolaborate | PUT | {{scheme}}://{{ domain}}:{{port}}/api/user/UpdateRepositoryUser |
Remove a user from a particular repository in Prolaborate | DELETE | {{scheme}}://{{ domain}}:{{port}}/ api/user/DeleteRepUser |
Add a repository in Prolaborate | POST | {{scheme}}://{{ domain }}:{{port}}/api/repository/create |
Generate share URL for artifacts | GET | {{scheme}}://{{ domain }}:{{port}}/api/shareurl/GetElementShare |
Generate share URL (Static Diagram) |
GET | {{scheme}}://{{ domain }}:{{port}}/api/shareurl/GetDiagramShare |
Create a new user in Prolaborate
The API will allow you to create a new user in Prolaborate.
Method: POST
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/AddUsersFromPortal
Example: https://localhost/api/user/AddUsersFromPortal
Authorization: Bearer Token (Refer to Access Token flow)
Request Parameters and Its Details
Request Parameter | Type | Description | Mandatory |
---|---|---|---|
FirstName | String | User’s first name | Yes |
LastName | String | User’s last name | No |
EmaiId | String | Valid email ID of the user | Yes |
Password | String | Password for the user account. It should be of eight characters and should have number, uppercase, lowercase, and special characters (!, @, #, $, %, &, *, (, ), _, ., ;, :, ^, +) | Yes |
UserType | String | User type should only be ‘SYSTEM-USER’ as other user type such as Active Directory or Identity Provider cannot be created via API | Yes |
UserStatus | String | It can be either active or inactive | Yes |
IsAdmin | Int | It can be either 0 or 1. For admin user, it should be set to 1 | No |
IsReadOnly | Int | It can be either 0 or 1. For regular user, it should be set to 0 and for read-only user, it should be set to 1 | No |
IsMFARequired | Int | It can be either 0 or 1. To enforce MFA, it should be set to 1 or else set to 1 | No |
Request Body Example:
{
"FirstName": "Andi",
"LastName": "A",
"EmailId": "andfi@prolaborate.com",
"Password": "Andi@123",
"UserType": "SYSTEM-USER",
"UserStatus": "Active",
"IsAdmin": "1",
"IsMFARequired": "1",
"isReadOnly": 0
}
Response for successful user creation
If all the details are correct, the API will return a user ID of the user.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
500 Internal Server Error | 1. If the same email already exists for another user in Prolaborate. 2. You do not have sufficient license count to create new users. |
422 Unprocessable Entity | Unable to create the user if any fields do not match the exact data type. |
400 Bad Request | If the request body does not have the mandatory information or contains any invalid JSON characters. |
Update an existing user detail in Prolaborate
The API will allow you to update the user details in Prolaborate.
Method: PUT
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/UpdatePortalUserUpdate
Example: https://localhost/api/user/UpdatePortalUserUpdate
Authorization: Bearer Token (Refer to Access Token flow)
Request Parameters and Its Details
Request Parameter | Type | Description | Mandatory |
---|---|---|---|
UserId | String | ID of a user in Prolaborate and it should be a valid GUID | Yes |
FirstName | String | User’s first name | Yes |
LastName | String | User’s last name | No |
EmaiId | String | Valid email ID of the user | Yes |
UserType | String | User type should only be ‘SYSTEM-USER’ as other user type such as Active Directory or Identity Provider cannot be created via API | Yes |
UserStatus | String | It can be either active or inactive | Yes |
IsAdmin | Int | It can be either 0 or 1. For admin user, it should be set to 1 | No |
IsReadOnly | Int | It can be either 0 or 1. For regular user, it should be set to 0 and for read-only user, it should be set to 1 | No |
IsMFARequired | Int | It can be either 0 or 1. To enforce MFA, it should be set to 1 or else set to 1 | No |
Request Body Example:
{
"UserId": "786f9bf4-b44d-4dca-a915-36f30dee7637",
"FirstName": "Andi",
"LastName": "A",
"EmailId": "andi@prolaborate.com",
"UserType": "SYSTEM-USER",
"UserStatus": "Active",
"IsLocked": false,
"IsAdmin": 1,
"isReadOnly": 0,
"IsMFARequired": 0
}
Response for successful user update
If all the details are correct, the API will return a user ID of the user indicating the update is successful.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
500 Internal Server Error | If the same email already exists for another user in Prolaborate. |
422 Unprocessable Entity | Unable to update the user details if any fields do not match the exact data type. |
400 Bad Request | If the request body does not have the mandatory information or contains any invalid JSON characters. |
404 Not Found | Update is unsuccessful since the user is not part of Prolaborate (i.e.) deleted from the application. |
Delete an existing user in Prolaborate
The API will allow you to dekete a user in Prolaborate.
Method: DELETE
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/delete
Example: https://localhost/api/user/delete
Authorization: Bearer Token (Refer to Access Token flow)
Query Parameters and Its Details
Query Parameter | Type | Description | Mandatory |
---|---|---|---|
UserId | String | ID of a user in Prolaborate that you wish to delete, and it should be a valid GUID | Yes |
Query Parameter Example:
https://localhost/api/user/delete?Id=786f9bf4-b44d-4dca-a915-36f30dee7637
Response for successful deletion
If all the details are correct, the API will return ‘true’ indicating the user has been deleted successfully.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
422 Unprocessable Entity | The entered User ID in the query params is not a valid GUID. |
400 Bad Request | The query params contains invalid key. |
404 Not Found | Unable to delete the user since the user is not part of Prolaborate (i.e.) already deleted from the application. |
Create a new user and add directly to a repository in Prolaborate
The API will allow you to create a new user and add him directly to a repository in Prolaborate.
Method: POST
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/CreateRepositoryUsers
Example: https://localhost/api/user/CreateRepositoryUsers
Authorization: Bearer Token (Refer to Access Token flow)
Request Parameters and Its Details
Request Parameter | Type | Description | Mandatory |
---|---|---|---|
FirstName | String | User’s first name | Yes |
LastName | String | User’s last name | No |
EmaiId | String | Valid email ID of the user | Yes |
Password | String | Password for the user account. It should be of eight characters and should have number, uppercase, lowercase, and special characters (!, @, #, $, %, &, *, (, ), _, ., ;, :, ^, +) | Yes |
UserType | String | User type should only be ‘SYSTEM-USER’ as other user type such as Active Directory or Identity Provider cannot be created via API | Yes |
UserStatus | String | It can be either active or inactive | Yes |
IsAdmin | Int | It can be either 0 or 1. For admin user, it should be set to 1 | No |
IsReadOnly | Int | It can be either 0 or 1. For regular user, it should be set to 0 and for read-only user, it should be set to 1 | No |
IsMFARequired | Int | It can be either 0 or 1. To enforce MFA, it should be set to 1 or else set to 1 | No |
RepositoryId | String | ID of the repository to which the user must be added directly | Yes |
AssociatedGroupIds | String | ID of the user groups as it denotes the list of user groups in the repository to which the user must be part. The IsDefault reflects whether the specified user group should be set as default or not. | No |
AssociatedDashBoardId | String | ID of the dashboard present in the repository as it denotes whether the dashboard should be set as the default | No |
Request Body Example:
{
"FirstName": "Andi",
"LastName": "A",
"EmailId": "andi@prolaborate.com",
"Password": "Andi@123",
"UserType": "SYSTEM-USER",
"UserStatus": "Active",
"UserType": "SYSTEM-USER",
"IsAdmin": "0",
"IsMFARequired": "0",
"IsReadOnly": 0,
"RepositoryId": "6da53e12-7dec-4bc2-bc92-44fc2c0792ca",
"AssociatedGroupIds": [
{
"IsDefault": false,
"AssociatedId": "807b3de2-b35b-4ec2-a429-09bc4bf36593"
},
{
"IsDefault": true,
"AssociatedId": "3a6a4233-773f-48af-953e-d955cbcb2b9c"
}
],
"AssociatedDashboardId": [
{
"IsDefault": true,
"AssociatedId": "97570a88-b786-4a71-874d-e2f1240c46d4"
}
]
}
Response for successful user creation
If all the details are correct, the API will return a user ID of the created user.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
500 Internal Server Error | 1. If the same email already exists for another user in Prolaborate. 2. You do not have sufficient license count to create new users. |
422 Unprocessable Entity | Unable to create the user if any fields do not match the exact data type. |
400 Bad Request | If the request body does not have the mandatory information or contains any invalid JSON characters. |
Update an existing user detail in Prolaborate
The API will allow you to update the user details in Prolaborate.
Method: PUT
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/UpdateRepositoryUser
Example: https://localhost/api/user/UpdateRepositoryUser
Authorization: Bearer Token (Refer to Access Token flow)
Request Parameters and Its Details
Request Parameter | Type | Description | Mandatory |
---|---|---|---|
UserId | String | ID of a user in Prolaborate and it should be a valid GUID | Yes |
FirstName | String | User’s first name | Yes |
LastName | String | User’s last name | No |
EmaiId | String | Valid email ID of the user | Yes |
UserType | String | User type should only be ‘SYSTEM-USER’ as other user type such as Active Directory or Identity Provider cannot be created via API | Yes |
UserStatus | String | It can be either active or inactive | Yes |
IsAdmin | Int | It can be either 0 or 1. For admin user, it should be set to 1 | No |
IsReadOnly | Int | It can be either 0 or 1. For regular user, it should be set to 0 and for read-only user, it should be set to 1 | No |
IsMFARequired | Int | It can be either 0 or 1. To enforce MFA, it should be set to 1 or else set to 1 | No |
RepositoryId | String | ID of the repository to which the user must be added directly | Yes |
AssociatedGroupIds | String | ID of the user groups denotes the list of user groups in the repository to which the user must be part. The IsDefault reflects whether the specified user group should be set as default or not. | No |
AssociatedDashBoardId | String | ID of the dashboard present in the repository as it denotes whether the dashboard should be set as the default | No |
Request Body Example:
{
"UserId": "7b6a47eb-201c-4adb-85c9-04b7614e2386",
"FirstName": "Andi",
"LastName": "A",
"EmailId": "andi@prolaborate.com",
"UserType": "SYSTEM-USER",
"UserStatus": "Active",
"UserType": "SYSTEM-USER",
"IsAdmin": "0",
"IsMFARequired": "0",
"IsReadOnly": 0,
"RepositoryId": "6da53e12-7dec-4bc2-bc92-44fc2c0792ca",
"AssociatedGroupIds": [
{
"IsDefault": false,
"AssociatedId": "807b3de2-b35b-4ec2-a429-09bc4bf36593"
},
{
"IsDefault": true,
"AssociatedId": "3a6a4233-773f-48af-953e-d955cbcb2b9c"
}
],
"AssociatedDashboardId": [
{
"IsDefault": true,
"AssociatedId": "97570a88-b786-4a71-874d-e2f1240c46d4"
}
]
}
Response for successful update in a repository
If all the details are correct, the API will return a user ID of the user indicating the update is successful.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
500 Internal Server Error | If the same email already exists for another user in Prolaborate. |
422 Unprocessable Entity | Unable to update the user details if any fields do not match the exact data type. |
400 Bad Request | If the request body does not have the mandatory information or contains any invalid JSON characters. |
404 Not Found | Update is unsuccessful since the user is already removed from the repository or is not part of Prolaborate (i.e.) deleted from the application. |
Remove a user from a repository in Prolaborate
The API will allow you to create a new user in Prolaborate.
Method: DELETE
End Point: {{scheme}}://{{ domain }}:{{port}}/api/user/DeleteRepUser
Example: https://localhost/api/user/DeleteRepUser
Authorization: Bearer Token (Refer to Access Token flow)
Query Parameters and Its Details
Query Parameter | Type | Description | Mandatory |
---|---|---|---|
RepositoryId | String | ID of a repository in Prolaborate from which you wish to remove the user, and it should be a valid GUID | Yes |
UserId | String | ID of a user in Prolaborate that you wish to delete, and it should be a valid GUID | Yes |
Query Parameter Example:
https://localhost/api/user/DeleteRepUser?RepositoryId=6da53e12-7dec-4bc2-bc92-44fc2c0792ca&UserId=7b6a47eb-201c-4adb-85c9-04b7614e2386
Response for successful removal of user from repository
If all the details are correct, the API will return the response as mentioned in the image below indicating the user is removed from the repository successfully.
Please note that the user will be removed only from the mentioned repository. The user will not be deleted from the application.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
422 Unprocessable Entity | The entered User ID or repository ID in the query params is not a valid GUID |
400 Bad Request | The query params contains invalid key. |
404 Not Found | Unable to delete the user since the user is already removed from the repository or is not part of Prolaborate (i.e.) deleted from the application. |
Add a repository in the Prolaborate
The API will allow you to add a repository in Prolaborate.
Method: POST
End Point: {{scheme}}://{{ domain }}:{{port}}/api/repository/create
Example: https://localhost/api/repository/create
Authorization: Bearer Token (Refer to Access Token flow)
Request Parameters and Its Details
Request Parameter | Type | Description | Mandatory |
---|---|---|---|
UserId | String | ID of an admin user in Prolaborate and it should be a valid GUID | Yes |
Name | String | Give a suitable name for the repository | Yes |
Alias | String | Enter a suitable alias name. The alias name should not be duplicated | Yes |
Description | String | Give a suitable description for this repository | No |
Isenabled | Short | This represents the status of the repository. Set to ‘1’ for active or ‘0’ for inactive | Yes |
Model | String | Give the alias name of this repository which is mentioned in Pro Cloud Server (PCS) | Yes |
Protocol | String | Protocol of the PCS server (HTTP or HTTPS) | Yes |
Server | String | Server name or IP address where the PCS is hosted | Yes |
Port | String | Port of the server where PCS is hosted | Yes |
Authrequired | Short | It can either ‘0’ or ‘1’. If Model Security is enabled in Enterprise Architect, it should be set as ‘1’, else ‘0’. | Yes |
Username | String | If Authrequired is set to ‘1’, provide the username of a user added in the model | Yes, if Authrequired is set to ‘1’, else No |
Password | String | If Authrequired is set to ‘1’, provide the password for the username of a user added in the model | Yes, if Authrequired is set to ‘1’, else No |
IsVersionExplorer | Short | Set to ‘1’ if you wish to enable Versions Explorer for this repository, else ‘0’ | Yes |
Request Body Example:
{
"userId": "DDF761D0-CAE3-48E7-83DF-18998F80CD87",
"name": "The Essential Architecture Model",
"alias": "theessentialarchitecturemodel",
"description": "",
"isenabled": 1,
"model": "The Essential Architecture",
"protocol": "http",
"server": "localhost",
"port": "1804",
"authrequired": 1,
"username": "admin",
"password": "password",
"isVersionExplorer": 0,
"repositoryId": "",
"status": "active",
"oslcAccessCode": ""
}
Response for successful repository creation
If all the details are correct, the API will create a new repository in Prolaborate and returns the repository ID.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
500 Internal Server Error | 1. If the same details (alias name) already exists for another repository in Prolaborate. 2. You do not have sufficient token to create new repository. |
422 Unprocessable Entity | Unable to create the repository if any fields do not match the exact data type. |
400 Bad Request | If the request body does not have the mandatory information or contains any invalid JSON characters. |
Generate share URLs for Artifacts
The API will allow you to generate Public, Private, or Embed URLs of a diagram or an element or a package.
Note:
- Public share and Embed share should be enabled in Repository Settings to generate those URLs. Click here to learn more on how to enable those options in Prolaborate.
Method: GET
End Point: {{scheme}}://{{ domain }}:{{port}}/api/shareurl/GetElementShare
Example: https://localhost/api/shareurl/GetElementShare
Authorization: Bearer Token (Refer to Access Token flow)
Query Parameters and Its Details
Query Parameter | Type | Description | Mandatory |
---|---|---|---|
RepositoryId | String | ID of a repository in Prolaborate from which you wish to generate the share URL, and it should be a valid GUID | Yes |
ElementId | String | GUID of a diagram or a package or an element for which you wish to generate the share URL, and it should be a valid GUID | Yes |
Query Parameter Example:
https://localhost/api/shareurl/GetElementShare?RepositoryId=6da53e12-7dec-4bc2-bc92-44fc2c0792ca&ElementId={B67F0C2C-E9D1-48bc-8BEA-3B0B961343CD}
Response for successful removal of user from repository
If all the details are correct, the API will return the response as mentioned in the image below indicating the share URLs are generated successfully.

Response for incorrect request
Status Codes | Description |
---|---|
401 Unauthorized | The bearer token must be expired. Generate the token and try again. |
422 Unprocessable Entity | The entered element ID or repository ID in the query params is not a valid GUID |
400 Bad Request | The query params contains invalid key. |
404 Not Found | Unable to generate the URLs |