XSEDE API Documentation
XSEDE has identified over 60 user facing use cases that document specific ways users need to use XSEDE's infrastructure. From those user facing use cases XSEDE distilled 12 canonical use cases that document the core (common) system functions needed by user facing use cases.
XSEDE has delivered production components supporting almost all the core (common) system functions in the canonical use cases and many of the 60 user facing use cases, thus enabling users to perform some (but not all) of the functions in those use cases.
This page documents XSEDE production components that have APIs and provides pointers to API documentation and client coding examples that software and service developers, such as Science Gateways developers, can reference.
The following 13 APIs are grouped by category. Click on the links in the tables below for more information about each API.
- Data: Movement and Management
- Execution: Job Execution and Management
- Information: Publishing and Discovery
- Security: Authentication, Authorization, and Identity Management
Data: Movement and Management (3 APIs)
Provides global file system for researcher data sharing and job submission.
Globus' transfer service is software-as-a-service for file transfer and sharing. Designed specifically for researchers, Globus provides fast, reliable, and secure file transfer among XSEDE resources or between an XSEDE resource and another machine (such as a campus cluster, lab server, or personal computer). Globus is core campus bridging technology that enables researchers to scale their computational research from the desktop, across campus, and to national cyberinfrastructure. Beyond file transfer, Globus allows researchers to securely share data with collaborators directly from existing systems, without investing in additional campus or cloud storage just for the purposes of sharing.
GridFTP is a high-performance, secure, reliable data transfer protocol optimized for high-bandwidth wide-area networks. In the XSEDE system architecture, GridFTP is a service-layer interface for data transfer. (The higher-level, access-layer interface is Globus transfer, see above.) The GridFTP protocol is based on FTP, the highly-popular Internet file transfer protocol. We have selected a set of protocol features and extensions defined already in IETF RFCs and added a few additional features to meet requirements from current data grid projects.
Execution: Job Execution and Management (2 APIs)
1. GSI OpenSSH
Enables remote login and shell access using X.509 credentials. Programs can fork/exec the GSI OpenSSH client and send shell commands to be executed on the remote machine.
UNICORE is a Grid middleware offering services for program execution and data movement on remote computers via the internet. It specializes on massively parallel applications typically running on large computing clusters and supercomputers utilizing their resource management systems (job schedulers and batch systems) to distribute work efficiently.
Information: Publishing and Discovery (3 APIs)
Enables asynchronous publishing of and subscription to XSEDE resource information.
Enables synchronous publishing and query based discovery of XSEDE infrastructure resource information.
Enables synchronous publishing and query based discovery of XSEDE UNICORE infrastructure resource information.
Security: Authentication, Authorization, and Identity Management (5 APIs)
CILogon provides a standards-compliant OpenID Connect (OAuth 2.0) interface to federated authentication. Clients can use this interface to authenticate users via their home campus identity providers (e.g., via InCommon SAML authentication) and optionally obtain short-lived X.509 certificates for users.
Implements WS-Trust standard for Secure Token Service (STS), with variants for GFFS grid user, Kerberos and Globus Auth authentication processes.
Globus Auth is a foundational identity and access management (IAM) platform service, used for brokering authentication and authorization interactions between end-users, identity providers, resource servers (services), and clients (including web, mobile, desktop, and command line applications, and other services).
Globus Auth is compliant with the OAuth2 and OpenID Connect standards, but extends them to support use cases that are beyond the scope of those standards.
Integrating MyProxy clients into your application allows you to authenticate and obtain X.509 certificates for your users. Using the MyProxy client API with the myproxy.xsede.org server allows applications to verify XSEDE Kerberos passwords and obtain short-lived XSEDE-accepted certificates.
The MyProxy OAuth API allows clients to authenticate users and obtain X.509 certificates for users. It is compliant with OAuth 1.0a, OAuth 2.0, and OpenID Connect. Using the MyProxy OAuth API with the oa4mp.xsede.org server allows clients to authenticate XSEDE users and obtain XSEDE-accepted short-lived certificates.