Generally, API calls will return a non-200 status code on invalid usage. In that case, the body of the response may be a JSON object with an "error" field, containing additional information on the error.
All the log-in methods and restrictions that apply to normal ContestWebServer usage also apply for API usage. In particular, this implies that IP autologin, if configured, can be used for API calls.
Otherwise, making a POST request to the /api/login endpoint, passing
username and password as form data (as is done for regular login), will
return a JSON object with the following structure:
{"login_data": /* string */ }The content of the returned login data string should be passed to API calls
that require authentication in a X-CMS-Authorization header.
All other API methods described here require authentication.
An authenticated GET request to /api/task_list, done while the contest
is running, will return the following object:
{
"tasks": [
{
"name": /* string */,
"statements": [/* strings */],
"submission_format": [/* strings */]
}
]
}Tasks are ordered in the same order as in the UI. The name of the task is
used for additional task-specific API calls. statements contains a list of
languages for which a statement is available. submission_format contains a
list of files that will need to be submitted, where filenames containing the
%l string represent source files (that will be compiled and run on the
server), and all other filenames represent output files.
An authenticated POST request to /api/{taskname}/submit will send a
submission. Files should be provided (according to the submission format) as
form data, with field names matching the submission format.
The request will return an object with the ID of the new submission:
{"id": /* string */}An authenticated GET request to /api/{taskname}/submission_list will
return an object describing all the submission done so far on the given task,
in chronological order:
{
"list": [
{ "id": /* string */ }
]
}A PDF version of the task statement for a given language can be retrieved by
making an authenticated GET request to
tasks/{taskname}/statements/{lang}.
An authenticated GET request to /tasks/{taskname}/submissions/{id} will
retrieve information on the submission with the given id. In particular,
its field public_score will contain the score of this submission, and
task_public_score will contain the current score for the task.
Additional details on the submission's results can be retrieved by making an
authenticated GET request to /tasks/{taskname}/submissions/{id}/details.
The endpoint will return an HTML snippet matching what is seen by contestants.
Administrators may impersonate a user and perform requests on their behalf.
This is accomplished by using the authentication endpoint without password
and with an additional admin_token parameter equal to the
contest_admin_token from the CMS configuration. The returned authentication
token refers to the given user, but it is marked as impersonated.
Requests carrying an impersonated authentication token may bypass certain restrictions:
IP-based login restrictions do no apply. (But if IP-based autologin is set, it overrides all authentication tokens including impersonated ones.)
Hidden participation is never blocked.
Requests can carry special parameters (either in the URL or in
POSTdata) that bypasses further restrictions when set to1:override_phase_checklets the operation proceed regardless of contest phase (for example, you can submit even though the contest has already ended).override_official(in the submit endpoint) makes the submission count as official regardless of contest phase.override_max_number(in the submit endpoint) skips all checks for the maximum number of submits.override_min_interval(in the submit endpoint) skips all checks for the minimum time interval between submits.