The TIBCO Spotfire Server public SOAP Web Service API.

See: Description

Package Description

The TIBCO Spotfire Server public SOAP Web Service API.

Note: This is a SOAP Web Service API. The implementing classes may not be called directly from Java code. Use the WSDL files to generate client proxies which will contain all types and methods that may be used.

The services can be accessed at the following location, where ServiceName is the name of the service interface as listed above:


The WSDL file for each service can be retrieved by appending /wsdl to the service URL. The WSDL file can be accessed at this location without authentication (unless disabled through configuration). The WSDL file for each service can also be retrieved by appending ?wsdl to the service URL, in which case a valid access token must be included with the call.

Authentication and authorization

The API uses the OAuth 2.0 protocol for authentication and authorization, with the Spotfire Server itself as Authorization Server. Some services also require additional forms of authorization (see the documentation of each service for details).

Note: The API does not use HTTP sessions so there is no need to maintain session cookies.

Note: All communication should always be done over HTTPS when using OAuth 2.0.

Basic steps:

  1. Register an API client using the register-api-client command to obtain client credentials.
  2. Obtain an access token by making a request to the Token Endpoint according to the instructions in section 4.4 of RFC 6749.
    • The token endpoint can be accessed at: http[s]://<host>[:<port>]/spotfire/oauth2/token
    • The client must authenticate using the HTTP Basic authentication scheme as described in section 2.3.1 of RFC 6749, using the credentials obtained when registering the client.
    • The request must include any and all scopes required to access the service(s) that the client intend to access (see the documentation of each service for details).
  3. Include the access token in all requests to the API, in an Authorization header as described in section 2.1 of RFC 6750.
The access token has a limited lifetime, after which a new token must be obtained by repeating step 2.

An access token is only valid for the services and operations described in the scope parameter provided when obtaining the access token. The available scopes are described in the documentation for each service.

Generating client proxies

Proxies can be generated using the tool of your choice. Here is an example on how to do it using the wsimport tool that is included with the Oracle JDK. The tool must be run for each service to be used.

Example on how to generate a proxy, for the LibraryService:
wsimport -d bin -s src


The API is enabled by default. To disable it or to make other configuration changes, use the config-web-service-api command. For more information see the section Configuration using the command line of the TIBCO Spotfire© Server and Environment Installation and Administration manual.

Additional resources

For more information please refer to these resources:

The section Spotfire Server public Web Services API's of the TIBCO Spotfire© Server and Environment Installation and Administration manual.

The SpotfireDeveloper.ServerApiExample developer example that can be found under Integration in the Spotfire SDK.

The TIBCO Community Wiki.

Legacy API

The legacy SOAP API, available in previous versions of the TIBCO Spotfire Server, is still available under /ws/pub/.

Note: The legacy API is deprecated and will be removed in a future version.

The legacy API is disabled by default but can be enabled using the --legacy-soap-enabled flag of the config-web-service-api command.

For more information please refer to the documentation of a previous, supported, version of the Spotfire Server.

Copyright © 2013-2018 TIBCO Software Inc. All Rights Reserved.