Web services
The OpenGrok web application provides a REST API under path /api/v1/.
For Indexer and Python scripts to work correctly, the URI of the web application needs to be specified with -U option. (For instance: -U http://localhost:8080/source).
For the API documentation go to https://opengrok.docs.apiary.io/
Some of the API endpoints require authorization (which assumes authentication), some of the endpoints need to be accessed either via localhost or with API Bearer token.
To use an API token, it needs to be configured in the web application first (see authenticationTokens in https://github.com/oracle/opengrok/wiki/Webapp-configuration#configuration-tunables). The web app configuration can have multiple API tokens.
Then it can be used from the indexer (which uploads new configuration to the web app at the end of the indexing if the -U option is used) using the --token command line option or using the indexerAuthenticationToken configuration option which is handy when using the read-only configuration.
The Python tools allow to set arbitrary HTTP headers when performing API calls using the -H/--header option so this can be used to specify the API token as well. The opengrok-sync program allows to set the HTTP headers also in the configuration file.
Important thing to keep in mind is that in order to successfully use the API token, the request has to go through HTTPS or the web app has to be configured to allow tokens to go over insecure channel (see https://github.com/oracle/opengrok/wiki/Webapp-configuration#configuration-tunables).
