This describes Prowl's third-party API. Users can find their API keys on the API keys page.

• Changes
• API limits
• Methods
  • add (POST)
  • verify (GET)
  • retrieve/token (GET)
  • retrieve/apikey (GET)
• Generic return format
• Libraries

Changes

• 2011-01-30—Recommended server is api.prowlapp.com, for some simple SSL-cert checks which fail on wildcard.
• 2011-01-30—Added retrieve/token (GET) and retrieve/apikey (GET), to allow applications to create API keys for users.
• 2011-01-28—Added ability to register and manage provider keys on the API keys page.
• 2011-01-26—Added url parameter to add (GET) in Prowl 1.2.
• 2011-01-22—Removed SSL requirement. Cool uses like micro-controllers need more flexibility. Please use SSL if you can.

Limits

IP addresses are limited to 1000 API calls per hour which begins from the start of the first call. You can create a provider key at the API keys page, which will grant you a larger limit.

If you are writing an application where the provider key will be user-visible in the source or object files, you should only use the provider key for methods that require the provider key, none of which cost API calls.

Methods

SSL is strongly recommended. All commands are sent to: https://api.prowlapp.com/publicapi/method For example, add is: https://api.prowlapp.com/publicapi/add Square brackets next to parameters are maximum lengths in bytes. Parameters are required unless otherwise specified.

You should send all arguments in UTF-8 encoding. Some level of conversion is done if you provide other encoding, but it may not succeed.

• add (POST) — Add a notification to an API key.
• verify (GET) — Verify an API key is valid.
• Retrieving an API key:
  1. retrieve/token (GET) — Get a registration token.
  2. retrieve/apikey (GET) — Get an API key from a registration token.

add (POST)

Add a notification for a particular user.

You must provide either event or description or both.

Input

apikey [unlimited]	API keys separated by commas. Each API key is a 40-byte hexadecimal string. When using multiple API keys, you will only get a failure response if all API keys are not valid.
providerkey [40] Optional	Your provider API key. Only necessary if you have been whitelisted.
priority Optional	Default value of 0 if not provided. An integer value ranging [-2, 2] representing: Very Low Moderate Normal High Emergency Emergency priority messages may bypass quiet hours according to the user's settings.
url [512] Optional	The URL which should be attached to the notification. This will trigger a redirect when launched, and is viewable in the notification list.
application [256]	The name of your application or the application generating the event.
event [1024]	The name of the event or subject of the notification.
description [10000]	A description of the event, generally terse.

Success output

No modification from generic format.

verify (GET)

Verify an API key is valid.

For the sake of adding a notification do not call verify first; it costs you an API call. You should only use verify to confirm an API key is valid in situations like a user entering an API key into your program. If it's not valid while posting the notification, you will get the appropriate error.

Input

apikey [40]	The user's API key. A 40-byte hexadecimal string.
providerkey [40] Optional	Your provider API key. Only necessary if you have been whitelisted.

Success output

No modification from generic format.

retrieve/token (GET) [no call cost]

Get a registration token for use in retrieve/apikey and the associated URL for the user to approve the request.

This is the first step in fetching an API key for a user. The token retrieved expires after 24 hours.

Input

providerkey [40]

Your provider API key. Required.

Success output

<?xml version="1.0" encoding="UTF-8"?>
<prowl>
	<success code="200" remaining="REMAINING" resetdate="TIMESTAMP"
		/>
	<retrieve token="TOKEN" url="URL" />
</prowl>

Fields in the response are as follows:

• URL is the URL you must direct the user to for them to complete the operation.
• TOKEN is the token associated with the request. You must save this because it is required for retrieve/apikey (GET).
• The rest are as defined in the generic format.

When the user completes the retrieve operation, they will be presented a link back to your application if you set one. The query string "token" will be set in the return URL with the TOKEN above.

retrieve/apikey (GET) [no call cost]

Get an API key from a registration token retrieved in retrieve/token. The user must have approved your request first, or you will get an error response.

This is the second/final step in fetching an API key for a user.

Input

providerkey [40]	Your provider API key. Required.
token [40]	The token returned from retrieve/token. Required.

Success output

<?xml version="1.0" encoding="UTF-8"?>
<prowl>
	<success code="200" remaining="REMAINING" resetdate="TIMESTAMP"
		/>
	<retrieve apikey="APIKEY" />
</prowl>

Fields in the response are as follows:

• APIKEY is the new API key associated with the user.
• The rest are as defined in the generic format.

At any point, the user can delete the API key. Be prepared to prompt the user to retrieve a new API key if they do.

If the user already had an API key requested using your provider key, you will get the same API key back if it still exists.

Generic return format

You should always use an XML parser. While the structure itself won't change, the format or attributes might in a way that breaks direct string parsing.

Errors

An error will return the following format, as well as an HTTP status code equal to ERRORCODE.

<?xml version="1.0" encoding="UTF-8"?>
<prowl>
	<error code="ERRORCODE">ERRORMESSAGE</error>
</prowl>

ERRORCODE can be one of the following:

• 400 Bad request, the parameters you provided did not validate, see ERRORMESSAGE.
• 401 Not authorized, the API key given is not valid, and does not correspond to a user.
• 406 Not acceptable, your IP address has exceeded the API limit.
• 409 Not approved, the user has yet to approve your retrieve request.
• 500 Internal server error, something failed to execute properly on the Prowl side.

Success

A success will return the following format, as well as the HTTP status code 200. Some methods add additional output, which will be detailed in their example response. This is the generic success information.

<?xml version="1.0" encoding="UTF-8"?>
<prowl>
	<success code="200" remaining="REMAINING" resetdate="TIMESTAMP"
		/>
</prowl>

Fields in the response are as follows:

• REMAINING is the number of API calls you have left.
• TIMESTAMP is in UTC, and is the time your remaining resets.

Libraries

There are different libraries and scripts available which use the API in an array of languages.

• Ruby
  • prowler by Andrew White
  • Prowly by Rafael Magaña
  • prowl by August Lilleaas
• PHP
  • ProwlPHP maintained by Mario Mueller [Originally by Fenric] (Library)
  • Prowl for FuelPHP by egersdorfer
  • PHP-Prowl maintained by Scott Wilcox
• Perl
  • WebService::Prowl by Masayoshi Sekimura (Module)
  • prowl.pl (Official; Command line)
• Python
  • Pyrowl by Damien Degois
  • prowlpy by Jacob Burch
• Node.js
  • node-prowl by Jonas Arnklint
• Objective-C
  • ProwlKit by infincia
• Java
  • jProwlAPI by Christian Ternes
  • jProwlClient by Marco Bienlein
• C
  • Prowl-for-C by Jorryt Dijkstra (requires OpenSSL)
  • CProwl by Ryan Phillips (Command-line)
• .NET
  • Prowlin by Niklas Nihlén
  • Prowl.NET by Casey Watson
• Go
  • Goprowl by Yanko
• MQL4
  • Prowllink by Osman Taskin
• Linden Scripting Language
  • Prowler by Kira Komarov
• PowerShell
  • PowerProwl by Alex McFarland
• Arduino
  • Avviso by Mike Colagrosso (wrapper of jProwlAPI)
• Lasso
  • SHp_prowl by Lieven Gekiere
• Groovy
  • GProwl by Niels Peter Strandberg
• WHMCS
  • Pusher by Josh Bonfield