HTTPS Access to Collections
- 1. Overview
- 2. Determining the Collection HTTPS Base URL
- 3. Authorization
- 4. Access Tokens for HTTPS
- 5. Accessing Data
Globus Connect Server version 5 includes support for basic HTTPS access to Globus collections. This includes download and upload of files only, and may be used either programmatically, or linked to or downloaded from a web application. This guide describes how to access data on a Globus collection via HTTPS.
Information about Globus Connect Server version 5 collections are available using the Globus Transfer API. Among this information is the base URL which can be used to access collection data.
To determine this information, look for the
https_server property in the
collection’s Endpoint document.
% globus endpoint show 60a0c6af-3f73-453c-afbe-c8504fc428b6 \ --jq 'https_server' -F unix https://a4969.36fe.dn.glob.us
from globus_sdk import TransferClient, AccessTokenAuthorizer TRANSFER_ACCESS_TOKEN = '...' transfer_client = TransferClient( authorizer=AccessTokenAuthorizer(TRANSFER_ACCESS_TOKEN)) endpoint_id = '60a0c6af-3f73-453c-afbe-c8504fc428b6' endpoint = transfer_client.get_endpoint(endpoint_id) https_server = endpoint['https_server']
Visit the collection in the file browser, select a file, then click on "Get Link" on the right panel.
For this example endpoint: https://app.globus.org/file-manager?origin_id=60a0c6af-3f73-453c-afbe-c8504fc428b6
Guest collections allow user-specified Access Control Lists, which may include either any Globus Auth identity, a specific Globus Auth identity, Globus Groups identity, or be completely public with no authorization. If the collection requires an authenticated identity, your application must obtain an appropriate access token and present that to the HTTPS service.
Note that Guest Collection administrators may create ACLs for the identity of
an application based on its Globus Auth client_id (by allowing access to
email@example.com. If such an ACL is present,
the application may use an OAuth
client_credentials grant to obtain an access
token to interact with the https service.
Mapped collections always require a Globus Auth identity to access the service. Mapped collections require a high assurance storage gateway.
A system administrator may create a mapping from an application
firstname.lastname@example.org to a local
account in the gridmap file. If this is the case, the application may use an
client_credentials grant to obtain an access token to interact with the
If the collection requires a Globus Auth identity to access the endpoint, your application must present an access token using the "Authorization" HTTP header.
The HTTPS server supports the
provided the client identity is authorized for that operation on the
Note that the HTTPS service does not support directory listings.
When accessing the resource programmatically, include the
header to avoid being redirected to auth.globus.org when the token
does not grant access to the requested resource.
By default, the HTTPS service includes the
Content-Disposition header set to
inline so that the data is loaded directly in to the browser and can be
viewed. To request the data be downloaded by the browser, append the query
download when requesting the object. This changes the service
response to include a
Content-Disposition header set to
attachment with a