Swift Target-of-Opportunity API
Programmatic access to Swift TOO requests, visibility calculations, and observation queries via a modern RESTful API.
Introduction to the API
API Version 2 (swifttools 4.0+)
Author: Jamie A. Kennea (Penn State)
Introduction
The following gives an explanation of how the Swift TOO API works, and how API queries are formatted. Beginning with swifttools 4.0, the API has been redesigned as a modern RESTful service. If you are not interested in using the API at the low level, we suggest that you skip this section and move onto the documentation for and examples of how to use the swift_too Python module.
Base URL
All API v2 endpoints are rooted at:
https://www.swift.psu.edu/api/v2For example, the visibility query endpoint is available at /api/v2/swift/visquery/.
Authentication
The v2 API uses session-based authentication via a browser cookie (session). There is no longer a shared-secret JWT — instead, you authenticate once by POSTing your credentials (username plus either your account password or an API key) to the /login endpoint and then include the returned session cookie in all subsequent requests.
Logging in
POST /api/v2/login
Send a JSON body containing your username and password. If you are using an API key instead of your account password, supply the API key in the password field; the field name is retained for historical reasons:
{
"username": "myuser",
"password": "my_api_key_or_password"
}A successful login returns HTTP 200 and sets a session cookie that must be supplied with every subsequent authenticated request. Most HTTP clients (e.g. Python's requests.Session) handle this automatically.
Logging out
POST /api/v2/logout
Invalidates the current session. No request body is required.
Checking session status
GET /api/v2/session
Returns the username associated with the current session:
{
"username": "myuser"
}Alternative: API-key login
POST /api/v2/login/password
Accepts the same LoginData body as /login and can be used when authenticating via an API key instead of a password.
Request format
Requests are standard HTTP calls. Query parameters (for GET requests) are passed as URL query strings, and request bodies (for POST requests) use either application/json or application/x-www-form-urlencoded encoding depending on the endpoint. There is no longer any JWT wrapping of request data.
Example – Swift visibility query
GET /api/v2/swift/visquery/?ra=195.699&dec=-63.836&length=28
Required parameters: ra, dec. Optional: begin, end, length, hires.
A successful response (HTTP 200) returns a JSON object directly:
{
"begin": "2021-02-18T00:00:00",
"length": 28.0,
"ra": 195.699,
"dec": -63.836,
"hires": false,
"windows": [
{
"begin": "2021-02-21T00:33:00",
"end": "2021-04-07T07:21:00"
}
],
"status": {
"status": "Accepted",
"too_id": null,
"jobnumber": null,
"errors": [],
"warnings": []
}
}Response format
All successful responses return a JSON object whose fields correspond to the schema of the requested resource. Error responses return an HTTP error status code together with a SwiftTOOStatusSchema JSON body:
{
"status": "Error",
"too_id": null,
"jobnumber": null,
"errors": ["Descriptive error message"],
"warnings": []
}HTTP status codes
| Code | Meaning |
|---|---|
200 |
OK – request succeeded |
201 |
Created – resource created (e.g. TOO submitted) |
400 |
Bad Request – invalid parameters |
401 |
Unauthorized – not logged in |
403 |
Forbidden – insufficient permissions |
404 |
Not Found – resource does not exist |
422 |
Unprocessable Entity – validation error |
No queue system
Unlike the v1 API, the v2 API is synchronous — responses are returned immediately and there is no job queue to poll. The jobnumber field in status objects is retained for backwards compatibility but is not used in v2.
Available endpoints
Endpoints are grouped below by functional area. All paths are relative to /api/v2.
Health Check
| Method | Path | Description |
|---|---|---|
GET |
/ |
Health check — returns plain text "OK" |
Authentication
| Method | Path | Description |
|---|---|---|
POST |
/login |
Log in and obtain a session cookie |
POST |
/login/password |
Log in via API key |
POST |
/logout |
Invalidate the current session |
GET |
/session |
Return the currently authenticated username |
GET |
/user/{username} |
Retrieve a user record |
POST |
/user |
Create a new user |
GET |
/user |
List users (admin) |
PUT |
/user/{username} |
Replace a user record |
PATCH |
/user/{username} |
Update selected user fields |
DELETE |
/user/{username} |
Delete a user |
GET |
/user/scopes/{username} |
Get user permission scopes |
POST |
/user/scopes/{username} |
Grant permission scopes |
DELETE |
/user/scopes/{username} |
Revoke permission scopes |
Swift Schedules
| Method | Path | Description |
|---|---|---|
GET |
/swift/obsquery/ |
Query executed Swift observations (AFST) |
GET |
/swift/planquery/ |
Query the Swift pre-planned science timeline (PPST) |
GET |
/swift/calendar |
Query the Swift observing calendar |
GET |
/swift/sot_stats |
Query Swift SOT statistics |
Swift Visibility
| Method | Path | Description |
|---|---|---|
GET |
/swift/visquery/ |
Compute Swift target visibility windows |
GET |
/swift/saa/ |
Query Swift South Atlantic Anomaly passages |
Swift Target-of-Opportunity
| Method | Path | Description |
|---|---|---|
GET |
/swift/too |
Query existing TOO requests |
POST |
/swift/too |
Submit a new TOO request |
GET |
/swift/too/{too_id} |
Retrieve a specific TOO request by ID |
GET |
/swift/too_upload_enabled |
Check whether TOO uploading is currently enabled |
Swift Clock
| Method | Path | Description |
|---|---|---|
GET |
/swift/clock/ |
Convert between MET, UTC and Swift clock times |
Swift UVOT
| Method | Path | Description |
|---|---|---|
GET |
/swift/uvot_mode |
Query UVOT mode filter configuration |
Swift Data
| Method | Path | Description |
|---|---|---|
GET |
/swift/data |
Query Swift data file listings for an observation |
GUANO
| Method | Path | Description |
|---|---|---|
GET |
/swift/guano/ |
Query BAT GUANO (Gamma-ray Urgent Archiver for Novel Opportunities) data |
Swift Operations (admin)
| Method | Path | Description |
|---|---|---|
GET |
/swift/commands |
Query TOO command uploads |
GET |
/swift/manypoints |
Query many-point command files |
GET |
/swift/too_commands |
Query TOO commands |
GET |
/swift/too_groups |
Query TOO command groups |
NICER
| Method | Path | Description |
|---|---|---|
GET |
/nicer/visquery |
Compute NICER target visibility windows |
GET |
/nicer/planquery |
Query the NICER plan |
Utilities
| Method | Path | Description |
|---|---|---|
GET |
/resolve/ |
Resolve a source name to RA/Dec coordinates |
Backwards Compatibility
| Method | Path | Description |
|---|---|---|
GET |
/compat/jwt |
Validate a legacy v1 JWT token |
Submitting a TOO request
TOO requests are submitted by POSTing to /api/v2/swift/too with an application/x-www-form-urlencoded body. Required fields are:
| Field | Type | Description |
|---|---|---|
target_name |
string | Source name |
target_type |
string | Source type |
ra |
number | Right Ascension (degrees, 0–360) |
dec |
number | Declination (degrees, −90–90) |
obs_type |
string | Observation type: Spectroscopy, Light Curve, Position, or Timing |
science_just |
string | Science justification |
immediate_objective |
string | Immediate objective |
exposure |
integer | Requested exposure time (seconds) |
exp_time_just |
string | Exposure time justification |
Optional fields include urgency (0–4, default 3), instrument (XRT, UVOT, or BAT, default XRT), xrt_mode, uvot_mode, tiling, num_of_visits, monitoring_freq, and many others documented in the SwiftTOOPostSchema.
A successful submission returns HTTP 201 and a SwiftTOOStatusSchema body containing the assigned too_id.
Moving forward
We strongly recommend using the supplied Python implementation of the API (swifttools 4.0+). This abstracts the REST calls above and provides a simple, Pythonic interface to the TOO API. Please review the documentation for the Python API and the examples available as Jupyter Notebooks.