AroFlo MCP

userposition.md•4.97 KiB

# UserPosition This zone is READ ONLY. [Permission Groups](https://help.aroflo.com/display/SiteAdmin/Permission+Groups) are how we can define user access in AroFlo. These settings are deep and complex and so are not able to be recreated via AroFlo API and can only be retrieved. **Authorization:** bearer --- ### GET Get UserPosition `GET https://api.aroflo.com/{{urlVarString}}` Get all of the `permissiongroups` data for your AroFlo site. ``` if (requestType == 'GET') { var urlVarString = [ 'zone=' + encodeURIComponent('permissiongroups') ,'page=' + encodeURIComponent('1') ]; urlVarString = urlVarString.join('&'); } ``` **Authorization:** bearer **Headers:** | Header | Value | Description | | --- | --- | --- | | `Authentication` | `HMAC {{af_hmac_signature}}` | | | `HostIP` | `XXX.XXX.XXX.XXX` | | | `Authorization` | `{{Authorization}}` | | | `Accept` | `text/json` | | | `afdatetimeutc` | `{{af_iso_timestamp}}` | | **Pre-request Script:** ```javascript //What type of HTTP Request we're making GET|POST var requestType = 'GET'; //When using a GET request set the urlVarString. //Also ensuring that all values are URIencoded if (requestType == 'GET') { var urlVarString = [ 'zone=' + encodeURIComponent('UserPosition') ,'page=' + encodeURIComponent('1') ]; urlVarString = urlVarString.join('&'); pm.environment.set("urlVarString", '?' +urlVarString); //We now call the Authentication function and pass it our requestType and urlVarString AroFloAuth(requestType, urlVarString) } //The Authentication flow has been moved into a function to highlight that this is code that you must replicate in your own system/app/language //and must be called for every request. Each request requires it's own HMAC signature. function AroFloAuth(requestType, VarString) { //secret_key is a new auth key shown once only in the AroFloAPI Settings page. let secret_key = pm.environment.get('secret_key'); //We now need to set a timestamp as an ISO 8601 UTC timestamp e.g. "2018-07-25T01:39:57.135Z" let d = new Date(); let isotimestamp = d.toISOString(); //You need to send us what IP you are sending from let HostIP = pm.environment.get('HostIP'); //urlPath is currently '' and should not be changed let urlPath = ''; //rather than setting &format in the URL Variable scope, we now define an accept header //accept can be either 'text/json' or 'text/xml' let accept = pm.environment.get('accept'); //we also removed the uEncoded,pEncoded & orgEncoded from the URL variable scope and it is now set as an Authorization header //All values should be URIencoded let Authorization = 'uencoded='+encodeURIComponent(pm.environment.get('uEncoded'))+'&pencoded='+encodeURIComponent(pm.environment.get('pEncoded'))+'&orgEncoded='+encodeURIComponent(pm.environment.get('orgEncoded')); //Setting the first field to our request type GET|POST let payload = [requestType]; //If the HostIP hasn't been set then we can exclude that from our Auth string. Just remember to also exclude it from your header if (typeof HostIP != 'undefined') { payload.push(HostIP); pm.environment.set("HostIP", HostIP); } //We now add the rest of the fields needed to our payload array payload.push(urlPath); payload.push(accept); payload.push(Authorization); payload.push(isotimestamp); payload.push(VarString); //Create our hash using all of the fields we added to the payload array as a string, separated by '+' and encoded with our secret_key let hash = CryptoJS.HmacSHA512( payload.join('+'), secret_key); //Update the environment variables pm.environment.set("urlPath", urlPath); pm.environment.set("accept", accept); pm.environment.set("Authorization", Authorization); pm.environment.set("af_hmac_signature", hash.toString()); pm.environment.set("af_iso_timestamp", isotimestamp); }//end function ``` ### Example Responses #### Get UserPosition (OK 200) ```json { "status": "0", "statusmessage": "Login OK", "zoneresponse": { "userpositions": [ { "Position": "Commander", "listorder": "2", "org": { "orgid": "JCdKUyZRMCAgCg==", "orgname": "Bradley Sandbox BU" }, "archive": "false", "positionid": "JCYqVyNRQCAgCg==" }, { "Position": "Protege", "listorder": "1", "org": { "orgid": "JCdKUyZRMCAgCg==", "orgname": "Bradley Sandbox BU" }, "archive": "false", "positionid": "JCYqVyNQMCAgCg==" }, { "Position": "Wookiee", "listorder": "0", "org": { "orgid": "JCdKUyZRMCAgCg==", "orgname": "Bradley Sandbox BU" }, "archive": "false", "positionid": "JCYqVyNQICAgCg==" } ], "maxpageresults": 500, "pagenumber": "1", "generatedisplayresponsetime": 0, "queryresponsetimes": { "userpositions": 15 }, "currentpageresults": 3 } } ```

Loading blob content...

Latest Blog Posts

Redis vs ioredis vs valkey-glide
By punkpeye on January 26, 2026.
benchmark
Redis
valkey
Quickstart: Publish an MCP Server to the MCP Registry
By punkpeye on January 24, 2026.
mcp
official reference mirror
Official MCP Registry Server.json Requirements
By punkpeye on January 24, 2026.
mcp
official reference mirror

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/0x1NotMe/aroflo-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

userposition.md•4.97 KiB