API Features

The API supports a broad range of messaging formats and security features. No matter the use case, the API can be configured to adapt to your organization’s policies.

Messaging

The platform API supports different methods of authentication requirements. API clients can send requests and receive response in SOAP 1.1, SOAP 1.2, REST (XML), and REST (JSON).

Authentication

User Name and Password Authentication

The simplest method of authentication is through the use of a user name and password. The Authenticate API operation requires these credentials and returns an authentication ticket. This authentication ticket should be used on subsequent requests. The authentication ticket will expire after a period of time (typically one hour), after which API applications need to request a new authentication ticket to continue sending requests.

Digital Signature

A more secure method of authentication is through the use of digital signatures. Digital signatures are created by signing a request with a hash-based message authentication code (HMAC) algorithm (SHA1 or SHA256) and a private key. A shared public key is needed to verify the signature. To use this method, a public key certificate must be uploaded to a site’s configuration or uploaded to an individual user.

* Public Key Certificate files can be in any common X.509 formats

Timestamps

To prevent the likelihood of replay attacks, each API request must include a timestamp of the request. Requests will be become invalid after a given period of time depending on the operation. You should ensure your API applications are synced with a time server.