API basics

at cross river, we have a robust set of apis spanning our suite of products to access our apis and try them out in our sandbox, contact integration support to get started our apis are organized around rest, have object oriented urls, accept form encoded request bodies, return json encoded responses, and use standard http response codes, authentication, and methods when you call an api, you've sent a request the answer you receive back is the response resource/object a resource (object) is the category of information that you want to receive information for, via api for example, in our p2c product, a card and a transaction are resources, and in our lending product, a loan is a resource endpoints and methods an endpoint is the url address of an api that you want to retrieve you can retrieve an endpoint by using a method the method is the prefix you add to your endpoint to send the relevant api request they are get a get request retrieves resource information a get request never has a body post a post request adds or creates a resource put a put request updates or fixes resource information delete a delete request deletes or cancels a resource patch a patch request updates or fixes a smaller scope of resource information parameters there are 3 types of parameters path a path parameter can be added to a url endpoint to return a specific response the path parameter is added to the url in curly brackets ( { } ) and follows a backslash ( / ) for example, if you want to retrieve specific information on an account, you can add /{accountnumber} to the url when your api includes curly brackets, a path parameter is required body body parameters are the data included in the body of an api, and the information they represent can be changed the body of the request and response messages are called payloads query a query parameter narrows down and filters the results of your request based on the information you are requesting the query parameter is added to the url and follows a question mark ( ? ) only get calls use query parameters request headers a request header is an http header used in a request that provides information about the request context it let's the server tailor the response in our documentation requests are presented in curl header description authorization {bearer token} authorization credentials for http authentication include the bearer token in the authorization header content type required for operations with a request body such as post and put requests the value is application/json indicating that the request body format is json to override the content type in your clients, use the accept header, append the json suffix or ?format=json to embed the response in a json callback, append ?callback=mycallback accept application/json sets the output type to json curl location request get 'https //cr sandbox domain/{xxx} \ header 'accept application/json' \ header 'authorization {bearer token}' 'https //cr sandbox domain/' request id for every request, the response header contains a response headers value this unique identifier is used by the cross river support team for troubleshooting we strongly recommend you save this identifier response codes http code description 1xx informational response we received the request and processing continues 2xx success we successfully received, understood, and accepted the request 200 success 202 we've accepted the request but need more time to process it 3xx further action needs to be taken to complete the request 4xx the request contains bad syntax or cannot be fulfilled 400 there is something wrong with the data in your request or the request can't be processed 401 there is an issue with your api access token 403 your token is good but you don't have permission to do what is being requested 404 the resource specified doesn't exist 409 the resource is in a conflicted state most likely due to simultaneous operations being performed your request should be retried 429 too many requests are being sent at once 5xx server error the server failed to fulfill an apparently valid request 500 technical difficulties on our end putting it all together when you're ready to start trying out our apis and you've contacted customer support, they will send you a client id and a password after you're authorized into our system with the credentials, you'll receive an access token (a bearer token) add the access token to your header, and you can then start calling our apis you can send api requests using the command line with a tool such as curl or by using a tool such as postman with any tool that you use, you have to add information to the endpoint of a call