CBORD GETServices API Docs

Appearance

API Wrapper Overview

IMPORTANT

For the Wrapper API, every HTTP Request Body is formatted in JSON. Please ensure Content-Type Request Headers are set to application/json unless otherwise documented. You will receieve an error if your Request Body is formatted incorrectly.

Accessing the Wrapper's API Endpoints

The API Wrapper has a configurable ENABLE_KV Environment Variable which, if set to true, enables Key Validation for all API Endpoints, unless otherwise stated. If ENABLE_KV is true, you must also configure the SERVICE_ACCESS_TOKEN Environment Variable.

SERVICE_ACCESS_TOKEN accepts a string of valid of Access Tokens. Multiple Access Tokens can be provided as long as they're separated with a comma.

Generating Hashes

Hashes are the SHA-256 hash of a string ("Access Token"). The hash of the Access Token is provided to the user ("User Access Token"), and the original Access Token is stored in the SERVICE_ACCESS_TOKEN Environment Variable.

Sending Access Token With Request

If the hosted instance of the API Wrapper has Key Validation enabled, individuals making requests to said API must provide a User Access Token to make most API requests. To provide your User Access Token, you can send it along with your request body under the key svc_at followed by the User Access Token. For instance:

json
{
    // request_body
    // ...
    "svc_at": "{REPLACE_W_USER_ACCESS_TOKEN}"
}

Available API Types

WARNING

Note that some pages are just missing response objects. It's kind of hard to account for something when you don't know what to expect. As of now, if there's an error, we just return CBORD's error messages in those situations, and I'd have to imagine they follow the same JSON structure with a response and an exception key.

Authentication

These APIs are authentication related - either signing into an account, or renewing a session.

User

These APIs are user related - for instance, pulling user profiles, or setting per-device user account PINs.

Commerce

These APIs are any transactional requests like getting user account balances, transaction history, checking accessible user locations, and activating locations remotely.

Institution

These APIs are related to any Institution-related settings. This is mainly for documentation.

Custom Wrapper APIs

These APIs are for essentially anything else that adds additional functionality into the API Wrapper and aren't just copies of CBORD's API with minor tweaks.
Some errors returned by the Wrapper API will have an error code prefixed with WA. If so, these are likely to be Custom Wrapper APIs which have errors that are not from CBORD directly.