Description of API
FreshMail’s API was created based on REST patterns. Communication is based on sending HTTP commands to https://api.freshmail.com/rest/ along with the requested data. Replies are sent in JSON format.
Authentication
Every API command sent needs authentication, which is obtained by sending HTTP headers:
| X-Rest-ApiKey | Contains unique access key for API. Each client has a unique key.subscription → subscription lists → advanced options and API |
|---|---|
| X-Rest-ApiSign | Contains command signature which is generated on the basis of parameters sent in the command or on the basis of ApiSecret. |
There are two diagrams for generating X-Rest-ApiSign, as described below:
Diagram based on URL-encoded query:
Add Content-Type header in the http command with this value:
text/html lub application/xml lub application/json, for example:
Content-Type: application/json
An X-Rest-ApiSign can be generated this way based on the algorithm:
sha1( ApiKey + GET_data + POST_data + ApiSecret )
where:
| ApiKey | 32 character Api key. |
|---|---|
| GET_data | Full access path - for example,. /rest/ping, /rest/mail itp. More details in “Access Path” section. |
| POST_data | POST data placed in the command. If only GET data is in the command, the POST_data will be empty. Values must be escaped for the needs of the URL. For example, email=test%40test.pl&subject=test+email |
| ApiSecret | 40 characters, unique secret for each client. New keys must be generated immediately in case of a compromised key. |
Diagram based on JSON:
A Content-Type header must be added in the command in the form of:
Content-Type: application/json
A X-Rest-ApiSign can then be generated on the basis of the algorithm:
sha1( ApiKey + GET_data + JSON_data + ApiSecret )
where:
| ApiKey | 32 character Api key. |
|---|---|
| GET_data | Full access path, for example /rest/ping, /rest/mail itp. More details in„Access path” section. |
| JSON_data | Data is sent in JSON format in commands. If the command contains only GET data, the JSON_data value is empty. An example JSON_data value: {"subscriber":"test@test.com"} |
| ApiSecret | 40 characters, unique secret for each client. New keys must be generated immediately in case of a compromised key. |
API responses
Responses to every command sent to API are in JSON format, for example -
{"status":"OK","data":[1,2,3]}
If the query is successful, the “status” will have the value of “OK”. Returned data will be labeled as “data” and Errors are labeled as “errors”. HTTP coding errors are identified in the header as, for example, 404, 403, etc. In case of an absence or an error code, the default is 200.
Error management
In case of error, the answer status will be “ERROR”, and the “errors” field will contain a description of the error or its code:
{"errors":[
{"message":"No email subject",
"code": 1202}
],
"status":"ERROR"}or
{"errors":[
{"message": "Address in wrong format",
"code": 1201},
{"message": "No email subject",
"code": 1202}
],
"status":"ERROR"}Access path
Every action that can be taken has its own access path. The path is constructed in the following way:
/rest/[Controller]/[Action]/[param]/[param]/[param]
| Controller | Name of the controller - ping, mail, etc. |
|---|---|
| Action | Name of the action within the controller |
| param | Parameter cannot contain „/”, in most cases additional GET parameters are not necessary. If required, the number and format is given in the description of the action. |
General error codes
| 500 | Server error (Internal Server Error). |
|---|---|
| 1000 | No authorization. |
| 1001 | Controller/action not found. |
| 1002 | Unsupported protocol. |
| 1003 | Unsupported command type |
| 1004 | No permission to request controller/action |