nexxOMNIA API
  • Introduction
  • API Design
    • Endpoint and Authorization
    • Query Parameters
    • Response Object
  • Media API
    • Usage
    • Endpoints
      • Media Data
      • All Media Data
      • Template Data
      • Processing
  • Management API
    • Usage
    • Endpoints
      • Domain Data
      • System Data
      • Media Management
      • Media Export Management
      • Domain Management
      • Statistics
  • Frontend API
    • Usage
    • Endpoints
      • Media Interactions
      • Session Management
      • User Endpoint
      • Payment Processing
  • API Clients
    • PHP
    • NodeJS
  • Notification Gateway
  • Changelog
Powered by GitBook
On this page
  • Endpoint and URL Structure
  • Authorization

Was this helpful?

  1. API Design

Endpoint and Authorization

Endpoint and URL Structure

Each API Call will target the Endpoint:

https://api.nexx.cloud/v3.1/

HTTPS is not necessary, but strongly recommended. The API will return appropriate CORS Headers for XHR/FETCH Calls.

As a general Rule, the URL is constructed like the following:

https://api.nexx.cloud/v3.1/:domainid/:context/:operation/:parameter

The :context Parameter is related to the API, that is called. If you want to list all Videos of a Domain, :context would be "videos" and :operation would be "all" (as Part of the Media API).

If you need Domain Information, :context would be "domain" and :operation would be "publicinfo" (as Part of the Management / Domain Data API).

Except the :parameter Part of the Path, each URL Part is necessary and cant be skipped.

Each Method can be enhanced by Query Parameters and Output Modifiers. Query Parameters influence the Operation and therefore the returned Result Set and Output Modifiers modify the Level of Details of the Response Object.

Authorization

Each API Call must be signed in order to get processed. Furthermore, every Call must submit a valid Session ID (except the /session/init Call).

The nexxOMNIA API will be signed via HTTP Headers. Each Call must add the following additional HTTP Headers:

Header

Description

X-Request-CID

The Session ID

X-Request-Token

The API Call Signature

Although every API Call needs a valid Session ID, it is NOT necessary for Backend Operations to initiate Sessions. For Backend Operations, 3Q nexx offers an "eternal" Session, that should be used (and never be exposed to a Frontend)

The API Call Signature is a dynamic String, that has to be constructed before every Call. It is built using well-known Properties like this:

Signature = MD5( API-OPERATION + DOMAIN-ID + DOMAIN-SECRET )

The API-OPERATION is explained above - it is the Method of the selected API Endpoint.

The DOMAIN-ID is the ID of the calling Domain.

The DOMAIN-SECRET is a secret Value, given by 3Q nexx. It should NEVER be exposed to a Frontend.

For Illustration, lets build an Example:

//calling the following API 
"https://api.nexx.cloud/v3.1/123/videos/byid/9999"

//would need the folloxing Request Token
MD5( "byid" + 123 + SECRET)

Please notice, that the :domainid Part of the API is skipped for Brevity in all later Documentations, as it never changes.

PreviousAPI DesignNextQuery Parameters

Last updated 1 year ago

Was this helpful?