Endpoint and Authorization

Endpoint and URL Structure

Each API Call will target the Endpoint:

https://api.nexx.cloud/v3.1/

HTTPS is not necessary, but strongly recommended. The API will return appropriate CORS Headers for XHR/FETCH Calls.

As a general Rule, the URL is constructed like the following:

https://api.nexx.cloud/v3.1/:domainid/:context/:operation/:parameter

The :context Parameter is related to the API, that is called. If you want to list all Videos of a Domain, :context would be "videos" and :operation would be "all" (as Part of the Media API).

If you need Domain Information, :context would be "domain" and :operation would be "publicinfo" (as Part of the Management / Domain Data API).

Except the :parameter Part of the Path, each URL Part is necessary and cant be skipped.

Each Method can be enhanced by Query Parameters and Output Modifiers. Query Parameters influence the Operation and therefore the returned Result Set and Output Modifiers modify the Level of Details of the Response Object.

Authorization

Each API Call must be signed in order to get processed. Furthermore, every Call must submit a valid Session ID (except the /session/init Call).

The nexxOMNIA API will be signed via HTTP Headers. Each Call must add the following additional HTTP Headers:

Header

Description

X-Request-CID

The Session ID

X-Request-Token

The API Call Signature

Although every API Call needs a valid Session ID, it is NOT necessary for Backend Operations to initiate Sessions. For Backend Operations, 3Q nexx offers an "eternal" Session, that should be used (and never be exposed to a Frontend)

The API Call Signature is a dynamic String, that has to be constructed before every Call. It is built using well-known Properties like this:

Signature = MD5( API-OPERATION + DOMAIN-ID + DOMAIN-SECRET )

The API-OPERATION is explained above - it is the Method of the selected API Endpoint.

The DOMAIN-ID is the ID of the calling Domain.

The DOMAIN-SECRET is a secret Value, given by 3Q nexx. It should NEVER be exposed to a Frontend.

For Illustration, lets build an Example:

//calling the following API 
"https://api.nexx.cloud/v3.1/123/videos/byid/9999"

//would need the folloxing Request Token
MD5( "byid" + 123 + SECRET)

Please notice, that the :domainid Part of the API is skipped for Brevity in all later Documentations, as it never changes.

Last updated