Endpoint and Authorization
Endpoint and URL Structure
Each API Call will target the Endpoint:
https://api.nexx.cloud/v3.1/
HTTPS is not necessary, but strongly recommended. The API will return appropriate CORS Headers for XHR/FETCH Calls.
As a general Rule, the URL is constructed like the following:
https://api.nexx.cloud/v3.1/:domainid/:context/:operation/:parameter
The :context Parameter is related to the API, that is called. If you want to list all Videos of a Domain, :context would be "videos" and :operation would be "all" (as Part of the Media API).
If you need Domain Information, :context would be "domain" and :operation would be "publicinfo" (as Part of the Management / Domain Data API).
Except the :parameter Part of the Path, each URL Part is necessary and cant be skipped.
Each Method can be enhanced by Query Parameters and Output Modifiers. Query Parameters influence the Operation and therefore the returned Result Set and Output Modifiers modify the Level of Details of the Response Object.
Authorization
Each API Call must be signed in order to get processed. Furthermore, every Call must submit a valid Session ID (except the /session/init
Call).
The nexxOMNIA API will be signed via HTTP Headers. Each Call must add the following additional HTTP Headers:
Header
Description
X-Request-CID
The Session ID
X-Request-Token
The API Call Signature
Although every API Call needs a valid Session ID, it is NOT necessary for Backend Operations to initiate Sessions. For Backend Operations, 3Q nexx offers an "eternal" Session, that should be used (and never be exposed to a Frontend)
The API Call Signature is a dynamic String, that has to be constructed before every Call. It is built using well-known Properties like this:
The API-OPERATION is explained above - it is the Method of the selected API Endpoint.
The DOMAIN-ID is the ID of the calling Domain.
The DOMAIN-SECRET is a secret Value, given by 3Q nexx. It should NEVER be exposed to a Frontend.
For Illustration, lets build an Example:
Please notice, that the :domainid Part of the API is skipped for Brevity in all later Documentations, as it never changes.
Last updated