> For the complete documentation index, see [llms.txt](https://api.docs.nexx.cloud/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://api.docs.nexx.cloud/api-design/authorization.md). # Endpoint and Authorization ## Endpoint and URL Structure Each API Call will target the Endpoint: **`https://api.nexx.cloud/v3.1/`** {% hint style="info" %} HTTPS is not necessary, but strongly recommended. The API will return appropriate CORS Headers for XHR/FETCH Calls. {% endhint %} As a general Rule, the URL is constructed like the following: **`https://api.nexx.cloud/v3.1/:domainid/:context/:operation/:parameter`** {% hint style="info" %} The **:context** Parameter is related to the API, that is called. If you want to list all Videos of a Domain, **:context** would be "**videos**" and **:operation** would be "**all**" (as Part of the Media API). If you need Domain Information, **:context** would be "**domain**" and **:operation** would be "**publicinfo**" (as Part of the Management / Domain Data API). Except the **:parameter** Part of the Path, each URL Part is necessary and cant be skipped. {% endhint %} Each Method can be enhanced by Query Parameters and Output Modifiers. Query Parameters influence the Operation and therefore the returned Result Set and Output Modifiers modify the Level of Details of the Response Object. ## Authorization Each API Call must be signed in order to get processed. Furthermore, every Call must submit a valid Session ID (except the **`/session/init`** Call). The nexxOMNIA API will be signed via HTTP Headers. Each Call must add the following additional HTTP Headers: | Header | Description | | ------------------- | ---------------------- | | **X-Request-CID** | The Session ID | | **X-Request-Token** | The API Call Signature | {% hint style="info" %} Although every API Call needs a valid Session ID, it is NOT necessary for Backend Operations to initiate Sessions. For Backend Operations, 3Q nexx offers an "eternal" Session, that should be used (and never be exposed to a Frontend) {% endhint %} The API Call Signature is a dynamic String, that has to be constructed before every Call. It is built using well-known Properties like this: ``` Signature = MD5( API-OPERATION + DOMAIN-ID + DOMAIN-SECRET ) ``` {% hint style="info" %} The **API-OPERATION** is explained above - it is the Method of the selected API Endpoint. {% endhint %} {% hint style="info" %} The **DOMAIN-ID** is the ID of the calling Domain. {% endhint %} {% hint style="info" %} The **DOMAIN-SECRET** is a secret Value, given by 3Q nexx. It should NEVER be exposed to a Frontend. {% endhint %} For Illustration, lets build an Example: ```php //calling the following API "https://api.nexx.cloud/v3.1/123/videos/byid/9999" //would need the folloxing Request Token MD5( "byid" + 123 + SECRET) ``` {% hint style="info" %} Please notice, that the **:domainid** Part of the API is skipped for Brevity in all later Documentations, as it never changes. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://api.docs.nexx.cloud/api-design/authorization.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.