Link Search Menu Expand Document

API Properties

Our APIs are provided as a REST service. New resources are added without notice. Deprecations are published as a news article and listed on the deprecations page 6 months before the resources are removed. The rest of this page explains the general workings and behaviour of our APIs. The list of available APIs and their documentation can be found here.

Environments

We have three different environments.

environment use URL
DEVELOPMENT Developing your connector using fictional data https://api-development.ons.io
STAGING Test your connector on a customer’s test environment https://api-staging.ons.io
PRODUCTION Run your connector on a customer’s production environment https://api.ons.io

Contexts

In the past, Ons API was offered in different contexts resulting in different base paths. Only the technical context, with base path /t/ is being used now. For backwards compatability, all endpoints must still be prepended with the /t/ base path (except for the /ping endpoint). Thus, the /clients/{id} endpoint on development will look like api-development.ons.io/t/clients/3.

HTTP Methods

Our APIs support the REST verbs as expected.

GET

Used to retrieve resources and related data. Query parameters are used to select a sub-set or apply some sort of filtering. Query parameters are almost always optional. Requests do not change server state. Common urls include:

Format Use
/resource request all entries
/resource/42 request a particular entry
/resource/42/sub_resource request all entries related to an entry
/resource/x-stream-connect/data.xml request all entries in a streaming matter

POST

Used to create new resources or perform some kind of action. POST requests are also used when sensitive data is transferred (like a login). For a 200 return status the same resource is returned with some updated fields. Requests change server state.

Format Use
/resource create a new resource
/resource/42/sub_resource create a new sub-resource for resource
/resource/42/action perform action for resource

PUT

Used to update an existing resource. The behaviour for POST also applies to PUT.

Format Use
/resource/42 update resource

DELETE

Removes a particular resource or removes a relation between resources.

Format Use
/resource/42 delete resource

Headers

It is possible to add headers to HTTP requests to our API. There are three headers that are of interest.

Accept

This header is required and defines the returned format. For most cases requesting json or xml will be enough. Some APIs return octet-streams (bytes) and the /ping returns text/plain. If you request something that can’t be given, you’ll receive a 406 status code. You can enter multiple formats. The first one indicates your preference. Weights should also be supported.

Accept: application/json,application/xml

Content-Type

Required for POST and PUT calls. This header indicates the format used in the http body. You can only have one. The charset is optional but recommended.

Content-Type: application/xml;charset=utf-8

User-Agent

The User-Agent header is optional but it would help us to identify your requests when something goes wrong.

User-Agent: connector/1.1+http://your-domain.com

Where connector should be replaced with the name of your connector.

HTTP Response codes

Below you can find a table with http response codes you can expect.

Status Text Description
200 OK GET: valid response with your requested data in the response body. POST/PUT: valid response with your given resource enriched with some extra data in the response body.
201 Created POST: object created, response has no body. There’s a Location header with the path where you can find the resource.
202 Accepted PUT: changes are accepted, no response body.
204 No Content POST: used for actions which were successful. GET: resource requested had no content.
400 Bad request GET: the combination of query params is invalid. POST/PUT: the given content is incorrect. You’ll receive an ErrorResponse body indicating what was wrong.
401 Unauthorized You have insufficient rights to access the resource.
402 Payment required Reserved for future use.
403 Forbidden Authentication unsuccessful.
404 Not found The requested resource was not found.
406 Not acceptable Wrong Accept header.
409 Conflict POST: The given resource already exists or was changed by another call.
423 Locked GET: The given resource is not yet ready. This is the case for delayed jobs that take some time to process.
429 Too many requests You are being rate limited.
500 Internal server error Something blew up on our side. We most likely got an error report, but it doesn’t hurt to report it.
502 Bad gateway invalid upstream, this happens during updates.
503 Service unavailable A service is down, this happens during updates.
504 Gateway timeout A timeout somewhere in our infrastructure. This could happen due to updates or when our network is congested. It can also happen when your network is congested or broken.

Rate limiting

Currently we limit requests per connector to the following:

  • 4 requests in parallel
  • 100 requests per second
  • 10.000 seconds of request time per day

The latest is measured as a sum for all requests being done. This can be 100.000 requests that take 100 milliseconds each or 1 request that takes 10.000 seconds. This is currently not enforced but will be in the future. If you go over the limit, you’ll receive a 429 status code.

Versioning

Our APIs are not versioned. Rather, we rely on marking resources as deprecated 6 months prior to removal. Keep an eye on the deprecation article and be prepared to adjust your connector. New resources are added as they become available, without further notice.