REST and authentication

 

The API services use a RESTful architecture and require HTTP authentication.

All POST and PUT requests expect a data payload to be sent as the HTTP body, together with specific header values. The request payload is always JSON format (which must be specified using the Content-Type header). JSON does not enforce element order within messages and any client implementation must not assume an order within elements.

HTTP header

Here is an example of a complete list of required headers:

Content-Type: application/json Accept: application/json accountId: 123456 Ocp-Apim-Subscription-Key: a2ad7ce1c5814593bddcb9d2a3ec8f91
The Content-Type header

The client must specify the content type of the request body within the HTTP header. The client is required to send JSON content in the body, the following header needs to be specified:

Content-Type: application/json
The Accept header

The API services only return JSON formatted data, therefore the client must accept this data representation. The following header must be specified:

Accept: application/json
The Account Number header

Many API services require the client to specify the charge account number. The account number is specified within the header as Account-Number:

accountId: 123456

If this header is not specified and is required for an API service call, a 400 Bad Request error is returned.

OneFlo account numbers are 6 digits long.

Authentication

API Key Header is used for all API service calls. The client must always provide.

Ocp-Apim-Subscription-Key: a2ad7ce1c5814593bddcb9d2a3ec8f91

Â