API Documentation

Client account, back-office and all platform modules work with the database files through the API, and not directly. API controls the access, integrity and correctness of incoming data.

General description

How does the API work?

API is a key node

This documentation describes all API methods for the following actions:

  • getting lists of objects (list method)
  • list filtering (list method with filters array in data variable)
  • getting detailed information about each of the objects (show method)
  • receiving data for the object adding form (add method)
  • saving data on a new object (store method)
  • receiving data for the object update form (edit method)
  • saving the data of the updated object (update method)

Checking by IP address

The API only accepts requests coming from a limited list of IP addresses (for example, the client's account site or the back-office site).

Any request to the API from an IP address that is not on the allowed list will be rejected.

This is done to prevent DDoS attacks on the API, attempts to falsify requests, and hacking experiments.

The users always access the platform’s public website (client’s account or back-office), and this site itself makes the necessary data request from the platform’s API. Since the IP address of the site is fixed, it will be on the list of allowed ones.

URL and Method

All requests to API are made using the following HTTP methods:

  • GET for list, show, add and edit
  • POST for store
  • PUT for update
  • DELETE for delete

Each API section contains the URL by which a request for the respective data shall be made.

The HTTP request method is given before each URL.

Sending a request

Each request should always contain 4 variables:

  1. data (an array of data for the API in the form of a json string)
  2. user (an array of data about the current user who makes this request, in the form of a json string)
  3. time (current time in UTC time zone)
  4. hash (digital signature in the form of a hash to verify that the request to the API is definitely made from an authorized source)

Getting a response

If the request is successful, the API always returns two variables:

  1. status = true (means that the request has been successfully executed)
  2. data (array of data returned by the API, as a json string)

In case of unsuccessful execution of the request, the API shows the variables:

  1. status = false (means that there is an error)
  2. error (text string describing the error)

Digital signature

Each API request must contain a hash variable, which is the digital signature of the request.

hash = md5($json . $time . $salt)

  • md5, sha256, bcrypt - available encryption algorithms
  • $json - the json string specified in the data variable
  • $time - the time string from the time variable
  • $salt - a fixed unique value (“salt”) for the platform’s API


Each section provides examples of real API requests and sample responses for clarity