AppDirect APIs use an OAuth-authenticated REST interface that facilitates API access to its database by partners and developers. You can authenticate using the OAuth or OAuth 2.0 standard protocols. Once authenticated, API users can read, create, edit, or delete marketplace records.
All API requests must be made over HTTPS. Any calls made over HTTP will fail. API requests without authentication will also fail.
Any authenticated API call requires an API Client to be created so that AppDirect and your product can exchange keys and secrets. Marketplace Managers can create any number of API Clients from Marketplace > Settings > Integration | API Clients.
Keys should be kept as private as possible to protect your data. Once generated, do not share your API keys in publicly accessible areas such as client-side code or code sharing platforms.
By default, API results are returned as JSON. To always have JSON returned, include the Accept header in your request:
When sending data via POST or PUT, your request must include the content type:
If any requests are formatted incorrectly or are invalid, AppDirect responds with status code 400 Bad Request.
AppDirect supports authenticating with OpenID Connect to authorize our Account APIs (for example, Create User, Update User, and so on). OpenID Connect is commonly used for API authentication on mobile and tablet devices. For more information about the OpenID Connect authorization layer for the OAuth 2.0 protocol, see http://openid.net/connect/.
To enable OpenID Connect, Channel Administrators must configure one or more grant types when setting up an API client. After grant types are defined, they can be used to pass user data to client API calls.
All AppDirect APIs require authentication except a few marketplace APIs, which are public by default:
- Product and Bundle APIs, excluding the "Read a product status" and "Read a bundle status" APIs
- Edition and Payment Plan APIs
- List Domains
- List Product Tags
- List FAQs