Authentication
The QUIS API uses an API key to authenticate requests. You can view and manage your API key in your company settings. Only your company's admins can access and manage the keys.
You are responsible for keeping your keys secure. We recommend keeping them hidden to prevent abuse. However, some applications require their use in the frontend. We therefore added a security feature to make it more difficult to abuse compromised keys.
Domain: Since v1.4.0 keys have an optional domain scope, meaning the request only returns a successful response
from a specific domain. In addition, this sets related CORS
headers to enable browser security
features and prevent simple integration on other domains. The following examples show how we evaluate different values:
- an empty entry will not send any
CORS
headers; browsers will block their frontend usage quis.de
validates only the exact domainquis.de
developer.quis.de
validates only the exact subdomaindeveloper.quis.de
*quis.de
or*.quis.de
validate any wildcard domain, such asquis.de
anddeveloper.quis.de
*.developer.quis.de
validates any wildcard subdomain, such asdeveloper.quis.de
anddemo.developer.quis.de
Authentication to the API is performed via query
or body
parameters. Examples are provided in each endpoint's
documentation.
All API requests must be made over HTTPS
. Calls made over plain HTTP
will be redirected and may fail. API requests
without authentication will also fail.
Request Log
QUIS provides a request log and statistics in your company settings. The request log contains all your valid requests made to the QUIS API, meaning for example requests with invalid params are not logged. You can export your requests as a CSV file for further analysis.
Field | Description | Type | Remarks |
---|---|---|---|
id | Request id returned in the X-Request-Id header | UUID | e. g. 3eaeb60c-7d74-4961-b2d2-02e6602a8162 |
timestamp | Timestamp of the request | string | e. g.: 2022-04-26T15:27:23.640+02:00 |
isBillable | Whether the request is billable or not | boolean | responseCode >= 200 && responseCode < 300 |
endpoint | Path of the requested endpoint | string | |
endpointGroup | The group the endpoint belongs to | string | |
apiKey | Last four digits of the api key | string(4) | |
ipAddress | Ip address of the client | string | e. g. 127.0.0.1 |
responseCode | Response code | integer | |
params | The request params | object | |
latitude | The latitude of the requested location | float | e. g. 50.123456 |
longitude | The longitude of the requested location | float | e. g. 10.123456 |
customId | Custom id provided by the customer | string(64) | Set by sending a X-Custom-Id header |
customClientId | Custom client id provided by the customer | string(64) | Set by sending a X-Custom-Client-Id header |