Authentication
The QUIS API uses an API key to authenticate requests. You can view and manage your API key in your company settings. Only your company's admins can access and manage the keys.
You are responsible for keeping your keys secure. We recommend keeping them hidden to prevent abuse. However, some applications require their use in the frontend. We therefore added a security feature to make it more difficult to abuse compromised keys.
Domain: Since v1.4.0 keys have an optional domain scope, meaning the request only returns a successful response
from a specific domain. In addition, this sets related CORS headers to enable browser security
features and prevent simple integration on other domains. The following examples show how we evaluate different values:
- an empty entry will not send any
CORSheaders; browsers will block their frontend usage quis.devalidates only the exact domainquis.dedeveloper.quis.devalidates only the exact subdomaindeveloper.quis.de*quis.deor*.quis.devalidate any wildcard domain, such asquis.deanddeveloper.quis.de*.developer.quis.devalidates any wildcard subdomain, such asdeveloper.quis.deanddemo.developer.quis.de
Authentication to the API is performed via query or body parameters. Examples are provided in each endpoint's
documentation.
All API requests must be made over HTTPS. Calls made over plain HTTP will be redirected and may fail. API requests
without authentication will also fail.
Request Log
QUIS provides a request log and statistics in your company settings. The request log contains all your valid requests made to the QUIS API, meaning for example requests with invalid params are not logged. You can export your requests as a CSV file for further analysis.
| Field | Description | Type | Remarks |
|---|---|---|---|
| id | Request id returned in the X-Request-Id header | UUID | e. g. 3eaeb60c-7d74-4961-b2d2-02e6602a8162 |
| timestamp | Timestamp of the request | string | e. g.: 2022-04-26T15:27:23.640+02:00 |
| isBillable | Whether the request is billable or not | boolean | responseCode >= 200 && responseCode < 300 |
| endpoint | Path of the requested endpoint | string | |
| endpointGroup | The group the endpoint belongs to | string | |
| apiKey | Last four digits of the api key | string(4) | |
| ipAddress | Ip address of the client | string | e. g. 127.0.0.1 |
| responseCode | Response code | integer | |
| params | The request params | object | |
| latitude | The latitude of the requested location | float | e. g. 50.123456 |
| longitude | The longitude of the requested location | float | e. g. 10.123456 |
| customId | Custom id provided by the customer | string(64) | Set by sending a X-Custom-Id header |
| customClientId | Custom client id provided by the customer | string(64) | Set by sending a X-Custom-Client-Id header |