The QUIS API uses an API key to authenticate requests. You can view and manage your API key in your company settings. Only your company's admins can access and manage the keys.
You are responsible for keeping your keys secure. We recommend keeping them hidden to prevent abuse. However, some applications require their use in the frontend. We therefore added a security feature to make it more difficult to abuse compromised keys.
Domain: Since v1.4.0 keys have an optional domain scope, meaning the request only returns a successful response from a specific domain. In addition, this sets related
X-Frame-Options headers to enable browser security features and prevent simple integration on other domains. The following examples show how we evaluate different values:
- an empty entry will not send any
X-Frame-Optionsheaders; browsers will block their frontend usage
quis.devalidates only the exact domain
developer.quis.devalidates only the exact subdomain
*.quis.devalidate any wildcard domain, such as
*.developer.quis.devalidates any wildcard subdomain, such as
Authentication to the API is performed via
body parameters. Examples are provided in each endpoint's documentation.
All API requests must be made over
HTTPS. Calls made over plain
HTTP will be redirected and may fail. API requests without authentication will also fail.
QUIS provides a request log and statistics in your company settings. The request log contains all your valid requests made to the QUIS API, meaning for example requests with invalid params are not logged. You can export your requests as a CSV file for further analysis.
|id||Request id returned in the ||UUID||e. g. |
|timestamp||Timestamp of the request||string||e. g.: |
|isBillable||Whether the request is billable or not||boolean|
|endpoint||Path of the requested endpoint||string|
|endpointGroup||The group the endpoint belongs to||string|
|apiKey||Last four digits of the api key||string(4)|
|ipAddress||Ip address of the client||string||e. g. |
|params||The request params||object|
|latitude||The latitude of the requested location||float||e. g. |
|longitude||The longitude of the requested location||float||e. g. |
|customId||Custom id provided by the customer||string(64)||Set by sending a |
|customClientId||Custom client id provided by the customer||string(64)||Set by sending a |