The eCompliance API is a RESTful, HATEOAS enabled interface for accessing your eCMS data in JSON or XML format over HTTP. The API is intended to provide secure, predictable resource-based URLs making it simple to rapidly develop web and desktop applications that integrate with eCompliance.
The following documentation provides information for the latest version of the API. Read the contents of the page carefully to understand the general guidelines for making use of the API. If you do not currently have access to the API, or you have additional questions, please contact us at: ecompliance.support@ecoonline.com
To enable the API for your organization contact eCompliance support.
To make a request for user and organization data, the request must be authenticated using an access token. An access token can be obtained by using the token endpoint that can be found here. After obtaining the access token, the access token must be copied and pasted in the textbox found at the top of the page to the right of the eCompliance logo. After submitting by clicking the "Explore" button, the other endpoints should now be usable.
All requests for user and organization data need to be authenticated using a token. The token can be obtained by either one of the two methods given below. Tokens do expire, after which time a new token must be requested, see "Authentication token expiration" below.
How to retrieve a token with a user name and password
URL | ~/Token |
---|---|
Description | Returns a bearer token. This token is used for authentication and will expire. |
Method | POST |
Request Content Type | application/x-www-form-urlencoded; charset=utf-8 |
Request Body |
userName={userName}& password={password}& grant_type=password |
Return Data |
{ "access_token": "{veryLongApiKey}", "token_type": "bearer", "expires_in": "{minutes}", "issued": "{date}", "expires": "{date}" } |
Possible Status Codes | 200, 400, 500 |
How to retrieve a token with a API Key
The API token can be obtained by logging into eCMS, going to the settings tab and copying your API key. The API key will only be available if the API has been enabled by eCompliance.
URL | ~/Token |
---|---|
Description | Returns a bearer token. This token is used for authentication and will expire. |
Method | POST |
Request Content Type | application/x-www-form-urlencoded; charset=utf-8 |
Request Body |
ApiKey={yourApiKey}& grant_type=password |
Return Data |
{ "access_token": "{veryLongApiKey}", "token_type": "bearer", "expires_in": "{minutes}", "issued": "{date}", "expires": "{date}" } |
Possible Status Codes | 200, 400, 500 |
You can use the following information to determine when an authentication token has expired or is no longer valid.
When a token has expired, a new one must be requested. Follow the "Authentication" section above.
Message | The Authentication token has expired. |
---|---|
Possible Status Codes | 401 |
All calls to the API require that the following HTTP headers are included. An error will be returned if one of these headers is missing.
Header Name | Header Value | Notes |
---|---|---|
authorization | "bearer {access_token}" | Required for all calls except Authentication. |
x-version | "{versionNumber}" | Required for all calls. Current version is "1". |
x-site | "{id}" | Required for all calls. This is often your Organization ID or Site ID if you're using a user with less permissions. Contact ecompliance.support@ecoonline.com if you need this information. |
The API requires that all communication takes place over HTTPS.
The API uses versioning as a way to guarantee that our API contract doesn't change for developers unexpectedly. If a newer version of the API is released, previous versions will continue to function. When making a request to the API, you MUST specify the version you are expecting to use by specifying the version via HTTP header.
We occasionally release newer versions of the API. If this happens and you are registered to use the API, you�ll receive an email notifying you of the upcoming changes, and the documentation on this page will be updated accordingly.
Note that developer support is available only for the current version of the API, as well as the most recent previous version of the API.
Header Name | Header Value | Header Description |
---|---|---|
x-version | {versionNumber} | The version to use, "1", "2", etc. Not passing a version will return an error that includes the current version of the API. |
Most of the eCMS API endpoints that return lists also provide paging capabilities.
Paging Limits
http://api.ecompliance.com/inspections?page=1&pageSize=15A valid paged request will return a result similar to this:
{ "pagingInfo": { "pageNumber": 1, "pageCount": 1, "pageSize": 10, "totalNumberOfItems": 8 }, "values": [{},{}], "links": {} }Note: pagingInfo contains information regarding the amount of data. values is an array of data for the specific resource requested. links is a set of links to navigate the paged data (See HATEOAS)
Paging with HATEOAS
The API also makes use of HATEOAS links for paging. In a nutshell, developers should try and use the links from the returned JSON results for subsequent requests instead of building their own paths by hand.
The results of a page will contain these links in an array called Links:
"links": [ { "href": "http://localhost:14/api/inspections?page=3&pageSize=2", "rel": "nextPage", "method": "GET" }, { "href": "http://localhost:14/api/inspections?page=1&pageSize=2", "rel": "previousPage", "method": "GET" }, { "href": "http://localhost:14/api/inspections?page=1&pageSize=2", "rel": "firstPage", "method": "GET" }, { "href": "http://localhost:14/api/inspections?page=4&pageSize=2", "rel": "lastPage", "method": "GET" } } ]
Most of the eCMS API endpoints that return lists also provide filtering and sorting capabilties. Check the desired endpoint from the endpoint listing below to determine what filtering and sorting parameters are available.
The API makes use of the standard set of HTTP response codes to indicate success/failure of requests. Where possible, errors will return information in the response about why the request failed.
JSON is the preferred data interchange format for the eCompliance API, and all requests will return JSON by default. XML is also supported, and the desired format can be specified by HTTP Header. Use the headers below to determine the response type.
Date formats: If numeric, they should follow the ISO-8601 format of: yyyy-mm-dd, such as 1989-05-22. Please check that your local system follows this format to prevent errors in date translation. Alternatively, mixed text format of: MMM-dd-yyyy (MAY-22-1989), is also accepted. These are the only 2 formats that will prevent confusion of month and day.
Response type | Accept header |
---|---|
JSON | application/json |
XML | application/xml |