Overview
Introduction
This API implements functionality for managing the ordering features of Agilant’s TOGa system through a RESTful HTTP transaction containing a JSON payload.
Endpoints
Beta/Test/Sandbox Environmenthttps://api.beta.agilantsolutions.com
Production Environmenthttps://api.agilantsolutions.com
Structure & Schema
- All requests and responses are formatted in JSON notation.
- Any whitespace in the request payload is disregarded. The JSON examples in this document are shown in a "pretty print" structure for easier legibility but JSON is not required to be in "pretty print" when performing the actual transactions.
- This API is intended for businesses-to-businesses (B2B) and must be implemented on your server-side. Requests to this API should never be sent from or processed by a user on the client-side.
- There are no data or structural differences between our beta and production environment. The only change you must make to initiate a request in production is that it must be sent to our production URL endpoint.
- All parameter names are case-sensitive and all values are handled with case sensitivity.
- Connection timeouts should be set to 15 seconds.
- Date and times in any inputs and outputs are formatted in ISO 8601 notation.
- For example:
1994-11-05corresponds to November 5, 1994. - For example:
1994-11-05T08:15:30-05:00corresponds to November 5, 1994, 8:15:30 am, US Eastern Standard Time. - For example:
08:15:30-05:00corresponds to 8:15:30 am, US Eastern Standard Time.
Authentication & Authorization
- During the onboarding process, Agilant will provide you with two GUID keys which you are to store. One key is a public API key and the other key is a secret API key. You must ensure that the secret key is not disclosed anywhere in your code to the public.
- In the header of every transaction, you will need to provide a timestamp, your public key, and a signature of your transaction comprising of the timestamp field signed by your secret API key using the HMAC-SHA-256 cryptographic hash algorithm.
- The timestamp must be within 120 seconds (2 minutes) of the actual time or your transaction will be rejected. Therefore, you must ensure that your system time is maintained accurately within 2 minutes of the actual universal time.
Required Request Headers for Every Transaction
| Header Field | Type | Description |
|---|---|---|
Content-Type | String | Must be set to application/json |
Timestamp | String | The current timestamp of your transaction in ISO 8601 notation. Example: 2019-01-02T17:34:52-05:00 |
Authorization | String | Concatenated string of your public API key, followed by a literal period (.), followed by your signature. Your signature is your timestamp value, signed using your secret API key through the HMAC-SHA-256 cryptographic hash algorithm in a raw binary format and then Base64 encoded.Format: {publicKey}.{signatureOfTimestampUsingSecretKey} |
Sample Authentication Request Headers
Content-Type: application/json
Timestamp: 2019-01-02T17:34:52-05:00
Authorization: 1111AAAA-22BB-33CC-44DD-555555EEEEEE.Omjruf/UNd+rKEbjobxJzky84h6XOE9o9jz6/IKqc7Q=
Sample Authentication Request Headers
See the sample request using the sample information below.
- Using Sample Timestamp of:
2019-01-02T17:34:52-05:00 - Using Sample Public API Key of:
1111AAAA-22BB-33CC-44DD-555555EEEEEE - Using Sample Secret API Key of:
EEEE5555-DD44-CC33-BB22-AAAAAA111111
Sample PHP Code for Assembling Request Headers
<?php
$publicApiKey = '1111AAAA-22BB-33CC-44DD-555555EEEEEE'; // Replace with your Public API Key
$secretApiKey = 'EEEE5555-DD44-CC33-BB22-AAAAAA111111'; // Replace with your Secret API Key
$timestamp = date('c', time());
$headers = [
'Content-Type: application/json',
('Timestamp: '.$timestamp),
('Authorization: '.$publicApiKey.'.'.base64_encode(hash_hmac('SHA256', $timestamp, $secretApiKey, true)))
];
?>
Responses
- All responses include two fields called
successanderror. - The
successfield is a boolean data type which will returntrueorfalsefor whether or not the transaction was successful. - The
errorfield will contain an intelligible string of the error details if one occurred or will be an empty value if no error occurred. - Additionally, all transactions will respond with the following codes if they are successful:
200 OKfor allGET,PUT, andDELETErequests.201 CREATEDfor allPOSTrequests.- When determining for whether or not the transaction was successful, you should check that the HTTP response code is
200 OKor201 CREATEDand/or check that thesuccessvalue is set totrue.
Sample Response Headers
Content-Type: application/json
Content-Length: 354
Response Headers for Every Transaction
| Header Field | Type | Description |
|---|---|---|
Content-Type | String | Will always be set to application/json |
Content-Length | Integer | Length of the response payload in bytes. |
Response Codes
| HTTP Code | Meaning | Required Action |
|---|---|---|
200 OK | The transaction was successful. (Applicable to GET, PUT, and DELETE requests) | N/A |
201 CREATED | The record was successfully created. (Applicable only to POST requests) | N/A |
400 BAD REQUEST | A logic error was encountered or the request was missing a required parameter. | Review the returned errors and correct the issue. |
401 UNAUTHORIZED | Authentication or authorization failed. | Review the returned errors and correct the issue. If the problem persists, you may not be permitted to perform this API call. |
403 FORBIDDEN | Access was denied when trying to retrieve data for a record. | Ensure you have proper authorization to access the record. |
404 NOT FOUND | The record could not be located. | Ensure you have requested a record that exists. |
405 METHOD NOT ALLOWED | The requested action is not supported. | Ensure that you are calling a valid API method and using the correct method and route. |
408 REQUEST TIMEOUT | A connection error was encountered and the request may or may not have completed successfully. | Retry the transaction and/or perform other GET requests to check if the previous request succeeded. |
422 UNPROCESSABLE ENTITY | The request structure is correct and the server understands the request but is unable to process the transaction. This typically can occur in a POST request if the record being created or changed already exists. | Ensure you are not trying to create the same record that was already processed in a previous transaction. |
500 INTERNAL SERVER ERRROR | An unexpected internal server error was encountered. | Contact the administrator. Further analysis and debugging may need to be performed. |
502 BAD GATEWAY | A temporary network issue occurred when receiving the request. This is rare and typically caused by a very temporary network issue which should resolve within a few seconds. | Retry the transaction or try again later. If the problem persists, please contact the administrator. |
504 GATEWAY TIMEOUT | A network issue occurred when receiving the request. | Retry the transaction or try again later. If the problem persists, please contact the administrator. |
PHP Example
<?php
$endpoint = 'https://api.beta.agilantsolutions.com'; // SANDBOX ENDPOINT
//$endpoint = 'https://api.agilantsolutions.com'; // PRODUCTION ENDPOINT
$publicApiKey = '1111AAAA-22BB-33CC-44DD-555555EEEEEE'; // Replace with your Public API Key
$secretApiKey = 'EEEE5555-DD44-CC33-BB22-AAAAAA111111'; // Replace with your Secret API Key
$method = 'GET';
$route = '/provider';
$payload = '{"providers":["C638C170-3EC1-4DF2-942C-1D1C3AD74FBC","16527A9E-4048-452CA8DF-605E1038A313"]}';
//////////////////////////////////////////////////
$url = ($endpoint . $route);
$timestamp = date('c', time());
$headers = [
'Content-Type: application/json',
('Timestamp: '.$timestamp),
('Authorization: '.$publicApiKey.'.'.base64_encode(hash_hmac('SHA256', $timestamp, $secretApiKey, true)))
];
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_CUSTOMREQUEST, $method);
curl_setopt($ch, CURLOPT_POSTFIELDS, $payload);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
$responseBody = curl_exec($ch);
$responseCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
echo 'responseCode=' . $responseCode . '<br>';
echo 'responseBody=' . $responseBody;
///////////////////////////////////////////////
/*
EXAMPLE OUTPUT:
responseCode=200
responseBody=
{
"success": true,
"error": "",
"providers": [
{
"providerId": "C638C170-3EC1-4DF2-942C-1D1C3AD74FBC",
"providerName": "Porch",
"avgRating": 4.3,
"reviews": [
{
"name": "Jane Doe",
"rating": 4.7,
"review": "I like this service very much!"
},
{
"name": "John Smith",
"rating": 3.5,
"review": "I was quite happy!"
}
]
},
{
"providerId": "16527A9E-4048-452C-A8DF-605E1038A313",
"providerName": "Hello Tech",
"avgRating": 3.1,
"reviews": [
{
"name": "Mary Doe",
"rating": 2.7,
"review": "I was not happy with this service.
},
{
"name": "Jim Dean",
"rating": 4.1,
"review": "This looks really nice!"
}
]
}
]
}
*/
Enumerated Lists
Order Types
Defines the type of order
Values
| Value | Description |
|---|---|
NEW | The order is for a new computer setup. |
EXISTING | The order is for an existing computer setup. |
REFURB | The order is for a computer refurbishment. |
Orders
Retrieve an OrderGET /order/{orderNumber}
Use this request to retrieve the details of an order
- The
{orderNumber}value in the route is an integer which references the order number keyed in by the user.
Sample Request
GET /order/12345678
Content-Type: application/json
Timestamp: (See Authentication & Authorization)
Authorization: (See Authentication & Authorization)
Input/Request Parameters
No input/request parameters are accepted.
Sample Response
HTTP/1.1 200 OK
{
"success" : true,
"error" : "",
"orderNumber" : 12345678,
"firstName" : "John",
"lastName" : "Smith",
"emailAddress" : "jsmith@testco.com",
"associateId" : "0975312",
"storeNumber" : "758246",
"type" : "NEW"
}Output/Response Parameters
| Field | Type | Description |
|---|---|---|
success | Boolean | Will return true or false for whether or not the transaction was successful. |
error | String | Intelligible string of the error that occurred. Will be empty if no error occurred. |
orderNumber | Integer | The order number this transaction is referring to. |
firstName | String | The first name on the account. |
lastName | String | The last name on the account. |
emailAddress | String | The email address on the account. |
associateId | String | The associate number who initiated the order. |
storeNumber | String | The store number the order originated in. |
type | String | The type of order the record is referring to. See Order Types for all possible values. |
Typical Response Codes
| HTTP Code | Meaning | Required Action |
|---|---|---|
200 OK | The transaction was successful. (Applicable to GET, PUT, and DELETE requests) | N/A |
400 BAD REQUEST | A logic error was encountered or the request was missing a required parameter. | Review the returned errors and correct the issue. |
404 NOT FOUND | The record could not be located. | Ensure you have requested a record that exists. |
Create an Order DiagnosticPOST /order/{orderNumber}/diagnostic
Use this request to create a diagnostic record to an order.
- The
{orderNumber}value in the route is an integer which references the order number keyed in by the user.
Sample Request
POST /order/12345678/diagnostic
Content-Type: application/json
Timestamp: (See Authentication & Authorization)
Authorization: (See Authentication & Authorization)
{
"resultCode" : "Has A/V, No problem(s) found",
"windowsUpgradeEligibility" : true,
"document" : "JVBERi0xLjcKCjQgMCBvYmoKKElkZW50aXR5KQplbmRvYmoKNSAwIG9iagooQWRvYmUpCmVu...",
"systemInformation" : "{\n\"Win32_BIOS\":\n{\n \"BiosCharacteristics\":\"{7, 9, 11..."
}Input/Request Parameters
| Field | Type | Description |
|---|---|---|
resultCode | String | Result code from the diagnostic performed. |
windowsUpgradeEligibility | Boolean | Set as true to mark this device as eligible for an upgrade to the next Windows version, false if the device is not eligible. |
document | String | The reference to the results document. This value may be a URL linking to the document file OR a Base64-encoded string of the document file. |
systemInformation | String | The system information details |
Sample Response
HTTP/1.1 201 OK
{
"success" : true,
"error" : "",
"orderNumber" : 12345678
}Output/Response Parameters
| Field | Type | Description |
|---|---|---|
success | Boolean | Will return true or false for whether or not the transaction was successful. |
error | String | Intelligible string of the error that occurred. Will be empty if no error occurred. |
orderNumber | Integer | The order number this transaction is referring to. |
Typical Response Codes
| HTTP Code | Meaning | Required Action |
|---|---|---|
201 CREATED | The record was successfully created. (Applicable only to POST requests) | N/A |
400 BAD REQUEST | A logic error was encountered or the request was missing a required parameter. | Review the returned errors and correct the issue. |
404 NOT FOUND | The record could not be located. | Ensure you have requested a record that exists. |