Custom API Proxy

The CloudSpark API provides proxy endpoints for calling custom client API endpoints in a Client Web Application. There are proxy endpoints for the following:



Authenticated Customers

Authenticated customer accounts have proxy endpoints they can use:

These endpoints are called by custom content pages and widgets in the Web Office and eCommerce Shop.

ProxySimple and Proxy behave differently. You can remove the Status ID and any other structures and simply work directly with the results if you utilize Simple.

authenticatedAssociateId Parameter

It is not necessary to pass an authenticatedAssociateId parameter on the POST to the proxy. The proxy will add this parameter automatically when it prepares to call a Client Web Application. Any call to the proxy that includes this parameter will be overwritten by the API proxy that contains the logged-in user ID. If a custom API doesn't need this parameter, it's ignored.

{ 
   associateId: 4567, 
   authenticatedAssociateId: 1234 
}

Custom API endpoints should use the authenticatedAssociateId parameter when they need the logged-in user ID. In the case of the preceding example, the API should check that the associateId passed is in the downline of the authenticatedAssociateId or perform whatever other security checks are prudent for the endpoint. If the API ignores this parameter, then it leaves a security hole open so that calls to this endpoint can be made through the proxy from any logged-in user.

Request Timeout

Requests timeout after 10 seconds. If you need to adjust the timeout window, timeout (an optional timeout query parameter) may be passed. The value entered is equal to the number of seconds given before the timeout.

For example, Admin/Proxy/API/Integrations/ExampleReport?timeout=30


Simple Endpoint /ProxySimple/

The Simple endpoint is recommended over the Standard endpoint because the requirements are less strict for the custom API called. This endpoint uses the prefix /ProxySimple/ in the API call.

Let's walk through what happens when a call is made to the Simple endpoint.

1. POST to the Simple API Endpoint

  • Request URL: https://api.directscale.com/ProxySimple/Associates/GetEyeColor

  • Request Body:

    { 
       associateId: 4567 
    }
    

You must use a POST for the proxy endpoint request, even if you're not sending a request body to the proxy endpoint.

⚠Important

The logged-in customer account authentication token is required in the request header in the same manner as all other custom API endpoints.

2. The API Proxy Sends a Request to the URL Configured in Extension Settings

📘

Learn how to set the URL for the API proxy by reading Configuring An API Proxy

  • Request URL: https://{clientId}.clientextension.directscale.com/Associates/GetEyeColor

  • Request Body:

    { 
       associateId: 4567, 
       authenticatedAssociateId: 1234 
    }
    

For the proxy API to determine the correct Proxy URL, it looks at the passed user authenticated token to know the clientId. Embedded in this token is the client to whom the user belongs.

3. Client Web Application Returns a Message Back to the Proxy

  • Response Status Code: 200

  • Response Body:

    { 
       Color: 'Green' 
    }
    

4. The Proxy Returns Data from the Client Web Application

  • Response Body: { ResponseBody: { Color : 'Green' }, ResponseStatus: 200 }

The ResponseStatus is set to whatever HTTP response status code the call to the endpoint returned. The ResponseBody is set to whatever response body the endpoint returned. If the call to the Client Web Application API timed out or had a TCP error, the proxy will return a 500 HTTP response with an empty response body.



Standard Endpoint /Proxy/

The Standard endpoint is the first version of the proxy. It expects endpoint responses in a certain format. This endpoint uses the prefix /Proxy/ in the API call.

Let's walk through what happens when a call is made to the Standard endpoint. Much of the info about the Simple endpoint applies here too unless otherwise noted.

1. POST to the Standard API endpoint

  • Request URL: https://api.directscale.com/Proxy/Associates/GetEyeColor

  • Request Body:

    { 
      associateId: 4567 
    }
    

2. The API Proxy Sends a Request to the URL Configured in Extension Settings

📘

Learn how to set the URL for the API proxy by reading Configuring An API Proxy

  • Request URL: https://{clientId}.clientextension.directscale.com/Command/ClientAPI/Associates/GetEyeColor

  • Request Body:

    { 
      associateId: 4567, 
      authenticatedAssociateId: 1234 
    }
    

3. Client Web Application Returns a Message Back to the Proxy

  • Response Status Code: 200
  • Response Body: { Status: 0, Message: null, Data: { Color: 'Green' } }

The API proxy is expecting the endpoint to return a JSON object in the response body with the properties:

  • Status
  • Data
  • Message

4. The Proxy Returns Data from the Client Web Application

  • Response Body:

    { 
       ErrorMessage: null, 
       Response: { Color: 'Green' } 
    }
    

The response JSON object of the API proxy includes two properties:

  • ErrorMessage – Contains the value of the Message property returned in the response when the Status property is set to a non-zero value; otherwise, it will be null.
  • Response – Contains the value of the Data property returned in the response when the Status property is set to zero; otherwise, it will be null.

If the call returned a non-zero Status value, the Intranet will log the error, and the proxy will return an empty 500 HTTP response in the same manner as the Simple endpoint error handling.



Unauthenticated Customers /AnonysmousProxy/ and /AnonysmousProxySimple/

Because the eCommerce Shop experience doesn't rely on the users being logged in, using the unauthenticated endpoints is usually more appropriate. This endpoint uses the prefix /AnonysmousProxySimple/ in the API call. The endpoints behave in the same manner as the Authenticated Customer endpoints except:

  • The authenticatedAssociateId parameter is NOT added to the requests to the Client Web Application because the user is not logged in.
  • The paths of the endpoints require the name of the client to be passed.
    • Simple Endpoint: https://api.directscale.com/AnonysmousProxySimple/{client}/{the rest of the path}
    • Standard Endpoint: https://api.directscale.com/AnonysmousProxy/{client}/{the rest of the path}

📘Note

The /AnonymousProxy/ requires a status code of "0".



Authenticated Admin Users /Admin/Proxy/

There is only one authenticated Admin user proxy endpoint. It's called by Admin custom content pages. The /Admin/Proxy/ endpoint behaves in the same manner as the Authenticated Customer Simple endpoint except:

  • The authenticatedAssociateId that is passed to the Client Web Application by the proxy is the ID of the logged-in Admin user NOT the ID of a logged-in customer.
  • The path of the Admin endpoint is: https://api.directscale.com/Admin/Proxy/{the rest of the path}.