Multi-level API

IvozProvider API is divided in same three levels as the web administration portal plus user API:

  • God
  • Brand
  • Client
  • User

This split allows different roles with different responsibilities to be integrated against it without compromising security (read, edit, update or delete the data they should not).

If you check out security policies (read_access_control and write_access_control attributes), you’ll see that we apply read filters and write validations based on user information (token). One single API approach would require a complex validations more prone to failure, introduce errors and require huge queries that would impact the performance.

Note

That is why we split it into three APIs with impersonate mechanism to move between them. This mechanism is explained in Use Case section.

In order to access to each level, you will need a corresponding level URL and credentials:

God API access

Brand API access

Client API access

User API access

  • Credentials: User credentials defined in Users.

Warning

All credentials usernames are unique at brand level. This is why username + brand URL duple is needed to identify a user (both in API and in web portal).

Tip

As both brand and client URLs are internally linked to the same brand (client within that brand), it is also possible to access to client API using a brand URL + /api/client.