Skip to content

Usage

Introduction

apifew core task is to grant/check end-users licenses, and when applicable, register usage.

Standalone applications and SaaS can request apifew to check if a given user has been assigned a license. It is done by requesting apifew's API.

APIs applications can also check user rights to request and register requests usage, with 3 different methods.

License check

An application can request apifew's API to check if a given user has be assigned with a valid license.

endpoint:   POST https://api.apifew.com/v1/app/user/license/check
body:       {
                "APIFEW_KEY":       "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "LICENSE_KEY":      "12345678-aaaa-bbbb-cccc-1234567890abcdef",
            }
------------
response:   Result object
Result.data {
                "license_ok":       true,
                "username":         "user@domain.com",
                "alias_uid":        "ABCDEF1234567890"
}

API endpoints

Three different ways are available to serve request from end-user.

Description Request server Pros Cons
apifew's gateway gw.apifew.com simple for end-user/provider not suitable for heavy workloads
token API provider suitable for any workload more work on integration
request stamp API provider simple for end-user end-user must trust provider

apifew's gateway

It is the most straighforward. End-user requests via apifew and gets results back in a Result object. There is only 1 change vs a direct API call: request is packaged as an RPC:

endpoint:   <METHOD> https://gw.apifew.com/v1/request
headers:    'Apifew-User-License-Key': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
body:       {
                "APP_NAME":         "api.domain.com",
                "ROUTE":            "/a/route",
                "METHOD":           "GET",
                ?"PARAMS":           {
                                        "param1":   "value1",
                                        "param2":   "value2"
                                    },
                ?"HEADERS":          {
                                        "x-api-key":    "a_secret_key"
                                    }
                ?"RESPONSE_AS_RESULT" true
            }
------------
response:   Result object (or raw response)
Result.data Response from API (if RESPONSE_AS_RESULT is true)

token

Few cases disfavor apifew's gateway option: requests involve heavy load such as picture/video or PDF files, or highly sensitive/regulated data.
In such case, API consumer needs to directly request your API.

With 'token' mode, API consumer first request a one-usage-only token to apifew, and will pass this token as header 'Apifew-Request-Token' when requesting to your API.

Step 1: consumer requests apifew for token
endpoint:   POST https://gw.apifew.com/v1/token/create
headers:
body:       { 
                "USER_LICENSE_KEY": "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "API_URL":          "https://exemple.api.com/route/to/request",
                "API_METHOD":       "GET"
            }
------------
response:   Result object
Result.data {
                "token":            "12345678-aaaa-bbbb-cccc-1234567890abcdef"
            }
Step 2: consumer requests API directly, with token
endpoint:   <METHOD> https://exemple.api.com/route/to/request
headers:    'Apifew-Request-Token': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
params/body:<PARAMS OR BODY>
Step 3: API provider consumes token and set request status
endpoint:   POST https://gw.apifew.com/v1/token/consume
headers:    'Apifew-App-Secret-Key': '12345678-aaaa-bbbb-cccc-1234567890abcdef'
body:       {
                "TOKEN":            "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "REQUEST_STATUS_CODE": 200,
    optional    "SHOW_PRICING":     true    
            }
------------
response:   Result object
Result.data {
                "app_name":         "app.api.com",
                "token":            "12345678-aaaa-bbbb-cccc-1234567890abcdef",
                "consumed":         true,
                "pricing":          "main"
            }

Warning

Note that if REQUEST_STATUS_CODE differs from 200, no fee will be charged

(optional) Step 4: consumer confirms request status

To be implemented

request stamp

This last option enables API provider to stamp request once processed