DotGolf ISV API Supplementary Technical Documentation (v@DotGolf.Core.Environment.Configuration.BuildInfo.Version)

Contents

1.      Authentication. 1

Authenticating against the API via code. 1

2.      API rate-limiting. 3

 

1.      Authentication

 

Your credentials for each of your clubs will consist of a Username and a Secret Key.

Referring to these sample credentials, this document will explain the authentication process. When following these steps, use your issued credentials in place of the sample credentials.

Sample Username: your-username

Sample Secret key: GwxynSecretKeybaEMCTk

 

There are two ways to access the API; manually, through http://isvapi.sct.dev.golf.co.nz using the Swagger UI, or through your application code.

The API authentication is JWT-based.

 

Authenticating against the API via code

In the syntax of your chosen JWT library, generate a JWT token with the following required details:

alg: "HS256"   (HMACSHA256 Algorithm)

aud: "isv-api"   (Audience)

iss: "your-username"    (Issuer)

iat: {current UNIX timestamp}   (Issued at)

Secret/Signing key: "GwxynSecretKeybaEMCTk"

 

Using an http client, POST the client token to

http://isvapi.sct.dev.golf.co.nz/api/gb-sct/v1/account/token using this POST body  

{

  "clientToken": "your-jwt-token"

}

 

The response will be of the form:

{

  "accessToken": "string",

  "refreshToken": "string",

  "expiresAtUTC": "2020-02-02T20:50:52.499Z"

}

as shown in Swagger.

 

Save the refresh token. Once your access token expires, you can POST this

{

  "refreshToken": "your-refresh-token"

}

to http://isvapi.sct.dev.golf.co.nz/api/gb-sct/v1/account/renew to receive a new access token.

 

Add the access token as an HTTP Bearer Authorization header to all other requests to the API, idiomatic to your programming language.

e.g.     Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

 

This will give you access to all the API endpoints you can see in Swagger after authenticating (see steps below.)

 

·                      Club Members

·                      Courses

·                      Scores

·                      Visitors

 

At this point you can use Swagger’s test harness to test the API. Enter gb-sct as the country code.

Another testing option is using an API testing service like Postman , being sure authenticate with your access token .

 

2.      API rate-limiting

 

The API is limited to 300 requests per minute per username. Each response to an authenticated API request will include several headers that describe your current limit.

X-Rate-Limit-Limit: Your total limit.

X-Rate-Limit-Remaining: Number of requests remaining.

X-Rate-Limit-Reset: UTC date time (ISO 8601) when the limits resets.