You can start interacting with our API once you have registered with us.
Registration
To create the Company Main Profile and obtain your Credentials send an email to [email protected] in order to provide your basic data and fulfill the process to receive a pair of (user, password) within 24 hours. A valid email and mobile number is recommended to successfully fulfill the registration steps.
Get a Secret API Key
Provided credentials (user and password) must be used to get a secret API Key with a validity of 3 months (after that the company will need to create a new API Key, again for 3 months). The API Key is your Organization's unique identifier.
Key Format
36 characters separated by hyphen and each part is 8, 4, 4, 4 y 12 characters
each.Example: API_Key = ‘fb2992d3-5cf2-4177-8433-173bf3a63265’
Accounts are activated at the moment the company successfully request a secret API Key for the first time .
Consume API with your Secret API Key
UnDosTres authenticates your API calls using API Keys. For each call to the UnDosTres API, you must include your Secret API Key in the x-api-key field of the request Header. Credentials are not needed anymore unless consuming the endpoint to request a new secret API Key. Take into account that, for security, each API Key is limited to be used at most from three IP Addresses which are provided while creating it (at least one IP must be provided on that moment, others can be added or modified later but only by customer support team).
When a new secret API Key is requested, the old one (if exist) will be configured to expire in 24 hours unless requested to expire before that time on the same API call, or it was scheduled to expire before since their creation. Response will always include the company ID assigned/related to account being updated. If new allowed IPs are not provided (or empty on request) while requesting a new API Key we may use the IP list assigned to old key if possible.
Update your account data and create sub-accounts using the API
Please note that credentials (user and password) are only able to be updated on demand using the above mentioned email. However, our API can be used to update all the company data such as names, web-hooks and document number (all except initial registered email and phone). Also, as a owner of the main account, sub-accounts can be created on demand in an API call; receiving a pair of extra credentials which should be used to generate API Keys and for initial activation too.
Although any account and their sub-accounts shares similar information (they have same data-fields) we handle them as a hierarchy tree structure where each node works as a valid account by itself with the same privileges over their sub-tree and the same allowed operations. Main account may be limited to have some maximum number C (e.g. five) of sub-accounts, and similarly sub-accounts may be limited to have some maximum number G (e.g. ten) of sub-(sub-accounts). Maximum deep of accounts struct is two (2) for the moment.