Technical Specification

Swagger Documentation

ilink uses an OpenAPI 3 specification with a Swagger client, available here. In this web customer, you can perform test API calls, analyse the responses, and verify the data to be sent for each endpoint/method.

The Swagger client provided above should be used throughout your development process. It is also possible to check how API calls are constructed via cURL (see example below):

Note: Several HTTP clients, are also provided in over 50 languages and frameworks, automatically generated from our specification, which can serve as initial support for your integration process.

Authorisation

All requests to the API must include the following authorisation header:

• Authorization: Bearer {TOKEN_PLATAFORMA}

In the Swagger client, the authorisation process is performed by entering the platform token after clicking the Authorize button.

After this step, note that all subsequent API requests include the Authorization header:

Authentication

Before making the first API call to ilink, authentication per customer/TIN is required. This authentication serves as an initial handshake between the customer and ilink and is performed via the endpoint POST /apps/authentications:

A valid authentication should return this response:

HTTP status: 200 OK

{
  "success": true,
  "message": {
    "code":"e123",
    "msg":"Integration completed successfully."
  }
}

Authentication is valid indefinitely (only needs to be invoked once per customer/TIN accessing the API). It can also be revoked using the DELETE /apps/authentications method:

If authentication is not completed, or the Authorization header is not sent in API requests, all calls will be rejected for that customer/TIN with the following error:

HTTP status: 401 Unauthorized

{
  "success": false,
  "errors": [
    {
      "code": "e069",
      "msg": "Invalid authentication"
    }
  ]
}

Note: In production, each customer/TIN must authenticate again.