DotGolf ISV API Supplementary Technical Documentation (v@DotGolf.Core.Environment.Configuration.BuildInfo.Version)

Contents

1.      Authentication. 1

Authenticating against the API via code. 1

2.      API rate-limiting. 3

 

1.      Authentication

 

Your credentials for each of your clubs will consist of a Username and a Secret Key.

Referring to these sample credentials, this document will explain the authentication process. When following these steps, use your issued credentials in place of the sample credentials.

Sample Username: your-username

Sample Secret key: GwxynSecretKeybaEMCTk

 

There are two ways to access the API; manually, through http://isvapi.whsplatform.englandgolf.org using the Swagger UI, or through your application code.

The API authentication is JWT-based.

 

Authenticating against the API via code

In the syntax of your chosen JWT library, generate a JWT token with the following required details:

alg: "HS256"   (HMACSHA256 Algorithm)

aud: "isv-api"   (Audience)

iss: "your-username"    (Issuer)

iat: {current UNIX timestamp}   (Issued at)

Secret/Signing key: "GwxynSecretKeybaEMCTk"

 

Using an http client, POST the client token to

http://isvapi.whsplatform.englandgolf.org/api/eng/v1/account/token using this POST body  

{

  "clientToken": "your-jwt-token"

}

 

The response will be of the form:

{

  "accessToken": "string",

  "refreshToken": "string",

  "expiresAtUTC": "2020-02-02T20:50:52.499Z"

}

as shown in Swagger.

 

Save the refresh token. Once your access token expires, you can POST this

{

  "refreshToken": "your-refresh-token"

}

to http://isvapi.whsplatform.englandgolf.org/api/eng/v1/account/renew to receive a new access token.

 

Add the access token as an HTTP Bearer Authorization header to all other requests to the API, idiomatic to your programming language.

e.g.     Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

 

This will give you access to all the API endpoints you can see in Swagger after authenticating (see steps below.)

 

·                      Club Members

·                      Courses

·                      Scores

·                      Visitors

 

At this point you can use Swagger’s test harness to test the API. Enter eng as the country code.

Another testing option is using an API testing service like Postman , being sure authenticate with your access token .

 

2.      API rate-limiting

 

The API is limited to 300 requests per minute per username. Each response to an authenticated API request will include several headers that describe your current limit.

X-Rate-Limit-Limit: Your total limit.

X-Rate-Limit-Remaining: Number of requests remaining.

X-Rate-Limit-Reset: UTC date time (ISO 8601) when the limits resets.