The Trustev API is secured using Token Authentication. This means that when you wish to communicate with our API, an API Token is required so we can verify that the information is coming from the correct source. An API Token is a unique alphanumeric string that Trustev will generate and return to you through our API, after a Get Token request has been made with a correctly formed request message. This request message is made up of information from your Test or Live API Keys.
X-Authorization: TrustevTest 4b312a24-2495-4ba4-8f85-d891bab1cac8
In the above example, it shows the site Username (TrustevTest), followed by a space, followed by the API Token (4b312a24-2495-4ba4-8f85-d891bab1cac8).
Every call to our API, other than the Get Token request, requires that an API Token is forwarded in the request header, along with your site Username.
In order to access an API Token, you will need your API Key information which will have been emailed to you by the Integration Team. You will need to proceed to Step 4: Get a Token to access one. Once you have successfully created a request to our API, you should receive an API Token which will be available in the response body, under the parameter ‘APIToken’.
Included in the response when you receive the APIToken is a parameter ‘ExpireAt’ which you may extract and use as a check to ensure you receive no errors due to expired tokens. ‘ExpireAt’ will be a timestamp in UTC.
We advise that you store this APIToken for re-use for subsequent calls to our API. Once the API Token expires, you can request a new token from our API and continue as normal. Please note that the APIToken will stay valid for 30 minutes.