Guides
Start typing to search…

Security

How to secure the Greenlight API calls

Summary

As part of Customer Onboarding, Greenlight will provide you three data elements which will need to be securely stored in your system - customerId, x-api-key, and the clientSecret. All of these data elements will be different between the Test and Production Environments. The Greenlight Operations team will arrange with you to securely pass you your customerIds, x-api-keys, and clientSecrets (this is usually done in a secure Teams call or through a secure Salesforce Case which is removed afterward.)

Every call to the Greenlight API must include the customer specific API KEY. This key should be included as an API request header named x-api-key.

Tokens

Every call to the Greenlight API must include the customerId as a path parameter. See the API Reference

The Client Secret will be needed for Get Authentication Token. The request body payload for this call will include your Greenlight provided clientSecret. See the example below:

{"clientSecret":"your-client-secret"}

The response body of the Get Authentication Token call will include your access token and expiresIn which is the number of seconds this token will remain valid.

{
    "accessToken": "valid-token",
    "expiresIn": 86400
}

The accessToken must be included in all subsequent calls as an Authentication Header bearer token.

Token Expiry

Tokens do expire and when a token does expire, a new token can be fetched by executing the Get Authentication Token again. Customer Tokens are cached on the Greenlight side, so subsequent calls to Get Authentication Token may return the same token as long as that token is still valid.

The token expiresIn is the number of seconds the token will remain valid.

Rate Limits

To ensure up and response time, all customers will have per second and per month rate limits. When a customer exceeds either the per second or per month limit, all calls will receive a 429 response until the next second (or month). If you are hitting rate limit errors, please contact Greenlight Customer Support.

Common Practices to avoid Rate Limits

Updated 4 months ago