This document establishes the guidelines for Simpson Strong-Tie REST APIs, to ensure that interfaces are developed securely and consistently, and are made easy to use. Please see our FAQs section for definitions of any terms.
The goals of these guidelines are:
- to provide application developers with resources to create and utilize RESTful HTTP interfaces
- to provide the smoothest possible experience for developers by providing consistent and intuitive design guidelines
- to establish a cohesive look and feel for all Simpson Strong-Tie web products and services
- to instill an "API-only" development approach where all communications between separate modules must happen via APIs
The term "API" can mean a lot of things. In the context of this site, we're referring to service-level APIs that are exposed over the internet.
These guidelines do not cover programming languages or libraries used, server frameworks, or how an application might implement an API.
We need to verify that the client is valid before using the Simpson Strong-Tie system.
There are four grant types defined in the OAuth2 RFC 6749:
- Authorization Code
- Implicit
- Resource Owner Password Credentials
- Client Credentials
The Simpson Strong-Tie system currently supports only the "Client Credentials" type when acting as authorization server where the resource owner client credentials (i.e., "client_id" and "client_secret") can be used directly as an authorization grant to obtain an access token.
You can do this by the following POST request with multipart form-data in body:
POST {baseURL}/oauth/token
| Parameter | Value |
|---|---|
| grant_type | client_credentials |
| client_id | 12345 (unique id of the Client App configured) |
| client_secret | ABCDE (unique secret code of the Client App configured) |
JSON file that contains the access token and type of token will be returned:
{
"access_token": "eyJ4NXQjUzI1NiI6ImZYSkhReFpkTzlKWU1aaXFFaWQiO",
"scope": "trust read write register",
"allowed_services": "apigateway",
"token_type": "Bearer",
"expires_in": 86400
}- Staging Base URL: https://api-staging.strongtie.com/gws
- Production Base URL: https://api.strongtie.com/gws
All API endpoints expect request and response body data to be in JSON. The following HTTP request headers may be required, depending on the operation and endpoint being invoked:
| Header | Definition | Example |
|---|---|---|
| Authorization | Required for all endpoints, except for POST /token. The access token. | https://api-staging.strongtie.com/gws/api/Hangers |
| Content-Type | Required for POST and PUT requests. Defines the structure for the response | https://api.strongtie.com/gws/api/Hangers |
HTTP has a defined set of methods. These request methods are sometimes referred to as “HTTP verbs”. The common methods used by most RESTful web APIs are:
- POST
- PUT
- GET
- DELETE
- PATCH
- HEAD
- OPTIONS
- SAFE AND NON-SAFE METHODS
Simpson Strong-Tie uses a combination of HTTP status codes and custom error codes with a descriptive message in JSON-formatted Error objects to give you a more complete picture of what has happened with your request.