API stands for Application Program Interface, and is a set of routines, protocols, and tools for building software applications.
API Call Structure
The call structure of the APIs is as follows:
- Method: HTTP is the format used to enable communication between clients (like Web browsers) and servers. The most common methods are GET, POST, PUT and DELETE.
For more information on HTTP, see: HTTP Specification.
- URL: The Web address. The URL host is the Vibes public API site.
- Header: A unit of information that contains information about the file. Vibes APIs use a JSON file.
- Body: Represents the body of the request or response and allows you to declare what the content type is and how it should be handled.
Vibes throttles the number of requests that can hit the APIs at one time. The rates are the following:
- For inbound events:
- 300 requests/second
- For all other company api calls (including mobile wallet updates)
- 100 requests/second
- For mobile app calls
- 100 requests/second
- For all other api calls
- 20 requests/second
NOTE: A “429 Too Many Requests” response will be sent in any cases where the number of requests hitting the API are over the defined rate limits.
There are currently two versions of the APIs available. You can see what version you are using by looking at the API header.
The following technical details are provided to help you better understand the Vibes APIs and Callbacks.
The following is the standard Vibes URL host, which is the Vibes public API site.
https://public-api.vibescmeurope.com/ (deprecated on 11/13/2020; may be removed in future)
All Vibes API calls are set up to receive data in a standard JSON format. The following is the exact header to include on all API calls.
Basic Authentication is the simplest way to implement access controls. Most programming languages have built-in libraries to support Basic Authentication. The following is a brief description of how the header is constructed:
- Combine the username and password into a "username:password" string.
- Encode the resulting string using Base64.
Add the Authorization HTTP header and set the value to "Basic " plus the encoded string.
Note: Include the extra space after "Basic ".
For example, if the username is 'VibesUser' and the password is "Password123" then the header is as follows:
Client Certificate Authentication
Vibes supports Client Certificate Authentication as an extra layer of security for API calls.
API HTTP Header Version
Platform APIs require you to send Vibes an HTTP `X-API-Version` with a value of `2`.
Error Handling and Responses
General HTTP Response Codes
APIs follow standard HTTP Response codes. See individual API calls for errors that can be returned.
Error Response Body
Any 4XX error will return a JSON body with the specific information and code. The response will be an errors Object, with an Array of all the errors that occurred on the request, as shown in the following example.
Callbacks are a way for a third-party system to register and receive events from the Vibes Mobile Engagement Platform when specified data has changed. A Callback event is a Vibes-initiated HTTP request to the third-party system to notify them of a data change. The customer endpoint should properly store/record the information, and then return an appropriate HttpResponse to acknowledge receipt of the event, keeping processing and logic as small as possible for throughput and performance.
Note: To ensure adequate performance and avoid rate limiting or other errors, you should keep the callback code as small as possible. To avoid connection timeouts or rate limiting from the Vibes system, any extensive back end calls or updates should be done asynchronously rather than keeping the callback HTTP call open.
One Callback can be registered per event type, per company account. Person callbacks, because they are related to the entire MobileDB, and not to any one company, can only have one registration callback per MobileDB database.
As part of the configuration, customers can be notified of failed deliveries by setting up an automated email notification process for when a callback event fails to notify.
Originating IP Address Ranges
The following Vibes IP address ranges are available if a customer wants to white list them:
It is the receiver's responsibility to ensure processing and to return the appropriate error codes. Depending on the error code, Vibes will attempt to redeliver the events up to the maximum number of tries. It is important that the callback endpoint not return errors when no retry attempts are desired. In that case, simply accepting the message with a 2XX response is sufficient.
It is possible, in rare circumstances, that an event is delivered more than once in error scenarios, or when an improper HTTP Response code was returned or timed out. All customer end points must be able to handle this case without causing conflicts within their system, and return a response in the 2XX range.
HTTP Response Code
OK - Message was accepted and processed successfully.
Permanent event specific error conditions that should not be retried. It will immediately put the event in a failure queue and notify the customer for resolution.
Temporary error conditions that indicate a transient failure. These events will be retried based on the configured retry scheme, and then, if still failing, it will put the event in a failure queue and notify the customer for resolution. These can also trigger downed states within a URL that may suspend additional delivery attempts for short periods of time to avoid saturating a down (or slow) service.
Callback Event Structure
All callback events have a similar base structure to indicate the type of event as well as specific information about each event. All the general event information will be in the HTTP Headers for reference, parsing, and routing. The HTTP body will contain the specific data that is relevant to the callback event.
Unique Event ID for the event.
The Company ID that the request is for.
The Callback ID that generated this callback event.
The number of delivery attempts.
The free text type of the event.
Triggered when a new Person is added to the system.
person - Person Object
API Version 1
This is the default version. It does not accept the international format, E.164 phone numbers.
API Version 2
To fully serve its international customers, Vibes released Version 2 of the Vibes Mobile Engagement Platform APIs in 2016 to include support for international E.164 phone numbers.
Example API Version 1
Example API Version 2 (E.164 MDN Format)
REST API Tree URI Structure