Clients
Clients are PDX Syndication Accounts (PDX) and Clients are protected resources.
Data inside PDX is stored per client and cannot be shared between clients. The clientId string identifies a client. A Vendor obtains a clientId when they create a PDX Syndication account..
API Key
Whereas authentication into the PDX user interface requires a user, the external PDX API requires an api key and does not currently support authentication with a user from the user interface. An api key can access multiple client accounts.
Issuing and revoking api keys for PDX is done by contacting the PDX team at Stibo Systems at pdx-support@stibosystems.com or making a request via a JIRA Ticket.
Policy
For security reasons, the api key should never be shared with others or publicly - it must remain a secret. PDX api keys may only be sent to the https endpoint in production, and the http client should verify that the PDX https certificate is valid when sending requests. If there is an issue using the public PDX certificate, please contact the PDX support team. By using the PDX api key, you accept this policy.
Authentication
PDX requires all external API HTTPS requests to have an HTTPS basic authorization header, for example:
Username/API Key: myClientId
Password/API Secret: Xyz123abC
API applications, such as Postman, convert the apiKey:apiSecret into base64 and includes it in the header area when Basic Authorization is configured on the Authorization tab.
An example of this using Postman is as follows:
The “Content-Type” of “application/json” must also be included in the header, then the Send button is clicked to confirm authentication.
Result:
It will return the data standard for the channel specified. If authentication fails, a status will be returned immediately.
Curl can also be used to confirm authentication by obtaining the Production data standard for Home Depot Channel for example with the following command line parameters:
curl -u MyClientId:Xyz123abC
https://api.pds.stibosystems.com/api/datastandards/v1/datastandards/home-depot
When enter is pressed, the JSON will be immediately returned to the command line window, which validates authentication.