Spectrum provides a generic API interface to let customers to integrate with their own CRM solutions in order to customize login flow. Here, in this document you will be provided a guideline of integrating your current system with Spectrum's API.
CONTINUE LOGIN FLOW
By default, all requests receive the v1 version of the REST API. Requests will be made with version number via the Accept header.
Communication with Spectrum is done in JSON format, every request and response must have Content-Type: application/json;charset=UTF-8 in header.
Spectrum takes some security measures to be sure that responses to API calls belongs to our customers.
Every customer is given two system-wide-unique keys: public and secret keys.
Public key is sent with Spectrum requests. It can be used in customer's service to verify if request is made from Spectrum:
Accept: application/vnd.faraday.spectrum.v1+json Content-Type: application/json;charset=UTF-8 X-Api-Key: fJLFhUWTxF8LdNZnvG23
Private key resides in service to be integrated. It's used to verify response is generated by customer.
Spectrum expects to get two headers in response:
• X-Timestamp, UNIX timestamp value.
• X-Auth: Value of following function: SHA-256(<API Secret>-<UNIX Timestamp>)
Example: If your API secret is OeaH2OTRCJa8REtSvKXb then you can use following Java code to generate X-Auth value.
MessageDigest digest = MessageDigest.getInstance("SHA-256");
IsMember is request is sent from Spectrum to consumer service to check if visitor is a registered member. At least one of email and phone will be sent in request.
Phone number will begin with country code, without leading plus or zeros.
• HTTP 200 - visitor is already a member • HTTP 404 - member not found.
curl -X GET \ 'http://example.com/api/IsMember?phone=15410000000' \ -H 'Accept: application/vnd.faraday.spectrum.v1+json' \ -H 'X-Api-Key: fJLFhUWTxF8LdNZnvG23' \
• 200 OK - the request was successful (some API calls may return 201 instead).
• 201 Created - the request was successful and a resource was created.
• 204 No Content - the request was successful but there is no representation to return (i.e. the response is empty). • 400 Bad Request - the request could not be understood or was missing required parameters.
• 401 Unauthorized - authentication failed or user doesn't have permissions for requested operation.
• 403 Forbidden - access denied.
• 404 Not Found - resource was not found.
• 405 Method Not Allowed - requested method is not supported for resource.