Security

All communication with Chorus servers must be over TLS (https://).

Our APIs use http headers with a Client Id and Client Secret for secure authentication and authorisation.

All API calls require the http headers to be present to ensure the caller is authorised to interact with the API. Correct calls will allow you to retrieve and test products.

An additional requirement for access to Production APIs is your IP address which you must provide when applying for Production access.

Use your Client ID and Client Secret in your API calls

curl -H 'X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx' -H 'X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx' \   
 
'https://api.chorus.co.nz/apiname/v1/'

Header Example

GET https://api.chorus.co.nz/apiname/v1/ HTTP/1.1
 
Accept-Encoding: gzip,deflate
 
X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx
 
X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx
 
Host: api.chorus.co.nz
 
Connection: Keep-Alive
 
User-Agent: Apache-HttpClient/4.3.1 (java 1.7)

API Developers

API Developers

Help us improve

Security