Security
All communication with Chorus servers must be over TLS (https://).
Our APIs use http headers with a Client Id and Client Secret for secure authentication and authorisation.
All API calls require the http headers to be present to ensure the caller is authorised to interact with the API. Correct calls will allow you to retrieve and test products.
An additional requirement for access to Production APIs is your IP address which you must provide when applying for Production access.
Use your Client ID and Client Secret in your API calls
curl -H 'X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx' -H 'X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx' \
'https://api.chorus.co.nz/apiname/v1/'
Header Example
GET https://api.chorus.co.nz/apiname/v1/ HTTP/1.1
Accept-Encoding: gzip,deflate
X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx
X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx
Host: api.chorus.co.nz
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.1 (java 1.7)