Security

All communication with Chorus servers must use TLS (https://).

Our APIs use http headers with a Client ID and Client Secret for secure authentication and authorisation.

All API calls require the http headers to be present to ensure the caller is authorised to interact with the API. Correct calls will allow you to retrieve and test products.

An additional requirement for access to Production APIs is your IP address that you must provide when applying for Production access.

Use your Client ID and Client Secret in your API calls

curl -H 'X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx' -H 
'X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx' \   
 
'https://api.chorus.co.nz/apiname/v1/'

Header example:

GET https://api.chorus.co.nz/apiname/v1/ HTTP/1.1
 
Accept-Encoding: gzip,deflate
 
X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx
 
X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx
 
Host: api.chorus.co.nz
 
Connection: Keep-Alive
 
User-Agent: Apache-HttpClient/4.3.1 (java 1.7)

API Developers

API Developers

Help us improve

API essentials

Security