API essentials


All communication with Chorus servers must use TLS (https://).

There are two ways our APIs use http headers for secure authentication and authorisation; either using a Client ID and Client Secret or Base64 encoding. To determine which security method an API uses, refer to the security header information found in the API Specification. View documentation by API.

All API calls require the http headers to be present to ensure the caller is authorised to interact with the API.  Correct calls will allow you to retrieve and test products.

An additional requirement for access to APIs is provision of your IP address when applying for Production access.

Use your Client ID and Client Secret in your API calls

curl -H 'X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx' -H 
'X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx' \   

Header example:

GET https://api.chorus.co.nz/apiname/v1/ HTTP/1.1
Accept-Encoding: gzip,deflate
X-Chorus-Client-Id: xxxxxxxxxxxxxxxxxxxxxxx
X-Chorus-Client-Secret: xxxxxxxxxxxxxxxxxxxxxxx
Host: api.chorus.co.nz
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.3.1 (java 1.7)

Note: It is important to keep the client secret secure and confidential, as it is used to authenticate the client application with the authorisation server. Exposure of the client secret can result in unauthorised access.