Data Integrity OmniSeal™ API Documentation (1.0)
API Support: support@purecipher.com
URL: https://purecipher.com/contact
Terms of Service: Read Terms
Interactive API documentation: Click here
API Server Health:
API Reference
The Data Integrity OmniSeal™ API, built on a REST architecture, is designed for ease of use and predictability. Here's an overview of how it operates:
Resource-Oriented URLs:
Each API endpoint corresponds to a specific resource or a collection of resources, making the URLs intuitive and easy to understand. For example, register a user uses a URL like:
https://api.purecipher.com/register
Request Bodies:
The API accepts request bodies in form-encoded format. This means when you need to send data to the server (like creating or updating a resource), you'll encode this data as form fields.
Security Considerations
- Use of HTTPS: HTTPS ensures that data transmitted between the client and server is encrypted, providing confidentiality and protecting against interception and eavesdropping. Enforce HTTPS for all API interactions.
- Input Validation: Validate all inputs to prevent issues like SQL injection, script injection, and DoS attacks. Ensure correctness and conformity of inputs with expected formats.
- Authentication and Authorization: Implement robust authentication mechanisms (e.g., OAuth, API keys) and ensure resources are accessed only by users with correct permissions.
- MIME Type Validation: Perform server-side checks to validate MIME types of uploaded files against their content to detect mismatches.
- Data Sanitization: Sanitize input data to remove potentially harmful elements before using it in your application.
- Error Handling: Customize error messages to avoid exposing details that could be used for cyber attacks.
- Encryption of Sensitive Data: Use strong encryption for data at rest and in transit, especially for sensitive information like authentication tokens and personal data.
- Logging and Monitoring: Implement logging of access and errors and monitor logs for unusual activity indicating an attack.
- Security Headers: Use security headers like Content-Security-Policy and X-Frame-Options to enhance security of API responses.
HTTP Verbs:
The API uses standard HTTP verbs to define what action is being taken:
- GET: Retrieve information about a resource.
- POST: Create a new resource.
HTTP Status Code Summary
| Code | Status | Description |
|---|---|---|
| 200 | OK | The request was successful. |
| 201 | Created | The request was successful, and a resource was created as a result. |
| 202 | Accepted | The request has been received but not yet acted upon. |
| 204 | No Content | The request was successful, but there is no content to send in the response. |
| 400 | Bad Request | The request was unacceptable, often due to missing a required parameter. |
| 401 | Unauthorized | No valid API key provided. |
| 403 | Forbidden | The client does not have access rights to the content. |
| 404 | Not Found | The requested resource doesn't exist. |
| 405 | Method Not Allowed | The request method is not supported for the requested resource. |
| 409 | Conflict | There is a conflict with the current state of the target resource. |
| 415 | Unsupported Media Type | The payload format is in an unsupported format. |
| 429 | Too Many Requests | The user has sent too many requests in a given amount of time ("rate limiting"). |
| 500 | Internal Server Error | An error occurred on the server. |
| 502 | Bad Gateway | The server, while acting as a gateway, received an invalid response from the upstream server. |
| 503 | Service Unavailable | The server is overloaded or under maintenance. |
| 504 | Gateway Timeout | The server, while acting as a gateway, did not get a timely response from the upstream server. |