Important Notice: Enforcing API parameter restrictions

Hi everyone :raising_hand_man:,

This is Tien from the Holistics Engineering team.

As part of our ongoing efforts to enhance the reliability and security of Holistics services, we will be enforcing public API parameter restrictions.

:spiral_calendar: This change will take effect starting from December 2024.

What’s changing? :rocket:

Before

  • API clients could send Query Parameters when the API specification requires Body Parameters, and vice versa.

After

  • API clients will have to send parameters correctly in Query or Body as specified in our API specification. Otherwise, the API requests would be rejected.

What you need to do :bulb:


:bulb: If you are already using Holistics API as specified on Holistics API | Holistics Docs (4.0), you don’t need to change anything.


Please double-check your API client and make sure to pass the parameters correctly as outlined in our Public API specification.

Here are some incorrect versus correct ways to pass parameters (emails and role) when using the API Invite Users.

  • Using curl

    • Incorrect

      curl -X POST 'https://secure.holistics.io/api/v2/users/invite?emails[][email protected]&role=admin'
      
    • Correct

      curl -X POST 'https://secure.holistics.io/api/v2/users/invite' \
           -H "Content-Type: application/json" \
           -d '{"emails":["[email protected]], "role": "admin"}'
      
  • Using JS fetch

    • Incorrect

      const url = 'https://secure.holistics.io/api/v2/users/invite?emails[][email protected]&role=admin'
      fetch(url, { method: "POST" })
      
    • Correct

      const url = 'https://secure.holistics.io/api/v2/users/invite'
      const params = {
      	emails: ['[email protected]'],
      	role: 'admin'
      }
      fetch(
      	url, 
      	{
      	  method: "POST",
      	  body: JSON.stringify(params)),
      	}
      )
      

What will happen starting from December 2024? :spiral_calendar:

Starting from December 2024, any API calls with incorrectly formatted parameters will receive a 400 Bad Request error.

Feedback :memo:

If you have any further concerns, please comment below or contact us at [email protected].

Cheers & all the best! :beers:

2 Likes

Hi everyone :raising_hand_man:,

The restriction policy has been in effect since yesterday, December 12th.

If you are getting errors with status 400 when requesting our public API, please double-check your API client and make sure to pass the parameters correctly as outlined in our Public API specification.

If you have any further concerns, please comment below or contact us at [email protected].

Thank you