Hi everyone 
,
This is Tien from the Holistics Engineering team.
As part of our ongoing efforts to enhance the reliability and security of Holistics services, we will be enforcing public API parameter restrictions.
This change will take effect on December 1st, 2024.
Whatβs changing? 
Before
- API clients could send Query Parameters when the API specification requires Body Parameters, and vice versa.
After
- API clients will have to send parameters correctly in Query or Body as specified in our API specification. Otherwise, the API requests would be rejected.
What you need to do 
If you are already using Holistics API as specified on Holistics API | Holistics Docs (4.0), you donβt need to change anything.
Please double-check your API client and make sure to pass the parameters correctly as outlined in our Public API specification.
Here are some incorrect versus correct ways to pass parameters (emails and role) when using the API Invite Users.
-
Using
curl-
Incorrect
curl -X POST 'https://secure.holistics.io/api/v2/users/invite?emails[][email protected]&role=admin' -
Correct
curl -X POST 'https://secure.holistics.io/api/v2/users/invite' \ -H "Content-Type: application/json" \ -d '{"emails":["[email protected]], "role": "admin"}'
-
-
Using
JS fetch-
Incorrect
const url = 'https://secure.holistics.io/api/v2/users/invite?emails[][email protected]&role=admin' fetch(url, { method: "POST" }) -
Correct
const url = 'https://secure.holistics.io/api/v2/users/invite' const params = { emails: ['[email protected]'], role: 'admin' } fetch( url, { method: "POST", body: JSON.stringify(params)), } )
-
What will happen after the December 1st, 2024?
After December 1st, 2024, any API calls with incorrectly formatted parameters will receive a 400 Bad Request error.
Feedback 
If you have any further concerns, please comment below or contact us at [email protected].
Cheers & all the best! 