1. Home
  2. Application Programming Interface
  3. Survalyzer’s API – Step by step instructions

Survalyzer’s API – Step by step instructions

The following API is offered by Survalyzer:

To use the service methods, several steps are necessary.

Step 1: Unblock the service methods

The interactive login to Survalyzer has an anti-forgery token to prevent Cross-Site Request Forgery (CSRF) attacks. This feature provides an additional layer of security which is not present in the API. Therefore, Survalyzer decided to add an additional security layer to the service methods by explicitly whitelisting IPs which are allowed to call the API.
To unblock the IP-address of a customer server, the following steps are necessary:

Find out public IP to unblock API

Send this IP-address with a request for unblocking API calls to support@survalyzer.com. Once Survalyzer unblocks the IP-address, the API is accessible from this server.

Attention

The API is only accessible from your subdomain. Don’t use the generic admin Url.
The Url must look like this: https://yoursubdomain.survalyzer.{nl|ch}/publicapi/…

Step 2: Get an access token

To get an access token, the following API must be called:
POST /publicapi/login/GetApiToken

Header:
charset: UTF-8
content-type: application/json

Body:
{
"username": "myUsername",
"password": "myPassword"
}

This request returns the following structure:
{
"$type":"GetApiTokenResponse",
"accessToken": {token},
"isSuccess":true,
"errorMessage":""
}

Step 3: Using the access token in subsequent calls

Receiving the access token will not result in a cookie which stores the access token. Therefore the token must be provided in the header of each subsequent call. The call of the ReadSurveyData method will look like this:


POST /publicapi/Survey/ReadSurveyData

Header:
charset: UTF-8
content-type: application/json
Authorization: Bearer {token}

Body:
{
"surveyId":"4711",
"locale": "de"
}

Portals and Dashboards
Survalyzer also offers customers the option to create custom portals and dashboards for their clients. Clients should sign-up using the registration questionnaire. After signing up, credentials are also valid for requesting API tokens but are limited to portal functions, with no entitlement to receive survey data.

Important to know
An access token is valid for three hours. After this, the next call will return a status 401, meaning that the GetApiToken method must be called again to initiate another access token. The access token is only valid for the IP which requested it. If the IP of the client changes through the DHCP lease renewal, the token automatically and immediately becomes invalid.

Updated on August 26, 2019

Was this article helpful?

Related Articles