1. Home
  2. Application Programming Interface
  3. Survalyzer’s API – Step by step instruction

Survalyzer’s API – Step by step instruction

The following API is offered by Survalyzer:

To use the service methods several steps are necessary.

Step 1: Unblock the service methods

The interactive login to Survalyzer has an anti-forgery token to prevent Cross-Site Request Forgery (CSRF) attacks. This feature provides an additional layer of security which is not present in the API. Therefore, Survalyzer decided to add an additional security layer to the service methods by explicit whitelisting IPs which are allowed to call the API.
To unblock the IP-address of a customer server the following steps are necessary:

Find out public IP to unblock API

Send this IP-address with the request for unblocking API calls to support@survalyzer.com. After Survalyzer unblocked the IP-address the API is accessible from this server.

Attention

The API is only accessible from your subdomain. Don’t use the generic admin Url.
The Url must look like this: https://yoursubdomain.survalyzer.{nl|ch}/publicapi/…

Step 2: Get an access token

To get an access token the following API must be called:
POST /publicapi/login/GetApiToken

Header:
charset: UTF-8
content-type: application/json

Body:
{
"username": "myUsername",
"password": "myPassword"
}

This request returns the following structure:
{
"$type":"GetApiTokenResponse",
"accessToken": {token},
"isSuccess":true,
"errorMessage":""
}

Step 3: Using the access token in subsequent calls

Receiving the access token will not lead to any cookie which stores the access token. Therefore the token must be provided in the Header of each subsequent call. The call of the ReadSurveyData

method will look like this:
POST /publicapi/Survey/ReadSurveyData

Header:
charset: UTF-8
content-type: application/json
Authorization: Bearer {token}

Body:
{
"surveyId":"4711",
"locale": "de"
}

Portals and Dashboards
Survalyzer also offers customers the option to create custom portals and dashboards for their clients. Clients could sign-up using the registration questionnaire. After signing up, the credentials are also valid for requesting API tokens but are limited to portal functions and are not entitled to receive survey data.

Important to know
The access token is valid for 3 hours. After that timespan the next call will return a status 401 which is the indication that the GetApiToken method must be called again to get another access token. The access token is only valid for the IP which requested it, if the IP of the client changes through the DHCP lease renewal the token becomes invalid immediately.

Updated on February 21, 2019

Was this article helpful?

Related Articles