Higher Logic recommends that you approach your API development using the following steps.
Refer to the sections below for supporting technical information.
- Create a basic web service client that can establish a connection.
- Implement compression and authentication.
NOTE: Authentication requires a user name and password in the brand you are working with.
- Implement a GridRequest message.
- Implement encryption.
NOTE: Coordinate with Higher Logic around the setup of the encryption key.
- Test the updated encryption implementation with the GridRequest message.
- Implement the balance of the messages necessary for your purposes.
All messages to and from the Thrive Marketing Professional web service are compressed to help speed transfer and to reduce the amount of bandwidth necessary to handle requests. The web service uses standard gzip libraries provided with .NET to compress the payload of the message. The payload nodes are the ActionRequest for action messages and the GridRequest node for grid messages (reports). For the response messages, the ActionResponse and the GridResponse nodes will be also be compressed. Only the payload is compressed because the remaining header nodes are used for validation of the incoming request before decompression and decryption.
The web service can encrypt incoming and outgoing messages. Encryption is implemented using TripleDES encryption using 192-bit symmetric keys. Only the payload of the message is encrypted.
Using encryption for message security is strongly recommended. If implementing encryption is not an option, authentication must be implemented by including a Password node along with the User node. These values are passed "in the clear," so it is not secure.
The XML encryption technique is W3C compliant. Thrive Marketing Professional is capable of encrypting either an entire XML document or specific nodes within the XML Doc. Thrive Marketing Professional supports TripleDES (with 192-bit key).
After compressing and/or encrypting your payload, the data must be Base64 encoded. The example below shows the resulting message:
<ActionRequest xmlns="http://partner.informz.net/aapi/2009/08/"> <Brand id="9999">Test Brand</Brand> <User>testuser</User> <Password>password</Password> <Actions>+AUAAB+LCAAAAAAABADtvQdgH...T+oAkh/+AUAAA==</Actions> </ActionRequest>