Request

Field

Type

Description

Content-Type

String

application/json

Authorization

String

ALTR API's authorization protocol relies on a properly formatted authorization header. The accepted format is: "ALTR " + api_key + ":" + signature. signature is a base64-encoded, SHA-256 hash that uses the API key's secret as the key for the hash function. The payload being hashed must follow the format: HTTP-METHOD + "\n" + RESOURCE + "\n" + DATE + "\n". DATE must match X-ALTR-DATE, and RESOURCE must be empty for a POST request. An example payload for a POST request is: "POST\n\n01-01-1970 00:00:00\n"

X-ALTR-DATE

Date

The datetime used in the authorization signature. If this is more than 15 minutes past the server's internal clock, the request will be rejected.

Content-Length

Number

Size of the request. The request will be rejected with a 509 status code if the request if over 500kb.

Response

Field

Type

Description

X-Bytes-Consumed

Number

The number of bytes written to the distributed ledger and counted against the Key's organization. The number may differ from the Content-Length header becuase the string representation of the data is written to the distributed ledger.

X-Overflow-Data

Boolean

This flag will be set if any single value is greater than 3kb, or the entire batch is greater than 500kb.

date = new Date();
payload = 'POST\n\n' + date + '\n';
API_KEY = <your API key>;
SECRET = <your API secret>;
{
    "X-ALTR-DATE": date,
    "Authorization": "ALTR " + API_KEY + ":" + base64(hmac-sha256(payload, SECRET)),
    "Content-Type": "application/json",
    "Content-Length": 12345
}
{
    "X-BYTES-CONSUMED": 12345,
    "X-OVERFLOW-DATA": true
}

200

Field

Type

Description

token

String

On success, the JSON values given in the body will be replaced with the tokens. If any single value is greater than 3kb, X-Overflow-Data will be set to true and the value will be set to null in the response

HTTP/1.1 200 OK
{
    "key-1": "token1",
    "key-2": "token2",
    "overflow-key": null
}

Error Codes

Code

Name

Description

400

bad_request

Organization data cap exceeded.

401

unauthorized

The API key could not be authenticated.

403

forbidden

API key does not have write permissions.

503

internal_error

The web server encountered an unexpected error.

509

bandwith

Limit Exceeded Request exceeded 500kb limit. X-Overflow-Data header will be set to true.

HTTP/1.1 503 Internal Server Error
{
  "success": false,
  "response": {
      "error_type": "internal_error",
      "error_message": "Unable to process request at this time."
  }
}
HTTP/1.1 400 Bad Request
{
  "success": false,
  "response": {
      "error_type": "bad_request",
      "error_message": "Organization data cap exceeded"
  }
}
HTTP/1.1 400 Bad Request
{
  "success": false,
  "response": {
      "error_type": "bad_request",
      "error_message": "Invalid JSON detected. Failed unique key check"
  }
}
HTTP/1.1 401 Authentication Required
{
  "success": false,
  "response": {
      "error_type": "unauthorized",
      "error_message":  "API key must be included in header."
  }
}
HTTP/1.1 403 Forbidden
{
  "success": false,
  "response": {
      "error_type": "forbidden",
      "error_message":  "API key does not have write permission."
  }
}