API Reference Documentation: https://app.denim.com/api/v1/documentation
There are two environments to consider:
production. Each will have its own set of credentials.
Our staging environment provides a place to test various endpoints for integration into your product. No real funds are processed, so there is no risk of any financial transactions actually occurring.
Dashboard Login: https://staging.denim.com/dashboard/login
API Base URL: https://staging.denim.com/api/v1
From an API perspective, the production environment is functionally equal to the staging environment. As an integrator, you will not have access to client dashboards and financial transactions will process as expected in production. API Keys in production will be provided by our mutual client.
API Base URL: https://app.denim.com/api/v1
Each client that wishes to integrate with Denim must generate an API key from the Denim Portal and share it with the integrator. By design, API keys are scoped to individual customer users to ensure data security and integrity.
If you are not building tools for your own organization, but are instead integrating Denim tools into another platform or application such as a Transportation Management System ("TMS"), you will not have access to our shared client's Denim Dashboard. In this case, you will need to build functionality for the client to input and store the API key for requests.
It is critical that these API keys are associated with the client as all API requests are first scoped by the client associated with the API key.
Where to get an API Key
See below for an illustration of how a client may retrieve their API key from the Denim Portal.
Using the API Key
API keys should be sent with all requests through an
x-api-key header. All queries and returned data are scoped to the client matching with the API key, so it is critical the API key is mapped to the correct client.
The API key does not expire; however, the client is capable of rotating the key via the Denim Portal. In these cases, the TMS integrator should be able to determine when the API key has expired, most easily done by receiving a 401 (Unauthorized) HTTP status code from the API, and prompting the client to update their API key.
API Rate Limits
In an effort to protect the stability of the platform, all API endpoints are rate-limited. Each API endpoint has a max rate of 1000 requests per minute. If the rate limit is exceeded, you will receive a 429 Too Many Requests response status code.