Introduction
Moving Intelligence is now offering web services to access the data our services provide. For the services offered see the bottom of this page.
Push services
For more information about our push service please read the documentation.
RESTful services
Web services are provided as stateless RESTful interfaces. Data is represented as JSON. HTTPS is used to secure the connection.
Error handling
Standard HTTP error codes are used for handling errors. Anything other than HTTP 200 should be considered an error. Error messages are always in the following form:
{
"status": "BAD_REQUEST",
"code": 400,
"message": "Cannot convert value to required type \"long\" for input string: \"thisisnotanumber\""
}Performance
Requests to our web servers are rate limited to a maximum of 15 requests per second per user of source IP address. When you send more many more requests they will be delayed. If our webserver is flooded with requests, we will simply drop them.
Some requests deal with data ranges or multiple objects/persons. To get quick responses, it is often better split up your data demand in several smaller requests. For instance, if you'd want to know the trip of a whole year, do a separate call for every month. In most cases, this is much faster!
JSONP
By adding the callback parameter to the url, you can do JSONP requests. This means that the JSONP response will be wrapped inside of the callback function specified by the parameter.
Supported hardware types
You can request trips for all objects of hardware type Mi30, Mi40, Mi50, Mi100 or Mi120.Authorization
First some information about the user and rights scheme we use in our Moving Intelligence platform. The web services use the exact same principal as the website, so if you understand the one, you'll also understand the
other.
Actions
A Moving Intelligence user has certain rights. We call them actions. They represent a limited range of features that the platform provides. Actions therefore also give you access to a limited
number of web service calls. The API docs will tell you about what calls require which actions.
There are two basic types of Actions:
- Simple actions: These are isolated general actions.
- Subject actions: Actions that can be performed on a subject. Subjects can be either objects or persons. The
Moving Intelligencerights scheme lets you issue actions specific to these subjects, to make fine grained access restrictions possible.
The web service calls wil also honor this scheme.
Authentication
We do not use username/password authentication for our web service calls. Instead, we provide you with a shared API secret.
You use this secret to sign every request with a signature. We do the same on the server and when the signatures match the call is allowed.
Please note the secret is never sent to our server! It is only used for signing requests.
For this scheme, we use four HTTP headers:
X-Mi-User
Put your Moving Intelligence username in this header
X-Mi-Nonce
This is a random string. It must have a minimum length of 8 characters, and can contain a-z, A-Z and 0-9 characters. The string may not repeat for at least 10 minutes.
X-Mi-Timestamp
Use the current epoch as the value. It should be within 5 minutes of the actual time. A higher offset will cause the request to be denied.
X-Signature
This header must contain the generated signature in the following format: <hash function> <signature>.
Hash function should be either sha512, sha256 or md5. sha512 is preferred.
The signature is the hash (using one of the given hash functions) of the concatenation of the following fields:
- the URL part after the hostname, so that should be the full path, and also the query string
- the X-Mi-User header
- the X-Mi-Nonce header
- the X-Mi-Timestamp header
- the shared
API secret
Please note that signature should be in hex notation. The value of the header should look something like this:
sha512 5468652076616C7565206F6620746865206865616465722073686F756C64206C6F6F6B206C696B6520746869733A
Any error in this scheme leads to a HTTP 401 response like this:
{
"status": "UNAUTHORIZED",
"code": 401,
"message": "You are not authorized to view this page"
}Get an API secret
To use our web services, you only need an API secret. You don't need to buy any extra services. You can obtain an API secret by requesting one via our support team. You can simply send an email to aftersales@movingintelligence.nl, and they will provide you with more details.
API docs
Below you'll find the API documentation. You can even test the calls by providing your username and API secret. The API secret will only be used to sign the request and will therefore not be sent to our server.