Developer Guidelines
Status and Error Codes
Following list describes common types of client statuses on API calls that receive request bodies: All CDQ Cloud Platform services provide a response object comprising an HTTP status code and optionally a response entity (e.g. a business partner). The response entities are described by the particular web method documentation. The following listing defines the meaning of HTTP status codes in the context of CDQ Cloud Platform services:
| Code | Technical Key | Description |
|---|---|---|
| 20000000 | OK | Successful request. |
| 20100000 | CREATED | A resource has been created. |
| 40000000 | BAD_REQUEST | Bad Request, invalid input provided. |
| 40100000 | UNAUTHORIZED | Authentication is required and has failed. |
| 40400000 | NOT_FOUND | The requested resource was not found. |
| 42900000 | TOO_MANY_REQUESTS | Too many requests, try again later. |
| 50000000 | INTERNAL_SERVER_ERROR | Request failed due to to an internal server error. |
| 50300000 | SERVICE_UNAVAILABLE | Service is currently unavailable. |
Status 200XXXXX
Expand to see the Status 200 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 200000000 | DEFAULT_OK | Successful request. |
| 200000001 | JOB_SCHEDULED | The job has been successfully scheduled for execution. |
| 200000002 | JOB_WAITING | This job is waiting for dependent job to finish before it can run. |
| 200000003 | JOB_RUNNING | The job is currently being executed. |
| 200000004 | JOB_FINISHED | The job came to an end and finished successfully. |
| 200000005 | JOB_CANCELED | Job has been canceled. |
| 200000006 | BULK_RUNNING | The bulk is currently being executed. |
| 200000007 | BULK_FINISHED | The bulk has been executed successfully. |
| 200000008 | BULK_CANCELED | Bulk has been canceled. |
Status 201XXXXX
Expand to see the Status 201 extended list.
| ID | Status Technical Key | Message |
|---|---|---|
| 201000000 | DEFAULT_CREATED | A resource has been created. |
| 201000001 | JOB_CREATED | A job has been initially created but is not accepted yet. |
| 201000002 | JOB_PERSISTED | A job has been created and accepted. |
| 201000003 | BULK_CREATED | A bulk has been created. |
Status 400XXXXX
Expand to see the Status 400 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 400000000 | DEFAULT_BAD_REQUEST | Bad Request, invalid input provided. |
| 400000001 | MALFORMED_REQUEST | The request is malformed. please check the documentation to construct a valid request. |
| 400000002 | METHOD_NOT_SUPPORTED | Request method '{1}' is not supported. |
| 400000003 | NOT_FOUND | The requested resource could not be found. |
| 400000004 | MANDATORY_FIELD | Please provide {1}. |
| 400100001 | NAME_OR_IDENTIFIER_MISSING | You have to provide at lease name or identifier. |
| 400100003 | GR_NON_UNIQUE_RESULT | We found multiple GRs in this business partner, please ensure to submit only 1. |
| 400100002 | GR_NOT_FOUND | Golden Record not found. |
| 400100004 | FETCH_STRATEGY_MISSING | You have to use a fetch strategy if you provide a business partner. |
| 400100005 | BP_AND_CDQID_PROVIDED | You have provided a business partner and CDQ ID. Please provide only one. |
| 400100006 | GR_BUSINESSPARTNER_MISSING | You have to provide a business partner for this fetch strategy. |
Status 404XXXXX
Expand to see the Status 404 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 404000000 | DEFAULT_NOT_FOUND | The path you requested has not been found |
| 404000001 | BULK_NOT_FOUND | Bulk Id '{1}' does not exists. Either it never existed or it is evicted. |
Status 429XXXXX
Expand to see the Status 429 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 429000000 | DEFAULT_TOO_MANY_REQUESTS | Too many requests. |
| 429000001 | RATE_LIMIT_EXCEEDED | Too many requests. Your rate limit is {1}. |
| 429000002 | QUOTA_EXCEEDED | Quota exceeded for data source '{1}'. Your quota is reset in {1}. |
Status 500XXXXX
Expand to see the Status 500 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 500000000 | DEFAULT_INTERNAL_SERVER_ERROR | Service failed due to to an internal server error. Please contact CDQ Support. |
| 500000001 | JOB_FAILED | Job failed due to to an internal server error. Please contact CDQ Support. |
| 500000002 | BULK_FAILED | Bulk failed due to to an internal server error. Please contact CDQ Support. . |
Status 503XXXXX
Expand to see the Status 503 extended list.
| ID | Technical Key | Message |
|---|---|---|
| 503000000 | DEFAULT_SERVICE_UNAVAILABLE | Service is currently unavailable. |
| 503100001 | EXTERNAL_SERVICE_ERROR | Request failed due to external service error. |
Storing data
| Storing space type | Description |
|---|---|
| Workspace | An abstract area where customers can work. It contains the client's Data Mirror, Data Storages, Data Sources, configurations, and API Keys. |
| Data Storage | Storage dedicated for client's data. Multiple Data Storages can be created in the organization's workspace. Data stored in the Data Storage can not be shared with the CDQ community. |
| Data Mirror | A special type of storage dedicated to client's data. Only one Data Mirror is created in the organization's workspace. Data Mirror can be shared with the CDQ community. |
| Data Source | A partition-like space. Multiple Data Sources can be created in the Data Storage or Data Mirror. |
Features and Profiles
Endpoints provide features in order to enable configurability to optimize performance. Features are very specific to the endpoint, however, following generic features can be distinguished.
| Feature | Description |
|---|---|
| LAB_* | Feature toggle that is used temporarily to activate/deactivate beta features. Do no use in production environments. |
| ENABLE_SETTINGS | Enables that organizational and/or user settings are applied to configure the endpoint. For example, organization-wide configuration for data curation output languages. |
| SHOW _* | Feature which add additional fields to the response object. By default, these fields are hidden in order to keep the payload low and to increase performance |
For convenience, most common configurations of the features are provided in terms of profiles which also can be selected in the endpoint. If no profile or feature is selected explicitly, a default profile will always be applied. In most cases, consumers do not need to configure features or profiles - they may use the endpoints as-is.»
Pagination
Responses that return multiple items will be paginated to 50 items by default. You can specify further pages control with the following query parameter:
| Query Parameter | Description |
|---|---|
| limit | Sets the page size of the request object |
| startAfter | Start after the provided pagination ID. Leave empty for the first query. The response will contain a property nextStartAfter which need to be used for any subsequent queries until nextStartAfter is empty. |
Paging over whole resource
The whole resource can be retrieved using endpoint supporting pagination. Reading loop should include page read endpoint call with startAfter property, filled with the content of nextStartAfter from the previous page read result. When nextStartAfter property is empty, then reading loop should finish processing.
Example
var startAfter = null
do
var page = resource.readPage(limit, startAfter)
process(page)
startAfter = page.nextStartAfter
while (null != startAfter)Integration Patterns
CDQ recommends different patterns to integrate with our SOAP or REST APIs:
- Transactional: Process requests one-by-one.
- Bulk: Parallelize processing by sending many requests into one. Bulk endpoints parallelize workload and optimize performance. Please note that for bulk endpoints different rate limits occur.
- Data Mirror: Use continuously running monitors to process your data and distribute work loads.
- Analytical: Dump analytical data and process on your own.
Use the following table to pick the proper integration pattern for your use case - depending on data volume and or expected throughput.
| Integration Pattern | Data Volume | Maximum Throughput |
|---|---|---|
| Transactional | 1 | < 20 per Second |
| Bulk | 2-1000 | > 20 per Second |
| Data Mirror | > 1000 | Realtime |
| Analytical | > 1000 | 5 MB per Second |
Rate Limits
Rate limits helps to prevent short-term abuse and denial-of-service attacks and ensures that the API remains available for all customers. CDQ limits the number of REST API requests that you can make within a specific amount of time.
Rate Limits are tracked on a workspace, user or individual API Key level.
Following rate limits apply to all endpoints:
| Rate Limit | Reset | Scope |
|---|---|---|
| 5'000 Requests | Hour | Workspace |
| 2'000 Requests | Hour | User |
| 20 Requests | Second | API Key / User |
For selected endpoints, we have additional limits:
- Bulks: CDQ only allows one bulk of a type (i.e. Lookup or Fetch) processed sequentially. Keep in mind, that parallelization is applied on server side and parallelization on client-side is not required.
| Rate Limit | Reset | Scope |
|---|---|---|
| 1 Bulk per Type | After Completion | Workspace |
Quotas
Quotas control API utilization according to the selected subscription of every customer. Quotas helps to plan resources accordingly to ensure CDQ is able to meet service levels.
Please reach out to us in case you need to adjust quotas.
The following default quotas are set as part of your subscription:
| Rate Limit | Reset | Scope |
|---|---|---|
| 50 Jobs | Day | Workspace |
| 100'000 Requests | Month | Organization |
CDQ also defines quotas for the access to external data sources.:
| Rate Limit | Data Source | Reset | Scope |
|---|---|---|---|
| 40'0000 Requests | VIES | Day | Organization |
Firewall ports
For secure communication, the following ports are required for the CDQ Cloud Platform:
| Description | Protocol | Port |
|---|---|---|
| Inbound Agent Communication | HTTP | 80 |
| Inbound Agent Communication | HTTPS | 443 |
Request Size Limiting
Payload size
For most CDQ's endpoints, the maximum acceptable payload size of the request is set to 10 MB.
Exceptions from this limit are gathered in below table:
| Endpoint | Request Size |
|---|---|
| Upsert Business Partner | 250 MB |
Upload file size
The same Request Size Limit applies to uploading the file.
- For uploading files <= 10 MB read File Upload instruction.
- For uploading files > 10 MB read Request Upload instruction.
Schema
Blank fields are omitted and not includes as null in order to optimize payload sizes. All timestamps are returned to ISO 8601 format
attention
Implementation Guidelines Carefully read and follow our integration guideline S1: Safe consumption of responses.
TLS Certificates
When connecting to our API, it may be necessary for some particular clients to explicitly download and import the TLS certificate chain (Root, Intermediate, Server). Please download the certificate chain here:
Certificate Rotation
The next certificate rotation is scheduled for 27.07.2024. During this process, the current certificates will be replaced with new ones. We would like to inform you that there will be a modification in the Certificate Authority (CA) that issues our certificates. Specifically, we are changing fromSSL.COM to DigiCert. This change is part of our ongoing efforts to enhance the security and reliability of our services.Please note the following:
- The rotation process will begin at 07:00 UTC and will last for several hours.
- During this time, some sessions might be reset
- It is mandatory for all users utilizing internal trust stores with CDQ's certificates to update their stores with the new certificates during the certificate rotation period. This step is crucial to maintain uninterrupted access and trust in our services.
| Domain | Certificate | Signature hash | Valid From | Expires |
|---|---|---|---|---|
| api.cdq.com | Download | sha256WithRSA | 27.07.2024 | 30.07.2025 |
| api.corporate-data-league.ch | Download | sha256WithRSA | 27.07.2024 | 30.07.2025 |
| api.cdq.com | Download | sha384WithECDSA | 27.07.2024 | 30.07.2025 |
| api.corporate-data-league.ch | Download | sha384WithECDSA | 27.07.2024 | 30.07.2025 |
Currently active
attention
The following certificates will be active to Jul 27, 2024.
| Domain | Certificate | Protocols | Valid From | Expires |
|---|---|---|---|---|
| api.cdq.com | Download | TLS 1.2 | 27.07.2023 | 07.08.2024 |
| api.corporate-data-league.ch | Download | TLS 1.2 | 27.07.2023 | 07.08.2024 |
Please note that the certificates are renewed every year and need to be updated in your certificate management system (if available).
Certificate Details
The certificates were rated A at the time of issue, according to SSL Labs.
The details of the certificates are as follows:
| api.cdq.com | |
|---|---|
| Overall Rating | Grade A |
| Serial Number | 6cc6b06f29f5492eae45ea2e74dc7f27 |
| Key | EC 256 bits |
| Issuer | SSL.com SSL Intermediate CA ECC R2 |
| Signature algorithm | SHA384withECDSA |
| api.corporate-data-league.ch | |
|---|---|
| Overall Rating | Grade A |
| Serial Number | 51f12d971ca932581f6e34793bc513db |
| Key | EC 256 bits |
| Issuer | SSL.com SSL Intermediate CA ECC R2 |
| Signature algorithm | SHA384withECDSA |
RSA Certificates
For customers who do not support elliptic curve algorithm in their systems, we provide RSA certificates below.
| Domain | Certificate | Protocols | Valid From | Expires |
|---|---|---|---|---|
| api.cdq.com | Download | TLS 1.2 | 14.08.2023 | 13.08.2024 |
| api.corporate-data-league.ch | Download | TLS 1.2 | 26.07.2023 | 27.07.2024 |
History
| Domain | Server Certificate | Valid From | Expires |
|---|---|---|---|
| api.cdq.com | Download | 27.07.2022 | 07.08.2023 |
| *.corporate-data-league.ch | Download | 27.07.2022 | 07.08.2023 |
Versioning
Understanding version numbers
Each API or App release is uniquely identified by a version number. The structure of the version follows the standards of Semantic Versioning 2.0.
Format and example:
<MAJOR>.<MINOR>.0+<BUILD TAG>
25 .45 .0+202007747438- Major: Incremented when incompatible API changes are releases
- Minor: Incremented when functionality or fixes are released in a backwards compatible manner
- Build: Timestamp of the build
Each API or App has its own release cycle and thus its own dedicated version. Release notes are published here.
Incompatible API changes
Incompatible API changes include ("breaking changes"):
- End-of-life of an endpoint
- Removal of a property in the request/response model
- Removal of an enum value in the request/response model
Versioning and release strategy
In order to support and operate multiple API versions in parallel, we apply the following versioning strategy:
Versioning through URI paths Endpoints include the major version number in order to provide two version in parallel. If no version number is provided, the version isv1. Example:https://api.cdq.com/reference-data/rest/businesspartners/lookup
https://api.cdq.com/reference-data/rest/businesspartners/v2/lookupv1 endpoint, you
still benefit from (non-breaking) features or fixes.Tags
The following tags are used in the API documentation for quick reference to versions.
- V1, V2, .. ,VX: Refers to the major version of an API
- latest: Refers to the latest version of an API
Version selector by tags
End-of-life
End of life of APIs or endpoints is communicated1 year in advance to give every customer the necessary time to
upgrade.Beta Versions
Beta versions are introduced to provide developers with early access to the functionality and features of the API before its full release. This allows developers to test the API in real-world scenarios, provide feedback, and suggest improvements. Beta versions help to identify and address any issues or bugs or refine documentation. Additionally, beta testing enables developers to start integrating the API into their applications and services, allowing for smoother adoption and transition once the API is officially launched.
warning
Beta functionalities are not recommended to be implemented in a production environment.
API Beta Versions
APIs Beta versions are marked in the dropdown list with the(beta) flag next to the API version.
|
| Version selector with beta flag |
Endpoint Beta Versions
Endpoints Beta versions are marked with BETA badge in the API documentation next to the endpoint name.attention
Parameters, properties and toggle features Beta Versions
Parameters, properties and toggle features Beta versions are marked with BETA badge in the API documentation next to the parameter, property or feature description.warning
html and css. If you download the API documentation beta version, delete the html tags from the tagged descriptions.Implementation
The following guidelines support developers to build rocket-solid client implementations.
Authorization
A1: Token Management Always use the latest token for authorization. Tokens are valid for a limited time and need to be refreshed before they expire.
{
"access_token": "eyJhbG...HSmgnS_0",
"expires_in": 1800,
"token_type": "Bearer"
}Schema
S1: Safe consumption of API responses. Be aware that in the API response blank fields are omitted and not included as null. Your client implementation needs to check if values are present in the payload before using them - otherwise your application may generate null pointer exceptions or similar.
Here is the example of two responses of the same API endpoint - however, in the second response we don't provide alastPaymentDate as this information is null and hence omitted.{
"internationalBankIdentifier" : "DE34XXXXXXXXXXXXXXXXX"
"lastPaymentDate" : "2021-18-45"
"country" : "DE"
..
}{
"internationalBankIdentifier" : "DE34XXXXXXXXXXXXXXXXX"
// ATTENTION: field "lastPaymentDate" is null so it will not be part of the response
"country" : "DE"
..
}lastPaymentDate in every response then Response #2 will
definitely lead to an application error which needs to be avoided.Specifications
CDQ APIs are available via REST or SOAP 1.2. The below table provides links to download CDQ APIs specification in JSON, YAML, WSDL or WADL format.
attention
Your opinion matters!
We are constantly working on providing an outstanding user experience with our products. Please share your opinion about this tutorial!
Mail our developer-portal team: developer-portal@cdq.com