Authentication is handled for the API through JWT (Json Web Token) or API Key.

On successful onboarding credentials (a username and a password) will be provided to access APIs. Using these credentials user can get JWT tokens (access & refresh token). Using the access token user can access other APIs or can get an API key for some duration (user can set the duration while creating the token). A valid API key can be used to access all APIs.

Deep longevity’s APIs can be accessed using JWT or API key.

Yes, APIs are secure and necessary security measures are already in place. Here are the few,

APIs are accessible via HTTPS only which ensures encryption for secure communication over the network.

Standard authentication mechanisms are implemented to access APIs like JWT & API Key. Validity for API key can be controlled during the API key creation.

APIs are 100% REST endpoints, and all possible vulnerabilities are manged including SQL injection.

Proper input validations are in place.

Permissions and authorization implemented.

Information about available endpoints is accessible with a valid customer only. To know more about the APIs please contact us at support@deeplongevity.com

Available APIs are 100% REST APIs and request/response body contains JSON data only.

Rate limits varies customer to customer based on the agreed contract and plan.

In case of rate limits are exceeded the requests will be waiting in a queue and executed in FIFO (first in first out).

Errors are communicated by the API through HTTP status codes.

Here are some following status codes and error messages,

400 Bad Request: The server cannot process the request due to a client error (e.g., malformed request).

401 Unauthorized: Authentication is required and has failed or has not been provided.

403 Forbidden: The server understood the request but refuses to authorize it.

404 Not Found: The requested resource could not be found.

500 Internal Server Error: A generic error message returned when an unexpected condition was encountered.

Developers will be provided with necessary documentation and validation details during onboarding.

Yes, APIs are documented using Swagger (OpenAPI 3.0 specification). Along with this postman collection is available to test and understand all available APIs.

Once successfully onboarded a developer account will be created in our test server and shared with the developer/team.

Most of the APIs returns quick response. For asynchronous processes APIs are available to check current process status.

User will not be blocked by the asynchronous events. After initiating the event API will return some process/tracking id and using the id user check the status/results.

In API development, data formatting in requests and responses is crucial for effective communication between clients and servers. All request and responses are is JSON format.

Yes, versioning is supported, and user can specify the version during APIs calls. Without versioning APIs will always return latest version.

No, it’s not required. All communication will happen using REST API.

Only requirement is that all requests should be a REST API call.

Currently monitoring is managed by our internal team only. Developer will not have access to this. Monthly report will be shared based on the usages.

In case of any performance or API issues, developers can ask support to check by sending email to support@deeplongevity.com.

We don’t need any PII to process your requests. So, we will not be accepting or storing any shared PII data. Developers are required to send deidentified data only.

Scalability of API is available based on the requirement of the user and agreed terms.

It’s recommended to maintain the agreed max number of concurrent requests to get the best performance.

Developers can reach out to our support team at support@deeplongevity.com. Our team will get back with possible cause and solutions.