B2B Rest API

B2B REST API allows you to execute functionality across your whole business and customer base. You authenticate with this API as a Shaype client, not as your individual customer. Because of this, we sometimes refer to this API as Operations API.

Authentication scheme for B2B REST API is very simple: We will provide you with a long-living authentication token that you will need to pass as an Authentication: Bearer HTTP header. That's it, nothing else is needed.

📘
Subject to change
We plan to provide a client login functionality in the future that will replace the shared long-lived tokens.

Example

curl --location --request GET 'http://haas.staging.hay.co/v0/accounts/{accountId}' \
--header 'Authorization: Bearer eyJhbGciOiJI...'

Authentication errors

If we don't recognise the authentication token we will return a 401 Unauthorised HTTP response with a body similar to the example below:

{
    "timestamp": "Jan 1, 2022, 01:00:00 PM",
    "status": 401,
    "error": "Unauthorized",
    "message": "Unauthorized",
    "path": "/v0/accounts/{accountId}"
}

If you access a resource that you shouldn't, for example an account that doesn't belong to one of your customers, we will return a 403 Forbidden HTTP response with a body similar to the example below:

{
    "message": "Client unauthorised to access the resource.",
    "details": "Please contact Hay for more info with the traceId.",
    "status": "403",
    "traceId": "af502935-557c-4983-8659-00f83d755dd9"
}

📘Subject to change

Example

Authentication errors

📘
Subject to change