Tire Protection API
Revision 09-FEB-2023
Table of Contents
Overview
This API allows partners to create, view, and cancel registrations. Your application must authenticate all requests with a signed JWT.
For more information about how to generate a signed JWT see Getting Started. For help, reach out to engineering@abswarranty.net.
Environments
Name | Base URL | Purpose |
---|---|---|
Sandbox | https://sandbox.absintegrations.com/api/v3 | Testing |
Production | https://absintegrations.com/api/v3 | Production |
Your Partner ID and Program ID(s) are unique per environment.
We recommend using a different asymmetric key pair per environment.
Authentication
Your application must authenticate all API requests with a signed JWT passed as a Bearer
token in the HTTP Authorization
header.
The JWT must contain alg
and typ
headers, where alg
is the algorithm used to sign the token and typ
is JWT
.
{
"alg": "ES256",
"typ": "JWT"
}
::: note
The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS PUB 186-5]. We support the following curves:
:::
Algorithm | Name | Curve |
---|---|---|
ES256 | secp256r1 | ECSDA P-256 |
ES384 | secp384r1 | ECDSA P-384 |
ES512 | secp521r1 | ECDSA P-521 |
See getting started for further details on how to generate your private and public key.
Send your public key to engineering@abswarranty.net
Keep your private key secure - do not send it over an insecure channel or share it with anyone, including ABS
Your key pair never expires - if you decide to change your key pair, send your updated public key to engineering@abswarranty.net
The JWT must contain the following claims:
Claim | Name | Description |
---|---|---|
iat | issued at | Unix timestamp when the token was created. |
iss | issuer | Your Partner ID. |
aud | audience | The environment Base URL. |
exp | expiration time | Unix timestamp not greater than 2 hours in the future. |
For example:
{
"iat": 1627618568,
"iss": "6102b521f403f42ddcde7ae5",
"aud": "https://sandbox.absintegrations.com/api/v3",
"exp": 1627625768
}
To be valid, the JWT must:
- Contain
iat
,iss
,aud
, andexp
claims iat
must be within the last 2 hoursiss
must be your Partner IDexp
must not be greater than 2 hours in the futureaud
must be an environment Base URL
If a claim is missing, does not pass validation, contains incorrect values, or if the token cannot be verified, the API will return 401: Unauthorized
.
{
"error": "unauthorized",
"statusCode": 401
}
We recommend generating a new signed JWT for every request made to our API.
Creating a registration
POST /registrations
To create a registration, send a POST
request to the /registrations
endpoint with a JSON payload containing consumer, tire, and vehicle information.
This endpoint only accepts JSON - set the HTTP header 'Content-Type: application/json
on every POST
request
Parameters
Headers | Description |
---|---|
Authorization | Bearer token in form of a JWT see getting started for more information. |
Send a registration object as the request body as JSON
Errors
This endpoint may respond with any of the status codes enumerated below; however, the most common errors are 401: Unauthorized
and 400: Bad Request
.
Status | Name | Description | Resolution |
---|---|---|---|
400 | Bad Request | The server could not understand the request | Check all parameters and ensure the request is valid |
401 | Unauthorized | The request is unauthenticated | Ensure your JWT is valid |
Examples
Registration object
{
"product_id": "YOUR-PRODUCT-ID",
"invoiceNumber": "001-20345",
"enrollDate": "2021-08-01T13:08:00.000Z",
"customer": {
"name": "John Doe",
"email": "john.doe@example.com"
},
"vehicle": {
"year": 2021,
"make": "Tesla",
"model": "Model 3"
},
"tires": [
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
}
]
}
Request
curl --location --request POST 'https://sandbox.absintegrations.com/api/v3/registrations' \
--header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Mjc2NTU5NzAsImV4cCI6MTYyNzY2MzE3MCwiYXVkIjoiaHR0cHM6Ly9zYW5kYm94LmFic2ludGVncmF0aW9ucy5jb20vYXBpL3YzIiwiaXNzIjoiNjEwMmI1MjFmNDAzZjQyZGRjZGU3YWU1In0.y5-vxJHlBtVf2Jr9sPO4I97L5hImkhyn1EtHeCoeIzqZwObpcVy9ZEMJoCGbXwnGdeZ6GpaiO8KD9xLqgUZcTg' \
--header 'Content-Type: application/json' \
--data-raw '{
"product_id": "YOUR-PRODUCT-ID",
"invoiceNumber": "001-20345",
"enrollDate": "2021-08-01T13:08:00.000Z",
"customer": {
"name": "John Doe",
"email": "john.doe@example.com"
},
"vehicle": {
"year": 2021,
"make": "Tesla",
"model": "Model 3"
},
"tires": [
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
}
]
}'
Response
{ "id": "6109bf5e5494a80b344f5daf" }
Get a registration
GET /registrations/{id}
This endpoint retreives the registration of the id passed into the endpoint.
Replace {id} with the registration id of the registation to retreive.
Parameters
Headers | Description |
---|---|
Authorization | Bearer token in form of a JWT see getting started for more information. |
Sent in the URL
Name | Description |
---|---|
id | The registration ID. |
Errors
This endpoint may respond with any of the status codes enumerated below; however, the most common errors are 401: Unauthorized
and 404: Not Found
.
Status | Name | Description | Resolution |
---|---|---|---|
401 | Unauthorized | The request is unauthenticated. | Ensure your JWT is valid. |
404 | Not Found | The resource was not found. | Ensure the Registration ID is correct. |
Example
Request
curl --location --request GET 'https://sandbox.absintegrations.com/api/v3/registrations/63e68996f4307525f7778e8e' \
--header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Mjc2NTU5NzAsImV4cCI6MTYyNzY2MzE3MCwiYXVkIjoiaHR0cHM6Ly9zYW5kYm94LmFic2ludGVncmF0aW9ucy5jb20vYXBpL3YzIiwiaXNzIjoiNjEwMmI1MjFmNDAzZjQyZGRjZGU3YWU1In0.y5-vxJHlBtVf2Jr9sPO4I97L5hImkhyn1EtHeCoeIzqZwObpcVy9ZEMJoCGbXwnGdeZ6GpaiO8KD9xLqgUZcTg' \
--header 'Content-Type: application/json'
Response
{
"_id": "63e68996f4307525f7778e8e",
"invoiceNumber": "001-20345",
"program_id": "63e68996f4307525f7777c7e",
"enrollDate": "2023-02-10T18:14:45.959Z",
"customer": { "name": "John Doe", "email": "john.doe@example.com" },
"vehicle": { "year": 2021, "make": "Tesla", "model": "Model 3" },
"tires": [
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
}
]
}
Listing all registrations
GET /registrations
To list all registrations, send a GET
request to the /registrations
endpoint. Returned results are paginated. The request can use optional query string parameters to retrieve different pages.
This endpoint only returns JSON
Parameters
Sent in the URL as a query string
Headers | Description |
---|---|
Authorization | Bearer token in form of a JWT see getting started for more information. |
Name | Default Value | Description |
---|---|---|
pageSize | 100 | Number of records per page. |
page | 1 | The page to retrieve. |
Errors
This endpoint may respond with any of the status codes enumerated below; however, the most common errors are 401: Unauthorized
and 400: Bad Request
.
Status | Name | Description | Resolution |
---|---|---|---|
401 | Unauthorized | The request is unauthenticated. | Ensure your JWT is valid. |
400 | Bad Request | The server could not understand the request. | Check all parameters and ensure the request is valid. |
Example
Request
curl --location --request GET 'https://sandbox.absintegrations.com/api/v3/registrations?page=1&pageSize=100' \
--header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Mjc2NTU5NzAsImV4cCI6MTYyNzY2MzE3MCwiYXVkIjoiaHR0cHM6Ly9zYW5kYm94LmFic2ludGVncmF0aW9ucy5jb20vYXBpL3YzIiwiaXNzIjoiNjEwMmI1MjFmNDAzZjQyZGRjZGU3YWU1In0.y5-vxJHlBtVf2Jr9sPO4I97L5hImkhyn1EtHeCoeIzqZwObpcVy9ZEMJoCGbXwnGdeZ6GpaiO8KD9xLqgUZcTg'
Response
{
"results": [
{
"_id": "6109bf5e5494a80b344f5daf",
"product_id": "YOUR-PRODUCT-ID",
"invoiceNumber": "001-20345",
"enrollDate": "2021-08-01T13:08:00.000Z",
"customer": {
"name": "John Doe",
"email": "john.doe@example.com"
},
"vehicle": {
"year": 2021,
"make": "Tesla",
"model": "Model 3"
},
"tires": [
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
},
{
"make": "BRIDGESTONE",
"model": "TURANZA ER33",
"size": "235/45R18",
"retailPrice": 334.31
}
],
"cancelledOn": "2021-08-03T10:10:00.000Z"
}
],
"totalRecordCount": 1,
"page": 1,
"pageSize": 100,
"totalPages": 1
}
Cancelling a registration
PATCH /registrations/:id
PATCH /registrations?invoiceNumber=:invoiceNumber
To cancel a registration, send a PATCH
request to the /registrations/:id
endpoint or to the /registrations?invoiceNumber=:invoiceNumber
endpoint with a JSON payload containing the cancellation date.
If your invoice numbers are not unique, you must use the /registrations/:id
endpoint
This endpoint only accepts JSON - set the HTTP header 'Content-Type: application/json
on every PATCH
request
Parameters
Sent in the request body as JSON
Name | Type | Required |
---|---|---|
cancelledOn | ISO 8601 Date extended format String. | yes |
Sent in the URL as a query string
Name | Description | Required |
---|---|---|
invoiceNumber | The invoice number. | Required if not using registration id . |
Sent in the URL
Name | Description | Required |
---|---|---|
id | The registration ID. | Required if not using invoiceNumber . |
Errors
This endpoint may respond with any of the status codes enumerated below; however, the most common errors are 401: Unauthorized
and 409: Conflict
.
Status | Name | Description | Resolution |
---|---|---|---|
401 | Unauthorized | The request is unauthenticated. | Ensure your JWT is valid. |
409 | Conflict | The request conflicts with the current state of the server. | Ensure the Registration ID or Invoice Number is correct. Some registrations cannot be cancelled. Registrations cannot be cancelled more than once. |
Not all registrations can be cancelled. If the terms and conditions for your program do not allow for cancellation, attempting to cancel a registration will result in the error 409: Conflict
Examples
Registration object
{
"cancelledOn": "2021-08-03T10:10:00.000Z"
}
Request
curl --location --request PATCH 'https://sandbox.absintegrations.com/api/v3/registrations?invoiceNumber=001-20345' \
--header 'Authorization: Bearer eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOjE2Mjc2NTU5NzAsImV4cCI6MTYyNzY2MzE3MCwiYXVkIjoiaHR0cHM6Ly9zYW5kYm94LmFic2ludGVncmF0aW9ucy5jb20vYXBpL3YzIiwiaXNzIjoiNjEwMmI1MjFmNDAzZjQyZGRjZGU3YWU1In0.y5-vxJHlBtVf2Jr9sPO4I97L5hImkhyn1EtHeCoeIzqZwObpcVy9ZEMJoCGbXwnGdeZ6GpaiO8KD9xLqgUZcTg' \
--header 'Content-Type: application/json' \
--data-raw '{
"cancelledOn": "2021-08-03T10:10:00.000Z"
}'
Response
No body is returned in the response, only the HTTP status: 204: No Content
Type Objects
Registration Object
Name | Type | Required |
---|---|---|
product_id | string | yes |
invoiceNumber | string | yes |
enrollDate | ISO 8601 date string | yes |
customer | customer object | yes |
tires | array of tire objects | yes |
vehicle | vehicle object | no |
comments | string | no |
Customer Object
Name | Type | Required |
---|---|---|
name | string | yes |
phone | phone string | no |
email | email string | yes |
address | object | no |
Address Object
Name | Type | Required |
---|---|---|
line1 | string | yes |
line2 | string | no |
city | string | yes |
state | string | yes |
zip | string | yes |
Tire Object
Name | Type | Required |
---|---|---|
make | string | yes |
model | string | yes |
size | string | yes |
retailPrice | number | yes |
dot | string | no |
partNumber | string | no |
Vehicle Object
Name | Type | Required |
---|---|---|
year | 4-digit number | yes |
make | string | yes |
model | string | yes |
vin | string | no |
plateNumber | string | no |
plateState | string | no |
mileage | number | no |
Status Codes
Success
All API endpoints may return the following codes indicating a successful request.
Status | Name | Description |
---|---|---|
200 | OK | The request succeeded and content is returned. |
201 | Created | The request succeeded and a resource has been created. |
204 | No Content | The request succeeded and there is no content to return. |
Redirect
All API endpoints may return the following codes indicating a new endpoint is to be used for the request.
Status | Name | Description |
---|---|---|
301 | Moved Permanently | This endpoint has changed permanently - please use the new URL given for all future requests. |
302 | Found | This endpoint has changed temporarily - please use the new URL given for this request. |
Error
All API endpoints may throw the following errors. It is your responsibility to handle these errors appropriately, including retrying requests when needed until they succeed.
Status | Name | Description | Resolution |
---|---|---|---|
400 | Bad Request | The server could not understand the request. | Check all parameters and ensure the request is valid. |
401 | Unauthorized | The request is unauthenticated. | Ensure your JWT is valid. |
403 | Forbidden | The client does not have access rights to this content. | Ensure your Partner ID, endpoint, and method are correct. |
404 | Not Found | The resource was not found. | Ensure your Partner ID, endpoint, and method are correct. |
405 | Not Allowed | The request method is not allowed. | Ensure your method is correct. |
409 | Conflict | The request conflicts with the current state of the server. | Ensure your Partner ID, endpoint, and method are correct. Some resources cannot be modified. |
429 | Too Many Requests | The users has sent too many requests in the given amount of time (rate limiting). | Wait and retry your request. |
500 | Internal Server Error | The server has encountered an unexpected error. | Wait and retry your request. Contact engineering@abswarranty.net if the issue persists. |
502 | Bad Gateway | The server was unable to communicate with another service. | Wait and retry your request. Contact engineering@abswarranty.net if the issue persists. |
503 | Service Unavailable | The server is not ready to handle the request. | Wait and retry your request. Contact engineering@abswarranty.net if the issue persists. |
504 | Gateway Timeout | The server was not able to complete your request in time. | Wait and retry your request. Contact engineering@abswarranty.net if the issue persists. |