REST API

This API allows our partners to programatically interface with services offered by Automotive Business Solutions.

Design

Our API conforms to the design principles of the representational state transfer (REST) architectural style. API endpoints are generally structured as follows:

METHOD https://BASE_URL/CATEGORY/RESOURCE/ID

info

• Not all methods are available for each resource
• Not all resources are available for each category

METHOD is one of the following:

Method	Description
POST	Create a resource
GET	Read a resource; list multiple resources
PATCH	Update part of a resource

BASE_URL corresponds with an environment, documented below.

CATEGORY is one of

• Tire Protection
• Motor Club

RESOURCE is one of

• registrations
• claims

ID refers to a specific instance of a resource.

Environments

info

• While not required, we recommend using a different asymmetric key pair per environment

Name	Base URL	Purpose
Sandbox – UAT	https://sandbox.absintegrations.com/api/v3	Testing
Production – PRD	https://absintegrations.com/api/v3	Production

Authentication

Before you begin making API calls, you must generate a public/private key pair and share your public key with us. We will provide you with a Partner ID and one or more Product IDs.

Your application must authenticate all API requests with a JWT which contains your Partner ID and has been signed with your private key, passed as a Bearer token in the HTTP Authorization header.

tip

To learn how to generate a signed JWT see Getting Started.

The JWT must contain the following headers:

Header	Allowed Value(s)
typ	JWT
alg	ES256 ES384 ES512

For example:

{
  "alg": "ES256",
  "typ": "JWT"
}

info

The token must be signed with the Elliptic Curve Digital Signature Algorithm (ECDSA) [FIPS PUB 186-5]. We support the following curves:

Algorithm	Name	Curve
ES256	secp256r1	ECSDA P-256
ES384	secp384r1	ECDSA P-384
ES512	secp521r1	ECDSA P-521

See getting started for further details on how to generate your private and public key.

Send your public key to engineering@abswarranty.net.

warning

Keep your private key secure - do not send it over an insecure channel or share it with anyone, including ABS.

info

Your key pair never expires - if you decide to change your key pair, send your updated public key to engineering@abswarranty.net.

The JWT must contain the following claims:

Claim	Name	Description
iat	issued at	Unix timestamp when the token was created, within the last 2 hours
iss	issuer	Your Partner ID (provided by ABS)
aud	audience	The environment Base URL
exp	expiration time	Unix timestamp not greater than 2 hours in the future.

For example:

{
  "iat": 1627618568,
  "iss": "6102b521f403f42ddcde7ae5",
  "aud": "https://sandbox.absintegrations.com/api/v3",
  "exp": 1627625768
}

To be valid, the JWT must:

• Contain typ and alg headers
  • typ must be JWT
  • alg must be ES256, ES384 or ES512
• Contain iat, iss, aud, and exp claims
  • iat must be within the last 2 hours
  • iss must be your Partner ID
  • exp must not be greater than 2 hours in the future
  • aud must be an environment Base URL

If a claim is missing, does not pass validation, contains incorrect values, or if the token cannot be verified, the API will return 401: Unauthorized.

{
  "error": "unauthorized",
  "statusCode": 401
}

tip

We recommend generating a new signed JWT for every request made to our API.

Request Payload

Our API only accepts JSON requests. When making a request, set the Content-Type header to application/json. The maximum payload size is 3 MB.