The DTLS API is a REST API for getting documents like invoices, delivery notes scanned or uploaded.

The products used on the documents like delivery note are also can listed by the API.

To access the API, you will need a way to authenticate. The simplest way to do this is with an API key.

To get an API key to the sandbox server, contact us at hello@bauapp.com.

The sandbox server is a test environment where you can freely experiment with the API. It's available at https://dtlsscan.mobilengine.com/. Do not store live data on the sandbox server. The sandbox server is meant to be used while developing an API client. Data on the sandbox server is removed periodically, without notice.

After acquiring an API key, download the swagger.json file containing the API specification with the Download button at te top of this document.

You can open the swagger.json file with a number of REST client tools, like Postman or Insomnia.

You'll need to set up the base URL of the service to https://dtlsscan.mobilengine.com/ and set the authorization header to look like this:

Authorization: Bearer $ApiKey

Replace $ApiKey with your API key.

You should be able to make API requests now.

The API is only accessible through HTTPS.

Access to the API is only allowed when the request contains an API key or a client certificate.

Requests without valid authentication will result in a HTTP 401: Unauthorized or a HTTP 403: Forbbidden response code. These can happen if your API key/client certificate is not known, or you don't have the rights to a resource (it belongs to another company).

There are no fine-grained access rights, a valid API key/client certificate allows clients to perform all operations through the API.

The IP addresses from where API access is allowed can be restricted, contact us for details.

API Key Authentication

The API key must be sent in the HTTP Authorization header, with the Bearer authentication scheme:

Authorization: Bearer MyApiKey123

On the live instance (https://api.bauapp.com), administering API keys is done through your company's BauApp web interface.

Api keys for the sandbox server can be requested at hello@bauapp.com.

Client Certificate Authentication

TLS client certificates can be used as an alternative to the API key authentication mechanism.

The client certificate must be a valid certificate issued by a certificate authority. The certificate must include the Client Authentication (1.3.6.1.5.5.7.3.2) OID in the Extended key usage field.

You'll need to send us the thumbprint (aka. fingerprint) of your certificate, so that we can associate it with your company.

AI Scan documents and products retrival

1. Get delivery note or other document data from certain timeframe
2. Get delivery note or other document changes from certain timeframe
3. Get document product data from certain timeframe
4. Get document product changes data from certain timeframe
5. Getting document pdf

Message format

The API consumes and produces JSON messages, with the exception of the QR code endpoint, which returns an image.

The encoding of the JSON messages must be UTF-8.

Date fields are formatted like 2020-12-31 according to OpenAPI specs. Datetime values are formatted like 2020-12-31T23:59:59Z for UTC datetimes, and 2020-12-31T23:59:59+02:00 for datetimes with an offset.

See http://spec.openapis.org/oas/v3.0.3#data-types for the specification details.

Paging

Some endpoints can potentially return a large number of objects, for example the /products endpoint.

These endpoints only return a page of objects at once. To receive the next page, call the same endpoint with a from parameter. The from parameter should contain the last identifier received in the previous endpoint request. The response for this reques will contain objects starting with (but not including) the object identified in the from parameter.

To read all objects, proceed to do this in a loop until you get an empty response.

The from field must contain the id of an existing object, otherwise a HTTP 404 error occurs.

Example: Reading all products

1. Make a GET request to /products, let's say you receive this page (product details are omitted for the example):

   [ { id: 'p34' }, { id: 'p67' }, { id: 'p23' } ]

2. Make a GET request with the last ID to /products?from=p23, receive this page:

   [ { id: 'p11' }, { id: 'p76' } ]

Note that the product with ID p23 is not included in this page.

3. Make a GET request with the last ID to /products?from=p76, receive this page:

   []

4. Since the response is an empty list you're done querying all products

String length restrictions

String length restrictions specified on fields are to be interpreted as the number of bytes in the UTF-8 encoded string, not as unicode character count.

So the length specified only applies if you don't use any multibyte characters.

HTTP version requirements

The API requires the use of HTTP/1.1, HTTP/2 and newer protocols are not supported.

If a request doesn't use HTTP/1.1, a HTTP 426 error code will be returned.

It's possible to configure the DTLS API server to send an HTTP request to your servers when a document is received, modified or deleted.

When the document is recevied, these two requests are sent:

• a POST request to {your-url}?content=document, with the body containing the delivery note JSON

The {your-url} placeholder can be configured to anything you like. Documents notifications can be filtered by document type, project or supplier. Notifications can be sent for created, updated and deleted documents, but not necessary all.

Authorization can be performed with any HTTP Authorization header or with a TLS client certificate.

If you'd like to use this feature, contact us.

Data retention

The production server keeps products and delivery notes indefinitely. This may change in future implementations of the API.

The data on the sandbox server is removed on a regular basis, without prior notice.

Rate limiting

Rate limiting is based on the provided API key. If too many requests are sent in a period of time the server responds with HTTP 429 messages.

Explicit rate limit values are to be determined later.

Rate limits on the sandbox server may be stricter than on the production server.

If you exceed the rate limit, a HTTP 429: Too many requests result is returned.

Request size

The request body size of create (POST) operations is limited. Currently all requests sizes are limited to 256KiB.

If you send a larger request, you'll receive a HTTP 413: Payload too large response.

The OpenAPI specification (the swagger.json file) can be used to generate API client code for many different programming languages.

To download the swagger.json for the API using the download button at the top of this document.

For information about how to generate clients from the specification see the OpenAPI Generator Homepage.