Guides
API Reference

Getting Started with Mlytics

This page will help you get started with mlytics. You'll be up and running in a jiffy!

Suggest Edits

The Mlytics API allows you to programmatically access services created in Mlytics account with ease.

Overview

  1. You need a valid API Key to send requests to the endpoints.

  2. The API has an access rate limit and permission applied to it.

  3. The Mlytics API will only respond to secured communication done over HTTPS. HTTP requests will be sent a 301 redirect to corresponding HTTPS resources.

  4. Response to every request is sent in JSON format. In case the API request results in an error, it is represented by an "meta": {"code": 224xx,"status": "fail","message": "xxx"} key in the JSON response.

  5. The request method (verb) determines the nature of action you intend to perform. A request made using the GET method implies that you want to fetch something from Mlytics, and POST implies you want to create something new to Mlytics.

  6. The API calls will respond with appropriate HTTP status codes for all requests. Within Mlytics Client, when a response is received, the status code is highlighted and is accompanied by a help text that indicates the possible meaning of the response code. A 200 OK indicates all went well, while 4XX or 5XX response codes indicate an error from the requesting client or our API servers respectively.

Authentication

An API Key is required to be sent as part of every request to the Mlytics API, in the form of an apikey request header.

An API Key tells our API server that the request it received came from you.
Everything that you have access to in Mlytics is accessible with an API Key.

Every API requires a permission. What an API Key has permissions exactly depends on what its owner, an account, has permissions. The permission about API could be divided into action and resource.

Currently, there is only a kind of resource, called Site API. Also, there are only four kinds of actions: explore (lowest), invoke (middle), control (advanced) and govern (highest). If a HTTP client calling an API is permitted with its API Key, then it can always call other APIs that require lower permissions.
For example, a HTTP client calling an API that requires action control and resource Site API is permitted; therefore, that client calling an API that requires action explore and resource Site API is permitted, too.

API Key related error response

Invalid API Key

If an API Key is missing, malformed, or invalid, you will receive a 403 Forbidden response code and the following JSON response:

{
    "message": "You cannot consume this service"
}

API Key Not Authorized to Operate

If an API Key is not granted the permission to the operation, you will receive a 403 Forbidden response code and the following JSON response:

{
"meta": {
    "code": 22403,
    "status": "fail",
    "message": "Permission Denied"
},
"data": null
}

Using the API Key as a query parameter

Every request that accepts API Key as apikey request header, also accepts the key when sent as apikey URL query parameter.

API key sent as part of the header has a higher priority in case you send the key using both request header and query parameter.

Rate Limits

API access rate limits are applied at a per-key basis in unit time. In addition, every API response is accompanied by the following set of headers to identify the status of your consumption.

HeaderDescription
ratelimit-limitThe maximum number of requests that the consumer is permitted to make per minute.
ratelimit-remainingThe number of requests remaining in the current rate limit window.
ratelimit-resetThe time at which the current rate limit window resets in UTC epoch seconds.

Once you hit the rate limit, you will receive a response similar to the following JSON, with a status code of 429 Too Many Requests.

{
  "message": "API rate limit exceeded"
}

Updated 4 months ago