DigiFi's API is organized around REST and uses built-in HTTP features, standard response codes, authentication and verbs, allowing for quick implementation with standard HTTP packages used in all languages. The API accepts requests with a JSON body and returns JSON responses.
Your organization's API credentials can be viewed and managed by navigating to Company Settings > Developers > DigiFi API Keys within DigiFi's platform.
To authenticate a request, you must include your
api-key in the request header for all requests (
Identifier specific to your organization
DigiFi's API uses conventional HTTP response codes to indicate the success or failure of an API request. In general, codes in the 200 range indicate success, codes in the 400 range indicate an error with the request and codes in the 500 range indicate an error with the server.
The request processed successfully
The request was incorrectly formed
The authentication credentials were incorrect
Resource not found
The requested resource cannot be found
Internal server error
There was an error on the server
The DigiFi API prioritizes stability and has safeguards to help ensure that extremely rapid bursts of incoming API requests do not prevent normal API requests from processing.
DigiFi's API supports a maximum of 100 requests per second for each DigiFi customer. If you exceed this rate limit, you'll begin receiving error responses with status code 429. Please treat this limit as a maximum and take care to not generate unnecessary load. If you need a higher rate limit for business reasons, please contact us.
We may reduce these rate limits to prevent abuse or, if your volume is consistently at extremely high levels, we may request that you migrate to a private server that we can optimize for your specific workload.
Rate limits ensure uptime and maximize stability.
DigiFi's rate limits are set high enough that normal workflows should rarely exceed these limits. However, rate limits can be exceeded under occur under a variety of conditions that you should consider:
- Running migration or batch-testing operations that require many closely-spaced requests. In these cases, you should try to control the request rate on the client side using queuing or similar methods.
- Accidentally encoding API-based loops that execute constantly and indefinitely. In these cases, you should debug the logical issue on your side.
- Keeping many long-lived requests open can increase the likelihood of rate limiting. Resource-intensive API requests take longer to run and increase the risk that new requests will be rejected. We suggest profiling your DigiFi API requests and watching for lengthy requests to help identify these potential issues.
A common technique for handling rate limits is to build in a retry mechanism for 429 status codes. This mechanism should follow an exponential back-off schedule to reduce request volume.
DigiFi's API supports idempotency, which lets you safely retry API requests without accidentally performing the same operation twice. This can be used to strengthen your integration with DigiFi and reduce the risk that can occur when an API request (from you to DigiFi) was successful but the response was disrupted in transit and therefore did not arrive.
If you make a POST request to the Create Application API and this is performed successfully but the API response fails to deliver, you don't want to retry your request and have it accidentally create the same application again.
To ensure idempotency when making requests to DigiFi, you need to provide an additional
idempotency-key element in the header. This key should be generated by you and must be unique. The method you use for creating this key is up to you, however we suggest UUIDs or other types of random strings with enough length to avoid collisions.
DigiFi's idempotency works by saving the resulting status code and the body of the first request made for any given idempotency key, regardless of whether it succeeded or failed. Subsequent requests with the same key return the same result.
Keys are deleted by DigiFi after 6 hours and a new request is generated if a key is reused after the prior key was deleted.
The POST requests in DigiFi's API accept idempotency keys (PUT, GET and DELETE requests are idempotent by definition).