openapi: 3.0.3 info: version: 10.24.29 title: Proxy API description: |+ Welcome to the Proxy API. You can use this API to access all Proxy API endpoints. ## Base URL The base URL for all API requests is `https://unify.apideck.com` ## Headers Custom headers that are expected as part of the request. Note that [RFC7230](https://tools.ietf.org/html/rfc7230) states header names are case insensitive. | Name | Type | Required | Description | | ---------------------------------- | ------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Authorization | String | Yes | Bearer KEY | | x-apideck-app-id | String | Yes | The application id of your Unify application. Available at https://app.apideck.com/unify/api-keys. | | x-apideck-consumer-id | String | Yes | The id of the customer stored inside Apideck Vault. This can be a user id, account id, device id or whatever entity that can have integration within your app. | | x-apideck-downstream-url | String | Yes | Downstream URL to forward the request too | | x-apideck-downstream-authorization | String | No | Downstream authorization header. This will skip the Vault token injection. | | x-apideck-downstream-method | String | No | Downstream method. If not provided the upstream method will be inherited, depending on the verb/method of the request this will contain the request body you want to POST/PATCH/PUT. | | x-apideck-service-id | String | No | Describe the service you want to call (e.g., pipedrive). Only needed when a customer has activated multiple integrations for the same Unified API. | | x-apideck-timeout | Integer | No | Override the default downstream request timeout in milliseconds. Default is 28000 (28 seconds). | ## Authorization You can interact with the API through the authorization methods below. ### API Key To access our API, you need to sign up and obtain your unique API key. Each Unify application is assigned a single API key. You can locate your API key in the Configuration Settings section of your Apideck application. Additionally, your application’s application_id is available on the same page. Authenticate your API requests by including your test or live secret API key in the request header. - Bearer header: Authorization: Bearer "YOUR_API_KEY_HERE" - Application id header: x-apideck-app-id: "YOUR_APP_ID_HERE" You should use the public keys on the SDKs and the secret keys to authenticate API requests. **Do not share or include your secret API keys on client side code.** Your API keys carry significant privileges. Please ensure to keep them 100% secure and be sure to not share your secret API keys in areas that are publicly accessible like GitHub. Learn how to set the Authorization header inside Postman https://learning.postman.com/docs/postman/sending-api-requests/authorization/#api-key Go to Unify to grab your API KEY https://app.apideck.com/unify/api-keys | Security Scheme Type | HTTP | | ------------------------- | ------ | | HTTP Authorization Scheme | bearer | ### applicationId The ID of your Unify application | Security Scheme Type | API Key | | --------------------- | ---------------- | | Header parameter name | x-apideck-app-id | ## Static IP Some of the APIs you want to use can require a static IP. Apideck's static IP feature allows you to use Apideck with a fixed IP avoiding the need for you to set up your own infrastructure. This feature is currently available to all Apideck customers. To use this feature, the API Vendor will need to whitelist the associated static IP addresses. The provided static IP addresses are fixed to their specified region and shared by all customers who use this feature. - EU Central 1: **18.197.244.247**, **18.156.9.3**, **3.65.139.215** - Other: upcoming More info about our data security can be found at [https://compliance.apideck.com/](https://compliance.apideck.com/) ## Limitations ### Timeout The default downstream request timeout is 28 seconds. You can override this per request by passing the `x-apideck-timeout` header with a value in milliseconds. ### Response Size The Proxy API has no response size limit. For responses larger than 2MB, the Proxy API will redirect to a temporary URL. In this case the usual Apideck response headers will be returned in the redirect response. Most HTTP clients will handle this redirect automatically. ``` GET /proxy < 301 Moved Permanently < x-apideck-request-id: {{requestId}} < Location: {{temporaryUrl}} GET {{temporaryUrl}} < {{responseBody}} ``` ## Errors The API returns standard HTTP response codes to indicate success or failure of the API requests. For errors, we also return a customized error message inside the JSON response. You can see the returned HTTP status codes below. | Code | Title | Description | | ---- | -------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | 200 | OK | The request message has been successfully processed, and it has produced a response. The response message varies, depending on the request method and the requested data. | | 201 | Created | The request has been fulfilled and has resulted in one or more new resources being created. | | 204 | No Content | The server has successfully fulfilled the request and that there is no additional content to send in the response payload body. | | 400 | Bad Request | The receiving server cannot understand the request because of malformed syntax. Do not repeat the request without first modifying it; check the request for errors, fix them and then retry the request. | | 401 | Unauthorized | The request has not been applied because it lacks valid authentication credentials for the target resource. | | 402 | Payment Required | Subscription data is incomplete or out of date. You'll need to provide payment details to continue. | | 403 | Forbidden | You do not have the appropriate user rights to access the request. Do not repeat the request. | | 404 | Not Found | The origin server did not find a current representation for the target resource or is not willing to disclose that one exists. | | 409 | Conflict | The request could not be completed due to a conflict with the current state of the target resource. | | 422 | Unprocessable Entity | The server understands the content type of the request entity, and the syntax of the request entity is correct but was unable to process the contained instructions. | | 429 | Too Many Requests | You sent too many requests in a given amount of time ("rate limit"). Try again later. | | 5xx | Server Errors | Something went wrong with the Unify API. These errors are logged on our side. You can contact our team to resolve the issue. | ### Handling errors The Unify API and SDKs can produce errors for many reasons, such as a failed requests due to misconfigured integrations, invalid parameters, authentication errors, and network unavailability. ### Error Types #### RequestValidationError Request is not valid for the current endpoint. The response body will include details on the validation error. Check the spelling and types of your attributes, and ensure you are not passing data that is outside of the specification. #### UnsupportedFiltersError Filters in the request are valid, but not supported by the connector. Remove the unsupported filter(s) to get a successful response. #### InvalidCursorError Pagination cursor in the request is not valid for the current connector. Make sure to use a cursor returned from the API, for the same connector. #### ConnectorExecutionError A Unified API request made via one of our downstream connectors returned an unexpected error. The `status_code` returned is proxied through to error response along with their original response via the error detail. #### UnauthorizedError We were unable to authorize the request as made. This can happen for a number of reasons, from missing header params to passing an incorrect authorization token. Verify your Api Key is being set correctly in the authorization header. ie: `Authorization: 'Bearer '` #### ConnectorCredentialsError A request using a given connector has not been authorized. Ensure the connector you are trying to use has been configured correctly and been authorized for use. #### ConnectorDisabledError A request has been made to a connector that has since been disabled. This may be temporary - You can contact our team to resolve the issue. #### RequestLimitError You have reached the number of requests included in your Free Tier Subscription. You will not be able to make further requests until you upgrade your subscription. Please reach out to sales@apideck.com to continue making requests. #### EntityNotFoundError You've made a request for a resource or route that does not exist. Verify your path parameters or any identifiers used to fetch this resource. #### OAuthCredentialsNotFoundError When adding a connector integration that implements OAuth, both a `client_id` and `client_secret` must be provided before any authorizations can be performed. Verify the integration has been configured properly before continuing. #### IntegrationNotFoundError The requested connector integration could not be found associated to your `application_id`. Verify your `application_id` is correct, and that this connector has been added and configured for your application. #### ConnectionNotFoundError A valid connection could not be found associated to your `application_id`. Something _may_ have interrupted the authorization flow. You may need to start the connector authorization process again. #### ConnectorNotFoundError A request was made for an unknown connector. Verify your `service_id` is spelled correctly, and that this connector is enabled for your provided `unified_api`. #### OAuthRedirectUriError A request was made either in a connector authorization flow, or attempting to revoke connector access without a valid `redirect_uri`. This is the url the user should be returned to on completion of process. #### OAuthInvalidStateError The state param is required and is used to ensure the outgoing authorization state has not been altered before the user is redirected back. It also contains required params needed to identify the connector being used. If this has been altered, the authorization will not succeed. #### OAuthCodeExchangeError When attempting to exchange the authorization code for an `access_token` during an OAuth flow, an error occurred. This may be temporary. You can reattempt authorization or contact our team to resolve the issue. #### OAuthConnectorError It seems something went wrong on the connector side. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. #### MappingError There was an error attempting to retrieve the mapping for a given attribute. We've been notified and are working to fix this issue. #### ConnectorMappingNotFoundError It seems the implementation for this connector is incomplete. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. #### ConnectorResponseMappingNotFoundError We were unable to retrieve the response mapping for this connector. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. #### ConnectorOperationMappingNotFoundError Connector mapping has not been implemented for the requested operation. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. #### ConnectorWorkflowMappingError The composite api calls required for this operation have not been mapped entirely. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. #### PaginationNotSupportedError Pagination is not yet supported for this connector, try removing limit and/or cursor from the query. It's possible this connector is in `beta` or still under development. We've been notified and are working to fix this issue. ## API Design ### API Styles and data formats #### REST API The API is organized around [REST](https://restfulapi.net/), providing simple and predictable URIs to access and modify objects. Requests support standard HTTP methods like GET, PUT, POST, and DELETE and standard status codes. JSON is returned by all API responses, including errors. In all API requests, you must set the content-type HTTP header to application/json. All API requests must be made over HTTPS. Calls made over HTTP will fail. ### Request IDs Each API request has an associated request identifier. You can find this value in the response headers, under Request-Id. You can also find request identifiers in the URLs of individual request logs in your Dashboard. If you need to contact us about a specific request, providing the request identifier will ensure the fastest possible resolution. ## Connection settings You can use curly braces {} to interpolate values from your connection settings directly in the `x-apideck-downstream-url`. This is useful for APIs like Microsoft Dynamics that use tenant-specific base URLs. Example: If your connection includes a setting like: ```json "organisation_url": "https://your-instance.crm.dynamics.com" ``` You can set your header as: ```http x-apideck-downstream-url: {organisation_url}/api/data/v8.2/accounts?$select=name ``` Apideck will substitute `{organisation_url}` with the actual value from the connection. Use the [Vault API](https://developers.apideck.com/apis/vault/reference#tag/Connections/operation/connectionsOne) to see which settings are available. ## Support If you have problems or need help with your case, you can always reach out to our Support. contact: email: hello@apideck.com url: https://developers.apideck.com x-logo: url: https://developers.apideck.com/icon.png x-apideck-api: proxy license: name: Apache 2.0 url: http://www.apache.org/licenses/LICENSE-2.0.html externalDocs: description: Apideck Developer Docs url: https://developers.apideck.com servers: - url: https://unify.apideck.com description: Production server tags: - name: Execute description: Execute enables pass-through requests to downstream APIs with automatic authentication injection from Vault credentials. components: parameters: id: in: path name: id schema: type: string required: true description: ID of the record you are acting upon. x-apideck-app-id: name: x-apideck-app-id in: header required: true description: The ID of your Unify application schema: type: string minLength: 1 example: dSBdXd2H6Mqwfg0atXHXYcysLJE9qyn1VwBtXHX x-speakeasy-name-override: appId x-apideck-consumer-id: name: x-apideck-consumer-id in: header required: true description: ID of the consumer which you want to get or push data from schema: type: string example: test-consumer x-speakeasy-name-override: consumerId x-apideck-service-id: name: x-apideck-service-id in: header required: true description: Provide the service id you want to call (e.g., pipedrive). Only needed when a consumer has activated multiple integrations for a Unified API. example: close schema: type: string x-speakeasy-name-override: serviceId x-apideck-unified-api: name: x-apideck-unified-api in: header required: false description: Specify which unified API to use for the connection lookup. Required for multi-API connectors (e.g., Workday) to ensure the correct credentials are used. example: hris schema: type: string x-speakeasy-name-override: unifiedApi x-apideck-downstream-url: name: x-apideck-downstream-url in: header description: Downstream URL example: https://api.close.com/api/v1/lead required: true schema: type: string x-speakeasy-name-override: downstreamUrl x-apideck-downstream-method: name: x-apideck-downstream-method in: header description: Downstream method. If not provided the upstream method will be inherited, example: GET required: false schema: type: string x-apideck-downstream-authorization: name: x-apideck-downstream-authorization in: header description: Downstream authorization header. This will skip the Vault token injection. example: Bearer required: false schema: type: string x-speakeasy-name-override: downstreamAuthorization x-apideck-timeout: name: x-apideck-timeout in: header description: Override the default downstream request timeout in milliseconds. The default is 28000 (28 seconds). example: 30000 required: false schema: type: integer default: 28000 x-speakeasy-name-override: timeout raw: name: raw in: query description: Include raw response. Mostly used for debugging purposes schema: type: boolean default: false responses: Unauthorized: description: Unauthorized content: application/json: schema: type: object x-apideck-schema-id: Unauthorized properties: status_code: type: number description: HTTP status code example: 401 error: type: string description: Contains an explanation of the status_code as defined in HTTP/1.1 standard (RFC 7231) example: Unauthorized type_name: type: string description: The type of error returned example: UnauthorizedError message: type: string description: A human-readable message providing more details about the error. example: Unauthorized Request x-speakeasy-error-message: true detail: anyOf: - type: string example: Missing authentication - type: object x-speakeasy-detail: true properties: type: type: string description: Error type identifier example: refresh_token_connector_error message: type: string description: Detailed error message example: Token refresh failed debug: type: object description: Debug information including request/response details and OAuth timing metadata properties: request: type: object description: HTTP request details response: type: object description: HTTP response details message: type: string description: Error message from downstream provider or network layer code: type: string description: Error code (e.g., ETIMEDOUT, ECONNREFUSED) credentials_expire_at_ms: type: number description: Unix timestamp (milliseconds) when credentials will be deleted if not refreshed. Only present for non-recoverable errors (401, 400). Credentials are preserved indefinitely for recoverable/network errors. example: 1620172800000 retry_after_ms: type: number description: Unix timestamp (milliseconds) when token refresh retry is allowed after cooldown period expires. example: 1620000030000 cooldown_remaining_ms: type: number description: Milliseconds remaining in cooldown period before retry is allowed. example: 30000 example: type: refresh_token_connector_error message: Token refresh failed with 401 error debug: response: statusCode: 401 data: error: invalid_grant credentials_expire_at_ms: 1620172800000 retry_after_ms: 1620000030000 cooldown_remaining_ms: 30000 description: Contains parameter or domain specific information related to the error and why it occurred. ref: type: string description: Link to documentation of error type example: https://developers.apideck.com/errors#unauthorizederror ProxyError: description: Proxy error headers: x-apideck-downstream-error: schema: type: boolean description: Indicates if the error returned in the body is from the downstream content: application/json: schema: x-speakeasy-name-override: errorJson type: object additionalProperties: true application/xml: schema: x-speakeasy-name-override: errorXml type: string text/plain: schema: x-speakeasy-name-override: errorText type: string text/html: schema: x-speakeasy-name-override: errorHtml type: string Ok: description: Ok content: application/json: schema: x-speakeasy-name-override: responseJson type: object additionalProperties: true application/xml: schema: x-speakeasy-name-override: responseXml type: string text/plain: schema: x-speakeasy-name-override: responseText type: string text/csv: schema: x-speakeasy-name-override: responseCsv type: string application/pdf: schema: x-speakeasy-name-override: responsePdf type: string format: binary application/octet-stream: schema: x-speakeasy-name-override: responseBinary type: string format: binary securitySchemes: apiKey: type: apiKey in: header name: Authorization description: | To access our API, you need to sign up and obtain your unique API key. Each Unify application is assigned a single API key. You can locate your API key in the Configuration Settings section of your Apideck application. Additionally, your application’s application_id is available on the same page. Authenticate your API requests by including your test or live secret API key in the request header. - Bearer authorization header: `Authorization: Bearer "YOUR_API_KEY_HERE"` - Application id header: `x-apideck-app-id: "YOUR_APP_ID_HERE"` You should use the public keys on the SDKs and the secret keys to authenticate API requests. **Do not share or include your secret API keys on client side code.** Your API keys carry significant privileges. Please ensure to keep them 100% secure and be sure to not share your secret API keys in areas that are publicly accessible like GitHub. Learn how to set the Authorization header inside Postman https://learning.postman.com/docs/postman/sending-api-requests/authorization/#api-key Go to Unify to grab your API KEY https://app.apideck.com/unify/api-keys applicationId: type: apiKey in: header name: x-apideck-app-id description: The ID of your Unify application security: - apiKey: [] applicationId: [] paths: /proxy: get: summary: GET operationId: getProxy x-apideck-api: proxy description: | Proxies a downstream GET request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError' options: summary: OPTIONS operationId: optionsProxy x-apideck-api: proxy description: | Proxies a downstream OPTION request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError' post: summary: POST operationId: postProxy x-apideck-api: proxy description: | Proxies a downstream POST request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] requestBody: description: Depending on the verb/method of the request this will contain the request body you want to POST/PATCH/PUT. required: false content: '*/*': schema: anyOf: - type: object properties: {} example: name: Bluth Company url: http://thebluthcompany.tumblr.com/ description: Best. Show. Ever. contacts: - name: Gob title: Sr. Vice President emails: - type: office email: gob@example.com phones: - type: office phone: '8004445555' addresses: - label: business address_1: 747 Howard St address_2: Room 3 city: San Francisco state: CA zipcode: '94103' country: US - type: string - type: array items: type: object properties: {} example: $ref: '#/paths/~1proxy/post/requestBody/content/*~1*/schema/anyOf/0/example' responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError' put: summary: PUT operationId: putProxy x-apideck-api: proxy description: | Proxies a downstream PUT request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] requestBody: description: Depending on the verb/method of the request this will contain the request body you want to POST/PATCH/PUT. required: false content: '*/*': schema: anyOf: - type: object properties: {} example: name: Rich Company url: http://therichcompany.tumblr.com/ description: Best. Show. Ever. contacts: - name: Gob title: Sr. Vice President emails: - type: office email: gob@example.com phones: - type: office phone: '8004445555' addresses: - label: business address_1: 747 Howard St address_2: Room 3 city: San Francisco state: CA zipcode: '94103' country: US - type: string - type: array items: type: object properties: {} example: $ref: '#/paths/~1proxy/put/requestBody/content/*~1*/schema/anyOf/0/example' responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError' patch: summary: PATCH operationId: patchProxy x-apideck-api: proxy description: | Proxies a downstream PATCH request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] requestBody: description: Depending on the verb/method of the request this will contain the request body you want to POST/PATCH/PUT. required: false content: '*/*': schema: anyOf: - type: object properties: {} example: name: Bluth Company url: http://thebluthcompany.tumblr.com/ description: Best. Show. Ever. contacts: - name: Gob title: Sr. Vice President emails: - type: office email: gob@example.com phones: - type: office phone: '8004445555' addresses: - label: business address_1: 747 Howard St address_2: Room 3 city: San Francisco state: CA zipcode: '94103' country: US - type: string - type: array items: type: object properties: {} example: $ref: '#/paths/~1proxy/patch/requestBody/content/*~1*/schema/anyOf/0/example' responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError' delete: summary: DELETE operationId: deleteProxy x-apideck-api: proxy description: | Proxies a downstream DELETE request to a service and injects the necessary credentials into a request stored in Vault. This allows you to have an additional security layer and logging without needing to rely on Unify for normalization. **Note**: Vault will proxy all data to the downstream URL and method/verb in the headers. tags: - Execute parameters: - $ref: '#/components/parameters/x-apideck-consumer-id' - $ref: '#/components/parameters/x-apideck-app-id' - $ref: '#/components/parameters/x-apideck-service-id' - $ref: '#/components/parameters/x-apideck-unified-api' - $ref: '#/components/parameters/x-apideck-downstream-url' - $ref: '#/components/parameters/x-apideck-downstream-authorization' - $ref: '#/components/parameters/x-apideck-timeout' security: - apiKey: [] responses: '200': $ref: '#/components/responses/Ok' '401': $ref: '#/components/responses/Unauthorized' default: $ref: '#/components/responses/ProxyError'