IntegrityNext | REST-APIs
The IntegrityNext platform provides REST-API access to customers (with ‘Enterprise’ license). These APIs apply specifically to customers which have their own processes and tools in place and want to integrate the IntegrityNext platform into their system landscape. With purchase of the ‘Enterprise’ license customers receive an authentication token. With this customers are able to activate the APIs as a self-service.
IntegrityNext provides two integrations:
- GET Supplier Compliance Data
- POST Create and Invite New Suppliers
Definitions
| Property | Description |
|---|---|
| id | Supplier ID defined by the customer |
| name | Supplier name |
| Email of supplier contact to complete self-assessment | |
| invitationStatus | Status of the supplier registration |
| invitationTopics | Optional array of compliance topics the invited supplier has to answer |
| duns | DUNS - Data Universal Numbering System by Dun & Bradstreet (D&B) |
| street | Supplier street |
| postalCode | Supplier postal code |
| city | Supplier city |
| countryCode | Supplier country (ISO-2 code) |
| publicProfileUrl | Link to public supplier compliance profile (results per topic on a high level) |
| detailedProfileUrl | Link to detailed supplier compliance profile (incl. answers and certificates) |
| socialMediaUrl | Link to social media profile of supplier (findings, messages, live stream) |
| assesment | Self-assessment result |
| socialMediaMonitoring | Social-Media-Monitoring (with critical messages count) |
| abac | Anti-Bribery & Anti-Corruption |
| epro | Environmental Protection |
| hrla | Human Rights & Labor |
| hesa | Health & Safety |
| scre | Supply Chain Responsibility |
| cbin | Extended Company Information |
| fida | Financial Information |
| coin | Conflict Of Interest |
| ecsa | Management & Owners |
| trps | Trading Partner Security |
| qman | Quality Management |
| enma | Energy Management |
| isec | Cyber Security |
| gdpr | Data Protection (GDPR) |
| cmin | Conflict Minerals |
Endpoint
https://api.integritynext.com| Method | Path | Description |
|---|---|---|
| GET | /suppliers | Retrieve list of your suppliers with compliance data |
| POST | /suppliers | Create/invite new suppliers to your company |
Authentication
Currently only Basic Auth with Bearer token is supported. Simply add an Authorization header with your provided token to the HTTP request, e.g.
$ curl https://api.integritynext.com/suppliers -H "Authorization: Bearer "
Note: $ is the command line prompt, curl is https://curl.haxx.se/
GET /suppliers
- success: 200/OK
-
success response: Array of Objects
[ { "id": String "name": String "email": String "invitationStatus": String ("registered"|"pending") "duns": String "publicProfileUrl": URL "detailedProfileUrl": URL "socialMediaUrl": URL "address": { "street": String "postalCode": String "city": "String "countryCode": String (ISO-2 code) }, "assessment": { "total": String ("grey"|"green"|"yellow"|"red") "abac": String "epro": String "hrla": String "hesa": String "scre": String "cbin": String "fida": String "coin": String "ecsa": String "trps": String "qman": String "enma": String "isec": String "gdpr": String "cmin": String }, "socialMediaMonitoring": { "isCritical": Bool, "total": Number, "abac": Number "epro": Number "hrla": Number "hesa": Number "scre": Number "cbin": Number "fida": Number "coin": Number "ecsa": Number "trps": Number "qman": Number "enma": Number "isec": Number "gdpr": Number "cmin": Number } } ] - error response: see section “Error Handling”
POST /suppliers
- Header “Content-Type” must be set to “application/json”
-
Body: List of suppliers
[ { "id": String (required) "duns": String (optional) "name": String (required) "email": String (required, valid email) "address": { "street": String "postalCode": String "city": "String "countryCode": String (ISO-2 code) }, "invitationTopics": ["qman", "cmin"] } ] -
Validation
- id, name and email are required
- email must be a valid Email address
-
invitationTopics is optional
Supports the following parameters:
abac, epro, hrla, hesa, scre, cbin, fida, coin, ecsa, trps, qman, enma, isec, gdpr, cmin
See also Definitions for topic parameters.
- success: 200/OK
- success response: empty
-
validation error
- HTTP status 422/UNPROCESSABLE_ENTITY
- error response contains details with specific validation errors (see below)
Error Handling
In case of an error, the Enterprise API will always return an appropriate HTTP status code along with a JSON error response.
Possible error codes
| Status | Description | |
|---|---|---|
| 400 | BAD_REQUEST | Invalid Request data. See error response message and details |
| 401 | UNAUTHORIZED | Wrong/invalid or missing credentials. See section "Authentication" |
| 404 | NOT_FOUND | Resource not found. Most probably you requested the wrong URL |
| 405 | METHOD_NOT_ALLOWED | When trying to access a ressource with wrong HTTP method, e.g. PUT on /suppliers |
| 413 | PAYLOAD_TO_LARGE | The amount of data you sent, exceeds a specified maximum. See error response for details |
| 415 | UNSUPPORTED_MEDIA_TYPE | When wrong data format is sent or "content-type" header is wrong |
| 422 | UNPROCESSABLE_ENTITY | Input validation error. Please see error response details |
| 500 | INTERNAL_SERVER_ERROR | Severe, unknown error |
Error response
- timestamp: ISO-formatted date-time (UTC)
- id: a unique identifier of the error
- status: HTTP status code (same as in response header)
- statusMessage: HTTP status message
- message: a brief, human readable error message
- details: optional, may contain arbitrary information about the error, e.g. a list of validation errors (see: example 2, below)