These docs are for v2.0. Click to read the latest docs for v3.0.

This document will show you how to use Signifyd's REST API to authenticate, make requests, and retrieve data.

Deprecation Notice

The docs below are for Signifyd's V2 API, which is now deprecated. If you are a new Signifyd customer, your Implementation Manager will recommend that you deploy our V3 API, which will allow you to take advantage of new features and products. By the end of Q1 2023, the V3 docs will become our default API documentation. Legacy V2 integrations will continue to be supported.

Overview

This document will show you how to use our REST API to authenticate, make requests, and retrieve data. All responses to and from the API will be in JSON.

You can view a step-by-step tutorial on how to send and fetch data using the Signifyd API.

If you are a Signifyd customer and would like to access Enterprise API documentation, please log in here and navigate to the Resource Center within Developer Tools.

REST Client

Our API docs include a built-in REST console you can use to interactively test the API. Each endpoint is configured with example request data that will produce a successful result from our API if you provide valid credentials. By default, the API key in the REST console is abcdefghijklmnopqrstuvwxyz which appears in it's base64 encoded form, YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXo6. You must replace this with you own base64 encoded API key in the headers section of the console to successfully submit requests.

Response Codes

We use conventional HTTP response codes to indicate success or failure of an API request. In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information (e.g. a required parameter was missing, invalid syntax, etc.), and codes in the 5xx range indicate an error with Signifyd's servers.

CodeDescription
200Success - Request completed.
201Success - New resource created.
202Success - The request has been accepted, but not yet processed.
204Success - No content to return.
400Bad Request - The request could not be parsed, generally due to bad syntax.
401Unauthorized - The request could not be authenticated due to missing or invalid credentials.
403Forbidden - You do not have permission to access to the resource.
404Not Found - The resource doesn't exist.
409Conflict - The with state of the resource on server. Can occur with (too rapid) PUT requests.
429The request was not accepted because the application has exceeded the rate limit. APIs that have rate limits are specified in the API documentation.
500Internal Server Error - An internal error occurred in Signifyd.
503Service Unavailable - The server is currently unavailable. Check the status page for reported outages.
504Gateway Timeout - The request could not complete in time.

Error Messages

There are two types of errors returned by the API server in the bodies of 4xx and 5xx responses:

  • Field-specific errors
  • General error messages
{
  "errors": {
    "fieldName":[
      "Field-specific error message, e.g., fieldName is not a valid email address."
    ]
  },
  "messages": [
    "General error message."
  ]
}

Dates

Our API uses the ISO8601 date format for
complete date plus hours, minutes, seconds and timezone offset.

         yyyy-MM-dd'T'HH:mm:ssZ
For UTC: 2015-11-03T13:21:58+00:00
For PST: 2015-11-03T13:21:58-08:00

For more information about your specific programming language, please view this document.

Unique IDs

Signifyd’s Unique IDs, such as caseId and transactionId,leverage the JSON integer type, which has a maximum value of 2 ^ 53 - 1 as mentioned in RFC 8259

Backwards Compatibility

Signifyd treats the following API changes as backwards compatible:

  • Adding new optional request parameter(s) to an existing API endpoint.
  • Adding a new value to an enum field.
  • Adding new fields to existing API responses.
  • Changing the order of fields in an existing API response.
  • Adding a brand new API resource.
  • Adding a new webhook event. Your integration should handle unfamiliar webhook events gracefully.
  • Changing the length of UUIDs (though we don't change lengths that often!).
  • Changing the format of error messages, and other human readable strings.