NATS API Best Practices

From TMMwiki
Jump to: navigation, search
NATS 4
Members Admin
The Members Admin
View Member Details
Add Member
MySQL Auth
Mod Authn DB
Multisite Access
Member Logging
Member Password Retrieval
OpenID Connect
Mod Auth OpenIDC
ID Numbers
SOAP API
API
API Best Practices
WSDL Cache
Add Affiliate
Add Member Note
Admin Get Adtools
Adtool Categories
Adtool Types
Affiliate Get Campaigns
Bulk Import Adtools
Caching
Decode Natscode
Expire Manual Member
Get Affiliate Campaigns
Get Affiliate Hit Data
Get Affiliate Loginids
Get Affiliate Nats Codes
Get Affiliate Payout
Get Affiliate Program Campaign List
Get_Affiliate_Program_Campaign_List
Get Member Details
Get Member Instant Upgrade String
Get Member Package Upgrade String
Get Member Token Rebuy String
Get Member Upsell String
Get Payment Data
Get Payvia Rule
Get Profit Loss Report
Ping
Record Member Login
Search Affiliate Info
Search Member Info
Send Email API Function
Set Affiliate Admin Settings
Set Affiliate Customs
Set Affiliate Defaults
Set Affiliate Information
Set Affiliate Settings
Set Member Details
Set Payment Status
Set Payvia Rule

REST API
API Overview
API Best Practices
REST API PATH UPDATES
    Adtool
GET /adtool/admin
GET /adtool/adtools
GET /adtool/adtool
GET /adtool/adtool-rules
GET /adtool/adtool-rule
GET /adtool/categories
GET /adtool/field-options
GET /adtool/field-types
GET /adtool/groups
GET /adtool/search
GET /adtool/templates
GET /adtool/types
GET /adtool/type
POST /adtool/adtool
POST /adtool/adtool-rule
POST /adtool/category
POST /adtool/field
POST /adtool/field-option
POST /adtool/group
POST /adtool/import
POST /adtool/type
PATCH /adtool/adtool
PATCH /adtool/adtool-group
PATCH /adtool/adtool-rule
PATCH /adtool/category
PATCH /adtool/field
PATCH /adtool/field-option
PATCH /adtool/group
PATCH /adtool/move
PATCH /adtool/restore-adtool
PATCH /adtool/restore-category
PATCH /adtool/restore-field
PATCH /adtool/restore-field-option
PATCH /adtool/restore-type
PATCH /adtool/type
DELETE /adtool/adtool
DELETE /adtool/adtool-rule
DELETE /adtool/category
DELETE /adtool/field
DELETE /adtool/field-option
DELETE /adtool/group
DELETE /adtool/type
    Affiliate
DELETE /affiliate/account-rep
DELETE /affiliate/account-type
DELETE /affiliate/affiliate
DELETE /affiliate/doc
DELETE /affiliate/group
DELETE /affiliate/permissions
GET /affiliate/account-changes
GET /affiliate/account-types
GET /affiliate/admin-settings
GET /affiliate/campaigns
GET /affiliate/current
GET /affiliate/current-permissions
GET /affiliate/docs
GET /affiliate/doc
GET /affiliate/groups
GET /affiliate/group
GET /affiliate/hits
GET /affiliate/link-styles
GET /affiliate/loginids
GET /affiliate/loginlog
GET /affiliate/manual-payout
GET /affiliate/news-sections
GET /affiliate/notes
GET /affiliate/notices
GET /affiliate/override
GET /affiliate/payout
GET /affiliate/payment-periods
GET /affiliate/payvia-types
GET /affiliate/payvia-type
GET /affiliate/permissions
GET /affiliate/programcampaigns
GET /affiliate/referrer
GET /affiliate/referring-urls
GET /affiliate/reps
GET /affiliate/rest-methods
GET /affiliate/search
GET /affiliate/search-limited
GET /affiliate/settings
GET /affiliate/skins
GET /affiliate/soap-functions
GET /affiliate/status
PATCH /affiliate/adminsettings
PATCH /affiliate/account-change
PATCH /affiliate/account-type
PATCH /affiliate/account-type-permissions
PATCH /affiliate/admin-setting
PATCH /affiliate/affiliate-account-type
PATCH /affiliate/affiliate-group
PATCH /affiliate/allsettings
PATCH /affiliate/account-rep
PATCH /affiliate/avatar
PATCH /affiliate/customs
PATCH /affiliate/defaults
PATCH /affiliate/details
PATCH /affiliate/override
PATCH /affiliate/password
PATCH /affiliate/payment-period
PATCH /affiliate/payvia
PATCH /affiliate/payvia-info
PATCH /affiliate/permissions
PATCH /affiliate/referrer
PATCH /affiliate/reset-api
PATCH /affiliate/reset-rss
PATCH /affiliate/reset-tos
PATCH /affiliate/rest-permissions
PATCH /affiliate/restore
PATCH /affiliate/restore-account-type
PATCH /affiliate/settings
PATCH /affiliate/soap-permissions
PATCH /affiliate/status
POST /affiliate/account-type
POST /affiliate/add
POST /affiliate/doc
POST /affiliate/group
POST /affiliate/invoice
POST /affiliate/manual-sale
POST /affiliate/note
    Biller
GET /biller/available
GET /biller/partner-available
GET /biller/billerdata
GET /biller/cascades
GET /biller/cascades-available
GET /biller/cascade-count
GET /biller/cascade-history
GET /biller/cascade-rules
GET /biller/cascade-rule
GET /biller/cascade-step-count
GET /biller/cascade-steps
GET /biller/cascade-detail
GET /biller/cascade-list
GET /biller/count
GET /biller/detail
GET /biller/fees
GET /biller/partner-fees
GET /biller/last_poll
GET /biller/partner-last-poll
GET /biller/list
GET /biller/partner-detail
GET /biller/partner-list
GET /biller/partner-shortnames
GET /biller/process_types
GET /biller/partner-process-types
GET /biller/shortnames
GET /biller/transaction_types
GET /biller/partner-transaction-types
POST /biller/add
POST /biller/cascade
POST /biller/cascade-rule
POST /biller/cascade-step
POST /biller/partner
PATCH /biller/cascade
PATCH /biller/cascade-rule
PATCH /biller/cascade-step
PATCH /biller/cascade-steps-reorder
PATCH /biller/fee
PATCH /biller/partner-fee
PATCH /biller/restore
PATCH /biller/restore-cascade
PATCH /biller/restore-partner
PATCH /biller/setting
PATCH /biller/partner-setting
DELETE /biller/biller
DELETE /biller/cascade
DELETE /biller/cascade-rule
DELETE /biller/cascade-step
DELETE /biller/fee
DELETE /biller/partner-fee
DELETE /biller/partner
    Codes
GET /codes/affiliate-codes
GET /codes/decode
GET /codes/linkcodes
GET /codes/strack
    Config
DELETE /config/setting
GET /config/section
GET /config/sections
PATCH /config/affiliate_default
PATCH /config/section
    Include
DELETE /include/include
DELETE /include/step
GET /include/include
GET /include/includes
GET /include/templates
PATCH /include/include
PATCH /include/restore
PATCH /include/step
POST /include/include
POST /include/step
    Mailing
DELETE /mailing/mailing
DELETE /mailing/mailing-rule
DELETE /mailing/queue
GET /mailing/mailing
GET /mailing/mailings
GET /mailing/mailing-rules
GET /mailing/mailing-rule
GET /mailing/queue
GET /mailing/removelist
PATCH /mailing/mailing
PATCH /mailing/mailing-rule
PATCH /mailing/removelist
PATCH /mailing/removelist-queue
PATCH /mailing/resend-queue
PATCH /mailing/restore-queue
PATCH /mailing/send-mailing
PATCH /mailing/send-test-mailing
POST /mailing/mailing
POST /mailing/mailing-rule
POST /mailing/removelist
    Maintenance
DELETE /maintenance/log
DELETE /maintenance/cache
GET /maintenance/admin-actions
GET /maintenance/log
GET /maintenance/logs
GET /maintenance/nats
GET /maintenance/report
GET /maintenance/report-progress
GET /maintenance/reports
GET /maintenance/server
GET /maintenance/table
GET /maintenance/tables
GET /maintenance/table-clean-count
GET /maintenance/table-clean-progress
PATCH /maintenance/log
PATCH /maintenance/report
PATCH /maintenance/table
    Member
GET /member/available_flags
GET /member/encryptusername
GET /member/authstring
GET /member/billerdetails
GET /member/details
GET /member/flags
GET /member/loginlog
GET /member/matching
GET /member/notes
GET /member/restricted-values
GET /member/search
GET /member/suggestedcanceloffers
GET /member/surfer-actions
PATCH /member/details
PATCH /member/expiration
PATCH /member/expiremanual
PATCH /member/rebilldate
PATCH /member/resend-transaction-email
PATCH /member/resend-transaction-postback
PATCH /member/restricted-value
PATCH /member/forget
PATCH /member/status
PATCH /member/lock
PATCH /member/unlock
POST /member/flag
POST /member/login
POST /member/manual
POST /member/note
POST /member/restricted-value
DELETE /member/flag
DELETE /member/restricted-value
    Message
DELETE /message/message
DELETE /message/permanent
GET /message/count
GET /message/messages
GET /message/view
PATCH /message/read
PATCH /message/unread
PATCH /message/undelete
POST /message/message
    News
DELETE /news/entry
DELETE /news/section
GET /news/entry
GET /news/news
GET /news/sections
PATCH /news/entry
POST /news/entry
POST /news/section
    Notification
DELETE /notification/notification
DELETE /notification/permanent
GET /notification/count
GET /notification/notifications
GET /notification/view
PATCH /notification/read
PATCH /notification/unread
PATCH /notification/undelete
    Option
GET /option/options
GET /option/rule
PATCH /option/rule
PATCH /option/text
POST /option/rule
    Payment
DELETE /payment/invoice
DELETE /payment/payout-period
DELETE /payment/payvia-field
DELETE /payment/payvia-field-mc
DELETE /payment/payvia-rule
GET /payment/dump-format
GET /payment/dump-formats
GET /payment/invoices
GET /payment/payments
GET /payment/payment-dumps
GET /payment/payment-dump
GET /payment/payment-search
GET /payment/payvia
GET /payment/payvias
GET /payment/payvia-fields
GET /payment/payvia-field-mcs
GET /payment/payout-period
GET /payment/payout-periods
GET /payment/payvia-rules
GET /payment/payvia-rule
GET /payment/payviarule
PATCH /payment/copy-dump-format
PATCH /payment/default-payout-period
PATCH /payment/dump-format
PATCH /payment/duplicate-payvia
PATCH /payment/invoice
PATCH /payment/payment
PATCH /payment/payment-paid
PATCH /payment/payment-store
PATCH /payment/payment-unstore
PATCH /payment/payments
PATCH /payment/payments-unstore
PATCH /payment/payout-period
PATCH /payment/payout-period-affiliates
PATCH /payment/payvia
PATCH /payment/payvia-field
PATCH /payment/payvia-fields-reorder
PATCH /payment/payvia-field-mc
PATCH /payment/payvia-field-mcs-reorder
PATCH /payment/payvia-rule
PATCH /payment/payviarule
PATCH /payment/restore-payout-period
PATCH /payment/restore-payvia-field
PATCH /payment/restore-payvia-field-mc
POST /payment/check-dump
POST /payment/dump-format
POST /payment/import-dump
POST /payment/invoice
POST /payment/payout-period
POST /payment/payvia
POST /payment/payvia-field
POST /payment/payvia-field-mc
POST /payment/payvia-rule
    Program
DELETE /program/program
DELETE /program/payout-change
DELETE /program/payout-change-tier
GET /program/affiliate-available
GET /program/detail
GET /program/list
GET /program/options
GET /program/payout-changes
GET /program/redirect-available
GET /program/sites
GET /program/tours
GET /program/types
PATCH /program/default_payout
PATCH /program/details
PATCH /program/disable_affiliate
PATCH /program/disable_tour
PATCH /program/enable_affiliate
PATCH /program/enable_site
PATCH /program/enable_tour
PATCH /program/move-payout-change
PATCH /program/payout-change
PATCH /program/payout-change-tier
POST /program/new
POST /program/payout-change
POST /program/payout-change-tier
    Report
GET /report/hits
GET /report/hit-totals
GET /report/profitloss
GET /report/profit-loss
GET /report/fields
GET /report/focus
GET /report/focuses
GET /report/groups
GET /report/perspective
GET /report/perspectives
GET /report/report
GET /report/subscription
GET /report/surfer
GET /report/surferaction
GET /report/transactionpayouts
GET /report/transactions
GET /report/transaction
GET /report/report-widget
GET /report/widgets
GET /report/widget
GET /report/widget-info
GET /report/views
POST /report/focus
POST /report/group
POST /report/perspective
PATCH /report/focus
PATCH /report/focus-enabled
PATCH /report/focus-default
PATCH /report/focuses-reorder
PATCH /report/perspective
PATCH /report/perspective-group
PATCH /report/report-widget
PATCH /report/widget
DELETE /report/focus
    Reward
DELETE /reward/category
DELETE /reward/purchase
DELETE /reward/point
DELETE /reward/reward
GET /reward/categories
GET /reward/points
GET /reward/purchases
GET /reward/rewards
PATCH /reward/move-point
PATCH /reward/point
PATCH /reward/reward
PATCH /reward/ship-purchase
PATCH /reward/unship-purchase
POST /reward/category
POST /reward/point
POST /reward/reward
    Service
GET /service/check-functions
GET /service/condition
GET /service/countries
GET /service/country
GET /service/datetime
GET /service/languages
GET /service/periods
GET /service/ping
GET /service/project
GET /service/rule-condition-data
GET /service/rule-info
GET /service/stats-breakdowns
GET /service/timezone
GET /service/timestamp
POST /service/sendemail
    Site
GET /site/base-templates
GET /site/billers
GET /site/cookies
GET /site/coupon
GET /site/coupons
GET /site/coupon-revisions
GET /site/email-settings
GET /site/groups
GET /site/option
GET /site/options
GET /site/options-available
GET /site/option-fields
GET /site/option-rules
GET /site/option-rule
GET /site/option-type
GET /site/option-types
GET /site/programs
GET /site/site-list
GET /site/site
GET /site/site-notices
GET /site/site-partner
GET /site/site-partners
GET /site/site-type
GET /site/sites
GET /site/template
GET /site/templates
GET /site/template-sections
GET /site/template-sites
GET /site/tour
GET /site/tours
GET /site/tour-emails
GET /site/tour-notices
POST /site/coupon
POST /site/group
POST /site/option
POST /site/option-rule
POST /site/site-partner
POST /site/site-tour
POST /site/copy-template
POST /site/tour
PATCH /site/cookie
PATCH /site/coupon
PATCH /site/duplicate-option
PATCH /site/email-settings
PATCH /site/group
PATCH /site/move
PATCH /site/option
PATCH /site/option-rule
PATCH /site/reset-coupon
PATCH /site/restore-group
PATCH /site/restore-option
PATCH /site/restore-site
PATCH /site/restore-site-partner
PATCH /site/restore-tour
PATCH /site/site
PATCH /site/site-partner
PATCH /site/template
PATCH /site/tour
DELETE /site/cookie
DELETE /site/group
DELETE /site/option
DELETE /site/option-rule
DELETE /site/site
DELETE /site/site-partner
DELETE /site/template
DELETE /site/tour
DELETE /site/tour-field
    Skin
DELETE /skin/skin
DELETE /skin/template
GET /skin/export
GET /skin/skins
GET /skin/sections
GET /skin/templates
GET /skin/template
PATCH /skin/flush
PATCH /skin/skin
PATCH /skin/template
POST /skin/copy-template
POST /skin/import
POST /skin/skin
POST /skin/template


Please note: This information is best represented on NATS versions higher than 4.1.16.1


This article lists out several best practices for using the NATS API. These practices are encouraged in order to prevent unwanted access to processes within NATS that would otherwise not be available unless logged in. We encourage you to use the REST API system rather than the SOAP API system, as the SOAP API in NATS is deprecated and included only for backward compatibility.

Restrict Access by IP Address

In order to use the NATS API, you will need to provide a list of IP addresses will be granted access to the NATS API. In the "Security" section of the Configuration Admin, this information is stored as a comma separated list of IP addresses set in the "ADMIN_API_ALLOWED_IPS" variable. We recommend that you grant access to only the IP addresses of those who will be actively using the NATS API itself.


In the "Security" section of the Configuration Admin, set the ADMIN_API_ALLOWED_IPS configuration to limit the IPs that are able to use the API.

API ON/OFF switch

In addition to allowing API access to IP addresses, you will need to enable the NATS API itself. In the the "Security" section of the Configuration Admin, turn on the API by checking the box for the "ENABLE_SOAP_API" or "ENABLE_REST_API" settings, depending on which system you plan to use. This configuration is disabled by default, and is available to provide a way for you to quickly turn off both the NATS API to all users should the need arise. We recommend enabling only the API systems you plan to use.

In the "Security" section of the Configuration Admin, check the ENABLE_SOAP_API or ENABLE_REST_API settings depending on your use.

API Users per System or Server

We recommend creating separate API accounts for separate uses or servers. This makes it so access to the API systems are limited should that account be compromised. An example of this type of set up would be creating an account for API use in your members area, and creating a separate account for API use on an external Adtool system. If you have members areas on separate servers, it would be best to create a separate account for each server as well.

We recommend having separate accounts for specific API purposes.

API Permissions

For each account able to access the API system, we provide the ability to restrict the resources or functions available to them. The permissions system allows you to make available only those systems that an account needs to use. We encourage you to only make available the functions or resources that are necessary to the account itself. For example, if an account is to be used for membership authentication, set the account's API permissions to only allow them access to the member search function.

SOAP API Permissions

By default, an account has access to all available SOAP API functions, and you have the ability to disable any functions that are not necessary for the account. Use the check boxes next to each of the functions to select which you wish to make either Enabled or Disabled. Once selected, use the "Disable APIs -->" and "<-- Enable APIs" buttons to move the selected functions from one column to the other. You can also use the "Auto Check:" links to quickly check "All" or "None" of the functions, or "Invert" your selection before Enabling or Disabling functions.


SOAP API permissions allow you to set available functions per account.

REST API Permissions

By Default, an account does not have access to any of the available REST API resources. Use the check boxes in the "Enabled" column to select which of the collection, method, and resource combinations you would like to Enable for the account. Save the configuration by clicking "Save REST API Permissions" at the bottom of the page. Collections, Methods, or Resources set with ANY allow the account access to any of the specific option in the combination. For example, Collection/Method/Resource with each option set to ANY allows the account access to all REST API functions, whereas the Collection of "Adtool" and Method/Resource set to ANY will give the account access to all functions available only in the "Adtool" collection.


REST API permissions allow you to set available collections/resources/methods per account.


Examples of API Settings

Membership Authentication API Account

This is an example configuration for an account to be used for membership authentication through a restricted members area. The image on the left shows the SOAP API permissions for this account with access to only the following functions: get_member_details, record_member_login, and set_member_details. The image on the right shows the account set to the equivalent resources. In this example, this account would be used to authenticate, to record the login to NATS, and to allow the update of member information.

SOAP API Member Authentication Account Example REST API Member Authentication Account Example

Members Area Across Multiple Servers

If you have members areas across multiple servers, we recommend utilizing a separate API account for each server as shown in this example.

API PERM WIKI SCREEN 08.png