Note: Any header starting with ‘<’ is identified as a SOAP API request, and any header with ‘Content-type: application/json’ is classified as a REST API request.

Avo Assure APIs

1. API request includes the following elements:

   • URL: to identify the resource.

   • HTTP method: specify the action that will be applied to the resource.

   • HTTP headers: specify additional information, including the data format for the request body and the response body.

   • Request body: to include data that needs to be processed by Avo Assure.

2. API response includes the following elements:

   • HTTP status code: to indicate the result of the request.

   • HTTP headers: to specify additional information.

   • Response body: the result to process the resource.

3. Authentication:

   • Tokens are generated in lieu of user credentials for triggering execution in Avo Assure.

   • Tokens issued are RFC 4122 compliant randomly generated 256-bit UUID.

   • The token is visible (in plain text) only at generation time. After that, it is irretrievable as the token hash is generated and saved in the database. At the time of validation, the hash is compared with the provided token.

   • Every token issued always has an expiry time (minimum of 8 hours, and it is configurable).

   • If the user feels that the token is compromised, that particular token can be deactivated by Avo Assure Admin.