Quickbook API

1. Security

The Addison Lee Quickbook API uses the HTTP Authorization header to pass authentication information to all endpoints. The Authorization header has the following format:

Authorization: AL client_id:client_secret

The HTTP request containing an Authorization header is shown below:

POST https://sandbox.api.eu.addisonleeglobal.net/api-quickbook/v3/api/booking/create HTTP/1.1
Content-Type: application/json
Authorization AL r84056009d3c4bbda7af8710c85ff0cc:729012cb43c94a72BA9E70571311449

Details of how to obtain your Client ID and Client Secret can be found in the main page.

1.1. Unauthorised Access

If the Client ID and Client Secret are invalid, the following HTTP Response will be returned.

HTTP/1.1 401 Unauthorized
Server: API Gateway/1.3.2
Content-Type: application/x-www-form-urlencoded
Date: Wed, 08 Jul 2015 21:11:51 BST
X-MULE_ENCODING: US-ASCII
Content-Length: 34

Invalid client_id or client_secret

2. Rate Limits

The API is rate limited at a maximum value specified in the Standard SLA Tier. Any messages beyond the maximum are rejected. Enforcement is based on the client id passed in the request.

The API will return the following X-RateLimit-* headers in the HTTP Response

X-RateLimit-Limit: 10
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 42661

X-RateLimit-Limit defines the number of requests allowed.
X-RateLimit-Remaining defines the remaining number of requests (count).
X-RateLimit-Reset defines the time in milliseconds before the remain rate count is reset.

The following response will be generated in the event the API message rate is exceeded

HTTP/1.1 429 Too Many Requests
Server: API Gateway/1.3.2
Content-Type: application/x-www-form-urlencoded
Date: Wed, 08 Jul 2015 13:35:21 BST
X-RateLimit-Limit: 10
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 42661
Content-Length: 18