To access the M360 Customer API you have to first activate it by logging in to your dashboard and setting the API status to Testing or Live. If you wish to disable your API access later, you can set the API status on your dashboard to Disabled. To enable and use your M360 Customer API account you will need a valid and active M360 licence.
Calling any API endpoint in Testing mode will never cause any data changes. Also responses in this mode will be random generated but syntactically correct data structures. You can use this mode to safely experiment with the M360 Customer API and test your integration. Once you have tested your system and feel confident you can switch to Live mode.
Most endpoints can be called in testing mode even if your API is live, by providing the optional testing request parameter and setting its value to true. This will result in exactly the same behaviour and response like if your API would be in Testing mode.
To call any M360 Customer API endpoint just issue a HTTP POST request with an application/json content type to the URL of the endpoint. The body of the request should be a simple JSON object containing the input parameters shown at the endpoint's documentation.
With every API request you must provide the correct authentication information which is different from your M360 login username and password. You need to add two special parameters to every request: authCode and authToken. Example request:
POST https://m360soft.com/api/customer/v1/getHistory
{
"authCode": "a167b9ae-948d-490c-9995-932984fbb223",
"authToken": "f3e1016b87d4d11d7994d39050ac5d05ef475bc422131b0916337f0c0a424be3",
"limit": 100
}The authCode parameter is the unique identifier of your M360 Customer API account and the authToken is the secret key of it. You can access both information on your dashboard at the API information section. For safety reasons the authToken can only be viewed or regenerated after providing your M360 password (the one you have used to log in to your dashboard).
Every M360 Customer API response will be a JSON object containing two properties: data and meta.
The data object will be populated with the specific information the called API endpoint provides, so its structure and content varies between endpoints. For example a successful but empty /v1/getHistory response will be like this:
{
"data": {
"totalCount": 0,
"records": []
},
"meta": {
"success": true
}
}The meta object has more rigid structure and always contains the boolean status property success and in case of any error the errors object. The errors object has 3 properties: code, title and details. The code is the ID of the error, while the title is a human-readable description of it. If you would like to handle specific errors always build your logic on the code error property instead of the title.
Example error response:
{
"data": [],
"meta": {
"success": false,
"errors": {
"code": "auth:forbidden",
"title": "Access forbidden with the given credentials",
"details": []
}
}
}There is a limit on the number of requests you can make to any Customer API endpoints, which is based on your active licences and upgrades. You can make 1 request / second / allowed computers. So if you have a Professional Licence with 2 upgrades, then you are limited to a total of 3 requests / second. If you have a single Business Licence then you can make up to 5 Customer API requests / second.