Transmit Security builds every feature using an API-first approach, to give you APIs that are consistent, reusable, and well-designed. This lets you create great identity experiences for your users, and develop better products—faster.
Transmit APIs are served over HTTPS. The endpoint paths are relative to the base URL, which is comprised of:
Scheme, which defines the protocol used. Always
Host, which varies depending on the tenant's region. Hosts are production environments.
api.transmitsecurity.io(for worldwide tenants, located in US)
api.eu.transmitsecurity.io(for EU tenants)
ServiceID, which identifies the type of service:
cis— Identity Management and Authentication services
risk— Detection and Response services
verify— Identity Verification services
https: // api.transmitsecurity.io / risk /v1/recommendation
Examples in Transmit documentation always leverage the worldwide host (
api.transmitsecurity.io). Make sure to check the correct base URL for your region and adjust code snippets as needed.
All API requests must be made over HTTPS. Depending on the API, authentication is performed either using:
- Client ID only
- Client ID and Client Secret
OAuth2 Access Token in the
Authorizationheader using Bearer authentication scheme
These are the types of access tokens that can be used to authorize API calls in Transmit.
- Client access tokens — generated using your app credentials
- Admin access tokens — generated using credentials of management apps
- User access tokens — returned upon successful user authentication.
For more information about token types, see Token reference.
In some cases, client access tokens must be generated for the specific service you want to use. For Detection and Response services and Identity Verification services, specify the relevant resource when generating the token. See Authorization.
To generate access tokens to run API calls right from the docs, using the Try it button.
Conventional HTTP response codes are used to indicate the success or failure of an API call:
3xxcodes indicate success
5xxindicate a Transmit Server server error (rare)
4xxcodes indicate other failures (missing params, unauthorized, applicative errors, etc.)