This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] TI-API: What are the best practices for push API settings?

Part Number: TI-API

What are the best practices for push API settings?

  • TI is committed to securing your systems and TI's from security threats, and require that customer endpoint meet specific guidelines for enabling API callback functionality. Customer's push API settings in the myTI dashboard as well as individual API calls from TI to your specified endpoints will be reviewed, and access to the push APIs may be revoked if the best practices described below are not followed.

    • Use HTTPS webhook URLs with SSL encryption and a valid certificate.
    • The API should implement security scheme to restrict access. Token authentication method is preferred, but basic authentication is supported if required.
    • Do not use dynamic DNS, redirector, anonymizer or tor2web services.
    • Do not use offensive, abusive, fraudulent  or embargoed top-level domains.
    • If possible, the domain of your API URL should match your myTI customer domain.
    • Do not use IP addresses.
    • Do not use redirect or relay URL parameters.

    These best practices apply to customer URL settings for each of the following TI store and backlog push APIs:

    • Inventory subscription API
    • Advanced ship notice (ASN) push API
    • Financial document push API
    • Order push API

    The process for reviewing and approving API endpoints and securing API callback functionality will continue to evolve and improve, and we appreciate your cooperation.

    If push API notifications are failing, please check for some of the following common issues:

    • Expired or invalid certificate on your server: ensure that the certificate is not expired or revoked, and is installed properly for the matching domain.
    • Incomplete certificate chain: ensure you have completed all chain links in your SSL certificate. In the ssllabs.com analysis, the recommendation is to include all the steps so that there was no need to download extra authorities of the chain.
    • Unsupported TLS protocol: ensure that the TLS protocol on your server is 1.2.
    • Your firewall is blocking requests from ti.com: ensure that your server is accepting API requests from ti.com. View a list of TI's internet web proxy servers' IP addresses

    Note that you can observe and troubleshoot some of these issues by trying to call your endpoint with a PUSH request from an API client from outside your network.

**Attention** This is a public forum