Hi OST team
I've already mentioned this for Pranay Valson in the Gitter chat, but figured I might as well post it here.
The rest api as of now is a bit confusing to newcomers it seems. At least in my experience. Furthermore, it seems, from a user perspective, to be overly verbose.
I've created a gist showing how I call the create user endpoint with the current api and then a version where I have optimized the usage from what I gather should be possible -> Gist link
The main things are:
Just my two cents. Do let me know if any clarification is needed :)
Keep up the good work team!
Thanks for your suggestions and the gist posted here. We took a look at it and understand that the following should help resolve the confusion.
The params of the API calls need to actually be present only in the post body. One of those params is the signature and this is required to sign all the params including the api_key and timestamp, the reason for this is to ensure that the man-in-the-middle (as @realJayNay also pointed out) cannot change the input params to the request. The api_key and timestamp are also required to sign the request so that we can validate the signature on the server side and just to be sure, the query string you mentioned is used in the algorithm to generate the string to sign, but we don't require you to specify the params again in the query string while POSTing the request.
Hope that was helpful and also thank you for your active involvement on gitter with the C# developer community.
Thanks a lot for clearing that up, makes sense now :)
That said, it's still quite cumbersome to use, but as long as there is a reason for it :)