LodgeX LAPP API Introduction
Last Updated:
20-11-2023 Build 12550
The LodgeX LAPP API is an external API used by clients to interact with LAPP and its connected 3rd party systems.
The API is currently under active development, and is likely to change from time to time. See the Change Log for details of recent updates.
Scope of API
The API will contain minimum methods necessary to create, monitor, and modify a booking of the following types:
- Mortgage
- Discharge of Mortgage
- Caveat
- Withdrawal of Caveat
- Other
Review our Change Log and Roadmap for recent changes and upcoming developments.
The purpose of this system is to expose functionality to manage the process of adding and managing these booking types for a 3rd party via externally accessed API methods.
Data Structures
All data structures included in Requests and returned in Responses are in JSON format. API messages must be sent and will be returned with the following content type.
| HTTP Content Type |
application/json |
Authentication
This API requires an authentication token to be passed as a HTTP header as shown below.
| api-key |
Token generated by authentication method |
| x-api-key |
Token generated by authentication method |
In order to authenticate, send your clientid and clientsecret to the getOAuthToken method. Review the Swagger or Usage Examples for more details.
If your keys are valid, an API token will be returned that must be passed in all subsequent calls within the HTTP Header api-key.
All authentication tokens expire after 1 hour. You can refresh your token and add an additional hour by calling the refreshOAuthToken method, or simply create a new token.
Authentication tokens generated via this method can vary in length.
Network Allow List
Additional security can be enabled by restricting access to the API to your nominated IP Address or range of IP Addresses.
This is a recommended, but optional, feature available for configuration within LAPP. Currently only IPv4 addresses are supported.
LAPP API Network Allow Listing & Outbound Webhook Origin Allow Listing
Integrators can optionally enable Allow Listing to restrict access to the LAPP API within their networks. The LAPP API (api.lodgex.net) has a variable set of IP addresses, which are listed below.
- 103.73.83.240/28
- 103.73.83.181/32
- 51.162.50.32/30
This is a recommended, but optional, feature available for configuration within LAPP. Currently only IPv4 addresses are supported.
WebAPI Method Request & Response Models
API methods prefixed with /api/v3/ will return a strict JSON object. Previous versions of the API are deprecated and no longer available externally.
Each response is wrapped with status details. Such that, any description of a message response is assumed to follow the format where the Data element contains the response described.
Example Successful Response
{
"Message":"OK",
"Status":200,
"Data":
{
"Userid":1636,
"userguid":"CB7914D4-C491-46B5-B10D-50A909CD4537",
"firstname":"Test",
"lastname":"Person"
}
}
Example Unsuccessful Response
{
"Message":"Error",
"Status":400,
"ErrorMessage": "description of error"
}
Important Note: Some methods that return dynamic data (such as getbooking) will return many values as strings. This is because a booking has variable, un-typed fields and are not necessarily inferable reliably.
Date/Time Format
All API calls require and expect dates formatted to the ISO 8601 style, excluding milliseconds, and return the same in responses. This format is commonly expressed as yyyy-MM-ddTH:mm:ssZ. API Request formats can vary somewhat depending on your preferences, however only the following formats are accepted:
Fields that do not require a time value should be sent with the time value for completeness, however it will be ignored.
| 2022-09-11T19:13:11 |
Date and time in Melbourne local time. |
| 2022-09-11T19:13:11+00:00 |
Date and time in UTC with timezone specifed (+11 hours) |
| 2022-09-11T19:13:11Z |
Date and time in UTC Format |
Response date/time values will be sent only in the format below:
| 2022-09-11T19:13:11 |
Date and time in Melbourne local time. |
System Timezone
The core LAPP system operates on Melbourne, Australia local time (AEST/AEDT), with availability and logging date/times being represented in this timezone.
Booking-specific date/times, such as Settlement Dates, are in the timezone of the jurisdiction in which the activity takes place.
HTTP Response Codes
A range of HTTP response codes will be returned from the API, including Success and Failure codes. They are summarized below.
| Code |
Description |
| 200 |
Successful API call. May optionally include JSON or plain-text commentary in the Request Body with additional details. |
| 400 |
The API received data (such as booking reference) that was invalid or missing, or malformed JSON content. The response message will typically include details of the missing or invalid fields. |
| 401 |
The API call was not authorized - the API token may have expired, or an attempt was made to retrieve, modify or delete a record with insufficient permissions. |
| 404 |
The API method was not found. |
| 429 |
Too Many Requests have been received by the API. See the Rate Limiting section below. |
| 500 |
An internal error within the system has occurred. The error and API request data is automatically logged in our bug tracking system for our IT team to review. |
| 503 |
The LAPP API (or other external system(s)) is not currently available. |
Response codes 400, 404, 429, 500 and 503 are not included in the Swagger documentation as they are constant across all methods.
Rate Limiting
A rate limit of
500 API calls within any
15 minute window is in place for all users.
higher rate limit can be requested and will be reviewed on a case-by-case basis.
WebAPI Response Compression
GZip (Deflate) compression is enabled for any request that includes the following in the Request Header:
Accept-Encoding: gzip, deflate
Compression will only occur on Response Body elements greater than 680 bytes. You will not need to decompression as all (at least in C#) web request libraries support automatic GZIP decompression and deflation.
Response Caching
No response data is cached - all data is regenerated in real-time at the time of request.
REST API Data Encryption in Transit
All API calls require the use of SSL. Our systems are supported by SHA-256 with RSA Encryption.
API Availability
The API is available for use 24/7/365, however updates and maintenance typically occur from 0500-0700 AEST/ADST Melbourne Time on any day. We recommend minimizing usage during these times.