Skip to main content
  1. Explain the difference between endpoints that require authorization and those that do not.
  2. Explain the concept of organizations, their connections in MyCreditApp, and their role in API authorization (terms like “forwarder” and “shipper” may be used as examples but are not mandatory entities — new entity types and relationships might be added in the future). Prefer using the terms “Owner” and “Guest” and explain these concepts.
  3. Describe the Requester-Organization-ID header: its purpose and how to use it in API requests (operate with the concepts Owner and Guest).
  4. Describe the Target-Organization-ID header: its purpose and how to use it in API requests (operate with the concepts Owner and Guest).
  5. Emphasize that both headers are mandatory for endpoints that require authorization.
  6. Provide examples of curl commands that demonstrate using both headers in API requests.
  7. Describe possible authorization errors related to these headers and how to avoid them.
  8. Describe which groups of endpoints, or specific endpoints (if their rules differ from the group’s rules), may be used to request Owner or Guest resources. Emphasize that all other endpoints can only be used as the organization owner (the Requester-Organization-ID must match the Target-Organization-ID).