Skip to content

Application Programming Interface (API)

We can set up an API connection with associated authorization (OAuth) per request. Credentials, secrets and tokens are provided by our third-party authentication vendor. This will provide you with client specific API documentation, where the different endpoints are explained in detail. More API endpoints can be implemented on request.

The conventions for HTTP requests in whitson+ are following:

  • POST: send data to whitson+
  • GET: extract data from whitson+
  • PUT: edit data for existing data object in whitson+
  • DELETE: delete data object in whitson+


  • We kindly ask you to be mindful about requests of access tokens. Try to limit the token request to 1 per work session. Token is valid for 24 hours following request.
  • Store CLIENT_ID and CLIENT_SECRET in a secure place, as they grant access to alter your database via the endpoints.


  • You may find it useful to set up environment variables while working with the API.
  • Below is an example of setting up environment variables.
    export CLIENT_NAME=<your company name> e.g. if you whitson+ url is  <company>, your CLIENT_NAME would be <company>
    export CLIENT_ID=<authentication account id>
    export CLIENT_SECRET=<authentication account secret>
    export WHITSON_API_TOKEN=<bearer token for endpoints authentication>