Overview
:::warning
Important, please note that the TRY OUT button is currently not working, we are working on it to have it available as soon as possible.
:::
Introduction
The CSQ documentation provides a comprehensive guide to understanding and using CSQ functionality. This resource is essential for developers and technical users looking to implement and optimize solutions with CSQ. The documentation covers everything from basic concepts to advanced configurations, ensuring that users can take full advantage of the tool's capabilities.
Legal
This is a technical support document with general information about how to use web service API to access CSQ services. Any commercial contract signed by CSQ's delegates will always got more relevance & legal significance than this document.
Anyway, any information indicated in this document will be accepted by default if not specifically indicated in any other commercial document between API consumer & CSQ.
It's API consumer responsability to follow correct API consuming practices. As well, it's API consumer responsability to store secretly CSQ's credentials, encryption keys, and so on.
CSQ reserve for itself right to block API consumer at any time CSQ considers there are bad coding practices that can compromise security or stability of CSQ systems.
Communications
Communication accesses
Sandbox & production access URLs are delivered when NDA/CSQ contract is signed.
It will be indicated when signed NDA by your agent. Same for develop & production credentials & encryption keys.
Please always use DNS access, and not direct IP.
Communication security
eVSB API can be accessed through HTTP + SSL (TLS1.1 or TLS1.2) or by plain HTTP. This way, API consumer can decide to add extra man-in-the-middle proteccion, improving security, or avoid SSL handshake, improving bandwidth and net resources.
Anyway, API consumer can ask for direct VPN connection, that CSQ IT team will attempt to establish (note that depending on firewall brands it cannot be possible sometimes).
As well, API consumer can ask for IP whitelisting. In both cases must be API consumer who ask for them, as CSQ does not apply these extra securities by default.
In case of plain HTTP use, it is recommended that API consumer uses 'application/encrypt' accept-encoding type, so this way any request body response will be delivered encrypted.
Nevermind configurable security options, each request will be always secured by a salted signed hash with expire time
Please note that is API consumer responsability keep credentials in a secure & confidential context and apply protections related to them.
Communication failure scenario
Standard eVSB response time are in order of seconds. Anyway, if over 60s request had not received response, you can consider request had been timed out.
A timed out request could had been processed correctly by server, and so, in case of payment operations, charged to API consumer account. API consumer is responsible to know the status of that previous request, using each query methods, and act accordingly.
Please note that as eVSB is NOT an idempotent API, and in fact each request is completely independent of previous ones, that's it, two requests will be processed separately although they contain exact same petition. So, API consumer should disable any kind of auto-request repetition.
Service Overview
eVSB is a REST/JSON API service that deviates from the official REST/JSON API specification in several ways. These deviations are intentional to improve performance, development time, and simplify the general architecture.
Despite not following the official specifications fully, eVSB is a well-structured REST/API designed for easy understanding and consumption.
Summary
While eVSB does not strictly adhere to the official REST/JSON API specification, it provides a robust, well-structured REST/API service optimized for performance and simplicity. Understanding and correctly handling HTTP codes, rc values, and the native JSON response structure ensures efficient use and integration of the eVSB service.
Headers
Methods
Contact
How to contact us
For any implementation issues, during the development phase, please contact noc.integration@csqworld.com.
For problems during the production phase (i.e. a transaction commit, reports unexpected interrupts, error, etc.) contact nocsupport@csqworld.com
For any suggestions about the API, please contact plataforma@csq.es