To get live API access, your integration must pass certain tests. This will make sure that it meets our technical standards and best practices.
For each capability, the tests cover Essential and Enhanced functionalities. Your integration must pass at least one of the Essential functionality tests to get live access.
We recommend using the Enhanced functionalities to allow dealers to get the full benefits of the service.
We'll cover the tests for the following functionalities:
- Authentication (Essential)
- Advertisers API (Enhanced)
-
- Advertiser update notifications (Enhanced)
-
- General error handling (Essential)
There are three ways we check that tests are successful:
- Demonstration - We will expect you to show us your code or your UI
- Call log validation - We will check your API calls to our service to make sure the call is made correctly
- Database check - We will check our database to see whether the correct attribute has been updated
Authentication (Essential)
When using your API key to authenticate, follow the below guidelines for getting an access token to use on our other API services and when to generate a new one.
Test | How we'll check it |
You can successfully get an API token with your given credentials | Call log validation |
After the key expires, you can logically generate a new key | Call log validation |
You do not authenticate on every call to our services | Call log validation |
Advertisers API (Enhanced)
All Auto Trader Connect integrations have access to our Advertisers API, which gives information on the dealers that are configured to be on your integration.
Test | How we'll check it |
Able to get dealers on your integration via the Advertisers API | Call log validation |
Included relevant pagination with page and pageSize parameters | Call log validation |
Optional checks | |
Able to call the Advertisers API for a specific advertiser ID to check if they are on your integration or not |
Call log validation |
Advertiser update notifications (Enhanced)
As well as access to the Advertisers API, you can also use our advertiser update notifications, which will send a webhook when any data available on the Advertisers API has been updated in Auto Trader.
This will not send a notification when an dealer is added or removed from your integration.
Test | How we'll check it |
Implement hash authentication on your notification endpoint and return a successful response code (2XX) if the hash authentication matches | Call log validation |
Able to identify the notification type of ADVERTISER for this functionality | Demonstration |
Advertiser details are updated in your system when an dealer is updated in Auto Trader | Demonstration |
General error handling (Essential)
400 Response Code - Bad Request
Test | How we'll check it |
When you get a 400 response code, the API call should not be retried on a schedule and should flag to the partner or user that there was bad input | Demonstration |
401 Response Code - Unauthorised
Test | How we'll check it |
When you get a 401 response code, all other API activity should be stopped until a new access token has been requested from the Authentication endpoint | Demonstration |
403 Response Code - Forbidden
You can get two types of a 403 error. The response body of the request will tell you which type of 403 error it is:
- Your integration does not have access to the advertiser ID requested in the query string
- The advertiser ID the request is for does not have access to the service you are requesting
Test | How we'll check it |
When you get a 403 response code due to the advertiser ID not being on your advertiser list, you should stop all API activity for that advertiser ID and/or raise an action internally to query with Auto Trader | Demonstration |
When you get a 403 response code due to incorrect products for the advertiser ID, you should stop API activity for that service for that advertiser ID and/or raise an action internally to query with Auto Trader | Demonstration |
429 Response Code - Too Many Requests
Test | How we'll check it |
When you get a 429 response code, you should temporarily pause all API activity for at least two seconds | Demonstration |
503 Response Code - Service Unavailable
Test | How we'll check it |
When you get a 503 response code, you should temporarily pause API activity on the requested service for at least one minute | Demonstration |
Capture CF-Ray-ID
To help us look into any issues, store the API call ID in your logging. When you raise an issue, give us this ID so we can locate the exact API call.
Test | How we'll check it |
Capture CF-RAY ID from the response header on API call failures | Demonstration |