The following technical details are provided to help you better understand the Vibes APIs and Callbacks.

URL Host

The following is the standard Vibes URL host, which is the Vibes public API site.

Environment	Public URL
US	https://public-api.vibescm.com
EU	https://public-api.eu.vibes.com/

Headers

All Vibes API calls are set up to receive data in a standard JSON format.

The following is the header to include on all API calls.

Content-Type: application/json
X-API-Version: 2

In addition, you will need to choose your authentication, which will also be included in the header.

Basic authentication

Basic Authentication is the simplest way to implement access controls. Most programming languages have built-in libraries to support Basic Authentication. The following is a brief description of how the header is constructed:

Combine the username and password into a "username:password" string.
Encode the resulting string using Base64.
Add the Authorization HTTP header and set the value to "Basic " plus the encoded string.

Notes

Usernames should be different in the EU and US instances.
Include the extra space after "Basic ".

For example, if the username is 'VibesUser' and the password is "Password123" then the header is as follows:

Authorization: Basic VmliZXNVc2VyOlBhc3N3b3JkMTIz

Client certification authentication

Vibes supports Client Certificate Authentication as an extra layer of security for API calls.

Error Handling and Responses

APIs follow standard HTTP Response codes. See individual API calls for errors that can be returned. Any 4XX error will return a JSON body with the specific information and code. The response will be an errors object, with an array of all the errors that occurred on the request, as shown in the following example.

{"errors": [
    {"message":"The MDN field is required","code":1},
    {"message":"The zip code must be numeric","code":2}
  ]
}

Rate Limiting

Vibes throttles the number of requests that can hit the APIs at one time per user. If the number of requests to Vibes' system from your endpoint is more than the rate limit, a “429 Too Many Requests” response will be sent.

The rates are the following:

For inbound events: 300 requests/second
All non-event API calls per company_key: 100 requests/second
Non-event API calls per app_id: 100 requests/second
Google Wallet updates: 20 requests/second

Message Redaction

If you’re sending sensitive information over text message, you may want to enable message redaction, which will prevent the information from being stored in our transaction logs.

Message redaction is turned on at the short code level, meaning if you enable message redaction on a particular short code, all messages and/or phone numbers sent to or from that short code will appear as redacted text.

If validating TCPA compliance may be required in the future, Vibes does not recommend turning on message redaction. For this reason, message redaction is available for SMS only if compliance is managed via another means.

Learn more about message redaction .

Originating IP Addresses

If you'd like to receive API calls from Vibes, you may want to white list our IPs. See our Callback documentation for a list of Vibes IP address ranges.