# Protocols ## Encoding All API calls are made over HTTPS, receive JSON input, and return JSON output. For information about what JSON is, refer to [RFC 4627](https://tools.ietf.org/html/rfc4627) and [JSON (Wikipedia)](https://en.wikipedia.org/wiki/JSON). Any timestamps that appear in the response from or as input for an API method are always given as numbers signifying the millisecond count since the Unix Epoch (UTC). For example, "Tue, 31 Jan 2012 00:02:30 GMT" is represented as the number 1327968150000. ## Input Each API method has a distinct corresponding URL. Calls to this URL are made with HTTP POST. The body of the message must contain valid JSON (as described in RFC4627). The Content-Type must either be absent or set to `application/json`, or a MalformedJSON (400) error occurs. Query parameters in the URL are ignored. An optional header "DNAnexus-API" may also be provided to indicate which version of the API should be used. This document describes the API with version string "1.0.0". If the header is not given, it is assumed that the most recent version should be used. {% hint style="info" %} Certain API methods do not require any input. However, for future compatibility, JSON parsing is still performed, so valid JSON must be provided in the body. The JSON is only checked syntactically, not semantically. {% endhint %} ## CORS Support All URLs corresponding to API methods have some support for CORS (cross-origin resource sharing), based on the 27 July 2010 W3C Working Draft. * If a POST request to the URL of an API method includes the "Origin" header, its contents are propagated into the "Access-Control-Allow-Origin" header of the response. * Preflight requests (OPTIONS requests to the URL of an API method with appropriate extra headers as defined in the CORS draft) are accepted if the value of the "Access-Control-Request-Method" header is "POST". The values of "Origin" and "Access-Control-Request-Headers" (if any) are propagated to "Access-Control-Allow-Origin" and "Access-Control-Allow-Headers" respectively in the response. The "Access-Control-Max-Age" of the response is set to 1 year. ## Output Successful results are always returned as JSON in the response body, with response code 200. All responses are UTF-8 encoded. A header called "DNAnexus-API" is also provided with value equal to the version number of the API used to fulfill the query. ## Errors Non-successful invocations of the API return an error. Errors are represented with an HTTP error code, and the response body contains a JSON object with the following structure: ```json { "error": { "type": "MalformedJSON", "message": "Problems parsing JSON" } } ``` The object contains a single key, "error". Its value is an object with two keys, "type" and "message". They value of "type" is a string with a DNAnexus-defined error type, and the message contains a short description of the error in English. | Error type | General meaning | HTTP Code | | --------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | | MalformedJSON | The input could not be parsed as JSON | 400 | | InvalidAuthentication | The provided OAuth2 token is invalid | 401 | | PermissionDenied | Insufficient permissions to perform this action | 401 | | SpendingLimitExceeded | The spending limit has been reached for the account that would be billed for this action. | 403 | | OrgExpired | The organization has expired and can no longer perform billable operations. | 403 | | ResourceNotFound | A specified entity or resource could not be found | 404 | | InvalidInput | The input is syntactically correct (JSON), but semantically incorrect. This can occur when a JSON array is provided where a hash was required, when a required parameter is missing, or when parameter formats don't match expected types. | 422 | | InvalidState | The operation is not allowed at this object state | 422 | | InvalidType | An object specified in the request is of invalid type | 422 | | RateLimitConditional | Too many invalid requests | 429 | | InternalError | The server encountered an internal error | 500 | | ServiceUnavailable | Some service was temporarily unavailable | 503 | Some errors may also provide additional details in the `details` field. The documentation for the API method describes when such detailed information appears and what subfields to expect. An example of such an error occurs after attempting to run an applet with invalid input for one of the applet's input fields: ```json { "error": { "type": "InvalidInput", "message": "i/o value for fieldname is not int", "details": { "field": "fieldname", "reason": "class", "expected": "int" } } } ``` ### Errors in Execution Environments For more information about how errors are propagated during app and applet execution, see the [Execution Environment page](https://documentation.dnanexus.com/developer/apps/execution-environment). ## Request retries Each request receives an HTTP response code from the server. Some responses indicate that the request should be retried. For example, any 5xx response code should be retried (up to some limit). For more information, see the [HTTP retry section](https://github.com/dnanexus/dx-toolkit/tree/master/src/api_wrappers#http-retry-logic) in the dx-toolkit documentation.