HTTP/REST Integration
Direct HTTP/REST integration with the 7G Registry Platform API using any HTTP-capable language or client.
Audience: Developers using cURL, Postman, Python, JavaScript, Java, Go, PHP, Ruby, or any HTTP-capable language. Also for C# developers preferring HttpClient over the SDK.
This guide covers: Authentication, request/response handling, token management, and production integration patterns.
What You'll Learn
This guide provides a complete workflow for HTTP/REST integration with the 7G API. Estimated completion: 20 minutes.
By the end of this guide, you'll have:
- Authenticated with the API and received JWT tokens
- Made your first authenticated query
- Built a production HTTP wrapper with automatic token refresh
- Understood the APIResponse and TokenResponse structures
This guide covers:
- Environment selection and setup
- Authentication workflow (login → store → use → refresh)
- Understanding API response structures
- Building a production-ready HTTP client wrapper
- Common patterns with links to comprehensive concept pages
For comprehensive depth, this guide delegates to concept pages:
Why HTTP/REST Integration?
- Universal compatibility - Works with any HTTP-capable language or platform
- Zero dependencies - No packages or SDKs to install or maintain
- Direct control - Full visibility into requests, headers, and responses
- Platform agnostic - Integrate from cURL, Postman, Python, JavaScript, Java, Go, PHP, Ruby, or C# HttpClient
Prerequisites
You'll need:
- HTTP client (cURL, Postman, C# HttpClient, Python requests, JavaScript fetch, etc.)
- JSON parser for your language
- 7G API credentials (username and password)
- Text editor or IDE
No Installation Required
HTTP/REST integration works with any HTTP-capable language or platform. No packages or SDKs needed.
Optional: Download Standalone DTOs
For C# developers using HttpClient (not the SDK), we provide a standalone DTOs file containing all request and response models.
SevenG.API.SDK.DTOs-1.0.7.cs
50+ strongly-typed C# classes including request DTOs, response wrappers, and filter models. Complete in one file - copy directly into your project for type safety and IntelliSense support.
Download DTOs File (~36 KB)This is completely optional.
You can:
- Use the DTOs for type safety, IntelliSense, and compile-time validation
- Build your own models based on the API documentation
- Use dynamic JSON parsing (JsonDocument, JObject, etc.)
For other languages (Python, JavaScript, Java, Go, etc.), use your language's native JSON parsing capabilities.
Choose Your Environment
The 7G API provides multiple environments for different stages of your integration lifecycle:
| Environment | Base URL | Purpose |
|---|---|---|
| PROD | https://api.7g.com.au |
Live production data and operations |
| TEST | https://test-api.7g.com.au |
Integration testing and validation (staging environment) |
| LAB | https://lab-api.7g.com.au |
Features and sandbox testing (staging environment) |
Important
All examples in this guide use the TEST environment base URL (https://test-api.7g.com.au).
Understanding API Responses
The 7G API uses two response structures:
APIResponse (73 endpoints)
All operational endpoints return this structure:
{
"result": true, // Success indicator - ALWAYS CHECK THIS
"message": "", // Error details (empty on success)
"recordCount": 25, // Records in this page
"data": [...] // Response payload
}TokenResponse (Authentication only)
Only /User/Login and /User/RefreshToken return this structure:
{
"accessToken": "eyJx...",
"refreshToken": "cZk..."
}Critical: HTTP 200 ≠ Success
Always check result: true before processing data. Business logic errors (validation, not found, conflicts) return HTTP 200 with result: false.
Authentication - Complete Workflow
This is the core workflow to authenticate and maintain your session with the 7G API.
Step 1: Login
POST your credentials to /User/Login to receive access and refresh tokens.
POST /User/Login
{
"username": "your-username",
"password": "your-password"
}curl -X POST 'https://test-api.7g.com.au/User/Login' \
-H 'Content-Type: application/json' \
-H 'Version: 2.0' \
-d '{
"username": "your-username",
"password": "your-password"
}'Response: TokenResponse (not wrapped in APIResponse)
{
"accessToken": "eyJxxCJ9.eyJxxxpYyJ9.8Csxx3S-jMxxnv-4Nxxfw",
"refreshToken": "cZkxxx4Y="
}Step 2: Store Tokens and Track Expiry
Store both tokens plus login timestamp. Track expiry manually (no expiresIn field provided).
What to store: Access token, refresh token, login timestamp (UTC), token expiry duration (environment-configured, typically 20 minutes).
// C# Example
var loginTimestamp = DateTime.UtcNow;
var tokenExpiryMinutes = 20; // Configure based on your environment
var tokenExpiryTime = loginTimestamp.AddMinutes(tokenExpiryMinutes);
// Refresh 5 minutes before expiry
var refreshTime = tokenExpiryTime.AddMinutes(-5);Manual Refresh
Timing: Refresh 5 minutes before expiry for safety. Consider the SDK, uses precise 30-second timing by reading JWT exp claim.
Step 3: Use Token in Requests
Include Authorization header with your access token:
Authorization: eYJxxx_your_access_token_here
Version: 2.0curl -X GET 'https://test-api.7g.com.au/BizEntity?PageSize=10' \
-H 'Authorization: eYJxxx_your_access_token_here' \
-H 'Version: 2.0'Note: Only 4 endpoints (Login, RefreshToken, Common/Lookup, Common/HealthCheck) work without authentication. All other 71 endpoints require a valid token.
Step 4: Refresh Token Proactively
Refresh 5 minutes before expiry to avoid 401 errors:
POST /User/RefreshToken
{
"refreshToken": "cZkxxx_your_refresh_token_here"
}curl -X POST 'https://test-api.7g.com.au/User/RefreshToken' \
-H 'Content-Type: application/json' \
-H 'Version: 2.0' \
-d '{
"refreshToken": "cZkxxx_your_refresh_token_here"
}'Critical: Token Rotation
Each refresh returns NEW access and refresh tokens. Old refresh token becomes invalid. Store both new tokens.
Step 5: Handle Authentication Errors
Handle 401 errors by refreshing or re-logging in:
{
"result": false,
"message": "Unauthorized: No authentication token was provided!",
"data": {}
}
// Resolution: Include Authorization header in requesttry
{
var response = await httpClient.GetAsync("/BizEntity");
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
Console.WriteLine("Token expired - refreshing...");
await RefreshTokenAsync();
// Retry the request with new token
response = await httpClient.GetAsync("/BizEntity");
}
var result = await response.Content.ReadFromJsonAsync<APIResponse>();
if (!result.Result)
{
Console.WriteLine($"Error: {result.Message}");
}
}
catch (HttpRequestException ex)
{
Console.WriteLine($"HTTP error: {ex.Message}");
}Your First GET Request
Example: Get First 10 Business Entities
This query retrieves the first 10 business entities using pagination.
Request
curl -X GET 'https://test-api.7g.com.au/BizEntity?PageSize=10' \
-H 'Authorization: eYJxxx_your_access_token_here' \
-H 'Version: 2.0'Response (200 OK)
{
"result": true,
"message": "",
"recordCount": 10,
"data": [
{
"bizEntityID": 12345,
"name": "Smith Super Fund",
"bizEntityTypeID": 4,
"externalBizEntityId": "SMSF-001",
"bizEntityStatusID": 1,
"accounts": [
{
"accountID": 5001,
"accountNumber": "ACC-001",
"productID": 100
}
]
},
{
"bizEntityID": 12346,
"name": "Jones Family Trust",
"bizEntityTypeID": 3,
"externalBizEntityId": "TRUST-002"
}
// ... 8 more entities
]
}Success!
You've made your first authenticated API call and retrieved data.
What's happening:
- Query parameter
PageSize=10limits results to 10 records result: trueindicates successrecordCount: 10shows 10 records returned in this pagedataarray contains the entity objects
Building a Production HTTP Wrapper
For production use, create a wrapper class that centralizes token management, automatic refresh, and error handling. This wrapper provides:
- Automatic token refresh (5 minutes before expiry)
- Centralized token storage in memory
- Automatic header injection
- Retry logic on 401 errors
- Ready to extend with POST/PUT/DELETE methods
Complete C# Example
using System;
using System.Net.Http;
using System.Net.Http.Json;
using System.Threading.Tasks;
public class SevenGHttpClient
{
private readonly HttpClient _httpClient;
private readonly string _username;
private readonly string _password;
private readonly int _tokenExpiryMinutes;
private string? _accessToken;
private string? _refreshToken;
private DateTime _tokenExpiryTime;
public SevenGHttpClient(string baseUrl, string username, string password, int tokenExpiryMinutes = 20)
{
_httpClient = new HttpClient { BaseAddress = new Uri(baseUrl) };
_httpClient.DefaultRequestHeaders.Add("Version", "2.0");
_username = username;
_password = password;
_tokenExpiryMinutes = tokenExpiryMinutes;
}
public async Task<TokenResponse> LoginAsync()
{
var loginRequest = new { username = _username, password = _password };
var response = await _httpClient.PostAsJsonAsync("/User/Login", loginRequest);
response.EnsureSuccessStatusCode();
var tokens = await response.Content.ReadFromJsonAsync<TokenResponse>();
_accessToken = tokens.AccessToken;
_refreshToken = tokens.RefreshToken;
_tokenExpiryTime = DateTime.UtcNow.AddMinutes(_tokenExpiryMinutes);
UpdateAuthorizationHeader();
return tokens;
}
private async Task RefreshTokenIfNeededAsync()
{
// Refresh 5 minutes before expiry
if (DateTime.UtcNow >= _tokenExpiryTime.AddMinutes(-5))
{
var refreshRequest = new { refreshToken = _refreshToken };
var response = await _httpClient.PostAsJsonAsync("/User/RefreshToken", refreshRequest);
if (response.IsSuccessStatusCode)
{
var tokens = await response.Content.ReadFromJsonAsync<TokenResponse>();
_accessToken = tokens.AccessToken;
_refreshToken = tokens.RefreshToken;
_tokenExpiryTime = DateTime.UtcNow.AddMinutes(_tokenExpiryMinutes);
UpdateAuthorizationHeader();
}
else
{
// Refresh failed - re-login
await LoginAsync();
}
}
}
private void UpdateAuthorizationHeader()
{
_httpClient.DefaultRequestHeaders.Remove("Authorization");
_httpClient.DefaultRequestHeaders.Add("Authorization", _accessToken);
}
public async Task<APIResponse> GetAsync(string endpoint)
{
await RefreshTokenIfNeededAsync();
var response = await _httpClient.GetAsync(endpoint);
// Retry once on 401 (token might have expired between refresh check and request)
if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized)
{
await LoginAsync();
response = await _httpClient.GetAsync(endpoint);
}
return await response.Content.ReadFromJsonAsync<APIResponse>();
}
// Add POST, PUT, DELETE methods following same pattern
}
// Response Models (or use standalone DTOs file)
public class TokenResponse
{
public string AccessToken { get; set; }
public string RefreshToken { get; set; }
}
public class APIResponse
{
public bool Result { get; set; }
public string Message { get; set; }
public int RecordCount { get; set; }
public object Data { get; set; }
}Usage Example
// Initialize client (login happens automatically on first request)
var client = new SevenGHttpClient(
baseUrl: "https://test-api.7g.com.au",
username: "your-username",
password: "your-password",
tokenExpiryMinutes: 20 // Configure based on your environment
);
// Login
await client.LoginAsync();
// Make requests - token refresh happens automatically
var entities = await client.GetAsync("/BizEntity?PageSize=100");
if (entities.Result)
{
Console.WriteLine($"Retrieved {entities.RecordCount} entities");
}