{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"f66cc8b0-3ef2-4c04-aa3b-2344b1239d3b","name":"Cars Commerce Reputation Services API","description":"The Review APIs will be the record of store for Cars.com reviews, as well as data that is closely aligned with those reviews (things like public messages, ratings, etc). The APIs will _only_ return reviews (and other data) that are flagged for being publicly visible on consumer facing websites.  \nThese APIs should be utilized by external vendors for doing things like creating new dealer reviews, adding, updating and deleting review responses and fetching reviews.\n\n# Service Hosts\n\nYou'll need to be careful to ensure you're calling the correct service host and passing the correct security token(s) (see below) in order for the API invocation to succeed. All API calls must flow over an HTTPS secure channel; non-secure connections are _not_ supported.\n\nThe production environment should _only_ be utilized by code in _your_ production environment. The hostname for this environment is `services.dealerrater.com`. You should not be running any active development, test, staging, integration or other lower-tier environments against production.  \nIf you need to test your changes before deploying them to production, you can contact DealerRater help desk at [help@dealerrater.com](https://mailto:help@dealerrater.com) to request access to test environment APIs.\n\n# Security\n\nEvery API released in this service will require at least one, but sometimes two, modes of authorization.\n\n## AWS API Gateway Key\n\nEvery single API will require that you have a valid API key in order to make it through the gateway. You need to contact DealerRater help desk to get this key. This key should be sent along with _every request_ as an `x-api-key` HTTP header. Note that you may have separate API keys for accessing our different environments, so please make sure you're using the correct one.\n\n## JWT Tokens\n\nThe more sensitive APIs (anything that mutates data in our datastore) will require you to be granted explicit authorization through our security service. Using that service you can request an access token that will be valid for one hour. To learn more about JWT tokens and to decode them and see what is inside, visit jwt.io. The Security API that needs to be called to get the Access token is explained in the _Security API_ section.\n\n**Important:** While calling the _Security API_ to get the access token, proper _Scope_ should be passed in the request. The scope should be of the following format: \"rvw/dealer:cars:12345\", where the number 12345 is the CCID of the dealer to be associated with the Review API calls. The access token generated with this scope will work only for this particular dealer. For different dealer, you will need to call the Security API with different scope to get a new access token. You could very well have a system that needs to integrate with a handful (hundreds, maybe thousands) of dealer IDs. The access tokens given to these usecases are valid for a full hour. You have a couple options - you can generate all the tokens you need upfront and cache them (assuming your integration will only be scoped to an \\~hour or so) or you could more smartly group your calls by dealer ID, creating a token as needed - use it - then discard the token and create a new one for the next batch of calls for a different Dealer ID.\n\n# Response Codes\n\nAll APIs will return one of the following response codes.\n\n## 200 OK\n\nThis code indicates a successful operation.\n\n## 201 Created\n\nFor data mutation commands that create data in our system, you can expect a 201 success code instead of a 200 code.\n\n## 400 Bad Request\n\nAn error was detected with the request, either a malformed payload, incorrect or missing form parameters, etc. Inspect the response to determine the root cause, adjust your API call and try again.\n\n## 401 Unauthorized\n\nThe client attempted an operation for which it is not authorized. All of our APIs require a valid AWS API Gateway key to be submitted via the `x-api-key` header with your request, and some of the more sensitive APIs require full JWT tokens granted to you via our security service. Ensure all of these are handled per requirements and try again.\n\n## 429 Throttled\n\nThe client is calling our services faster than the rate limit we have assigned. The caller should implement a backoff algorithm, slow down, and try again.\n\n## 500 Internal Server Error\n\nAn unexpected server error occurred. You should log the `x-correlation-id` response header (a unique GUID we assign for each request) to your logs and provide that to a DealerRater developer. We can easily track that entire request chain in our logs to determine root cause and take corrective action.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"15471491","team":1830806,"collectionId":"f66cc8b0-3ef2-4c04-aa3b-2344b1239d3b","publishedId":"TzK2bELw","public":true,"publicUrl":"https://developers.dealerrater.com","privateUrl":"https://go.postman.co/documentation/15471491-f66cc8b0-3ef2-4c04-aa3b-2344b1239d3b","customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"EF5B25"},"documentationLayout":"classic-double-column","customisation":null,"version":"8.10.0","publishDate":"2021-05-06T03:41:26.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{},"logos":{}},"statusCode":200},"environments":[{"name":"Production","id":"e7d06573-0ddc-4794-b978-c7493772895f","owner":"15471491","values":[{"key":"ServicesHost","value":"services.dealerrater.com","enabled":true,"type":"default"},{"key":"ClientCredentialsAccessToken","value":"","enabled":true,"type":"any"},{"key":"test1","value":"12","enabled":true,"type":"secret"}],"published":true}],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/f10577569c0e1ba91d6b471fa8a15643a74ff9ee107cae16309cba6fa651286d","favicon":"https://dealerrater.com/favicon.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"},{"label":"Production","value":"15471491-e7d06573-0ddc-4794-b978-c7493772895f"}],"canonicalUrl":"https://developers.dealerrater.com/view/metadata/TzK2bELw"}