Merit Palk API

The Merit Palk API allows 3rd party developers to expand and build on the Merit Palk platform.

The Merit Palk API is a RESTful API that is used to access Merit Palk companies
using HTTP and JSON. The API makes it easy to create web, mobile and desktop
applications that integrate with your account.

Overview

Service URL

The Merit Palk API has a single point of entry. The URL depends which
localization the company is using:

For Estonian localization: https://Palk.merit.ee/api/v1/

Please note the use of https:// in the URL above.
All Merit Palk API communication is encrypted over HTTPS. Any non-secure
requests are automatically rejected.

Request Limits

There are no limit on the number of API requests per day. However, requests
will be rate-limited if too many calls are made within a short period of time.
Additionally, a maximum of 100 results will be returned for growing list
methods.

Representation Formats

All Merit Palk API requests are composed of JSON and delivered as an HTTP POST
request to the endpoint URL.

• All JSON should be UTF-8 encoded.
• Date values are of the form yyyy-mm-dd.
• Dot (.) is used as a decimal separator.
• Booleans are either “true” or “false”, lowercase (not 1 or 0).
• Empty values, represented as null should be lowercase.
• Fields denoting percentages are passed as whole values, not decimals
(e.g. 5 for five percent).

Successful responses

Successful response is represented as JSON with response code 200.
In many cases, when needed and possible, response will also include details of
fulfilled requests.

Unsuccessful responses

The error codes can either be 400 or 401. In the case of a failure response, the response body will contain the error code and one or more error messages.

If the error code is 400, the data sent to the API is not appropriate. Message
tag will give you more info about what went wrong.

In case of the error 401, either Api ID or the signature were incorrect OR
Merit Palk user have not upgraded to PRO package. It could also be that someone has meanwhile changed the API ID and Api Key for security reasons thus making the “old” IDs and Keys obsolete.

Authentication

For your company, you’ll be given a unique Api ID and Api Key. The admin user
can generate and reset API ID and Key on the My Account page (Program
Settings).

Keep your Api ID and Api Key secret. They should be guarded just as you would
your regular account password. If you feel your ID and Key has been
compromised, you can reset it by clicking the “Generate” button on the My
Account Program Settings page.

For every API request you make, you’ll need to include ApiID, timestamp and
signature as request parameters.

Signature is in Base64 format and is calculated using your ApiKey with HMAC-
SHA-256, based on the ApiID+timestamp+RequestJSON.