====== Authentication ======

Every API call that is sent to Club Planner API must be accompanied by a **token** that is preconfigured in the club planner parameters.
For security reasons you should pass this token in the header as **x_auth_token**.
Note that the fixed token will be replaced in time with a more secure system.

Most API's also have a **from** optional parameter, this will be saved in the database as the user that created or changed the data. Examples for **from** can be "mywebsite\FreeDayPassPage" or "Vending Machine 123"
We kindly ask to always provide this parameter with a useful value.

Most API's are **stateless** (unless mentioned) and can be called without a kind of connect or initialise.
By stateless it means that the server does not store any state about the client session on the server side.

====== Security ======

Is over HTTPS and should never be used over HTTP, when using important data please put this API behind a VPN.

Most api's are monitored and have logging (level of logging is configurable).

====== Base URL======

Is usually the base url of the web platform + \api

Example: https://demo.clubplanner.be/api

====== Misuse ======

Calling the API over extensively or misuse can result in a disabled api.

====== Error handling ======

When the api was unable to process the request a **BadRequest** (400 Bad Request) with the specified error message will be sent back.


Example:
The getmember API needs an id or uid or email, when none are provided you will get HTTP 400.

https://YOUR-ENDPOINT.clubplanner.be/api/member/getmember?token=DEMOTOKEN

Return:

<Error>
<Message>id or uid or email is mandatory</Message>
</Error>