Skip to content

Endpoints

Toyota Iraq does not provide Generic API endpoints.

Instead, for most types of actions, a set of Endpoints are provided. Each Endpoint is specific to an an external service that Toyota Iraq has Authorized.

For example, below are some endpoints that are specific for Send OTP action:

  • /api/uselect/send-otp: Protected by ReCaptcha V3
  • /api/portal/send-otp: Protected by Azure Function Secrete Key

Production Base URL

https://tiq-communication-platform-functions.azurewebsites.net

Staging Base URL

https://tiq-communication-platform-functions-staging.azurewebsites.net

ReCAPTCHA V3

Website Endpoints are protected by ReCAPTCHA V3 with the below site key:

Recaptcha V3 Sitekey
6Lehq6IpAAAAAETTDS2Zh60nHIT1a8oVkRtJ2WsA

When applicable, the Recaptcha-Token needs to be provided on the HTTP Request Header.

Headers
Recaptcha-Token: ***************

Test Tokens

You can use the below button to quickly get tokens and use it for testing Endpoints (for example via Postman).

Get a Token

Generated Recaptcha Token

Azure Function Secrete Key

For Server-to-Server integration, The Communication platform Endpoints are protected by secrete keys that are shared with the external servers.

The assumption here is that the external server is doing some sort of human/user validation before calling the Communication platform Endpoints.

When applicable, the Azure Secrete Key needs to be provided on the HTTP Request Header.

Headers
x-functions-key: ***************

Warning

  • TIQ does not share a master key. Each server-to-server endpoint has a unique key. and might be rotated if the key is compromised.
  • Please do not use these Endpoints in any client side application (Web or Mobile).
  • Please do not store these keys in any source code (Private or Public).

Language Header

All Communication platform Endpoints require specifying the Preferred Language of the User/Customer (Otherwise defaults to Arabic).

This can be inferred from the session (For example the language that the user has selected on the Website/App that's being used).

The language needs to be provided on the HTTP Request Header and it should be one of the following accepted values (en, ar, ku) for (English, Arabic, Kurdish) respectively.

Headers
Accept-Language: en

Brand Header

Some Communication Platform Endpoints require specifying the Brand.

In most cases, the user is not required to select the Brand. This can be inferred from the App/Website (For example Lexus Website/App should send the Brand ID for Lexus).

The Brand needs to be provided on the HTTP Request Header and it should be one of the following accepted values:

  • TYT: For Toyota
  • LUX: For Lexus
  • HIN: For Hino
Headers
Brand: TYT

Common Properties

Most endpoint have the following common properties in their request body payload

  • phone
  • otp

phone

Should be a valid Phone Number string (Local Iraqi and International numbers are accepted. The phone number is considered an Iraqi phone number if no country code is not specified).
When a Phone Number is valid, the System automatically formats the phone number and stores it in International Phone format.

Valid Phone Examples

  • 07502758000
  • 7502758000
  • 0750 275 8000
  • 964 750 275 8000
  • 964 0750 275 8000
  • +964 750 275 8000
  • 00964 750 275 8000

All of the above is accepted and formatted to the following +964 750 275 8000.
This is done by relying on Google's libphonenumber library (Which is used by Android Smart Phones).

otp

Should be a valid OTP string with a length of 6 characters. The OTP is used to verify the phone number. The OTP is sent to the phone number via one of the following channels from top to bottom, if any of the top channels is not available, the next channel is used as fallback. if Viber is not available, the system will send the OTP via WhatsApp, and if WhatsApp is not available, it will send it via SMS.

  • Viber
  • WhatsApp
  • SMS