Periodic API Endpoints Tests
AppDirect will periodically check application endpoints for availability by calling them with test token values. The corresponding event payloads from AppDirect will be flagged with a
STATELESS event flag. These payloads may be fixed values, for example "dummyOrder," so they may refer to pricing editions that do not exist for a particular application. Application endpoints should be able to handle requests from false tokens.
For any call that is not signed by AppDirect, we recommend that applications return a "401 Unauthorized" HTTP status code.
For interactive events, such as subscription or cancel orders, AppDirect will simply check the HTTP status code returned by the endpoint. In most cases this would be a "200 OK" status code, although redirection (3xx) or client errors (4xx) may be legitimate responses to false tokens. Server errors (5xx), such as "500 Internal Server Error" or timed-out connections, will alert AppDirect that there may be a problem.
For non-interactive events, such as user assignment or unassignment, AppDirect will look for a well-formed response value from the endpoint. For
STATELESS flagged events, AppDirect will accept any well-formed response, although it is recommended that applications return an appropriate error code. For example, if an endpoint passed the "dummyAssign" as a token value, the corresponding payload will have an account identifier that is unlikely to correspond to a real account. An appropriate response here would be to return an
ACCOUNT_NOT_FOUND error code.