Skip to content
  • There are no suggestions because the search field is empty.

Certification Review

When a new customer or partner integrates with our API, we conduct a certification review to ensure the integration follows our best practice guidelines and is set up to a standard that ensures the best experience.

Why do we conduct a certification review?

UNIwise WISEflow runs a certification review for the following reasons:
  • To ensure your integration is robust and follows best practice guidelines
  • To ensure data integrity and security
  • To document the integration for our Support Team
  • To enable Production API access for your license and integration

When?

Once you believe your integration is complete, please reach out to your UNIwise contact via email to arrange your certification review. Ideally, answers to the review questions below should be provided in the email, but no later than 24 hours prior to the scheduled session.

What happens during the review?

The session will be conducted via video call and will last approximately 1 hours depending on the complexity of your integration.

During the session, you will be asked to:
  • Share your screen and provide a demo of the integration
  • Discuss your answers to the review questions below
  • Address any clarification or guidance needed
If any potential issues are discovered during the session, a follow-up email with remedial development requirements will be sent to achieve certification.
 

Review Questions

1. Integration Overview

  • Describe the general use case of your integration(s)
  • What programming language(s) have you used for the integration(s)?

2. Authentication & Headers

  • Are you using OAuth 2.0 or API Key for authentication?
  • Do you implement proper token expiration handling and refresh mechanisms?
  • What is the value of the `X-Client-Name` header in your requests?

3. API Endpoints

  • Which endpoints are you using?

4. Synchronization & Polling

  • Do you have a synchronization job that runs periodically to fetch data from the API?
  • If so, how often does it run?
  • How many API calls does it approximately make per run?
  • Have you implemented reasonable polling intervals to avoid overwhelming the API?

5. Webhooks

  • Which webhook events are you subscribed to?
  • Do you validate incoming webhook requests using the signature provided in webhook headers?
  • Do you ensure idempotency in webhook handlers for duplicate events?
  • Do you have a fallback mechanism to manually fetch data if you do not receive a webhook event?

6. Rate Limiting & Retries

  • Do you have a retry mechanism in place for failed requests?
  • How many times do you retry a failed request?
  • Do you implement exponential backoff strategies for retries?
  • Do you handle rate limiting appropriately?
  • Do you respect the `Retry-After` header when being rate limited?

7. Logging & Monitoring

  • Do you have structured logging in place to capture relevant information about requests and responses?
  • Do you avoid logging sensitive data such as passwords, API keys, or personal information?
  • Do your logs include the `X-Trace-Id` header returned by the API for request tracing?
  • Can you self-diagnose issues using your logging system?

8. Error Handling & Resilience

  • How do you handle API errors gracefully?
  • Do you log errors with sufficient context to aid in debugging?
  • How do you handle scenarios when the API is down for maintenance?