REST API

The REST API (Representational State Transfer API) of the mobileX-ServicePlatform enables efficient integration and data exchange between the customer’s IT systems and the mobileX-ServicePlatform. Based on the REST architectural style, the API uses standardised HTTP methods such as GET, POST, PUT and DELETE to ensure scalable, powerful and platform-independent communication.

Advantages of the REST API

Platform independence: RESTful web services can be called by any client application that can send HTTP requests, regardless of programming language or platform.
Scalability: Due to its stateless nature and ability to process requests in parallel, REST scales well with increasing data volume and user numbers.
Performance: REST uses simple HTTP requests and can utilise caching mechanisms efficiently, reducing network load and improving performance.

System requirements

To ensure an effective and secure connection to the REST API of the mobileX-ServicePlatform, the user’s IT systems must fulfil certain technical requirements. These requirements are crucial in order to utilise the full functionality and performance of the API and ensure seamless integration. The following technical specifications describe the basic system requirements.

Support for HTTP requests: Communication with the REST API takes place via the HTTP protocol. Systems that interact with our API must therefore be able to initiate and process HTTP requests.
Ability to process JSON data formats: JSON (JavaScript Object Notation) is a lightweight data exchange format that is easy for humans to read and easy for machines to parse and generate. The mobileX-ServicePlatform uses JSON for data exchange as it is natively supported by most modern programming languages and platforms. Systems connected to the API must therefore be able to process JSON data, including parsing incoming JSON messages and generating JSON structures for outgoing requests.
Compatibility with modern authentication standards: Security is a critical aspect when integrating external APIs. Our API uses modern authentication protocols to ensure that only authorised users have access to the API functions. OAuth 2.0.0 is an industry standard for access control that allows external applications to access user data without using passwords. OpenID Connect (OIDC), an extension of OAuth 2.0, adds an authentication layer that allows systems to securely verify the identity of the end user. Systems connected to the mobileX-ServicePlatform must support these protocols to enable a secure and reliable connection.

Architecture and design of the API

The API follows the basic principles of the REST architectural style, which emphasises simple and direct interaction between client and server via the HTTP protocol. RESTful APIs are stateless; each request from a client to the server must contain all the information required for communication. This design supports the scalability and independence of interactions. In the context of the mobileX-ServicePlatform, this means that each endpoint represents specific resources such as order data, technician details or working time models.

The API uses HTTP methods such as GET, POST, PUT and DELETE to perform CRUD (Create, Read, Update, Delete) operations on these resources. The endpoints are designed to intuitively reflect the type of resource and the operations to be performed, which facilitates integration and daily use.

Our API implements Level 2 of the Richardson Maturity Model, which enables precise handling of resources through the use of HTTP verbs and resource paths. This includes the use of HTTP status codes to clearly communicate the success or failure of requests. Such a design helps developers to quickly understand the functionality of the API and efficiently diagnose errors.

The API integrates modern security standards to ensure data integrity and security. Authentication and authorisation are carried out via proven mechanisms such as OAuth 2.0 and OIDC, which enable secure and controlled access management. These security measures are embedded in the architecture and ensure that only authorised requests are processed.

Integration into existing systems

The successful integration of the mobileX-ServicePlatform’s REST API into existing systems is a multi-stage process that begins with a careful mapping of the company’s existing data structures to the structure of the API. This step is crucial as it forms the basis for seamless communication and data flow between the systems.

Mapping process

Mapping involves assigning the data objects available in the customer’s existing systems to the corresponding endpoints and data formats of the API. For example, objects such as orders, employee data or resources must be carefully analysed and mapped to the target structure in accordance with the requirements of the API. This also includes identifying key fields such as IDs, status information and specific attributes that are required for the business process. As a rule, mapping takes place at field level and must be carried out manually by the customer.

Handling data integration and synchronisation

Another important aspect of the integration process is data integration and synchronisation. The API makes it possible for orders created in a customer’s ERP system to be transferred to our system so that they can be planned and processed on the move. Conversely, data created in the mobileX-ServicePlatform must be able to be read back into the ERP system in order to trigger invoicing processes, for example.

Integration typically also involves continuous synchronisation of the data to ensure that changes in one system are reflected in the other system in real time or near real time. This synchronisation is particularly important in dynamic environments where order status, staff availability or resource allocation are frequently updated.

The backend is informed via events (MQTT or cloud events) as soon as data has changed. The backend then calls the REST service and can synchronise the data.

Connection to SAP

For customers with an SAP backend, we offer a certified interface for end-to-end integration, the mobileX-Add-On for SAP.

Security concepts

The security of data transmitted via the REST API of the mobileX-ServicePlatform is our top priority. To guarantee this, we rely on a multi-layered security architecture based on both transport security through TLS encryption and robust authentication mechanisms. These concepts ensure the confidentiality, integrity and availability of the exchanged data.

TLS (Transport Layer Security)

We use TLS (Transport Layer Security) to ensure secure data transmission. TLS is a protocol that encrypts data during transmission, protecting it from eavesdropping and tampering. This security measure is crucial to ensure that all data transmitted between the clients and the server remains private and unaltered.

Authentication and authorisation

In addition to transport security, we implement advanced authentication mechanisms to ensure that only authorised users have access to the API. We use OAuth 2.0 and OpenID Connect for this purpose. OAuth 2.0 is a widely used access control standard that allows third-party applications to be granted restricted access to HTTP services. OpenID Connect builds on OAuth 2.0 and adds an authentication layer that makes it possible to securely confirm the identity of end users.

The authentication processes use short-lived tokens that allow fine-grained control of API access. These tokens must be renewed regularly by customers, minimising the risk of compromise. In addition, the authentication methods are configured to support the use of strong, certificate-based authentication options, providing an even higher level of security.

mobileX-Add-On for SAP

The mobileX products offer an SAP-certified interface for SAP CS/PM and S/4HANA Service. This software component is available as a "mobileX-Add-on for SAP".

mobileX-Add-On for Webservices

For the SOAP web services technology, mobileX provides a standardized API.