Prerequisites

Before starting integration, make sure the following items are ready on your side.

System Readiness

• The partner server can make HTTPS requests to external endpoints.
• The partner system can parse and serialize JSON for request bodies and response handling.
• The secretKey is stored securely via environment variable or a secret manager. It must never be hardcoded in source or committed to public repos.
• The partner system can handle standard HTTP response codes (200, 401, 404, 422, 429, 500) and implements appropriate error handling.
• Outbound network from the partner server to the PsikologieHub domain is stable and not blocked by a firewall or proxy.

Developer Readiness

• The developer team has read this integration documentation end-to-end before starting implementation.
• The team understands REST concepts, HTTP methods (GET, POST), and how to send a signature inside a request body.
• The team understands that the secretKey is issued by PsikologieHub and must be stored securely.
• A technical contact person from the partner side is reachable by the PsikologieHub team during the integration period.

Environments

• The partner has at least two separate environments:
  • Development / staging for integration testing.
  • Production for live operations.
• User accounts and secretKey values used in development must be different from production, to avoid data contamination.
• Manual testing tools such as Postman, cURL, or Insomnia are available for endpoint verification before production rollout.
• The partner system has a logging mechanism that records each API request and response for debugging and audit.

Data & Security

• The secretKey and any token returned by the API are confidential and must never be sent via URL query parameters, stored in public repos, or exposed in the frontend.
• The partner is responsible for any activity performed with their secretKey and session tokens.
• Data exchanged with the API is confidential and may only be used as agreed in the partnership contract.