The Deck API uses POST requests to communicate and HTTP response codes to indicate status and errors. All responses come as standard JSON or binary data. The Deck API is served over HTTPS TLS v1.2+ to ensure data privacy; HTTP and HTTPS with TLS versions below 1.2 are not supported. Clients must use an up to date root certificate bundle as the only TLS verification path; certificate pinning should never be used. All requests must include a Content-Type of application/json and the body must be valid JSON.
Almost all Deck API endpoints require a client_id and secret. These are in the headers DATADECK-CLIENT-ID and DATADECK-SECRET.