G3N Common Contract

Appearance

HTTP Methods and Field Placement

This page standardizes GET vs POST expectations across the stack and clarifies where fields go.

Rules of thumb (contract)

  • GET: parameters go in the query string; auth/tenancy go in headers. Do not send JSON bodies on GET.
  • POST: parameters go in the JSON body; auth goes in headers (x-session-guid or x-api-key).
  • Use the method documented on the service page. Some read/list/resolve endpoints are POST by design.

Why some reads are POST

Some services use POST for reads/lists/resolves to accept structured JSON bodies (filters, selectors, and pagination) while keeping GETs strict and cache-friendly. Treat the documented method as canonical.

Method posture by service (quick matrix)

  • UAS: API Gateway uses POST (/uas/stat); other actions are direct Lambdas.
  • USM: API Gateway uses POST for all routes (/usm/session/*, /usm/api_key/*, /usm/service_account/*).
  • OFM: API Gateway uses POST for all routes (/ofm/*).
  • MRS: uses GET for reads (/mrs/record, /mrs/record/meta, /mrs/list, /mrs/head) and POST for creates/updates (/mrs/record, /mrs/record/complete, tag/doom/ttl ops).
  • PVM: uses GET for most reads/lists/resolves; POST for creates/updates/status changes.
  • PMC: uses GET for most reads/lists/search; POST for publish runs and state changes.

Canonical placement examples

GET (query + headers)

sh
curl -sS -G "https://api.g3nretailstack.com/pmc/product/get" \
  -H "x-orgcode: $ORGCODE" \
  -H "x-session-guid: $SESSION_GUID" \
  --data-urlencode "variant_id=VARIANT_ID" \
  --data-urlencode "channel_guid=CHANNEL_GUID"

POST (body + headers)

sh
curl -sS -X POST "https://api.g3nretailstack.com/ofm/org/get" \
  -H "content-type: application/json" \
  -H "x-session-guid: $SESSION_GUID" \
  -d '{ "org_guid": "ORG_GUID" }'

Exceptions to header auth

  • USM expects auth fields in the JSON body (for example session_guid). The only auth header on USM is x-api-key for api_key/validate.
  • Some services accept body auth for compatibility, but headers are canonical unless the service page says otherwise.

If you see JSON-shaped requests under GET

Treat them as query parameters, not a request body. Service pages include curl examples to avoid ambiguity.