API Documentation

SoBi developer center beta

Social Bicycles API allows you to access all data within your Social Bicycles user account.

Getting started with Social Bicycles API

SocialBicycles API lets you do all the things that you could perform on the SoBi website or mobile application. Functionality that you get access to depends on your user account access rights. There are two authentication methods of our API - Basic Authentication and OAuth 2. By default all the requests are handled by our OAuth API, unless correct header is set in the request.

The API attempts to follow specific principles:

The API is RESTful

SocialBicycles API adheres to the design principles of Representational State Transfer (REST). There are some small exceptions to that rule, all of which are listed in the documentation.

The API is HTTP-Based

All API access is over HTTPS, The API is accessible at https://app.socialbicycles.com/api. Data retrieval responds to a GET request. Methods that create data require a POST request. Methods that update data require a PUT request. Methods that destroy data require a DELETE request. API Methods that require a particular HTTP method will return an error if you do not make your request with the correct method.

The API-Authentication

The API is only available for authenticated users and uses two authentication methods: Basic Authentication and OAuth 2. Every request should include proper authorization information based on the chosen method.

HTTP-BASIC Authentication

Every request should include an HTTP header with user email and password encoded using Base64 encoding. In the event of authorization failure, such as invalid entry or lack of user credentials, a "401 unauthorized error" will be returned and execution of the API method will be stopped. This authorization method might get deprecated and be turned off sometime in 2014.

OAuth 2 Authentication

This is a preferred method over HTTP-BASIC Authentication. All developers need to register their applications before getting started. In order to consume the API correctly, a configured application needs to send a unique Application ID and Application Secret. The Application Secret should never be shared. For exact instructions about how to consume our OAuth API please review our sample Sinatra project.

The API Supports JSON for Responses

As of now, the API will always return responses in JSON format.

The API Supports CORS

Cross Origin Resource Sharing (CORS) is enabled for AJAX requests. Please review the CORS W3C working draft for more information.

The API Returns Error Codes and Error Descriptions

In case of an error, the API will return a JSON with information about the error code and an explanation of the particular issue encountered. {"error": "error text", "code" : error_code_integer}

Consumer of The API should introduce himself

Each application request which consumes data from the API must include information about the application name ('Application-Name' header) and version ('Application-Version')." At this point, the API does not require submission of this data, however this may change in the near future.

Below you can find information about API methods currently available to your account. If you see a method below, it means that you should have access to it. If you get an error code in response to your call, it means the error is elsewhere.


The API Limits

Every application is limited by default to 100 calls per day (UTC based). If you want to change this limit please contact us.

Are you stuck? Talk to our bike mechanics.