REST API

This article explains how TronDesigner’s REST API keys work and how they’re used.

Introduction

The TronDesigner REST API allows your backend or partner systems to communicate directly with our services. Unlike the Website Integration, this is a server-to-server connection used for automating workflows and managing data programmatically.

How it works

The integration follows a 3-stage flow:

  1. Authentication Setup (Generate Secret Key)

  2. Request Construction (Set Headers & Provide Job GUID)

  3. Data Exchange (Retrieve Print Jobs, Generate Proofs, and Request Print Data)

The API is built on standard HTTP principles. You send requests to our endpoints, and we return JSON-formatted responses along with standard HTTP status codes.

Typical Use Cases

  • Job Management: Retrieve job details and track statuses using the captured printJobGuid.

  • Asset Generation: Programmatically trigger the generation of Proofreadings or Print Data.

  • Asset Retrieval: Fetch specific logos, preview images, high-resolution print files, and metadata.

  • Editor Links: Use the integration-site-links endpoint to generate authenticated URLs that open the editor for specific users or sessions.

⚙️ Setting up the Integration

1. Generate a REST API Key

Create a dedicated secret key in the Admin Portal → Settings → API Keys → REST API Keys.

  • Keep it Secret: This key is a "master key" for your data. Store it in environment variables on your server (e.g., .env), never in your code repository.

2. Configure your Headers

Every request to the REST API must be authenticated and correctly formatted. Ensure your backend calls include these headers:

  • Authorization: Bearer {{Your_REST_API_KEY}} (Identifies your account).

  • Content-Type: application/json (Required for POST requests to avoid 415 errors).

GET /api/print-jobs/{{Your_PRINT_JOB_GUID}} HTTP/1.1 
Host: api-v1.trondesigner.com 
Authorization: Bearer {{Your_REST_API_KEY}}
Content-Type: application/json

3. Test the Connection

Before building full automations, verify your credentials with a simple GET request to the logos endpoint.

  • Success: A 200 OK response with a JSON body.

  • Failure: A 401 Unauthorized response usually indicates an issue with your API key or header format.

  • Error handling: The API uses standard HTTP response codes to indicate success or failure. Refer to the Swagger reference for detailed error descriptions.

🔐 Security & Best Practices

Because REST API keys provide administrative access to your design data, they must be handled with extreme care.

  • Server-Side Only: REST API keys must never be exposed in browser JavaScript, HTML templates, or client-side logs.

  • IP Whitelisting (Optional): Where possible, restrict API key usage to your specific server IP addresses for an additional layer of security.

  • Leak Impact: If your REST API key is compromised, unauthorized third parties can access your private print jobs, download high-resolution assets, view customer proofs, and trigger print-data generation tasks.

  • If you believe a key is compromised, take action immediately:

    1. Revoke: Delete the compromised key in the Admin Portal.

    2. Replace: Create a new REST API key.

    3. Update: Deploy the new key to your backend environment variables.

    4. Notify: Contact support if you see data you didn't create.

⚠️ Security Warning

Do not mix with Website Integration keys. The REST API key is a private secret. If this key appears in the "Network" tab of a user's browser, your entire account's data could be at risk. Always keep this key behind your backend firewall.

👉 Technical Reference

  • Base URL: https://api-v1.trondesigner.com/api

  • API Reference: See the REST API Swagger documentation for a complete list of endpoints, parameters, and response models.

  • Types & Interfaces: For exact property definitions, refer to our Full Tech Reference.