Skip to main content

About the API

The Trademark Engine API is a powerful RESTful API that enables you to create, update, and manage business services through our platform. Designed to be dynamic, flexible, and developer-friendly, our API seamlessly integrates with your applications to streamline trademark and copyright processes.

API Specification

The Trademark Engine API is fully compliant with the OpenAPI Specification, making it easy to integrate with your applications. You can find the OpenAPI Specification in the following links:

📝 Note: The API Specification is a work in progress and is subject to change.

Authentication

The Trademark Engine API uses OAuth 2.0 authentication for secure access to endpoints. To authenticate with the API, you must:

  1. Initial Authentication: Use your username and password credentials to obtain an access token.
  2. Token Usage: Include the access token in the Authorization header for all API requests.
  3. Token Expiration: Access tokens have a limited lifespan and will expire after a set period.
  4. Token Refresh: Use the refresh token to obtain a new access token without re-entering credentials.

The authentication flow ensures secure access while providing a seamless experience for your applications.

Security

  • API endpoints are secured using Bearer tokens.
  • Access Keys must be requested to Trademark Engine Team and are subject to approval.
  • Access Keys can be revoked at any time if compromised.
  • Access Keys must be kept secret and only used on server-side applications.
  • Implementation and usage of keys must follow security best practices.

Rate Limiting

  • All API endpoints are rate limited to 100 requests per minute. Values can be increased according to specific needs if business traffic requires it.
  • Any request that exceeds the rate limit will receive a 429 status code.
  • Rate limiting is applied per API key.
  • Rate limiting is applied per IP address.
  • Rate limiting is applied per endpoint.

API Key Management Best Practices

  • Securely store your API keys using environment variables or secure configuration.
  • Never commit API keys to version control.
  • Implement key rotation procedures for production environments. We may revoke keys periodically with a 30 day previous notice, so make sure you can replace keys easily.