Standards

Providing a good API comes down to high-quality standards. Here you will find the standards that apply to all our APIs.

Blank Fields

Where fields are optional and there is no value to be specified, these blank fields can either be null, or omitted.

Character Encoding

All of our APIs use UTF8 encoded JSON, and we do not have complete support for all the available Unicode characters.

To ensure any characters you use in your API request (e.g. in the key value in the JSON body) will be accepted by the API you can stick to the Windows-1252 and/or the ISO/IEC 8859-1 standards.

Connection and timeout settings

We recommend that you use the following settings when calling Bunnings APIs.

Type Problem Recommended Settings
Connection timeout Cannot connect to the API endpoint. 10 seconds
Read timeout Connected to the endpoint but the server does not respond within the configured time. 30 seconds

Date formats

All dates in API requests need to be in UTC date format unless told otherwise. Likewise, all API responses will be in UTC date format. Times are expressed in UTC, with a TZD timezone indicator to show the UTC timezone offset (e.g. Perth is UTC+08:00)

The format has the complete date plus hours, minutes and seconds:

YYYY-MM-DDThh:mm:ssTZD

(e.g. 2022-07-16T19:20:30+08:00)

Error Codes

All Bunnings APIs return RFC 7807 compliant error messages, and some also support extended Error Code functionality (those supporting Error Code functionality will have those Error Codes listed in their API Documentation).

When you receive an error from our APIs, a Problem Type URL (i.e. https://problem.api.bunnings.com.au?type=<problemName>) will be provided in the response where further details on the problem can be found.

For details on these Error Codes and the format of the errors see Error Codes.

HATEOAS

Hypermedia as the engine of application state (HATEOAS), is the 4th constraint on REST in Roy Fielding’s dissertation. At the simplest level it states that each response message includes links for related records/objects, or the next request message (for example, a webpage provides hyperlinks to the browser to provide a way for the user to get to other webpages (or states)).

In reference to APIs, these are shown as links in the API response to get to the next resource, or related resources.

We provide HATEOAS conforming API responses where required and where it is practical. For example, the link to a specific record/object.

Some of our APIs provide a "_links" array, which will have links, operation ids and verbs to call from that responding API. Used in conjunction with the provided "_meta" array (in the sample below, referenced as {serverState}), a developer can hydrate the link and retrieve a particular record/object from that link.

{
 "id": 4,
 "modState": "ca1e0772-e568-4bf5-a018-03b3ceeb99c8",
 "criteria": {
  "lineSetType": [
   "BunningsDelivery",
   "DirectDelivery"
  ],
  "inventory": true,
  "shipmentClass": [
   "NextDayTimeSpecific"
  ]
 },
 "target": {
  "promiseMin": "00:00:00",
  "promiseMax": "12:00:00",
  "message": "Delivered by {DayStart} in the {AmPmStart}",
  "processingDays": "WorkingDays",
  "computePromiseFrom": "DeliveryTimeOfDay"
 },
 "_meta": {
  "_objectUuid": "4",
  "_objectVersion": "1",
  "serverState": "AUFkbWluLkZ1bGZpbG1lbnQuUHJvbWlzZS5WVmOWQyMzcDA1-ly_K83tgI"
 },
 "_links": [
  {
   "rel": "CHK:013/admin/promiseRules/audit/GET",
   "href": "/admin/promiseRules/audit/{serverState}",
   "methods": [
    "GET"
   ]
  }
 ]
}

HTTP Response Codes

HTTP response codes provide;

  • A status code and title (or description)

  • A type, with a URL link to more details

  • Details on the error, if available

The following are the standard codes to expect when interfacing with Bunnings APIs.

 

Code Condition Description
200 OK The operation was successful.
201 Created The operation results in the creation of a new resource.
202 Accepted The request has been accepted for processing, but has not yet completed processing.
204 No Content The request has been accepted and no further information is supplied (used as a response to some PUT and DELETE requests)
400 Invalid API URI The service cannot be found at that endpoint reference, a required field is missing, or another validation error occurred.
401 Unauthorized Invalid credentials.
403 Forbidden The request is understood but is refused.
404 Resource not Found The endpoint or requested resource is not valid, and does not exist.
405 Invalid method An invalid method was used for that endpoint.
415 Invalid encoded character An invalid character was detected. We support all unicode code points in the Windows-1252 and ISO8859-1 standards. See Character Encoding.
422 Unprocessable entity Business validation failure, for example out-of-date information was used.
429 Too many requests Rate limit violation. quota exceeded, or spike arrest enforced.
500 Internal server error The operation failed on the server side.
503 Service unavailable Service is currently unavailable.

OData

Open Data Protocol (OData) is an open protocol that allows the creation and consumption of queryable and interoperable REST APIs in a simple and standard way.

At Bunnings, we have implemented part of the OData standard on many of our APIs. Specifically the queries standard (see OData Query Options for details).

At its simplest, this is a set of query parameters that allow you to query the data you have asked for. This will bring back a curated result according to the string you provide in your query parameter(s). For example, $select allows you to provide a "select statement" to filter the results to give you a subset of the objects from the API response (see OData $select query option for details).

NOTE: You will not be returned null objects when using OData parameters.

Common OData query parameters

The following is a list of common OData query parameters we use.

Query Parameter Description Example
$select

The $select system query option allows clients to request a specific set of properties for each entity or complex type.

Use a comma separated list to select different items. Special characters can be used as wild cards in the select statement;

  • * to include all properties of the type, we support * on the end of the select statement (not nested)

  • / can be used for complex properties

 $select=name,address/state,contact/*/phoneNumber
$filter

The $filter system query option allows clients to filter a collection of resources that are addressed by a request URL. A filter is comprised of one or more expressions joined with the following logical operators listed bellow in precedence order.

All the logical operators listed below may not be available on our APIs, please see the specific API documentation on which operators apply to each API.

Allowed Logical Operators:

  • `(<expression>)`

  • `not <expression>`

  • `<expression> and <expression>`

  • `<expression> or <expression>`

Generally, the filter can not exceed a maximum of one complexity which is a sum of the complexity of each expression in the filter, however please see the individual API documentation for details.

Expressions match the bellow pattern:

  • Matching Regex Patterns:

    • example: (?'property'[fF][uU][lL][fF][iI][lL][mM][eE][nN][tT][rR][eE][fF]) (?'operation'eq) (?'value'\\d+)
      (see individual API documentation on allowed expressions for that API)

  • Allowed Operators:

    • And = and or &

    • Or = or or |

    • Less than = lt or <

    • Greater than = gt or >

    • Greater than or equal to = ge or >=

    • Less than or equal to = le or <=

    • Different from (not equal) = ne or <>

    • Equal = eq

    • Any = any()

    • All = all()
      (see individual API documentation on allowed operators for that API)

 $filter=name eq 'Bob' and (address/state in ['WA','VIC'] or age gt 10)
$skip

The $skip query option requests the number of items in the queried collection that are to be skipped and not included in the result.

Provide an integer to skip that number of entities in the collection.

 $skip=5
$top

The $top system query option requests the first “n” number of items in the queried collection to be included in the result.

The maximum value is 500.

The default is 100.

Provide an integer to include that number of entities from the collection.

 $top=42
$orderby

The $orderby system query option allows clients to request resources in a particular order in either ascending order using asc or descending order using desc. If order is not specified asc will be the default.

Some APIs allow sorting by multiple fields. To sort by multiple fields, specify a comma separated list of fields.

A string value for the field/entity is required to order that values by that field.

 $orderby=Total asc, Name desc

Pagination

Some of our APIs require pagination to ensure rapid response times when dealing with a large set of items. When providing a paginated response we will provide these values in the response.

Key Value / Description
pageSize

integer

The page size in bytes.
items

array

An array of items.
fullPage

boolean

Denotes if the page should continue to fill up until the max pageSize can be reached.

If false, a page may be returned before page size number of items has been collected. This will ensure results can be shown to the user immediately.

If true this will not return until a full page of items has been collected. When this is set to true the response time is undetermined.

 

The paginated response will have links that can be used to retrieve other pages of data from the API.

Paginated Response Sample

{
  "pageSize": 20,
  "pageNumber": 1,
  "itemsCount": 2,
  "pageCount": 4,
  "items": [
    {
      "transactionRef": null,
      "transactionDate": "2020-11-09T04:52:07.3319174Z",
      "location": null,
      "terminalNumber": null,
      "totalAmount": 12,
      "itemQuantity": null,
      "customerType": null,
      "_meta": {
        "_objectUuid": "009e88fe-c600-457c-a803-6c827acedbfb",
        "_objectVersion": "1"
      },
      "_links": [
        {
          "rel": "TRA:003/GetTransactionDetails/GET",
          "href": "/transactions/{transactionRef}",
          "methods": [
            "GET"
          ]
        },
        {
          "rel": "TRA:005/GetPdfTransactionReceipt/GET",
          "href": "/receipts/{transactionRef}?type=PDF&cid={correlationId}",
          "methods": [
            "GET"
          ]
        },
        {
          "rel": "TRA:006/GetPngTransactionReceipt/GET",
          "href": "/receipts/{transactionRef}?type=PNG&cid={correlationId}",
          "methods": [
            "GET"
          ]
        }
      ]
    },
    {
      "transactionRef": null,
      "transactionDate": "2020-11-09T04:52:07.3319256Z",
      "location": null,
      "terminalNumber": null,
      "totalAmount": 24,
      "itemQuantity": null,
      "customerType": null,
      "_meta": {
        "_objectUuid": "7b8db708-a5dd-4d61-9c08-de69590b3c22",
        "_objectVersion": "1"
      },
      "_links": [
        {
          "rel": "TRA:003/GetTransactionDetails/GET",
          "href": "/transactions/{transactionRef}",
          "methods": [
            "GET"
          ]
        },
        {
          "rel": "TRA:005/GetPdfTransactionReceipt/GET",
          "href": "/receipts/{transactionRef}?type=PDF&cid={correlationId}",
          "methods": [
            "GET"
          ]
        },
        {
          "rel": "TRA:006/GetPngTransactionReceipt/GET",
          "href": "/receipts/{transactionRef}?type=PNG&cid={correlationId}",
          "methods": [
            "GET"
          ]
        }
      ]
    }
  ],
  "_meta": {
    "_objectUuid": "c387aaae-36eb-4801-8c0e-55a8a24d398e",
    "_objectVersion": "1"
  },
  "_links": []
}

Using Pagination

When you receive a response with pagination, you will need to provide particular parameters to retrieve the other records (pages) as part of your request.

 

Query Parameter Type Description
continuationToken string A continuation token this will be retrieved from the _meta of the previous page of a search result and will form part of the template of a search continuation rel. Using a continuation token, the caller can implement endless paging in an efficient manner. When there are no more pages a result will not included a continuation token. when paging though results any select and top parameters must be passed again with each subsequent call however order by will be ignored.
page integer If required, the page number to retrieve. The default value is 1
pageSize integer If required, the size of the page to retrieve. The default value is 20
cURL pagination request example
curl --request POST \
  'https://transaction.sandbox.api.bunnings.com.au/transaction/transactions/search?continuationToken=c387aaae-36eb-4801-8c0e-55a8a24d398e&page=2&pageSize=20&%24fullPage=true' \
  --header 'x-version-api: 1.1' \
  --header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
  --header 'Accept: application/json' \
  --header 'Content-Type: application/json' \
  --data '{}' \
  --compressed

Request Headers

The following are standard headers we generally require in the API call, unless indicated otherwise. See the particular API products OpenAPI Specification (API Reference) for confirmation on header requirements.

Header parameter Description Allowed values/Example
Content-type Names the type of data found within the request message body. This is a specifically formatted string known as a media type. Content-type: application/json
x-version-api The API version the client is calling this endpoint at. When calling the API the client must provided the version of the API they are calling. This allows the API to correctly support the calling clients. Clients are still required to support non breaking changes within the same version. x-version-api: 1.1
Authorization Specifies the authorization method used to interact with the requested resource. With Bunnings APIs this is a OAuth2 token (with the auth-scheme being Bearer) Authorization: Bearer QFhQVC0wMDAwMzoyZWRmOGJhYS0wY2I0LTQwZj=

 

Response Headers

The following are standard response headers we generally provide on our API responses, unless otherwise indicated. See the particular API products OpenAPI Specification (API Reference) for confirmation on what response headers to expect.

Header parameter Description Allowed values/Example
Accept Provides the client application with the content type formats that will be accepted. Accept: application/json
Content-Type Names the type of data found within the response message body. This is a specifically formatted string known as a media type. Content-Type: application/json
Content-Length The size of the response body in kb. Content-Length: 5
ETag The unique identifier for a specific resource at the URL you request the resource from. ETAG: "a00049ba79152d03380c34652f2cb612"
Server Describes the software used by the origin server that handled the request — that is, the server that generated the response. Server: istio
Date The date and timestamp that the response was made. Date: Fri, 12 Dec 2021 23:33:14 GMT
X-RateLimit-Limit The quota limit for the API you are using (particular to your API keys and the developer/user of the API). X-RateLimit-Limit: 5000
X-RateLimit-Remaining How many requests you have remaining to the API (before the quota is reset at a particular time) X-RateLimit-Remaining: 4987
X-RateLimit-Reset Date and time (in epoch format) that the quota will be reset back to the RateLimit X-RateLimit-Reset: 1350085394
X-Correlation-Id A unique ID added by Bunnings for a particular request and is used to correlate your request over several downstream systems. Useful for diagnosing issues pertaining to a particular call over many APIs. X-Correlation-Id: 156dsffdg561s5g1d4
X-Request-Id A unique ID added by Bunnings which allows Bunnings to trace the request for measurement against our SLAs for that API. X-Request-Id: 156dsffdg561s5g1d4:11011
Cache-Control The cache directive from the service (e.g. the length of time the response will be cached, whether it’s specific for the client, and whether the response is fresh or not) Cache-Control: max-age=0, private, must-revalidate

Traffic management

To protect the backend service from overload, Bunnings enforces traffic limits in the form of Quotas and Spike Arrests. For details about the traffic limits see Quotas and Spike Arrest pages.

URL Format

We have particular URLs for each of our environments, and each of our APIs, so that you and Bunnings can clearly distinguish which API environment and API product you are interfacing with;

ENVIRONMENT Base URL
Sandbox https://{service}.sandbox.api.bunnings.com.au/{service}
Test https://{service}.stg.api.bunnings.com.au/{service}
Live https://{service}.api.bunnings.com.au/{service}

 

The exception to above is our OAuth2 service, see OAuth2 Token Endpoint for details. Where the {service} prefix denotes the API service, which may differ for each API product.

Verbs and Hypermedia

Verbs

We use all verbs (or methods) that are available as part of HTTP. See Section 9 in RFC 2616 for further details.

Hypermedia

The content we provide in our API responses will almost always be application/json or application/xml. We may provide some responses in other formats (e.g. application/pdf) depending on requirement of the API.

Versioning

The latest version of our API is shown in the API Reference (Open API Specification) for each API product. This will be at the beginning of the specification in the version: field. For example; version: v1.1

Using the API version

For every API request you must add the x-version-api header parameter and include the version number (without the “v”) in the API Request.

cURL example
curl --request POST \
  'https://payment.sandbox.api.bunnings.com.au/payment' \
  --header 'x-version-api: 1.1'

Deprecation and version management

We will notify developers of any impending version changes and deprecations.

Bunnings will maintain at most the current version and 1 deprecated version (if available). Any deprecated version will be available for 1 year. Any use of a deprecated API version will provide end-of-life (EOL) headers that will describe the state of that deprecated API version.

 

Header parameter Description Allowed values/Example
X-API-sunset Provides the client application with the date when that API version will no longer be able to be used.

UTC date in the future as to when the API version will be sunset (removed from use)

2022-07-16T19:20:30+08:00
api-supported-versions The API versions that are available to use on the API, if there is more than 1 version available.

A string with the supported versions with comma separated values

v1.0,v1.1,v1.2
api-deprecated-versions The API versions which are deprecated and due to sunset, if there are deprecated versions available.

A string with the deprecated versions with comma separated values

v1.0,v1.1