Table of Contents
Summary
Whistic's Public API provides programmatic access to your vendor data, enabling you to integrate Whistic functionality into your existing workflows and applications. The API allows you to retrieve vendor information, upload documents, generate reports, and automate various vendor management tasks. This guide will walk you through accessing and utilizing the Whistic Public API effectively.
Important: API access requires administrator privileges. Only Whistic Admins can generate API keys or you must be an admin yourself to access this functionality.
🚀 Getting Started
Before using the Whistic Public API, ensure you meet the following requirements:
Prerequisites:
- You must be a Whistic Admin or have a Whistic Admin generate an API key for you
- Basic understanding of API concepts
Key Information:
- API Keys do not have permissions - they simply provide access to any publicly available endpoint
- All API documentation, schemas, and endpoints are available through our Swagger page (public.whistic.com)
- API keys provide full access to all public endpoints once generated
🔑 Steps to Access the Public API
Step 1: Generate Your API Key
- Admin Access Required: Ensure you are logged in as a Whistic Admin or contact your Admin to generate a key. Learn more here - API Key Creation.
- On the top navigation click on Settings and select Integrations from the drop down menu.
- On the Integrations page look for the Whistic Public API tile and click the Configure button on it.
- In the Whistic public API page scroll to the bottom and click the Generate New Key button.
- Once selected, you will create a label for the API key. The label can be used to organize your keys, as you may have several for different purposes.
- Finally, Whistic will automatically generate and present the key. Thereafter, you can copy, edit, or delete the key. API keys do not have an expiration date.
Step 2: Explore Available Endpoints
- Visit the Swagger Documentation: Navigate to public.whistic.com
- Browse Available Endpoints: Review all available API endpoints and their documentation
- Understand Request/Response Formats: Each endpoint includes detailed schema information
- Test Endpoints: Use the interactive Swagger interface to test API calls before implementation
Step 3: Implement API Calls
- Use Your API Key: Include your API key in the authorization header of all requests
- Follow Schema Requirements: Ensure your requests match the documented schemas
- Handle Responses: Process API responses according to the documented formats
- Implement Error Handling: Plan for various response codes and error scenarios
📡 Understanding API Endpoints & Schemas
Swagger Documentation (public.whistic.com)
The Swagger page is your primary resource for API implementation:
- Endpoint Discovery: Browse all available API endpoints organized by functionality
- Schema Documentation: View detailed request and response schemas for each endpoint
- Interactive Testing: Test API calls directly from the documentation
- Authentication Requirements: Understand how to properly authenticate your requests
- Response Examples: See sample responses for successful and error scenarios
How to Use the Swagger Page
Follow these steps to effectively use the Swagger documentation for testing and understanding API endpoints:
- Access the Swagger Page: Navigate to public.whistic.com
-
Authorize Your Session:
-
Click the Authorize button located at the top right of the page
-
Insert your API key in the value field & click Authorize
- This will authenticate your session for testing API calls directly from the Swagger interface
-
-
Locate Your Desired API Call:
- Browse through the organized endpoint categories
- Find the specific call you wish to conduct (for example: getAllVendors)
-
Expand the API Call:
- Click on the endpoint to expand its details
- Review the endpoint description, parameters, and expected responses
-
Initiate Testing:
-
Select Try it Out to enable the interactive testing interface
- This will activate input fields and allow you to modify request parameters
-
-
Input Required Data:
- Fill in any required data points needed for the call
- Review optional parameters and include them as needed for your specific use case
- Ensure all required fields are completed according to the schema
-
Execute the Call:
-
Once all data is entered, click Execute
- The system will process your request and return results
-
-
Review Response:
- Examine the response code to confirm successful execution (typically 200 for success)
- Review the response body for returned data
- Check for any error messages if the call fails
-
Use this information to understand expected response formats for your implementation
Using Postman with Whistic API
Postman is a popular tool for testing and working with APIs. Here's how to configure Postman for use with the Whistic Public API:
Base URL Structure: All Whistic API endpoints start with: https://public.whistic.com/api
Example: GET All Vendors
-
Set up the request:
- Method: GET
- URL: https://public.whistic.com/api/vendors/
-
Configure Authorization:
- Navigate to the Authorization tab
- Auth Type: Select "API Key"
- Key: Enter Api-Key
- Value: Paste your API key
- Add to: Select "Header"
-
Execute the request:
- Click Send to execute the API call
- Review the response in the lower panel
Screenshot Reference:
Additional Postman Tips:
- Save your API key as an environment variable for easier reuse across requests
- Create a Postman Collection for all Whistic API endpoints
For complete endpoint documentation, request/response examples, and parameter details, visit our swagger page at the following link public.whistic.com.
💡 Common Use Cases
- Document Upload Automation - Automatically upload vendor documents to appropriate repositories without manual intervention. Learn more here.
- Reporting Integration - Put Whistic data into your existing dashboard or reporting tools for consolidated vendor risk views. Learn more here.
- Workflow Automation - Trigger actions in external systems based on Whistic data changes or assessment completions.
- Data Synchronization - Keep vendor information synchronized between Whistic and your other business systems.
-
AI-Powered Endpoints - We have added Vendor Summary to the Public API with structured response format, enabling partners to integrate AI-powered vendor assessment capabilities directly into their platforms with support for multiple answer selections and answer value IDs.
- GET /assessments/{id}/summary - Get the AI-powered summary for a vendor assessment
- POST /assessments/{id}/summary - Trigger AI-powered summary generation for a vendor assessment
- PUT /assessments/{id}/sources - Update sources for a vendor assessment
🔧 Troubleshooting
Common Issues and Solutions
Authentication Errors
- Verify your API key is correctly included in the authorization header
- Ensure the API key is still valid (obtain a new key if needed)
- Confirm you're using the correct authentication format
Schema Validation Errors
- Review the Swagger documentation for exact schema requirements
- Validate your request payload against the documented schema
- Check for required fields that may be missing
-
Error Handling: The API returns standard HTTP status codes. Common responses include:
- 200 OK – Successful request
- 401 Unauthorized – Invalid or missing API key
- 404 Not Found – Resource not found
- 500 Internal Server Error – Server-side error
Rate Limiting
- Implement appropriate delays between API calls
- Monitor response headers for rate limiting information
- Consider batching operations when possible
❓ FAQ
Who can access the Whistic Public API?
Only Whistic Admins can generate API keys, or you must be an admin yourself. Once generated, the API key provides access to all publicly available endpoints without additional permission restrictions.
Where can I find documentation for all available API endpoints?
All API documentation, including endpoints, schemas, request/response formats, and interactive testing tools, is available at public.whistic.com. This Swagger page is your complete resource for API implementation.
Do API keys have different permission levels?
No, API keys do not have permission restrictions. An API key simply provides access to any endpoint that is publicly available on our API. All permission controls are handled at the account and user level.
What types of documents can I upload through the API?
The API supports uploading various document types to vendor repositories. Refer to the document upload endpoints in the Swagger documentation for specific file format requirements and size limitations.
How do I test API endpoints before implementing them?
Use the interactive Swagger documentation at public.whistic.com. This allows you to test API calls directly from your browser, view response formats, and understand expected behavior before writing code.
What should I do if my API key stops working?
Contact your Whistic Admin to verify the API key status and generate a new one if necessary. API keys may be deleted, requiring regeneration by an admin user.
Can I use the API for bulk operations?
Yes, the API supports various bulk operations. Review the Swagger documentation for endpoints that support batch processing, and implement appropriate rate limiting to avoid performance issues.
How do I integrate API responses with my existing systems?
The API returns data in standard JSON format with well-documented schemas. Use the Swagger documentation to understand response structures and map them to your system's data models appropriately.
Is there a rate limit for API calls?
Rate limiting details are provided through response headers and documented in the Swagger interface. Implement appropriate delays and retry logic to handle rate limiting gracefully.
Where can I get help with API implementation?
Start with the comprehensive Swagger documentation at public.whistic.com. For additional support, contact your Customer Success Manager or Whistic support team with specific implementation questions.