Sections

• Overview
• API Usage
• Errors

Endpoints

Calls to the API must be for genuine use and responses from the API must not be stored for the purpose of creating an offline copy of the information stored. Failure to comply with this requirement will infringe the API License.

Due Diligence API Calls

Due Diligence Check

POST /duediligence/{storeid}/{serial}

Purpose

To perform a due diligence check using the supplied serial on behalf of the store referenced by the storeid.

Inputs

• storeid - The valid ID of the store making the request. If you are testing, please read the Testing documentation.
• serial - A valid product serial number. This must consist only of alpha-numeric characters (a-z and 0-9) and be at least 5 characters in length.
• category - OPTIONAL - A numeric category number to identify the type of product the serial relates to. Setting this to zero or not sending it will perform the search on all product categories. The value can be either a single category or an array of categories. If zero is included in the array it will behave differently to a zero sent by itself - it will only search data which does not fall into a specific category.
  
  Supported Categories
• inpossession - OPTIONAL - This flag lets us know if device is in your possession. The valid values for this flag are 'Y' (yes, it is in your possession) or 'N' (no, it is not your possession).
• moreinformation - OPTIONAL (REQUIRED FOR RESELLERS) - This flag lets us know if you have further information about the device such as the owner's name and address. The valid values for this flag are 'Y' (yes, you have more information) or 'N' (no, it is not have more information). Resellers are required to set this value to 'Y' and provide more information in the 'more' field.
• more - OPTIONAL (REQUIRED FOR RESELLERS) - If the moreinformation flag is set to 'Y', you can send us the additional information using the 'more' field. The information you send is used only for the purposes of law enforcement. Any data you send must be compliant with the Data Protection Act in the UK and similar laws in other jurisdictions. In the UK, providing individual's name/address etc. would require you to have the approval of that individual to share their data with 3rd parties for the purposes of law enforcement.
  
  Resellers
  Resellers must provide the following information in JSON format:-
  
  

  Reseller required information.

  Field Name	Value
  name	The name of the person requesting the check.
  address	The address of the person requesting the check.
  contactnumber	The contact telephone number of the person requesting the check.

• transactionref - OPTIONAL - This field can be used for providing the API with your own reference to the check. If you are checking devices with multiple serials this field could be used to indicate to the API that they are connected to one item. Please note that this field does not have any affect on a check result.
• fmipstatus - OPTIONAL - If your account has FMIP privileges then you can set this flag to true.
  
  

  Supported Devices.

  Device	Category
  iPhone	1
  iPad	9
  Macs 2018-present (T2 Security Chip)	2
  Airtag	17

• transactionref - OPTIONAL - This field can be used for providing the API with your own reference to the check. If you are checking devices with multiple serials this field could be used to indicate to the API that they are connected to one item. Please note that this field does not have any affect on a check result.

Example Request

Basic Example

curl -H 'Accept: application/json' \
-u 123:XXXXXXXXXXXXXXXXXXXXXX \
https://gapi.checkmend.com/duediligence/12345/123456123456123

Example with additional information (single category).

POST /duediligence/1/234234234234242 HTTP/1.1
Accept: application/json
Content-Type: application/json

{
    "category": 12
}

Example with additional information (multiple categories).

POST /duediligence/1/234234234234242 HTTP/1.1
Accept: application/json
Content-Type: application/json

{
    "category":[1,2]
}

Output

A JSON object containing the certificate ID which can be used to obtain a full certificate at no additional charge. The response will also contain the result of the check. The result will be either "passed", "caution" or "failed". In the event of an error the certid will not be returned. Instead, a JSON object containing an errors array will be returned. For details on the errors array please read the Errors page.

Example Response

Response on Success:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "certid": 1234,
    "result": "passed"
}

Response on Failure:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "certid": 1234,
    "result": "failed"
}

Response on Caution:

HTTP/1.1 200 OK
Content-Type: application/json

{
    "certid": 1234,
    "result": "caution"
}

Response on Request Failure (not check failure):

HTTP/1.1 404 Not Found
Content-Type: application/json

{
    "errors":
    [
        {
            "id": 404,
            "message": "The storeid supplied was invalid."
        }
    ]
}

FMIP Response

This is an example of a response for an FMIP check. If the FMIP check then this will be what is returned to your initial call.

Sample FMIP Check Response:

{
    "fmip": "activated",
    "result": "failed",
    "certid": "1234"
}

Possible FMIP Response Values

• activated - This device currently has the FMIP activation lock enabled.
• notactivated - This device does not currently have the FMIP activation lock enabled.
• notapplicable - This device is not registered on the FMIP system.