Glossary

This section provides clear and concise definitions for the key terms and abbreviations used on the Developer Portal. It is designed to help users understand the meaning of the words and phrases used throughout the website.

A

Access Profile

         ➤   A list of functions that can be accessed by users. For each function the access can be opened/closed for each individual action.
More information can be found in the Going further with Troubleshooting guide (accessible only to customers and official Kyriba’s partners).

Access Token

         ➤  A string that contains security credentials used by an application to make API requests on behalf of a user. It represents the authorization of a specific application to access particular resources.

Alias

         ➤   A keyword that triggers a specific rule and generate different output file in the Open Formats Studio tool. Alias combination defines the set of rules to be applied to the Format that is not part of the standard. It is what allows customization of the output file.

API

         ➤   Stands for Application Programming Interface. In the context, the word application refers to any software with a distinct function. Interface can be explained as a contract of service between two applications. This contract defines how the two communicate with each other using requests and responses. Their API documentation contains information on how developers should structure those requests and responses. In Kyriba we are exposing openAPIs.

API Changelog

         ➤   Tracks all news and updates that take place in Kyriba.
Example: added new API/endpoint/version, published new article, released new app, etc.

API Call

         ➤   An HTTP request sent to an API endpoint to retrieve or send data or trigger an action.
Examples:

  • POST https://{{host}}/gateway/oauth/token

  • GET https://{{host}}/gateway/api/v1/accounts?page.limit=1000&page.offset=2000

One HTTP Request can return data corresponding to one or more entities, it will be counted as one API call for the daily limit. For example, the GET requests above can retrieve 1000 accounts, it will be counted as one API call.

Note❗ API activity will impact customer transaction volume. Please refer to your contract to review those limits. Also, for the purpose of rate limiting, any call made to the API is counted, regardless of its method or content.

API Client

         ➤   An API client, also called a clientId, is a unique identifier used for interacting with an API. It is used for authorization, tracking, and rate limiting, and is linked with an API User for authentication.

API Environment (type)

         ➤   Production

         ➤   Sandbox

         ➤   Kyriba API Playground

API Gateway

         ➤   An API management tool that serves as an intermediary between a client and a collection of backend services. It acts as a reverse proxy, accepting all API calls, aggregating the necessary services to fulfill them, and returning the appropriate results.
The Kyriba API Gateway serves as the entry point for Kyriba customer applications to communicate with various Kyriba functional components that provide APIs.

API Platform

         ➤   An environment that provides a runtime execution context for APIs. An API revision must be deployed to an environment before it can be accessed at runtime.
Kyriba platforms are:

  • Sapphire
  • Ruby
  • Opal
  • Emerald
  • Diamond
  • Topaz
  • Quartz
  • Ammolite

API Specification

         ➤   A document or standard that provides a broad understanding of how an API behaves and how it links with other APIs. It explains how the API functions and the results to expect when using the API, it describes API objects, values and parameters, how the objects are called, and what each object does. We also see the relationships between the objects and how each object can be used.
See more in the OpenAPI specification Glossary section.

API User

         ➤   Kyriba user associated with a single set of client credentials.
To learn about the relationships between API credentials and a Kyriba user, refer to this Troubleshooting section.

B

Base URL

         ➤   An address that contains the host name or domain name, which enables access to an API. The resource or endpoint paths and query parameters are appended to this base URL to reach the specific resources or endpoints of the API.
Example: {{baseUrl}}/v1/account-groups, where baseUrl is https://demo.kyriba.com/gateway/api

C

Client Credentials

         ➤   OAuth 2.0 grant type is typically used when the client needs to access its own resources rather than acting on behalf of a user. The API Gateway validates the client_id / client_secret and responds with an access token, which the application then uses to make API calls on its own behalf.
To learn about the relationships between API credentials and a Kyriba user, refer to this Troubleshooting section.

Concurrency

         ➤   Optimistic control:

The optimistic concurrency control, or optimistic locking, is a mechanism used to manage concurrent access to shared resources, typically in the context of multiple users or processes trying to modify the same data simultaneously. Implementation of optimistic locking requires the use of ETag and If-Match header.
Refer to the Optimistic Locking guide to learn more.

         ➤   API requests:

Concurrency in the context of API requests is the ability of an API Gateway to handle multiple API requests simultaneously.
Refer to the API Rate Limiting & Concurrency guide to learn more.

Customer

         ➤   A company that purchases services offered by the Kyriba Application.
For Developer: The Customer Code is entered in the login box. The Customer Code is also referred to as Client Base. A Customer can have several users.

D

Data Permission

         ➤   A Kyriba function that allows to filter what data can be seen and used by a user and is defined per data type.

Data Permission Profile

         ➤   A combination (can be one or more) of Data Permissions to be assigned to a user that may be of distinct Data types. It can be assigned to one or more Kyriba users (but is optional, as opposed to the Access Profile that is mandatory to create the user). A Data Permission Profile is dynamically updated and can be defined as General or/and By function.

Developer Portal Notification

         ➤   A notification that you receive via email, regarding the information items that you have subscribed to on the Developer Portal.
More information can be found in the Notifications documentation page.

E

Endpoint

         ➤   A communication channel when an API interacts with another system. These endpoints serve as the touch points for communication between the two systems. In essence, an endpoint is a URL of a server or service that the API connects to in order to send requests and receive responses. Each endpoint corresponds to a specific function or resource provided by the server or service, enabling the API to access and manipulate data or perform actions as needed.
Example: https://opal-sandbox.treasury-factory.com/gateway/api/v1/companies, where the endpoint is /v1/companies.

ETag

         ➤   ETag stands for Entity Tag. It is an HTTP header that provides a unique identifier for a particular version of a resource found by a URL. It is used to validate cache and to check for modifications quickly.

  • Weak ETag - comes with a W/ prefix or with a -gzip suffix.

  • Strong Etag - used only for content that is byte-for-byte identical.

For example, if the version of the resource is 5, the ETag header can be 5, W/5 or 5-gzip and it will refer to the same version of the resource.

Event

         ➤   An action that occurs in the customer’s database such as creation, modification, deletion, and completion of process execution, etc.
A list of available Events can be found in the Webhook Notifications guide.

Expires_in

         ➤   A parameter that defines the lifetime in seconds of the access token. For example, the value "3600" denotes that the access token will expire in one hour from the time the response was generated. By default, the value is 3600 seconds (1 hour).

F

Forums

         ➤   A Developer Portal community, that contains various categories of discussions, topics, frequently asked questions, announcements and other useful information. This is the space where you can ask questions, as well as share your ideas with others.
More information can be found in the Forums documentation page.

G

Generic User

         ➤   An individual who has registered with a non-corporate email address, such as Hotmail or Gmail. In such cases, the user will be automatically assigned to the "Generic Users Company" and may not have access to the API Documentation. This distinction is made to differentiate between users associated with corporate domains and those with generic email addresses, ensuring that the appropriate access and permissions are granted based on the user's registration details.

Google Colab

         ➤   "Colab" or Colaboratory is a product that allows you to write and execute Python in your browser, with zero configuration required. It is a hosted Jupyter notebook service that requires no setup to use, while providing access free of charge to computing resources including GPUs.
Feel free to discover our Google Colaboratory Sample Tutorials we have created for you.

Guide

         ➤   The Developer Portal guides provide detailed, step-by-step instructions and the flow of actions for effectively working with Kyriba APIs. They also offer guidance for integrating the retrieved information into your application seamlessly.
Feel free to discover our Developer Portal Guides section.

H

Host

         ➤   Host is a part of the URL that identifies the server responsible for processing the API requests. It corresponds to the Kyriba application platform and environment in which your database is located.
Example: diamond-sandbox.treasury-factory.com or topaz.treasury-factory.com.

I

Idempotency

         ➤   A property of an API request where multiple identical requests have the same effect as a single request. In other words, making the same request multiple times should not have any additional side effects beyond the first request.

Idempotent operations by nature:
GET (read) Making multiple identical GET requests to the same resource will yield the same result without causing any additional changes.
PUT (update) Calling PUT with an identical request will result in no state change other than the first request.
DELETE (remove) Performing consecutive similar DELETE requests will not change the delete state.


Non-idempotent operation:
POST (create) Sending the same resource twice creates two resources, presenting challenges for critical operations like payment instructions.


If-Match

         ➤   If-Match is an HTTP header used in a conditional request. It specifies that the request should only be processed if the provided ETag value matches the current ETag value of the resource on the server. It helps prevent conflicts by ensuring that the client updates the resource only if its version on the server matches the expected version.

K

kapp_username

         ➤   A parameter that identifies the Kyriba Application user to whom the token is linked. It contains both customer and user codes separated by @ such as the following: customer_code@user_code.

Kyriba API Playground

         ➤   A dedicated testing environment provided by Kyriba, where developers can experiment on our APIs, but with certain limitations.

Kyriba-Customer-Rate-Limit-Remaining

         ➤   A response header containing the number of requests left for the current rate limit window.

Kyriba-Customer-Rate-Limit-Reset

         ➤   A response header returning the time at which the rate limit resets, specified in Epoch time.

M

Marketplace

         ➤   An application catalog that lists apps developed by Kyriba and verified third-parties. This catalog is designed for producers who wish to introduce their creative solutions, leveraging Kyriba functionality, as well as for consumers who will benefit from these apps.
More information can be found in the Marketplace documentation page.

mTLS

         ➤   mTLS stands for mutual TLS and consists of having the API server also checking the client certificate.
More information can be found in the mTLS section.

N

Notification

         ➤   An alert to notify the user of certain changes that have occurred, in regards to what the user had subscribed to. For example, Developer Portal Notification, or Webhook notification.

O

OAuth 2.0

         ➤   OAuth 2.0 is an authorization protocol that validates API credentials of a user. Kyriba uses Client Credentials grant flow, which means the API Gateway validates a pair of client_id / client_secret and responds with an Access Token.

OpenAPI Specification

         ➤   Provides a standard, language-agnostic interface to RESTful APIs, presented in both human and machine-readable formats. Its main focus is on defining the API and outlining its structure. OpenAPI can be used to automatically generate API documentation, code samples, and SDKs. It simplifies the process for consumers to understand and interact with the remote service, requiring a minimal amount of implementation logic.

Open Formats Studio

         ➤   Open Formats Studio is a Sandbox environment for the Kyriba Formats Library testing. It allows any format to become customizable. It provides a set of tools that allows to explore Formats Library and find the correct format configuration easily with:

  • Formats Translation Tool / Bank File Postprocessing Tool / Comparison Tool
  • Alias Library / Alias Statistics

Note❗ Open Formats Studio requires special access. More information can be found in the Open Formats Studio page.

Open Reports Studio

         ➤   Open Reports Studio is an add-in that integrates Kyriba with Microsoft Excel. It provides users with a seamless way to access and interact with Kyriba's functionalities directly within the Excel environment.

Note❗ Open Reports Studio requires subscription. For more information, refer to the Open Reports Studio guide.

Optimistic Locking

         ➤   A concurrency control mechanism used to manage concurrent access to a resource, typically in the context of multiple users or processes trying to modify the same data simultaneously. The goal of optimistic locking is to allow concurrent access without directly blocking users or processes, while still ensuring data consistency.
More information on how to manage and which APIs are supporting this feature can be found in the Optimistic Locking documentation section.

P

Process Templates

         ➤   Kyriba’s feature that allows to import data, launch reports or trigger workflows. They are set up in Kyriba Application by Kyriba users applying different criteria and accesses. Process templates can be launched via APIs as well as through the UI or sFTP.
More information can be found in the Going further with Troubleshooting guide. (Accessible only to customers and official Kyriba’s partners.)

Production

         ➤   An environment of a platform where a product has been publicly released and is available for business or end-user use. It is the stage where real-world usage occurs and where businesses interact with customers and conduct actual operations. It is important to ensure stability, security, and reliability in the Production Environment as any issues directly impact users and business operations.

Product Subscription

         ➤   A self-service function that allows customers to manage licenses (Kyriba modules) assigned to users.

Product Subscription Bundle

         ➤   This function allows you to access and set up an automatic assignment of Product subscriptions to users based on Access profiles or Product subscriptions bundle assigned to a user.

R

Rate Limiting

         ➤   API Rate Limiting is a mechanism in API management to control the number of API calls that a client can make within a defined period of time. The purpose of this is to promote fair API usage, and protect back-end resources from abuse and being overwhelmed by too many requests.

Retry

         ➤   An attempt to deliver an event via webhook.
More information about "Retries" can be found in the Webhook Notifications guide.

REST

         ➤   REST stands for REpresentational State Transfer. It is a defined set of standards for transferring resources over the web. The REST architecture style is commonly applied to APIs, known as "REST APIs," which enable developers to access data from remote systems over the Internet. REST APIs use standard HTTP methods, such as GET, POST, PUT, DELETE, to perform actions on resources identified by URLs (Uniform Resource Locators).

REST API

         ➤   An architectural style for an application program interface (API) that utilizes HTTP requests to access and use data. REST APIs have become a popular method for connecting components and applications in a microservice architecture.

S

Sample (Sample Application)

         ➤   A tutorial on the Developer Portal that guides you through the process of creating, building, and running your own application from scratch. It provides step-by-step instructions and hands-on exercises to help you understand the development process and gain practical experience.
Feel free to discover our Sample Tutorials we have created for you.

Sandbox

         ➤   An environment of a platform designed for testers to replicate the characteristics of the production environment without affecting the actual production system. It serves as a safe and isolated space where developers and testers can experiment, test, and validate various functionalities, changes, or new features before deploying them to the live production environment.

Scope

         ➤   A list of endpoints which the user has the right to access.

Service Token

         ➤   An identifier provided by Kyriba to allow users access the Kyriba Modules. The Service Tokens are determined by the a set of features in modules to which the company has subscribed. Progressively is being replaced by Product Subscription.
More information about Service Token can be found in the Best Practices guide.

SPI

         ➤   Stands for Service Provider Interface. It is an API intended to be implemented by a third party adhering to the Open API specification provided by Kyriba. In the context of SPI, Kyriba acts as a client and the third party as a server.

T

Token URL

         ➤   A URL that contains an authentication token valid for a specific time and/or a number of usages and grants access to a connection profile.
Example: https://demo.kyriba.com/gateway/oauth/token

TLS

         ➤   Transport Layer Security - an adopted security protocol designed to facilitate privacy and data security for communications over the Internet. In Kyriba it is used to secure the connection between the API client and the API server by validating the Kyriba’s server certificate.

U

Use Case

         ➤   Represents a specific scenario corresponding to a business need. It is composed of different actions or steps that outline the interactions between APIs and the system to achieve a particular goal or result. By defining API Use Cases, developers and stakeholders can better understand the functionalities and capabilities of APIs and how they can be leveraged to deliver valuable solutions.
More information can be found in the Use Cases documentation page.

User

         ➤   A user is defined by a unique code, an Access Profile, a Service Token or Product Subscription configuration (depending on database type) and a Data Permission Profile (optional).

  • Code will be used when logging in Kyriba application (along the customer code and the password).
  • Access Profile determines which functions and actions a user can access. Note: the application of the selected Access Profile is not immediate. It is only effective the next time the user logs in the application.
  • Service Token determines which Modules a user can access. The available Service Tokens depend on which Services your company is subscribed to.
  • Product Subscription determines which Modules a user can access. It is managed by customers directly.
  • Data Permission Profile determines which entities (Companies, Accounts, Transaction codes, etc.) a user can access.

W

Webhook

         ➤   An HTTP request that is triggered by an event or action and sent to a preconfigured customer's URL. It allows applications or services to communicate with each other in real-time by notifying the receiving system when a particular event occurs.
Additional information can be found in the Webhook Notifications guide.

Webhook Notification

         ➤   A push message represented as “application/json” document which is sent via a POST request to a preconfigured endpoint. This message is delivered through a Webhook and is triggered by a specific event occurring in the Kyriba Application. More information can be found in the Webhook Notifications guide.