Since 2001, DNA Behavior has been developing world-class, validated, discovery processes that reliably predict and store personality data. Using the DNA API and a bit of your creativity, you can access this data in real-time to create the next new “killer app” and solve the world’s largest business, financial or life challenges.
DNA API is built using REST principles which ensures predictable URLs that makes writing applications easy. This API follows HTTP rules, enabling a wide range of HTTP clients can be used to interact with the API. Every resource is exposed as a URL. The URL of each resource can be obtained by accessing the API base URL.
The DNA API uses POST and GET requests to communicate and HTTP response codes with the proper message to indicate status and errors. All responses come in standard JSON as well as XML format. The DNA API is served over HTTPS TLS v1.1+ to ensure data privacy; HTTP and HTTPS with TLS versions below 1.1 are not supported. All requests must include a Content-Type and the body must be valid JSON or XML.
The Sandbox environment supports only test Items. All testing should be done in our Sandbox environments. All activity in the Production environment will be billed.
In order to utilize the DNA API, you will first need an API account (Username and Password) to get access token. In order to receive your account credentials, click here to make a request. Please include following details in your request:
Once you are approved, you will receive an email on your email address with API account credentials.
You will receive back the following details from DNA Behavior:
All DNA API endpoints are accessible only when the valid access token is provided in Authorization header of the request sent to DNA API endpoints. You will require API Account credentials to get access token. Please make sure that you have received an email from us with your DNA API Account credentials.
You need to post API account credentials based on details provided below to get access token.
URL: https://<base URL>/Token
Request Type: POST
Content-Type: application/x-www-form-urlencoded
Request Parameters:
$.ajax({ type: "POST", url: "https://<base URL>/Token", data: { username: "user@example.com", password: "Password1!", grant_type: "password" }, success: function (data) { localStorage.setItem('access_token', data.access_token); }, error: function (jqXHR, textStatus, errorThrown) { alert(jqXHR.responseText || textStatus); } });
If the request succeeds, the authorization server returns an access token in the response body. Notice that we store the token in browser's local storage, to use later when sending requests to the API.
POST https://<base URL>/Token HTTP/1.1 Host: <base URL> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: https://<base URL>/ Content-Length: 67 grant_type=password&username=user@example.com&password=Password1!
You can see that the request contains the user's credentials. You must use HTTPS to provide transport layer security.
HTTP/1.1 200 OK Content-Length: 669 Content-Type: application/json;charset=UTF-8 Server: Microsoft-IIS/10.0 Date: Mon, 02 March 2020 12:00:00 GMT { "access_token":"imSXTs2OqSrGWzsFQhIXziFCO3rF...", "token_type":"bearer", "expires_in":1209599, "userName":"user@example.com", ".issued":"Mon, 02 March 2020 12:00:00 GMT", ".expires":"Tue, 03 March 2020 12:00:00 GMT" }
Please note: The token is valid only for 24 Hrs (1 Day) from the time the token is generated to get access to all the API endpoints.
Now that we have a bearer token, we can make an authenticated request to the API. This is done by setting the Authorization header in the request.
GET https://<base URL>/API/NaturalBehavior HTTP/1.1 Host: <base URL> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0 Accept: */* Authorization: Bearer imSXTs2OqSrGWzsFQhIXziFCO3rF... X-Requested-With: XMLHttpRequest
HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8 Server: Microsoft-IIS/10.0 Date: Mon, 02 March 2020 01:22:36 GMT Content-Length: 26 "Hello, user@example.com"
We use standard HTTP response codes for success and failure notifications. In general, 200 HTTP codes correspond to success, 40X codes are for the developer or user-related failures, and 50X codes are for server related issues. We're always working to minimize API errors related to DNA integrations and to address connectivity issues across the infrastructure.
DNA Behavior’s primary focus is site availability and security in support of customers and partners.
While we do not publish a rate limiting policy, we might temporarily rate limit if we identify traffic that appears to be abusive. We rate limit until we are confident that the activity is not problematic for DNA Behavior, our partners, or our customers.
To ensure maximum protection for the site, we constantly evaluate traffic as it surges and subsides to adjust our policies. If you or your customers receive the HTTP 429 Unprocessable Entity - RATE_LIMIT_REACHED status code, which indicates too many requests and might indicate anomalous traffic, we rate limit to ensure site stability.
Depending on the API endpoint, the request limit and the rate limit window in which the request limit resets, varies.
Each endpoint is configured with a bucket that defines the following:
If your firm has specific requirements or standards for API requests, the above items can be configured on a per account basis. Contact your account representative to discuss.
If you exceed the provided rate limit for a given API endpoint, you will receive a response with HTTP Status Code 429 (Too Many Requests). You can refer to the HTTP Response Headers for more information on the rate limits applicable to that endpoint.
Actions such as rapidly updating configuration settings, aggressive polling, or making highly concurrent API calls may result in your app being rate limited.
If your app triggers the rate limit, please refrain from making additional requests until the appropriate amount of time has elapsed.
Ready to go live? Below are the considerations and steps you should review with your team before starting to use our Production API.
Before going live, please ensure that you and a DNA Behavior representative have discussed the various billing plans available in our production environment.
The Sandbox and Production API are nearly identical. Primarily, the difference is your Group ID and base URLs. Review the Production API here.
Before going live, it is key to ensure that the behavioral results are accurate. In order to do this, make sure that your end-to-end user experience of the questionnaire completion and results shown on the screen are accurate. DNA Behavior has QA engineers which can be enlisted on a project basis to help verify this process. Please contact DNA Behavior if you wish to schedule the use of our QA engineers to help test your questionnaire process on a billable, project basis.
Are all mentions of DNA Behavior consistent with DNA Behavior’s branding standards and agreement terms?