The tp.api object provides methods for making API calls to the Piano backend services.
Methods
tp.api.callApi(endpoint, params, callback, baseUrl, async, method)
Makes an HTTPS request to a Piano API endpoint.
Parameters
|
Parameter |
Type |
Required |
Default |
Description |
|---|---|---|---|---|
|
|
|
Yes |
|
The API endpoint path (e.g., |
|
|
|
No |
|
Request parameters to send |
|
|
|
No |
|
Success callback function receiving the response |
|
|
|
No |
|
Custom base URL for the request |
|
|
|
No |
|
Set to |
|
|
|
No |
|
HTTP method ( |
Automatic Parameters
The following parameters are automatically added to every request:
-
aid- Application ID -
tbc- Tracking browser cookie (if available) -
tac- Access token cookie (if available) -
user_token- User token from the current provider (if logged in) -
user_provider- Name of the current user provider
Callback Response
The callback receives a response object with:
-
code- Status code (0= success) -
data- Response data (structure varies by endpoint) -
message- Error message (if applicable)
Example
// Basic API call
tp.api.callApi("/access/list", {}, function(response) {
if (response.code === 0) {
console.log("Access list:", response.data);
} else {
console.error("Error:", response.message);
}
});
// With custom parameters
tp.api.callApi("/access/check", {
rid: "RESOURCE_ID"
}, function(response) {
if (response.code === 0 && response.access.granted) {
console.log("Access granted!");
}
});
// Synchronous request
tp.api.callApi("/user/get", {}, function(response) {
console.log("User:", response);
}, undefined, false);
// Using GET method
tp.api.callApi("/some/endpoint", { key: "value" }, function(response) {
console.log(response);
}, undefined, true, "GET");
tp.api.getEndpoint()
Returns the current API base URL.
Parameters
None.
Returns
|
Type |
Description |
|---|---|
|
|
The base API endpoint URL |
Example
var apiBase = tp.api.getEndpoint();
console.log("API Endpoint:", apiBase);
// Output: "https://buy.tinypass.com/api/v3" (or similar)
Rate Limiting
The API client implements rate limiting:
-
Maximum 30 requests per 60 seconds
-
Requests exceeding this limit are silently dropped
-
Error logging calls (
/anon/error/log) bypass rate limiting
Error Handling
tp.api.callApi("/access/check", { rid: "resource-1" }, function(response) {
switch (response.code) {
case 0:
// Success
break;
case 403:
console.warn(response.message);
break;
case 503:
console.error("API error:", response.message);
break;
default:
console.error("Unknown error:", response.code);
}
});
Notes
-
All requests automatically include credentials and CORS headers
-
The
tbc(tracking browser cookie) is automatically refreshed from responses