Intended Usage

👍

Essential information about intended usage

The movieXchange APIs are trusted by exhibitor’s systems to perform sensitive operations. Due to this trust relationship with exhibitors, the MX APIs must only be accessed from behind a secure layer of an application, not exposed as part of an insecure, consumer-facing environment, such as via JavaScript in a web page.

To clarify, calling the MX APIs from behind your own web-services layer is fine, whereas directly calling them from within any webpage or client application is not, as this would publicly expose security tokens and API patterns. Calls from client devices or applications should never be made directly to the MX APIs. Instead, they should be routed via a secured layer that doesn’t require the public exposure of the API's methods or security tokens.

👍

Reference Data and Caching

movieXchange retrieves reference data such as site details, showtimes, and file data on a scheduled basis. The responses returned by the reference data endpoints are safe to cache for a short period of time such as 30-60 minutes and are intended to be cached behind a service layer in your application.

Reference data endpoints should not be hit in real time in response to user interaction. Instead your application should retrieve reference data on a scheduled basis, cache it, and serve it to your application channels from the cache.