Infrastructure Documentation · Rev 4.2.1

Technical Specifications

Comprehensive infrastructure documentation for authorized integration partners. Covers server regions, connectivity protocols, API endpoint definitions, authentication mechanisms, and environment parameters.

All Systems Operational API v4.2 Last Updated: 2026-04-28

Authorized Server Regions

The Lizaro infrastructure operates across five primary geographic regions. Partners must direct API traffic to the region endpoint nearest to their primary user base to minimize latency and comply with data residency requirements. Cross-region fallback is handled automatically by the routing layer.

Region ID	Location	Endpoint Base	Status	Latency Target
`eu-west-1`	Dublin, Ireland	`api-eu.lizaro.com`	Active	< 45ms
`us-east-1`	Virginia, USA	`api-us.lizaro.com`	Active	< 35ms
`ap-southeast-1`	Singapore	`api-ap.lizaro.com`	Active	< 55ms
`ap-northeast-1`	Tokyo, Japan	`api-jp.lizaro.com`	Active	< 40ms
`sa-east-1`	São Paulo, Brazil	`api-sa.lizaro.com`	Maintenance Window	< 65ms

Global Fallback: The global endpoint api.lizaro.com routes to the lowest-latency available region using GeoDNS. Use this endpoint only when region-specific routing is not required.

Primary CDN

Cloudflare Enterprise

300+ PoPs globally

Availability Zones

3 per region

Multi-AZ redundancy

DNS TTL

60 seconds

Rapid failover support

Connectivity Protocols

All partner connections to the Lizaro infrastructure must use the following approved protocols. Connections using deprecated or non-approved protocols will be rejected at the network perimeter.

Protocol	Standard	Port	Required	Notes
HTTPS	TLS 1.3 / RFC 8446	443	Mandatory	All API and web traffic
HTTP/2	RFC 7540	443	Mandatory	Multiplexed request handling
HTTP/3 (QUIC)	RFC 9114	443 UDP	Recommended	Reduced latency on mobile networks
WebSocket	RFC 6455	443	Optional	Real-time event streaming only
OAuth 2.0	RFC 6749	443	Mandatory	All authenticated endpoints
PKCE	RFC 7636	—	Mandatory	Public client flows
mTLS	RFC 8705	443	Optional	High-assurance partner channels

Deprecated Protocols: TLS 1.0, TLS 1.1, SSLv3, and HTTP/1.0 are not accepted. Partners using legacy TLS configurations must upgrade prior to integration. HTTP (port 80) redirects to HTTPS automatically but must not be used as a primary transport.

API Endpoints

The Lizaro REST API follows OpenAPI 3.1 specification. All endpoints return JSON (UTF-8). The base URL for all requests is https://api.lizaro.com/v4 (or the region-specific equivalent).

Method	Path	Description	Auth
GET	`/partner/status`	Partner account status and entitlements	Bearer
GET	`/resources/list`	Enumerate available media resources	Bearer
GET	`/resources/{id}`	Retrieve specific resource metadata	Bearer
POST	`/resources/request`	Submit resource access request	Bearer
GET	`/integration/config`	Retrieve partner integration configuration	Bearer
PATCH	`/integration/config`	Update integration configuration parameters	Bearer
GET	`/system/health`	Infrastructure health check (no auth required)	None
GET	`/system/regions`	Active region list with latency metrics	None
POST	`/events/subscribe`	Subscribe to real-time event stream	Bearer
POST	`/auth/token`	Exchange authorization code for access token	Client creds
POST	`/auth/refresh`	Refresh expired access token	Refresh token
POST	`/auth/revoke`	Revoke active token	Bearer

Sample Request

GET /v4/resources/list HTTP/2
Host: api-eu.lizaro.com
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
Accept: application/json
X-Partner-ID: prt_a1b2c3d4e5f6
X-Request-ID: req_20260428_001

HTTP/2 200
Content-Type: application/json; charset=utf-8
X-RateLimit-Remaining: 498
X-RateLimit-Reset: 1745836800

{
  "status": "ok",
  "count": 42,
  "resources": [
    { "id": "res_logo_primary", "type": "logo", "format": "svg", "version": "4.2" },
    { "id": "res_font_inter",   "type": "font", "format": "woff2", "version": "3.19" }
  ]
}

Authentication

The Lizaro API uses OAuth 2.0 with PKCE for all partner authentication flows. Access tokens are short-lived (3600 seconds) and must be refreshed using the provided refresh token. Client credentials flow is available for server-to-server integrations.

Generate code_verifier (43–128 chars)
Compute code_challenge = BASE64URL(SHA256(verifier))
Redirect to /oauth/authorize with code_challenge
Exchange code at /auth/token with code_verifier
Store and rotate tokens securely

POST /v4/auth/token
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=YOUR_CLIENT_ID
&client_secret=YOUR_SECRET
&scope=resources:read
       integration:write

Token Type	Lifetime	Storage	Rotation Policy
Access Token	3600s (1 hour)	Memory only	Refresh before expiry
Refresh Token	30 days	Secure storage	Rotate on each use
Client Secret	365 days	Environment variable	Annual rotation required
mTLS Certificate	365 days	Certificate store	90-day rotation recommended

Rate Limits

Rate limits are enforced per partner identifier at the API gateway level. Limits are applied on a rolling 60-second window. Partners exceeding their allocated rate will receive a 429 Too Many Requests response with a Retry-After header.

Partner Tier	Requests / min	Burst Allowance	Concurrent Connections
Standard	500	+20%	50
Professional	2,000	+25%	200
Enterprise	10,000	+30%	1,000
Strategic	Custom SLA	Negotiated	Unlimited

Rate Limit Response Headers

X-RateLimit-Limit: 500
X-RateLimit-Remaining: 487
X-RateLimit-Reset: 1745836860
X-RateLimit-Window: 60
Retry-After: 23

Environment Parameters

The following environment variables and configuration parameters must be set within the partner's integration environment prior to initiating any API connections.

Parameter	Type	Required	Description
`LIZARO_API_BASE`	URL	Yes	Region-specific API base URL
`LIZARO_CLIENT_ID`	String	Yes	OAuth 2.0 client identifier
`LIZARO_CLIENT_SECRET`	Secret	Yes	OAuth 2.0 client secret (server flows)
`LIZARO_PARTNER_ID`	String	Yes	Unique partner identifier (prefix: `prt_`)
`LIZARO_REGION`	Enum	Yes	Target region: `eu-west-1`, `us-east-1`, etc.
`LIZARO_TIMEOUT_MS`	Integer	No	Request timeout in ms. Default: `10000`
`LIZARO_RETRY_MAX`	Integer	No	Max retry attempts on 5xx. Default: `3`
`LIZARO_LOG_LEVEL`	Enum	No	`error` \| `warn` \| `info` \| `debug`
`LIZARO_WEBHOOK_SECRET`	Secret	No	HMAC-SHA256 secret for webhook signature validation

TLS Configuration

All connections to Lizaro infrastructure must use TLS 1.3. The following cipher suites are supported. Partners should configure their HTTP clients to prefer the listed suites in the order shown.

Priority	Cipher Suite	Key Exchange	Auth	Encryption
1	`TLS_AES_256_GCM_SHA384`	X25519	RSA-4096	AES-256-GCM
2	`TLS_CHACHA20_POLY1305_SHA256`	X25519	ECDSA P-384	ChaCha20-Poly1305
3	`TLS_AES_128_GCM_SHA256`	X25519	RSA-4096	AES-128-GCM

Certificate Authority: Lizaro TLS certificates are issued by DigiCert Global Root G2. Partners implementing certificate pinning should pin to the intermediate CA, not the leaf certificate, to avoid disruption during routine certificate rotation.

IP Allowlist

Partners operating behind strict egress firewalls should allowlist the following IP ranges to ensure uninterrupted connectivity to Lizaro API infrastructure. Ranges are updated quarterly; subscribe to the System Log for change notifications.

Region	IPv4 CIDR	IPv6 Prefix
eu-west-1	185.64.104.0/22	2a06:98c0::/29
us-east-1	104.16.0.0/13	2606:4700::/32
ap-southeast-1	103.21.244.0/22	2803:f800::/32
ap-northeast-1	103.22.200.0/22	2405:b500::/32
sa-east-1	103.31.4.0/22	2405:8100::/32
Webhook Delivery	162.158.0.0/15	2a06:98c1::/32

SLA & Uptime Commitments

Lizaro infrastructure SLAs are defined per partner tier. The following table outlines the uptime commitments, response time targets, and incident notification windows applicable to each tier.

Tier	Uptime SLA	P50 Latency	P99 Latency	Incident Notification	Support Response
Standard	99.9%	< 80ms	< 400ms	30 min	24h
Professional	99.95%	< 60ms	< 250ms	15 min	4h
Enterprise	99.97%	< 45ms	< 150ms	5 min	1h
Strategic	99.99%	< 30ms	< 100ms	Immediate	15 min

SDK & Client Library Support

Official Lizaro SDK packages are available for the following runtime environments. All SDKs implement automatic token refresh, retry logic with exponential backoff, and structured error handling.

Language / Runtime	Package	Version	Status
Node.js / TypeScript	`@lizaro/sdk-node`	4.2.1	Stable
Python 3.9+	`lizaro-sdk`	4.2.0	Stable
PHP 8.1+	`lizaro/sdk-php`	4.1.3	Stable
Java 17+	`com.lizaro:sdk-java`	4.2.0	Stable
Go 1.21+	`github.com/lizaro/sdk-go`	4.2.0	Stable
.NET 8+	`Lizaro.SDK`	4.1.5	RC
Ruby 3.2+	`lizaro-sdk`	4.0.2	Maintained

SDK Documentation: Full SDK reference documentation, quickstart guides, and code samples are available to authorized partners. Contact tech@lizaro-support.online to request access to the SDK documentation portal.