...
Whenever a new access token is needed (either because none is available or the old one has expired), a new one may be obtained by issuing a HTTP POST request to our token endpoint, supplying client_id and client_secret as HTTP Basic authentication, along with a grant_type of client_credentials:
Code Block | ||||
---|---|---|---|---|
| ||||
# https://CLIENT_ID:CLIENT_SECRET@hurricane.umbrellanet.ch/uf-test/oauth/token?grant_type=client_credentials curl -v -X POST \ -H "Content-type: application/x-www-form-urlencoded" \ -u client-id:client-secret \ -d "grant_type=client_credentials" \ https://hurricane.umbrellanet.ch/uf-test/oauth/token |
...
In addition(or instead) of our OAuth API scopes, we do also support scopes resulting in generation of an ID-Token, which will be returned in Step 4 as well as Step 5 of the Authorization flow.
If only an ID-Token is desired, the OAuth process may be called with response_type=token which will trigger the OAuth 2.0 Implicit flow and only generate a short-lived access token without providing a refresh token.
Scope | Description |
---|---|
openid | Required scope, triggers generation of an ID token containing the Faces-UUID of the profile in an “openid” attribute |
profile | Outputs the user profile in a “profile” attribute containing a displayname and (depending on availability) firstname / name / phone |
Outputs the users e-mail address as “email” attribute | |
agencyid | Outputs the UUID of the associated users travel agency (the main agency if access to multiple agencies is granted in case of an administrator) in the “agencyid” attribute of the token |
The ID-Token will be presented in form of a JSON Web Token and will be cryptographically signed using our Service Provider Certificate available at <faces_url>/saml/metadata,
i.e. https://hurricane.umbrellanet.ch/uf-test/saml/metadata
...
Scope | api.profilesondemand.read |
---|---|
Endpoint | api/v1/profiles/companies |
Request method | GET |
Allows searching through a paged list of company profiles. This API can be used to narrow-down the traveler profile search by company.
Parameters
Name | Description | Validation |
---|---|---|
q | Freetext query for finding matching profiles | Required parameter |
page | Current page within the result set, starts at 0 | Optional, number >= 0 |
pageSize | Maximum number of results per page. Default 10 | Optional, number > 0 and <= 100 |
includeDetails | Specify whether the search response should include detailed profile data | Boolean value: true or false Optional, default: false |
detailSections | Specify additional profile areas to be returned if includeDetails is set to true. Only explicitly specified sections will be included. | Only the following sections are currently supported:
|
Code Block | ||||
---|---|---|---|---|
| ||||
curl -v -H "Authorization: Bearer <token>" https://hurricane.umbrellanet.ch/uf-test/api/v1/profiles/companies?q=acme&page=0&pageSize=10 |
Example Response
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{ "moreResults": false, "results": [{ "uuid": "b9321d7e-9d72-4e80-ac49-d3aa38169175", "name": "ACME Inc." }] } |
Anchor GetCompanyProfile GetCompanyProfile
Get company profile
GetCompanyProfile | |
GetCompanyProfile |
TODO
Scope | api.profilesondemand.read |
---|---|
Endpoint | api/v1/profiles/company/<uuid> |
Request method | GET |
Retrieves the details of a single company profile.
Parameters
Name | Description | Validation |
---|---|---|
<uuid> | The UUID of the profile to retrieve | Required parameter |
sections | Areas of the profile to be returned. May be used to reduce the amount of data transferred, if only specific information is required All sections will be dumped if omitted. Please identify the relevant sections for your application during development and use a restricted information subset before moving to production. | Optional |
Code Block | ||||
---|---|---|---|---|
| ||||
curl -v -H "Authorization: Bearer <token>" \
https://hurricane.umbrellanet.ch/uf-test/api/v1/profiles/company/b9321d7e-9d72-4e80-ac49-d3aa38169175?sections=CONTACT_DATA,MEMBERSHIPS |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
{
"uuid": "dba95fe6-873c-4499-be0c-d3aa38169175",
"externalNr": "00001",
"name": "Demo GmbH",
"shortname": "DEMO-1",
"data": {
"contact": {
"street": "Binzstrasse 33",
"street2": null,
"zipCode": "8620",
"place": "Wetzikon",
"countryCode": "CH"
},
"memberships": {
"airline": [{
"uuid": "6bd21d65-0671-4196-8fd1-4de9f4ce9071",
"alliance": "LH",
"memberNumber": "DEMODEMO123",
"type": "SPECIAL_KEYWORD"
}],
"hotel": [],
"rentalCar": []
},
"genericValues": {}
}
} |
Company profile sections overview
The following sections are currently available in accordance with our Swagger schema definition:
Name | Contents |
---|---|
AGNCY_INFO | Agency information:
|
CONTACT_DATA | Company contact data:
|
MEMBERSHIPS | Corporate alliance Memberships
|
GENERIC_VALUES | Values (where filled) from the generic setup, output as key-value pairs where the key is the fieldname and the value is the value entered on the profile. |
Create new company profile
Scope | api.profilesondemand.write |
---|---|
Endpoint | api/v1/profiles/company |
Request method | POST |
Create a new company profile
Code Block | ||
---|---|---|
| ||
curl -v -X POST \
-H "Authorization: Bearer <token>" \
-H "Content-Type: application/json" \
--data '{
"externalNr": "1337",
"name": "Umbrella Organisation U+O AG",
"shortname": "UMBRELLA",
"data": {
"contact": {
"street": "Binzstrasse 33",
"zipCode": "8620",
"place": "Wetzikon",
"countryCode": "CH"
},
"genericValues": {
"costCenter": "1230A"
},
"agency": {
"uuid": "52b166c5-4990-49bb-b1f1-d3aa38169175"
}
}
}' https://hurricane.umbrellanet.ch/uf-test/api/v1/profiles/company |
Example response
The profile, including any sections populated by the request, will be reported back, including the newly generated UUID - see Get company profile
Implementation notes
The data structure is the same as is output in Get company profile with the following exceptions:
Company profile UUID cannot be provided in the JSON
For creating of a new profile, the following required properties must always be populated:
name
shortname
Faces will apply default validation logic as seen on our Web UI and CSV interfaces and will report validation errors to the caller without saving the profile.
Update existing company profile
Scope | api.profilesondemand.write |
---|---|
Endpoint | api/v1/profiles/company/<uuid> |
Request method | PATCH |
Parameters
Name | Description | Validation |
---|---|---|
<uuid> | The UUID of the profile to update | Required parameter |