Purpose
This WS is designed to show all active approvals made by the user to different clients
Key points
Only active approvals is returned
Approvals filtered by the user based on token details
It is allowed to search approvals (e.g.: by client name)
Specification
Authorization
Verify the validity of access token
in case of error - return 401 (“Invalid access token”)
Verify that token is not expired
in case of error - return 401 (“Invalid access token”)
Check user scopes in order to perform this action (scope =
app:read_pis
)return 403 (“Your scope does not allow to access this resource. Missing allowances: app:read_pis”) in case of invalid scope(s)
Validate request
Validate x-consumer-id (user)
Ensure that header
x-consumer-id
passed to requestin case of error - 401 ('Unauthorized')
Service logic
Get approvals from Mithril
Service must return only user-related approvals
Call Mithril to get all user-related approvals
Get
user_id
from token (x-consumer-id
header)Add
user_id
to query paramsin case there some other
user_id
in query params - all of them must be overwritten byuser_id
from token
Mithril.Api
Mithril.Rpc: :search_apps