ЕСОЗ - публічна документація

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Purpose

This WS is designed to show all active approvals made by the user to different clients

Key points

  1. Only active approvals is returned

  2. Approvals filtered by the user based on token details

  3. It is allowed to search approvals (e.g.: by client name)

Specification

Apiary

Authorization

  • Verify the validity of access token

    • in case of error - return 401 (“Invalid access token”)

  • Verify that token is not expired

    • in case of error - return 401 (“Invalid access token”)

  • Check user scopes in order to perform this action (scope = app:read_pis)

    • return 403 (“Your scope does not allow to access this resource. Missing allowances: app:read_pis”) in case of invalid scope(s)

Validate request

Validate x-consumer-id (user)

  • Ensure that header x-consumer-id passed to request

    • in case of error - 401 ('Unauthorized')

Service logic

Get approvals from Mithril

Service must return only user-related approvals

Call Mithril to get all user-related approvals

  1. Get user_id from token (x-consumer-id header)

  2. Add user_id to query params

    1. in case there some other user_id in query params - all of them must be overwritten by user_id from token

Mithril.Api

Mithril.Rpc: :search_apps

  • No labels