Home

Endpoints exposed by the Access and Authorization Provider service. Hence forth named AAP. The endpoints control anything in relations to authorizing an Identity.

Table of Contents

• Usage
• Structure of Input and Output
• Concepts
  • Entity
  • Scope
  • Consent
  • Grant
  • Publishing
  • Subscription
  • Shadow
• Endpoints
  • POST /entities
  • GET /entities (TODO)
  • DELETE /entities (TODO)
  • GET /entities/judge
  • POST /consents
  • GET /consents
  • DELETE /consents
  • GET /consents/authorize
  • POST /consents/authorize
  • POST /consents/reject
  • POST /grants
  • GET /grants
  • DELETE /grants
  • POST /publishings
  • GET /publishings
  • DELETE /publishings (TODO)
  • POST /scopes
  • GET /scopes
  • POST /subscriptions
  • GET /subscriptions
  • DELETE /subscriptions (TODO)
  • POST /shadows
  • GET /shadows
  • DELETE /shadows
• Authorize an Entity

Usage

The functions in this REST API is using HTTP method POST to allow for a uniform interface on all endpoints and overcome the inconsistencies in HTTP GET vs POST. To use a GET, POST, PUT or DELETE you must set the X-HTTP-METHOD-OVERRIDE header.

All endpoints can only be reached trough HTTPS with TLS. All endpoints are protected by OAuth2 scopes that are required by the client to call the endpoints.

Structure of Input and Output

All endpoints are designed to be bulk first, meaning input and output are always Sets. Heavily inspired by functional programming. To simplify this structure the API uses Bulky golang package.

A consequence of the bulk first idea is that all HTTP responses has to be 200 even when a request fails. To see the actual status of the request parsing the OK response is needed. A status field is returned for each output entry aswell as an index, that matches the index of input (zero indexed).

AAP comes with github.com/opensentry/aap/client golang package which is an implementation of all endpoints with unmarshalling of output into go structs. This can be imported into go projects to avoid having to parse output manually.

Input

Post [endpoint] HTTP/1.1
Host [hostname of service]
Accept: application/json
Content-Type: application/json
Authorization: Bearer [access_token]
[
  { "message": "hello world" }
]

Output

Status: 200 OK
Content-Type: application/json
[
  {
    "index": 0,
    "status": 200,
    "errors": null,
    "ok": {"message": "hello world"}
  }
]

Concepts

Entity

TODO

Scope

TODO

Consent

TODO

Grant

TODO

Publishing

TODO

Subscription

TODO

Shadow

TODO

Endpoints

TODO

POST /entities

TODO

GET /entities

TODO

DELETE /entities

TODO

GET /entities/judge

TODO

POST /consents

TODO

GET /consents

TODO

DELETE /consents

TODO

GET /consents/authorize

TODO

POST /consents/authorize

TODO

POST /consents/reject

TODO

POST /grants

TODO

GET /grants

TODO

DELETE /grants

TODO

POST /publishings

TODO

GET /publishings

TODO

DELETE /publishings

TODO

POST /scopes

TODO

GET /scopes

TODO

POST /subscriptions

TODO

GET /subscriptions

TODO

DELETE /subscriptions

TODO

POST /shadows

TODO

GET /shadows

TODO

DELETE /shadows

TODO

Authorize an Entity

TODO