1. Introduction

This document contains generated documentation for AMPnet user service. User service contains all endpoints need to manage user for AMPnet crowdfunding project. Source code is available on Github

2. Registration API

Filed re_captcha_token is optional if the ReCaptcha verification is disabled.

2.1. Social method

2.1.1. Sign up with Facebook

Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 137
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "signup_method" : "FACEBOOK",
  "user_info" : {
    "token" : "token"
  },
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 246

{
  "uuid" : "94efbaad-bbc9-4ed3-b428-2dee713e69c2",
  "email" : "[email protected]",
  "first_name" : "First",
  "last_name" : "Last",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

2.1.2. Sign up with Google

Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 135
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "signup_method" : "GOOGLE",
  "user_info" : {
    "token" : "token"
  },
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 246

{
  "uuid" : "0f544715-93ee-4a29-9ae2-ce90b91ec972",
  "email" : "[email protected]",
  "first_name" : "First",
  "last_name" : "Last",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

2.2. Email method

2.2.1. Sign up

Successful
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 226
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "[email protected]",
    "password" : "abcdefgh"
  },
  "coop" : "ampnet-test",
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 242

{
  "uuid" : "fe6d6e27-d802-45b9-8058-6668a3e1891a",
  "email" : "[email protected]",
  "first_name" : "first",
  "last_name" : "last",
  "role" : "USER",
  "enabled" : false,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}
Invalid
Incomplete information
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 89
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "email" : "[email protected]"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 163

{
  "description" : "Invalid signup data",
  "err_code" : "0101",
  "message" : "Some fields missing or could not be parsed from JSON request.",
  "errors" : { }
}
Invalid email
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 230
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "invalid-mail.com",
    "password" : "passssword"
  },
  "coop" : "ampnet-test",
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 186

{
  "description" : "Invalid controller request exception",
  "err_code" : "0808",
  "message" : "email Invalid email format. ",
  "errors" : {
    "email" : "Invalid email format"
  }
}
Short password
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 225
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "[email protected]",
    "password" : "short"
  },
  "coop" : "ampnet-test",
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 184

{
  "description" : "Invalid controller request exception",
  "err_code" : "0808",
  "message" : "password Invalid Password. ",
  "errors" : {
    "password" : "Invalid Password"
  }
}
User exists
Request
POST /signup HTTP/1.1
Content-Type: application/json
Content-Length: 226
Host: localhost:8080

{
  "signup_method" : "EMAIL",
  "user_info" : {
    "first_name" : "first",
    "last_name" : "last",
    "email" : "[email protected]",
    "password" : "abcdefgh"
  },
  "coop" : "ampnet-test",
  "re_captcha_token" : "token"
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 190

{
  "description" : "Email already used",
  "err_code" : "0103",
  "message" : "Trying to create user with email that already exists: [email protected] in coop: ampnet-test",
  "errors" : { }
}

2.2.2. Email confirmation

Successful Email confirmation
Request
GET /mail-confirmation?token=714172bd-c428-4400-a844-1bdd2446aea9 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Resend Email confirmation
Request
GET /mail-confirmation?token=16d2e058-2f94-49ef-8599-6c9b7787e8a6 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Failed Email confirmation
Invalid token format
Request
GET /mail-confirmation?token=bezvezni-token-tak HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 181

{
  "description" : "Failed Email confirmation, invalid token format",
  "err_code" : "0104",
  "message" : "Token: bezvezni-token-tak is not in a valid format.",
  "errors" : { }
}
Non existing token
Request
GET /mail-confirmation?token=587a57ab-271f-4288-9160-422c50e4c6ad HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 404 Not Found
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Token expired
Request
GET /mail-confirmation?token=5568aa4a-8a35-4327-9dd4-37553f9bdf33 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 210

{
  "description" : "Failed Email confirmation, token expired",
  "err_code" : "0105",
  "message" : "User is trying to confirm mail with expired token: 5568aa4a-8a35-4327-9dd4-37553f9bdf33",
  "errors" : { }
}

3. Authentication API

3.1. Log in

3.1.1. Email

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 145
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "[email protected]",
    "password" : "Password175!"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1069

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCIyNWVkZDRlMy1hNzcxLTRjNjAtOWYzZi0yYmE0ZGUxNDVkOGVcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQV09fUFJPRklMRVwiLFwiUFJPX09SR19JTlZJVEVcIixcIlBXT19PUkdfSU5WSVRFXCIsXCJST0xFX1VTRVJcIl0sXCJlbmFibGVkXCI6dHJ1ZSxcInZlcmlmaWVkXCI6ZmFsc2UsXCJjb29wXCI6XCJhbXBuZXQtdGVzdFwifSIsImlhdCI6MTYxNzMwNTU0NCwiZXhwIjoxNjE3MzkxOTQ0fQ.X1mmCKLtbp7QJlQw83IWzoqt8272_yyNqb-pty1K7ml0J6LaDbYw9xUI88X3wx6CdRnbp-1vjBJl2Z8vcYS2o79Dsq-G0PeF8v4dOhl5oR0zoQsZFy5ic3yl72k3t5AidnAMEXHBklZ7PvGTtWS8EH-896gJ7fpyY1ZsyyVYsr93xHz7rPZp8tfhmp-WE8TxiiyU5ws3IH43YEj69IspsPsyvQKBRZmB338UBnYh_LAAi72jyTJHjUwK7cd1O6vVU9Oda7S3E5krWiEaEZikNVVhVrlAU6HIVV2GcMNz9LoykajOLpP--TRdILDNwlKJeLRP4oB6IXIDwgcMyePwQw",
  "expires_in" : 86400000,
  "refresh_token" : "ZM2ReTl-WzyQIT6zTE0+Ian0FLJQrid5reT-WuQpBmYO1PAf8eMu0xWAT14jzRqEO-QQgzKnV67BQy-cl63rDX3IhJZFIhYdJCJUoBDKag1DKO0P3wfuCn5tkaznK9Md",
  "refresh_token_expires_in" : 7776000000
}

3.1.2. Google

Token in this case is obtained from Google on frontend, and then passed as request parameter.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 104
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "GOOGLE",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1069

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCJmYjcxYTM4YS0yMTg2LTQ3MGItOTgzOC01MWExYzM1NjJmMDhcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQV09fUFJPRklMRVwiLFwiUFJPX09SR19JTlZJVEVcIixcIlBXT19PUkdfSU5WSVRFXCIsXCJST0xFX1VTRVJcIl0sXCJlbmFibGVkXCI6dHJ1ZSxcInZlcmlmaWVkXCI6ZmFsc2UsXCJjb29wXCI6XCJhbXBuZXQtdGVzdFwifSIsImlhdCI6MTYxNzMwNTU0NiwiZXhwIjoxNjE3MzkxOTQ2fQ.YLufeqRvQTNbvwZaDimQb8BvJ02RdRJ8a8bR-qy9BJkj3pSyxM4sRx1iTESzXKuBiHKA2uVqqxP3LgVjZPF0CRZrUnyNdcNr8ZBbjKf8zOSqeZ4VzES-jloxsyC2syq_vRdJ8qJA8XrqFp9vuQxPga4HkDMmQzvWrDUNqQzu3YpU4sLmSLrMFsRYeUPyqs_2Glmfht_LzcaKOoul5ot0rA3M3bR-t_6Xq-xr4xCNDfsTLF9OLVA9FNYorV1w3EfVVBe0Ap1TZV52B1QPA0QqxZoMjAY2of_zdAZjb35FefuOESukbDX2PohX9lhtRLi0XZ45EyLEIFSr8QdhOEtI-A",
  "expires_in" : 86400000,
  "refresh_token" : "BgHOJuMNZ7SzGh3eIBX0sER2QMSIJq5wj7oM2VXOLvNglDX4y9G41Q-FvEboA_aGlxGEbwry-_Tj9nMSMiPExBmClVM1+0oae0U+lttBMvNPdBOp0sRk1va+Q5v+za8f",
  "refresh_token_expires_in" : 7776000000
}

3.1.3. Facebook

Token in this case is obtained from Facebook on frontend, and then passed as request parameter.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 106
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "FACEBOOK",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 1069

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCIwMzYyMDRiNC0yY2NhLTQ3OWItYWUxOC1iMDUyM2M0Mzg3Y2ZcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQV09fUFJPRklMRVwiLFwiUFJPX09SR19JTlZJVEVcIixcIlBXT19PUkdfSU5WSVRFXCIsXCJST0xFX1VTRVJcIl0sXCJlbmFibGVkXCI6dHJ1ZSxcInZlcmlmaWVkXCI6ZmFsc2UsXCJjb29wXCI6XCJhbXBuZXQtdGVzdFwifSIsImlhdCI6MTYxNzMwNTU0NSwiZXhwIjoxNjE3MzkxOTQ1fQ.lS97gDBB6AiQaebKNYdqXBWGyKv3YF4kEStZZ-1Hgj44hrhHR42DP45sxiNS98-sLlbPEF6Owikl2B_cf2dtuEzKK8946OhM0N8NF2frvj-VWO1mnZ0Lj-3UQ7SUjczcHo3v8nRsRFkcQL460vDKByETpyMJ3eaOr_FYRN78CXyvMwR8CJfW-Dzb6YElATONnPfnJziTV____jfZU9NY_TSv8F0t-YQo0SBe6L-TQ03Yrtzv2-MKCdxkjXg8B1Iao634WHzBTl1EhqIDF1sRA0bk-Qnqi0a_I6i8sHyJjZl9NRAtuyNyIC0LoxWRCNaBFyDuyMT-hAmgAbne0zjM5Q",
  "expires_in" : 86400000,
  "refresh_token" : "ydQjg78gahsQaQbk+7y1gQ-72ICBbUVAZGB7_P-A16TdSp1nI6hgUX-OTAZR-GgnfkivlGL2wrKlsftZTGZTyCas0Yae-q16NKLbVy39HpKUYaRCwGBM5MVZskg+TUu5",
  "refresh_token_expires_in" : 7776000000
}

3.1.4. Invalid login

Invalid credentials
Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 147
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "[email protected]",
    "password" : "wrong-password"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 139

{
  "description" : "Invalid username or password",
  "err_code" : "0207",
  "message" : "Invalid username or password",
  "errors" : { }
}
Invalid login method

For example, user was registered using regular method (filling out email, password…​) but he is trying to login using Google oauth.

Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 104
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "GOOGLE",
  "credentials" : {
    "token" : "token"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 164

{
  "description" : "Invalid login method",
  "err_code" : "0201",
  "message" : "User registered using: EMAIL but trying to login with: GOOGLE",
  "errors" : { }
}
Non-existing user login
Request
POST /token HTTP/1.1
Content-Type: application/json
Content-Length: 145
Host: localhost:8080

{
  "coop" : "ampnet-test",
  "login_method" : "EMAIL",
  "credentials" : {
    "email" : "[email protected]",
    "password" : "Password175!"
  }
}
Response
HTTP/1.1 400 Bad Request
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 179

{
  "description" : "Invalid username or password",
  "err_code" : "0207",
  "message" : "User with email: [email protected] does not exists in coop: ampnet-test",
  "errors" : { }
}

3.2. Refresh token

Request
POST /token/refresh HTTP/1.1
Content-Type: application/json
Content-Length: 59
Host: localhost:8080

{
  "refresh_token" : "9asdf90asf90asf9asfis90fkas90fkas"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 971

{
  "access_token" : "eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJqb2huQHNtaXRoLmNvbSIsInVzZXIiOiJ7XCJ1dWlkXCI6XCJhNjkxODlkMS0wNGFkLTQ0NDUtOTEzZC1kM2Q0YjQ1MDIzOGJcIixcImVtYWlsXCI6XCJqb2huQHNtaXRoLmNvbVwiLFwibmFtZVwiOlwiZmlyc3RuYW1lIGxhc3RuYW1lXCIsXCJhdXRob3JpdGllc1wiOltcIlBST19QUk9GSUxFXCIsXCJQV09fUFJPRklMRVwiLFwiUFJPX09SR19JTlZJVEVcIixcIlBXT19PUkdfSU5WSVRFXCIsXCJST0xFX1VTRVJcIl0sXCJlbmFibGVkXCI6dHJ1ZSxcInZlcmlmaWVkXCI6ZmFsc2UsXCJjb29wXCI6XCJhbXBuZXQtdGVzdFwifSIsImlhdCI6MTYxNzMwNTU0NSwiZXhwIjoxNjE3MzkxOTQ1fQ.l2TQY3LLQOagkWqXyjkQUbT4VtVJy1ZKfj7_kV8QOkapxjQAthLL8ipKKvYS5PUCrLmRCCaC3JRhW3z7yt1ADEqTEmirzt8zGgBkpMXBBAOKoTC-4hhg3_ii5I7A3RPEXiH1OtSLTCYQrGn_ov4tj6-4u3AhUNq60096oYOm-4-bPSrCKXtxwLDLzr9YKtawh1GXJ6Y0XzGILbNP-gfb5eZu3e1ej5Yvl9DKZC1NfO7fyWYMdH8fggMli9Sh9BWh3E0TiJm4K27KG8PKeHU4zZJ0yuGRHSALSduaFOA0ypVmLq3_sw7vgKJixUoeYaXSAUaPzppPc_67388yVZ6U8A",
  "expires_in" : 86400000,
  "refresh_token" : "9asdf90asf90asf9asfis90fkas90fkas",
  "refresh_token_expires_in" : 7772400
}

3.3. Forgot password

3.3.1. Generate token - send mail

Request
POST /forgot-password/token HTTP/1.1
Content-Type: application/json
Content-Length: 58
Host: localhost:8080

{
  "email" : "[email protected]",
  "coop" : "ampnet-test"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

3.3.2. Change password using token

Request
POST /forgot-password HTTP/1.1
Content-Type: application/json
Content-Length: 89
Host: localhost:8080

{
  "new_password" : "new-password",
  "token" : "5b94f27c-8dc8-495b-b7c8-2ef33db55ed6"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 249

{
  "uuid" : "307ba4d8-7ba2-450e-81c7-53d05b7a34a4",
  "email" : "[email protected]",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

3.4. Logout

Request
POST /logout HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

4. User API

All requests need header: Authorization: Bearer JWT.

4.1. Get own profile

Request
GET /me HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 248

{
  "uuid" : "b2d05e1c-9348-40cc-a41e-4f6c06a80035",
  "email" : "[email protected]",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

4.2. Change password

Request
POST /me/password HTTP/1.1
Content-Type: application/json
Content-Length: 70
Host: localhost:8080

{
  "old_password" : "oldPassword",
  "new_password" : "newPassword"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 249

{
  "uuid" : "8a733721-9bb3-48b1-90b9-6463ac1493eb",
  "email" : "[email protected]",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

4.3. Update profile

Request
PUT /me/update HTTP/1.1
Content-Type: application/json
Content-Length: 23
Host: localhost:8080

{
  "language" : "en"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 249

{
  "uuid" : "8a733721-9bb3-48b1-90b9-6463ac1493eb",
  "email" : "[email protected]",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : "en"
}

4.4. Bank account

Collection of endpoints for user bank account.

4.4.1. Get accounts

Request
GET /bank-account HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 565

{
  "bank_accounts" : [ {
    "id" : 3,
    "iban" : "HR1723600001101234565",
    "bank_code" : "DABAIE2D",
    "created_at" : "2021-04-01T19:32:18.511Z",
    "alias" : "alias",
    "bank_name" : "bank name",
    "bank_address" : "bank address",
    "beneficiary_name" : "beneficiary"
  }, {
    "id" : 4,
    "iban" : "AZ96AZEJ00000000001234567890",
    "bank_code" : "NTSBDEB1",
    "created_at" : "2021-04-01T19:32:18.517Z",
    "alias" : "alias",
    "bank_name" : "bank name",
    "bank_address" : "bank address",
    "beneficiary_name" : "beneficiary"
  } ]
}

4.4.2. Create account

Tip
alias, bank_name, bank_address and beneficiary_name data is optional.
Request
POST /bank-account HTTP/1.1
Content-Type: application/json
Content-Length: 187
Host: localhost:8080

{
  "iban" : "HR1723600001101234565",
  "bank_code" : "DABAIE2D",
  "alias" : "alias",
  "bank_name" : "XYZ bank",
  "bank_address" : "XYZ address",
  "beneficiary_name" : "Ampnet coop"
}
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 244

{
  "id" : 2,
  "iban" : "HR1723600001101234565",
  "bank_code" : "DABAIE2D",
  "created_at" : "2021-04-01T19:32:18.074Z",
  "alias" : "alias",
  "bank_name" : "XYZ bank",
  "bank_address" : "XYZ address",
  "beneficiary_name" : "Ampnet coop"
}

4.4.3. Delete account

Request
DELETE /bank-account/1 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

5. Admin API

All requests need header: Authorization: Bearer JWT.

5.1. Get users

Must have Admin role - privilege: PrivilegeType.PRA_PROFILE. List of users is pageable. Define size of the list using param: size and page number with param: page. List can be sorted using param: sort (e.g. sort=email,asc).

5.1.1. All users

Successfully get a list of all users
Request
GET /admin/user HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 324

{
  "users" : [ {
    "uuid" : "3cd6be31-84c5-4883-9bca-95ba8c033966",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false,
    "coop" : "ampnet-test",
    "language" : null
  } ],
  "page" : 0,
  "total_pages" : 1
}
Successfully get paging list of users
Request
GET /admin/user?size=3&page=1&sort=email%2Casc HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 596

{
  "users" : [ {
    "uuid" : "23949d72-561b-475a-842f-ce38107269c8",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false,
    "coop" : "ampnet-test",
    "language" : null
  }, {
    "uuid" : "b8126451-134d-4de4-876c-564ac80d4ed8",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false,
    "coop" : "ampnet-test",
    "language" : null
  } ],
  "page" : 1,
  "total_pages" : 2
}
Failed to get a list of users

Missing privilege: PRA_PROFILE.

Request
GET /admin/user HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 403 Forbidden
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY

5.1.2. Admin users

Request
GET /admin/user/admin?size=10&page=0 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 324

{
  "users" : [ {
    "uuid" : "932e5a19-468f-461e-bcb7-4a2749964120",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "ADMIN",
    "enabled" : true,
    "verified" : true,
    "coop" : "ampnet-test",
    "language" : null
  } ],
  "page" : 0,
  "total_pages" : 1
}

5.2. Find user

5.2.1. By UUID

Request
GET /admin/user/24dc13ef-33ee-47ba-b7f1-28a33818439c HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 249

{
  "uuid" : "24dc13ef-33ee-47ba-b7f1-28a33818439c",
  "email" : "[email protected]",
  "first_name" : "firstname",
  "last_name" : "lastname",
  "role" : "USER",
  "enabled" : true,
  "verified" : false,
  "coop" : "ampnet-test",
  "language" : null
}

5.2.2. By Email

Request
GET /admin/user/find?email=john&size=20&page=0 HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 600

{
  "users" : [ {
    "uuid" : "f966a848-2b93-4bf6-97cc-531cdb6301fe",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false,
    "coop" : "ampnet-test",
    "language" : null
  }, {
    "uuid" : "9291dada-b9ad-4fed-9b43-d92850ae512e",
    "email" : "[email protected]",
    "first_name" : "firstname",
    "last_name" : "lastname",
    "role" : "USER",
    "enabled" : true,
    "verified" : false,
    "coop" : "ampnet-test",
    "language" : null
  } ],
  "page" : 0,
  "total_pages" : 1
}

5.3. Count users

  • registered all registered users on the platform

  • activated completed KYC and registered on the platform

  • deleted have deactivated their account on the platform

Request
GET /admin/user/count HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 58

{
  "registered" : 4,
  "activated" : 2,
  "deleted" : 1
}

6. Public API

6.1. Count users

Number of all registered users on platform

Request
GET /public/user/count HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 22

{
  "registered" : 2
}

6.2. Application config

Fields: hostname and config are nullable. config value is an arbitrary JSON.

6.2.1. By hostname

Request
GET /public/app/config/hostname/host.com HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Disposition: inline;filename=f.txt
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 331

{
  "identifier" : "ampnet-test",
  "name" : "ampnet-test",
  "created_at" : "2021-04-01T19:32:20.244Z",
  "hostname" : "host.com",
  "config" : {
    "public" : true,
    "show_version" : false
  },
  "logo" : "link",
  "banner" : null,
  "need_user_verification" : true,
  "kyc_provider" : "VERIFF",
  "disable_sign_up" : false
}

6.2.2. By identifier

If the application config is missing for the specified identifier, application will return config for the default cooperative.

Request
GET /public/app/config/identifier/ampnet-test HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 331

{
  "identifier" : "ampnet-test",
  "name" : "ampnet-test",
  "created_at" : "2021-04-01T19:32:20.526Z",
  "hostname" : "host.com",
  "config" : {
    "public" : true,
    "show_version" : false
  },
  "logo" : "link",
  "banner" : null,
  "need_user_verification" : true,
  "kyc_provider" : "VERIFF",
  "disable_sign_up" : false
}

7. Coop API

Fields: hostname and config are nullable. config value is an arbitrary JSON. Filed re_captcha_token is nullable if the ReCaptcha verification is disabled.

7.1. Create coop

Request
POST /coop HTTP/1.1
Content-Type: multipart/form-data; boundary=6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Host: localhost:8080

--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=request; filename=request.json
Content-Type: application/json

{"identifier":"new-coop-a","name":"New Coop a","hostname":"ampnet.io","config":{"title":"AMPnet","logo_url":"http://assets/logo-amp.png","icon_url":"http://assets/favicon.ico","arkane":{"id":"AMPnet","env":"staging"},"identyum":{"startLanguage":"en"},"googleClientId":"google-id","facebookAppId":"facebook-id"},"re_captcha_token":"token"}
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=logo; filename=logo.png
Content-Type: image/png

LogoData
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=banner; filename=banner.png
Content-Type: image/png

BannerData
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm--
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 611

{
  "identifier" : "new-coop-a",
  "name" : "New Coop a",
  "created_at" : "2021-04-01T19:32:31.472Z",
  "hostname" : "ampnet.io",
  "config" : {
    "title" : "AMPnet",
    "logo_url" : "http://assets/logo-amp.png",
    "icon_url" : "http://assets/favicon.ico",
    "arkane" : {
      "id" : "AMPnet",
      "env" : "staging"
    },
    "identyum" : {
      "startLanguage" : "en"
    },
    "googleClientId" : "google-id",
    "facebookAppId" : "facebook-id"
  },
  "logo" : "logo-link",
  "banner" : "banner-link",
  "need_user_verification" : true,
  "kyc_provider" : "VERIFF",
  "disable_sign_up" : false
}

7.2. Get my coop

Request
GET /coop HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 598

{
  "identifier" : "ampnet-test",
  "name" : "ampnet-test",
  "created_at" : "2021-04-01T19:32:31.316Z",
  "hostname" : "host.com",
  "config" : {
    "title" : "AMPnet",
    "logo_url" : "http://assets/logo-amp.png",
    "icon_url" : "http://assets/favicon.ico",
    "arkane" : {
      "id" : "AMPnet",
      "env" : "staging"
    },
    "identyum" : {
      "startLanguage" : "en"
    },
    "googleClientId" : "google-id",
    "facebookAppId" : "facebook-id"
  },
  "logo" : "link",
  "banner" : null,
  "need_user_verification" : true,
  "kyc_provider" : "VERIFF",
  "disable_sign_up" : false
}

7.3. Update my coop

Using need_user_verification coop admin can disable user KYC procedure.

Request
PUT /coop HTTP/1.1
Content-Type: multipart/form-data; boundary=6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Host: localhost:8080

--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=request; filename=request.json
Content-Type: application/json

{"name":"New name","hostname":"new.my.host","need_user_verification":false,"config":{"colors":{"main":"brown"},"arkane":"STAGING","test":false,"retry":1},"kyc_provider":"VERIFF","disable_sign_up":true}
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=logo; filename=logo.png
Content-Type: image/png

LogoData
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm
Content-Disposition: form-data; name=banner; filename=banner.png
Content-Type: image/png

BannerData
--6o2knFse3p53ty9dmcQvWAIx1zInP11uCfbm--
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 406

{
  "identifier" : "ampnet-test",
  "name" : "New name",
  "created_at" : "2021-04-01T19:32:31.603Z",
  "hostname" : "new.my.host",
  "config" : {
    "colors" : {
      "main" : "brown"
    },
    "arkane" : "STAGING",
    "test" : false,
    "retry" : 1
  },
  "logo" : "logo-link",
  "banner" : "banner-link",
  "need_user_verification" : false,
  "kyc_provider" : "VERIFF",
  "disable_sign_up" : true
}

8. KYC API

For KYC procedure the system supports two providers: Veriff and Identyum.

8.1. Veriff

Get Veriff session. For code explanation in decision response, see: https://developers.veriff.com/#response-and-error-codes

Request
GET /veriff/session HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 423

{
  "verification_url" : "https://alchemy.veriff.com/v/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.new-url",
  "state" : "created",
  "decision" : {
    "session_id" : "44927492-8799-406e-8076-933bc9164ebc",
    "status" : "declined",
    "code" : 9102,
    "reason" : "Physical document not used",
    "reason_code" : 101,
    "decision_time" : "2020-12-04T10:45:37.907Z",
    "acceptance_time" : "2020-12-04T10:45:31.000Z"
  }
}

8.2. Identyum

Get Identyum session for web component.

Request
GET /identyum/token HTTP/1.1
Host: localhost:8080
Response
HTTP/1.1 200 OK
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Type: application/json
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Content-Length: 2197

{
  "web_component_url" : "https://web-components.stage.identyum.com/flow-manager/component",
  "credentials" : {
    "access_token" : "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIwSTczcVJlS3dCWG82VDRVSHg5M0s1VzJ5cXJNODRBemxKQnNxZEVlTXhRIn0.eyJleHAiOjE1ODc2NDgyNjksImlhdCI6MTU4NzY0NjQ2OSwianRpIjoiM2U3MGU1ZGEtNDY3ZC00ZTk4LWE3NGYtMzZjNjM4ZGQ2NDVhIiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvY2xpZW50cyIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiIyMDFkYzIzNy01OGNiLTRkZjUtYjUyYi04ZjJkMjc4OTFmZmQiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJpZGVudHl1bS1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiYjRiZDY0NjctY2I2ZS00YjNjLTkwYzctYzAzMWQyNzI5YTU0IiwiYWNyIjoiMSIsInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJsb2dpbl9zbXMiLCJjbGllbnQiXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6ImVtYWlsIHByb2ZpbGUiLCJkZWJ1ZyI6InRydWUiLCJlbWFpbF92ZXJpZmllZCI6dHJ1ZSwibmFtZSI6IkFNUG5ldCBJTyIsInByZWZlcnJlZF91c2VybmFtZSI6ImFtcG5ldF9zdGFnZSIsImdpdmVuX25hbWUiOiJBTVBuZXQiLCJsb2NhbGUiOiJlbiIsImZhbWlseV9uYW1lIjoiSU8iLCJlbWFpbCI6Im1pc2xhdkBhbXBuZXQuaW8ifQ.C5eSkL59NhYGDicE3Yar_If72vx_Ii2sz7FpXK9SQmYLjNHLxIGc_F9C3VkCuZHM0-NmtGziK5f6NfBBknbE0fVV-KkjMp4QlqXUvk75QYLX_14hqowZPSE973MYd1rv3Vet0XiZ-mI8emKRESldUaxLfOLJbTWY-y3kcRRQrGySDxF4jnRiVoi8r4FMQmFNgZsytw3SXtz7inlo8G99rOgM8QSvxHU3A1RGnE3eztjl1koiG8P58jABABNQ-fv31A0W_zgwSLVnLEp5LHNX2Cx2v-ypjfQz58uFd4Fi5J9JlYBvjssMJD-n7GH87mqi1HhvTmJPBYuTLW4Wi7619w",
    "expires_in" : 1800,
    "refresh_expires_in" : 1800,
    "refresh_token" : "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzMmI0OWU2ZC0yNGZhLTRjYmQtOTc3OC00NmJmYzZiMWQxM2MifQ.eyJleHAiOjE1ODc2NDgyNjksImlhdCI6MTU4NzY0NjQ2OSwianRpIjoiZmI4ZDZkOTUtMWU0ZS00MGJkLThjODgtZTFjZGQ1MTQ3MmM2IiwiaXNzIjoiaHR0cDovL2tleWNsb2FrOjgwODAvYXV0aC9yZWFsbXMvY2xpZW50cyIsImF1ZCI6Imh0dHA6Ly9rZXljbG9hazo4MDgwL2F1dGgvcmVhbG1zL2NsaWVudHMiLCJzdWIiOiIyMDFkYzIzNy01OGNiLTRkZjUtYjUyYi04ZjJkMjc4OTFmZmQiLCJ0eXAiOiJSZWZyZXNoIiwiYXpwIjoiaWRlbnR5dW0tY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImI0YmQ2NDY3LWNiNmUtNGIzYy05MGM3LWMwMzFkMjcyOWE1NCIsInNjb3BlIjoiZW1haWwgcHJvZmlsZSJ9.mOFw52MrGgZChNQ160s2PZpJSbxu-oqEde9ZfqcroWA",
    "session_state" : "b4bd6467-cb6e-4b3c-90c7-c031d2729a54"
  }
}