User Multi Services¶
User Multi Services API enables assigning and managing consents of the user within multiple services.
Before manage user’s consents for the service will be possible, the consent that are available for the service have to be configured by the USP team. In order to do this contact USP team and provide it with the list of the consents to configure for the service.
Managing user consents in the service¶
API URL: user-multi-services.authorisation.onetapi.pl
The API uses JSON-RPC 2.0 protocol
Example call to the API:
curl http://user-multi-services.authorisation.onetapi.pl \
-X POST \
-H "Content-Type: application/json-rpc" \
-d '{
"id":"<unique ID>",
"jsonrpc":"2.0",
"method":"assign_user_to_service",
"params":{
"portal_id": 1,
"service_id":"1",
"user_id_in_service":"abc",
"token":"<token>",
"client_id":"konto.onet.pl.front.onetapi.pl"
}
}'
{"jsonrpc":"2.0","id":"1187135072","result":"OK"}
available methods:
assign_user_to_service
Enables assigning the user to the service
- params:
client_id : clients opal ID (interface name)
token : users session token
portal_id : portal ID
service_id : service ID
user_id_id_service : users ID assigned by the service
result: “OK” if successful
delete_user_from_service
removing the user from the service
- params:
client_id : clients opal ID (interface name)
token : users session token
portal_id : portal ID
service_id : service ID
result: “OK” if successful
get_user_services
Fetches list of services assign to the user
- params:
client_id : clients opal ID (interface name)
token : users session token
portal_id : portal ID
result: [{“service_id”:1}]
check_if_service_is_assign_to_user
Checking if the service is already assigned to the user
- params:
client_id : clients opal ID (interface name)
token : users session token
portal_id : portal ID
service_id : service ID
result: Boolean
check_user_agreements
Fetches list of agreement ids that are required by the service and are not set for the user
- params:
client_id : clients opal ID (interface name)
token : users session token
portal_id : portal ID
service_id : service ID
result: {“missing”:[1, 2, 3]}}
Deleting users¶
Onet Konto platform allows users to:
fully delete account
unassign from previously joined services.
If your service stores users on its side, we provide functionality that can notify your service that user deleted account or unassign from service in Onet Konto. If you want your api to be notified about this two events, create endpoint according to below hints:
Endpoint URL: https://example.com/whatever/{user_id_in_service}
It is important that last part of url accepts path parameter. user_id_in_service parameter is user identifier in your service which you provided when assigning user to service by using method: assign_user_to_service.
Endpoint method: DELETE
Authentication
When we will be calling your endpoint we will use Basic authentication. You need to create two things:
accessKey
secretKey
they will be send in Authorization Header.
Example code in python:
import base64
accessKey = '2745d640-34e9-4474-93d1-23b9c4f665d4'
secretKey = '043aa101-ed72-4d98-9b08-b01ee35bbdcf'
token = base64.b64encode((accessKey + ':' + secretKey).encode()).decode()
headers['Authorization'] = 'Basic ' + token
On your side you should decode string stored in Authorization header after word “Basic” and check if credentials match.
Api Response
Your api should return 200 OK - response needs to be idempotent that means when more than one requests with same user_id_in_service occur, your api should still return 200 OK for all of them.
Example call from our Application:
curl --location --request DELETE 'https://example.com/users/cc62dc72-33eb-462a-bb68-3f7d435bf7ef' \
--header 'Authorization: Basic OWMzMjkxMjYtYWVmNC00M2Q5LWIxNTEtMDM2Y2I4NDI4YjExOjZlODFhYzk3LTA5MzgtNGI1Mi1hNWJkLThiNzg1YTJkN2M4YQ=='