Overview
In the Builder, you register clients for APIs. API Management is the management service used in these areas in YaaS:
- create, update, and delete clients and services
- create, update, and delete credentials of clients
- update and delete credentials of services (Basic Authentication)
- retrieve service scopes defined for a given project.
First, register a Project and add a Client. Develop your own Service and link it with your client. Then, add a Builder Module and wrap it with your service into a package. Now you are ready to publish and sell in the YaaS Market!
API Reference
/projects/{projectID}/services-scopes
This endpoint allows to get a complete set of service scopes defined for given project.
/projects/{projectID}/services-scopes
get
This endpoint allows you to get a complete set of service scopes defined for a given project.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
get /projects/{projectID}/services-scopes
This endpoint allows you to get a complete set of service scopes defined for a given project.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
URI Parameters
- projectID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
Collection of all scopes of projects API services.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"title": "Array of services scopes",
"unique": true,
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Service scope",
"properties": {
"name": {
"description": "Name of the scope",
"type": "string"
},
"description": {
"description": "Description of the scope",
"type": "string"
}
}
}
}
Example:
[
{
"name": "scope_1",
"description": "scope_1 description"
},
{
"name": "scope_2",
"description": "scope_2 description"
}
]
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
/projects/{projectID}/applications
DEPRECATED
/projects/{projectID}/applications
get
DEPRECATED
Returns all API applications.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_mange scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
post
DEPRECATED
Creates a new API application.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
get /projects/{projectID}/applications
DEPRECATED
Returns all API applications.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_mange scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
URI Parameters
- projectID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Query Parameters
- sort: (string)
The list of comma-separated properties used to sort the results. By default, the column values are sorted in ascending order. Can either be in the form of fieldName or fieldName:asc,fieldName:desc. If you want to sort by localized attributes, you must use the following form: fieldName.language or fieldName.language:asc,fieldName.language:desc.
Example:
size,species:asc,weight:desc
- totalCount: (boolean)
This parameter requests to return the total number of object in the collection fulfilling the criteria together with the response. This number will be returned in the 'hybris-count' header.
Example:
true - pageNumber: (integer - default: 1 - minimum: 1)
The page number to be retrieved where the size of the pages must be specified by the pageSize parameter. The number of the first page is 1.
Example:
1 - pageSize: (integer - default: 16 - minimum: 1)
The number of documents being retrieved on the page.
Example:
16 - appType: (string)
Restricts types of applications to return (UI_MODULE | SINGLE_TENANT_APP | MULTI_TENANT_APP). You can provide more than one value (comma-separated). Does not restrict if empty.
Example:
UI_MODULE,MULTI_TENANT_APP
HTTP status code 200
Collection of API applications.
Headers
- hybris-count: (integer)
The total number of objects that fulfil the criteria.
Example:
1000 - Link: required (string - repeat: true)
Link to the current page, the next page and the previous page. Marked accordingly with rel self, rel next and rel prev. The syntax must be conform to RFC-5988. The link to the current page (self) is required and must be provided always. The link to the next page (next) is optional. If not present, the next page is not available, as the current page is the last page of the result. The link to the previous page (prev) is optional. If not present, the previous page is not available, as the current page is the first page of the result.
Example:
<http://sample.com?pageNumber=2&pageSize=10>; rel="self", <http://sample.com?pageNumber=3&pageSize=10>; rel="next"
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"title": "List of Applications",
"required": [
"id",
"name",
"owner",
"appType",
"modifiedAt",
"createdAt",
"redirectUris"
],
"properties": {
"id": {
"description": "Application id",
"type": "string"
},
"name": {
"description": "Application name. Have to be unique in the project scope",
"type": "string"
},
"owner": {
"description": "Application owner",
"type": "string"
},
"displayName": {
"description": "Application display name",
"type": "string"
},
"description": {
"description": "Application description",
"type": "string"
},
"modifiedAt": {
"description": "Application modification date",
"type": "string",
"format": "date-time"
},
"createdAt": {
"description": "Application creation date",
"type": "string",
"format": "date-time"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant or Authorization Code Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"appType": {
"description": "Application type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
}
}
}
}
Example:
[
{
"id": "1",
"name": "sample-app",
"owner": "sampletenant",
"appType": "SINGLE_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
},
{
"id": "2",
"name": "sample-mobile-app",
"owner": "sampletenant",
"description": "app for mobile",
"appType": "MULTI_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.manage",
"toad.view"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
}
]
HTTP status code 400
Request was syntactically incorrect. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 400,
"message": "There are validation problems, see details section for more information",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html",
"type": "validation_violation",
"details": [
{
"field": "pageNumber",
"message": "must be a positive number",
"type": "invalid_query_parameter"
}
]
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
post /projects/{projectID}/applications
DEPRECATED
Creates a new API application.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
URI Parameters
- projectID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Create Application",
"required": [
"name",
"appType"
],
"properties": {
"name": {
"description": "Application name. Have to be unique in the project scope",
"type": "string"
},
"displayName": {
"description": "Application display name",
"type": "string"
},
"description": {
"description": "Application description",
"type": "string"
},
"appType": {
"description": "Application type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"pattern": "^[a-zA-Z_0-9.={}-]{1,128}$",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
}
}
}
Example:
{
"name": "sample-mobile-app",
"appType": "MULTI_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.manage",
"toad.view"
]
}
HTTP status code 201
API application is created.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"title": "Resource Location",
"description": "Schema for showing location of the new resource.",
"properties": {
"id": {
"description": "The identifier of the created resource",
"type": "string"
},
"link": {
"description": "The link to the created resource",
"type": "string",
"format": "uri"
}
},
"required": [
"id",
"link"
]
}
Example:
{
"id": "568107e6d06e95f7a455514a",
"link": "http://api.us.yaas.io/hybris/api-management/v1/projects/testProject/applications/568107e6d06e95f7a455514a"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
/projects/{projectID}/applications/{applicationID}
DEPRECATED
get
DEPRECATED
Returns API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_mange scope. Requested project must be the owner of requested application.
put
DEPRECATED
Updates API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope. Requested project must be the owner of requested application.
delete
DEPRECATED
Deletes API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope. Requested project must be the owner of requested application.
get /projects/{projectID}/applications/{applicationID}
DEPRECATED
Returns API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_mange scope. Requested project must be the owner of requested application.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
The request has succeeded and API application is returned.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"title": "List of Applications",
"required": [
"id",
"name",
"owner",
"appType",
"modifiedAt",
"createdAt",
"redirectUris"
],
"properties": {
"id": {
"description": "Application id",
"type": "string"
},
"name": {
"description": "Application name. Have to be unique in the project scope",
"type": "string"
},
"owner": {
"description": "Application owner",
"type": "string"
},
"displayName": {
"description": "Application display name",
"type": "string"
},
"description": {
"description": "Application description",
"type": "string"
},
"modifiedAt": {
"description": "Application modification date",
"type": "string",
"format": "date-time"
},
"createdAt": {
"description": "Application creation date",
"type": "string",
"format": "date-time"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant or Authorization Code Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"appType": {
"description": "Application type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
}
}
}
}
Example:
[
{
"id": "1",
"name": "sample-app",
"owner": "sampletenant",
"appType": "SINGLE_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
},
{
"id": "2",
"name": "sample-mobile-app",
"owner": "sampletenant",
"description": "app for mobile",
"appType": "MULTI_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.manage",
"toad.view"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
}
]
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no API application with the given ID.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
put /projects/{projectID}/applications/{applicationID}
DEPRECATED
Updates API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope. Requested project must be the owner of requested application.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Application Update",
"properties": {
"displayName": {
"description": "Application display name",
"type": "string"
},
"description": {
"description": "Application description",
"type": "string"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"pattern": "^[a-zA-Z_0-9.={}-]{1,128}$",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"moduleUrl": {
"description": "Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
}
}
}
Example:
{
"description": "app for mobile",
"display name": "mobile app",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.manage",
"toad.view"
],
"moduleUrl": "https://module.com/module.json"
}
HTTP status code 200
The request has succeeded and API application is updated.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no API application with the given ID.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
delete /projects/{projectID}/applications/{applicationID}
DEPRECATED
Deletes API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope. Requested project must be the owner of requested application.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
The request has succeeded and API application is deleted.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no API application with the given ID.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/applications/{applicationID}/credentials
DEPRECATED
get
DEPRECATED
Returns API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view scope.
post
DEPRECATED
Adds credentials to an application. There might be up to 2 credentials defined per application.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
get /projects/{projectID}/applications/{applicationID}/credentials
DEPRECATED
Returns API application with the given ID.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view scope.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"title": "List of Application Credentials",
"uniqueItems": true,
"items": {
"type": "object",
"description": "Application Credentials",
"required": [
"clientId",
"clientSecret"
],
"properties": {
"clientId": {
"description": "Application's client id",
"type": "string"
},
"clientSecret": {
"description": "Application's client secret",
"type": "string"
},
"createdAt": {
"description": "Application's credentials creation date",
"type": "date"
}
}
}
}
Example:
[
{
"clientId": "Hv4TKtCH1xVgUNwndcoeG6P9zZNAEVVV",
"clientSecret": "eji1fl2JLpcYpkSC",
"createdAt": "2006-01-02T15:04:05.000+0000"
}
]
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
post /projects/{projectID}/applications/{applicationID}/credentials
DEPRECATED
Adds credentials to an application. There might be up to 2 credentials defined per application.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 201
New application credentials have been generated.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 409
Exceeded number of available credentials for application.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 409,
"type": "conflict_resource",
"message": "Application cannot have more than 2 credentials defined.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/applications/{applicationID}/credentials/{applicationId}
DEPRECATED
delete
DEPRECATED
Removes application credentials. Application must have at least one credentials defined.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
delete /projects/{projectID}/applications/{applicationID}/credentials/{applicationId}
DEPRECATED
Removes application credentials. Application must have at least one credentials defined.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_mange scope.
URI Parameters
- projectID: required (string)
- applicationID: required (string)
- applicationId: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
Successfully removed credentials from app.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 409
Unable to remove last credentials.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 409,
"type": "conflict_resource",
"message": "Application must have at least 1 credentials defined.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/clients
/projects/{projectID}/clients
get
This endpoint allows you to get a complete set of clients defined for a given project.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
post
Creates a new client.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
get /projects/{projectID}/clients
This endpoint allows you to get a complete set of clients defined for a given project.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Query Parameters
- sort: (string)
The list of comma-separated properties used to sort the results. By default, the column values are sorted in ascending order. Can either be in the form of fieldName or fieldName:asc, fieldName:desc. If you want to sort by localized attributes, you must use the following form: fieldName.language or fieldName.language:asc, fieldName.language:desc.
Example:
name,createdAt:asc,modifiedAt:desc
- totalCount: (boolean)
This parameter requests to return the total number of object in the collection fulfilling the criteria together with the response. This number will be returned in the 'hybris-count' header.
Example:
true - pageNumber: (integer - default: 1 - minimum: 1)
The page number to be retrieved where the size of the pages must be specified by the pageSize parameter. The number of the first page is 1.
Example:
1 - pageSize: (integer - default: 16 - minimum: 1)
The number of documents being retrieved on the page.
Example:
16 - appType: (string)
Restricts types of clients to return (UI_MODULE | SINGLE_TENANT_APP | MULTI_TENANT_APP). You can provide more than one value (comma-separated). Does not restrict if empty.
Example:
UI_MODULE,MULTI_TENANT_APP
HTTP status code 200
Collection of API clients.
Headers
- hybris-count: (integer)
The total number of objects that fulfil the criteria.
Example:
1000 - Link: required (string - repeat: true)
Link to the current page, the next page and the previous page. Marked accordingly with rel self, rel next and rel prev. The syntax must be conform to RFC-5988. The link to the current page (self) is required and must be provided always. The link to the next page (next) is optional. If not present, the next page is not available, as the current page is the last page of the result. The link to the previous page (prev) is optional. If not present, the previous page is not available, as the current page is the first page of the result.
Example:
<http://sample.com?pageNumber=2&pageSize=10>; rel="self", <http://sample.com?pageNumber=3&pageSize=10>; rel="next"
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"uniqueItems": true,
"items": {
"type": "object",
"title": "List of Clients",
"required": [
"id",
"name",
"owner",
"appType",
"modifiedAt",
"createdAt",
"redirectUris"
],
"properties": {
"id": {
"description": "Client id",
"type": "string"
},
"name": {
"description": "Client name. Have to be unique in the project scope",
"type": "string"
},
"owner": {
"description": "Client owner",
"type": "string"
},
"displayName": {
"description": "Client display name",
"type": "string"
},
"description": {
"description": "Client description",
"type": "string"
},
"modifiedAt": {
"description": "Client modification date",
"type": "string",
"format": "date-time"
},
"createdAt": {
"description": "Client creation date",
"type": "string",
"format": "date-time"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant or Authorization Code Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"postLogoutRedirectUris": {
"description": "Post logout redirect URIs. If you want to use End Session endpoint in the Authorization Service, at least one URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Post logout redirect URI. Needs to have a protocol, no URL fragments and no relative paths. Can contain custom scheme URI",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"appType": {
"description": "Client type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "[DEPRECATED] Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
},
"moduleUrls": {
"description": "Array of a URLs for moduleInfo descriptor.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines module URL per Region. Only one URL per Region is allowed",
"required": [
"region",
"url"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"url": {
"description": "URL of the module in the region.",
"type": "string",
"format": "uri"
}
}
}
}
}
}
}
Example:
[
{
"id": "1",
"name": "sample-mobile-client-1",
"owner": "sampletenant",
"appType": "SINGLE_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
},
{
"id": "2",
"name": "sample-mobile-client-2",
"owner": "sampletenant",
"description": "client for mobile",
"appType": "MULTI_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.org_manage",
"hybris.org_view"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
},
{
"id": "3",
"name": "sample-mobile-client-3",
"owner": "sampletenant",
"appType": "UI_MODULE",
"redirectUris": [
"https://www.redirect.com/callback"
],
"requiredScopes": [
"hybris.org_manage",
"hybris.org_view"
],
"moduleUrl": "https://module.com/module.json",
"moduleUrls": [
{
"region": "us",
"url": "https://module.com/module.json"
}
],
"postLogoutRedirectUris": [
"https://www.redirect.com/logoutCallback",
"myapp://logoutCallback"
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
}
]
HTTP status code 400
Request was syntactically incorrect. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 400,
"message": "There are validation problems, see details section for more information",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html",
"type": "validation_violation",
"details": [
{
"field": "pageNumber",
"message": "must be a positive number",
"type": "invalid_query_parameter"
}
]
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
post /projects/{projectID}/clients
Creates a new client.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Create Client",
"required": [
"name",
"appType"
],
"properties": {
"name": {
"description": "Client name. Have to be unique in the project scope",
"type": "string"
},
"displayName": {
"description": "Client display name",
"type": "string"
},
"description": {
"description": "Client description",
"type": "string"
},
"appType": {
"description": "Client type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "[DEPRECATED] URL for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
},
"moduleUrls": {
"description": "Array of a URLs for moduleInfo descriptor.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines module URL per Region. Only one URL per Region is allowed",
"required": [
"region",
"url"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"url": {
"description": "URL of the module in the region. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
}
}
}
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"postLogoutRedirectUris": {
"description": "Post logout redirect URIs. If you want to use OAuth2 End Session flow at least one URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Post logout Redirect URI. Needs to have a protocol, no URL fragments and no relative paths. Can contain custom scheme URI",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
}
}
}
Example:
{
"name": "sample-mobile-client",
"appType": "MULTI_TENANT_APP",
"redirectUris": [
"https://www.redirect.com/callback",
"myapp://callback"
],
"postLogoutRedirectUris": [
"https://www.redirect.com/logoutCallback",
"myapp://logoutCallback"
],
"requiredScopes": [
"hybris.org_manage",
"hybris.org_view"
]
}
HTTP status code 201
Client is created.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"title": "Resource Location",
"description": "Schema for showing location of the new resource.",
"properties": {
"id": {
"description": "The identifier of the created resource",
"type": "string"
},
"link": {
"description": "The link to the created resource",
"type": "string",
"format": "uri"
}
},
"required": [
"id",
"link"
]
}
Example:
{
"id": "568107e6d06e95f7a455514a",
"link": "http://api.us.yaas.io/hybris/api-management/v1/projects/testProject/clients/568107e6d06e95f7a455514a"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
/projects/{projectID}/clients/{identifier}
get
Returns a client with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope. Requested project must be the owner of requested client.
put
Updates the client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested client.
delete
Deletes client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested client.
get /projects/{projectID}/clients/{identifier}
Returns a client with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope. Requested project must be the owner of requested client.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
The request has succeeded and client is returned.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Client",
"required": [
"id",
"name",
"owner",
"appType",
"modifiedAt",
"createdAt",
"redirectUris"
],
"properties": {
"id": {
"description": "Client id",
"type": "string"
},
"name": {
"description": "Client name. Have to be unique in the project scope",
"type": "string"
},
"owner": {
"description": "Client owner",
"type": "string"
},
"displayName": {
"description": "Client display name",
"type": "string"
},
"description": {
"description": "Client description",
"type": "string"
},
"modifiedAt": {
"description": "Client modification date",
"type": "string",
"format": "date-time"
},
"createdAt": {
"description": "Client creation date",
"type": "string",
"format": "date-time"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant or Authorization Code Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"postLogoutRedirectUris": {
"description": "Post logout redirect URIs. If you want to use End Session endpoint in the Authorization Service, at least one URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Post logout redirect URI. Needs to have a protocol, no URL fragments and no relative paths. Can contain custom scheme URI",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"appType": {
"description": "Client type",
"enum": [
"UI_MODULE",
"MULTI_TENANT_APP",
"SINGLE_TENANT_APP"
]
},
"moduleUrl": {
"description": "[DEPRECATED] Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
},
"moduleUrls": {
"description": "Array of a URLs for moduleInfo descriptor.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines module URL per Region. Only one URL per Region is allowed",
"required": [
"region",
"url"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"url": {
"description": "URL of the module in the region.",
"type": "string",
"format": "uri"
}
}
}
}
}
}
Example:
{
"id": "2",
"name": "sample-mobile-client",
"owner": "sampletenant",
"description": "client for mobile",
"appType": "UI_MODULE",
"redirectUris": [
"https://www.redirect.com/callback"
],
"postLogoutRedirectUris": [
"https://www.redirect.com/logoutCallback"
],
"requiredScopes": [
"hybris.org_manage",
"hybris.org_view"
],
"moduleUrl": "https://module.com/module.json",
"moduleUrls": [
{
"region": "us",
"url": "https://module.com/module.json"
}
],
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"createdAt": "2014-07-07T09:53:42.523+0000"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no client with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
put /projects/{projectID}/clients/{identifier}
Updates the client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested client.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Client Update",
"properties": {
"displayName": {
"description": "Client display name",
"type": "string"
},
"description": {
"description": "Client description",
"type": "string"
},
"redirectUris": {
"description": "Redirect URIs. If you want to use OAuth2 Implicit Grant flow at least one redirect URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Redirect URI. Needs to have a protocol, no URL fragments and no relative paths.",
"uniqueItems": true
}
},
"postLogoutRedirectUris": {
"description": "Post logout redirect URIs. If you want to use End Session endpoint in the Authorization Service, at least one URI is required.",
"type": "array",
"items": {
"type": "string",
"format": "uri",
"description": "Post logout redirect URI. Needs to have a protocol, no URL fragments and no relative paths. Can contain custom scheme URI",
"uniqueItems": true
}
},
"requiredScopes": {
"description": "Required scopes",
"type": "array",
"items": {
"type": "string",
"description": "Fully qualified scope. Format team.scope",
"uniqueItems": true
}
},
"moduleUrl": {
"description": "[DEPRECATED] Url for moduleInfo descriptor. Required for 'UI_MODULE' apps",
"type": "string",
"format": "uri"
},
"moduleUrls": {
"description": "Array of a URLs for moduleInfo descriptor.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines module URL per Region. Only one URL per Region is allowed",
"required": [
"region",
"url"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"url": {
"description": "URL of the module in the region. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
}
}
}
}
}
}
Example:
{
"description": "client for mobile",
"displayName": "mobile client",
"redirectUris": [
"https://www.redirect.com/callback",
"myapp://callback"
],
"postLogoutRedirectUris": [
"https://www.redirect.com/logoutCallback",
"myapp://logoutCallback"
],
"requiredScopes": [
"hybris.org_manage",
"hybris.org_view"
],
"moduleUrl": "https://module.com/module.json"
}
HTTP status code 200
The request has succeeded and client is updated.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no client with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
delete /projects/{projectID}/clients/{identifier}
Deletes client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested client.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
The request has succeeded and the client is deleted.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no client with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/clients/{identifier}/credentials
get
Returns a client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view scope.
post
Generates a new pair of credentials (clientId, clientSecret) to a client application. You can define up to 2 pairs of credentials per client.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
get /projects/{projectID}/clients/{identifier}/credentials
Returns a client application with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view scope.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"title": "List of Client Credentials",
"uniqueItems": true,
"items": {
"type": "object",
"description": "Client Credentials",
"required": [
"clientId",
"clientSecret"
],
"properties": {
"clientId": {
"description": "Client's client id",
"type": "string"
},
"clientSecret": {
"description": "Client's client secret",
"type": "string"
},
"createdAt": {
"description": "Client's credentials creation date",
"type": "date"
}
}
}
}
Example:
[
{
"clientId": "Hv4TKtCH1xVgUNwndcoeG6P9zZNAEVVV",
"clientSecret": "eji1fl2JLpcYpkSC",
"createdAt": "2006-01-02T15:04:05.000+0000"
}
]
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
post /projects/{projectID}/clients/{identifier}/credentials
Generates a new pair of credentials (clientId, clientSecret) to a client application. You can define up to 2 pairs of credentials per client.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 201
New client credentials have been generated.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 409
Exceeded number of available credentials for client.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 409,
"type": "conflict_resource",
"message": "Client cannot have more than 2 credentials defined.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/clients/{identifier}/credentials/{clientId}
delete
Removes client credentials. Every client application must have at least one pair of credentials defined.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
delete /projects/{projectID}/clients/{identifier}/credentials/{clientId}
Removes client credentials. Every client application must have at least one pair of credentials defined.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- identifier: required (string)
Unique idenfitifer of a client application.
Example:
exampleproject.exampleclient
- clientId: required (string)
A case sensitive string that is a part of the credentials of a client application. For more information, see the OAuth2 specification.
Example:
vbge45sdv13vd56s
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
Successfully removed credentials from client.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 409
Cannot delete the credentials. The client application must have at least one pair of credentials defined.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 409,
"type": "conflict_resource",
"message": "Client must have at least pair of credentials defined.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/services
/projects/{projectID}/services
get
Returns all services.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
post
Creates a new service.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
get /projects/{projectID}/services
Returns all services.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope.
You can sort your results by the following fields: name, createdAt and modifiedAt.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Query Parameters
- sort: (string)
The list of comma-separated properties used to sort the results. By default, the column values are sorted in ascending order. Can either be in the form of fieldName or fieldName:asc, fieldName:desc. If you want to sort by localized attributes, you must use the following form: fieldName.language or fieldName.language:asc, fieldName.language:desc.
Example:
name,createdAt:asc,modifiedAt:desc
- totalCount: (boolean)
This parameter requests to return the total number of object in the collection fulfilling the criteria together with the response. This number will be returned in the 'hybris-count' header.
Example:
true - pageNumber: (integer - default: 1 - minimum: 1)
The page number to be retrieved where the size of the pages must be specified by the pageSize parameter. The number of the first page is 1.
Example:
1 - pageSize: (integer - default: 16 - minimum: 1)
The number of documents being retrieved on the page.
Example:
16 - clientIdentifier: (string)
Identifier of the client.
Example:
exampleproject.exampleclient
- sourceUrl: (string)
Service Source URL.
Example:
http://order.test.hybris.com
- basePath: (string)
Service base path. Syntax {organizationBasePath}/{serviceName}/{serviceVersion}.
Example:
hybris/order/v1
HTTP status code 200
Collection of services.
Headers
- hybris-count: (integer)
The total number of objects that fulfil the criteria.
Example:
1000 - Link: required (string - repeat: true)
Link to the current page, the next page and the previous page. Marked accordingly with rel self, rel next and rel prev. The syntax must be conform to RFC-5988. The link to the current page (self) is required and must be provided always. The link to the next page (next) is optional. If not present, the next page is not available, as the current page is the last page of the result. The link to the previous page (prev) is optional. If not present, the previous page is not available, as the current page is the first page of the result.
Example:
<http://sample.com?pageNumber=2&pageSize=10>; rel="self", <http://sample.com?pageNumber=3&pageSize=10>; rel="next"
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "array",
"title": "Array of Services",
"unique": true,
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Service",
"required": [
"id",
"state",
"name",
"version",
"sourceUrl",
"proxyUrl",
"secured"
],
"properties": {
"id": {
"description": "Identifier of the service",
"type": "string"
},
"name": {
"description": "Name of the service",
"type": "string"
},
"publishedAt": {
"description": "Date of the service publication",
"type": "string",
"format": "date-time"
},
"sourceUrl": {
"description": "[DEPRECATED] Service source URL. Used as proxy target endpoint",
"type": "string",
"format": "uri"
},
"sourceUrls": {
"description": "Array of a URLs of the deployed service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Source URL per Region definitions. Only one URL per Region allowed",
"required": [
"region",
"sourceUrl"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"sourceUrl": {
"description": "Source URL of the service deployed in the region.",
"type": "string",
"format": "uri"
}
}
}
},
"proxyBasePath": {
"description": "Service proxy basepath",
"type": "string"
},
"description": {
"description": "Description of the service",
"type": "string"
},
"proxyUrl": {
"description": "URL of the proxy created for this service. Service have to be used via proxy so service clients have to use this URL instead of original one",
"type": "string",
"format": "uri"
},
"proxyUrls": {
"description": "Array of URLs of the proxy for the service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"region",
"urls"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"urls": {
"description": "URLs of the proxy created for this service in the region. Service have to be used via proxy so service clients have to use this URL instead of original one. If it's a master region, beta proxy url is also returned.",
"type": "array",
"items": {
"description": "URL of the proxy created for this service in the region.",
"type": "string",
"format": "uri"
}
}
}
}
},
"applicationId": {
"description": "Optional identifier of the application, which credentials are used to call upstream services. Empty if not mashup service.",
"type": "string"
},
"scopes": {
"description": "Array of a service scopes that service is using",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name of the scope",
"type": "string"
},
"description": {
"description": "Description of the scope",
"type": "string"
}
}
}
},
"documentationUrl": {
"description": "URL to the service documentation",
"type": "string",
"format": "uri"
},
"modifiedAt": {
"description": "Date of the service publication",
"type": "string",
"format": "date-time"
},
"serviceState": {
"description": "Defines service state (possible values: 'DRAFT', 'DEPLOYED')",
"enum": [
"DRAFT",
"DEPLOYED"
],
"type": "string"
},
"quotas": {
"description": "With this property user is able to specify which service endpoints and methods should be blocked.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"required": [
"metricKey",
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure. Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"metricKey": {
"description": "Name of the quota metric. Valid metric key cannot be empty. Must be at most 128 characters long and can contain only alphanumeric characters, '.', '-' and '%' separated with '/'.",
"type": "string"
}
}
}
},
"authorizationRules": {
"description": "Authorization rules. Define to secure your service endpoints.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"uniqueItems": true,
"required": [
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure (POST, GET etc.). Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"tenants": {
"description": "A list of tenants that can access the resource.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"scopes": {
"description": "Scopes that must be set to access this resource",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"skipOAuthCheck": {
"description": "Skips OAuth check (unsecured resource). This flag can not be used with optionalOAuthCheck",
"type": "boolean",
"default": false
},
"optionalOAuthCheck": {
"description": "Makes OAuth check optional. If authorization header is sent, then access token will be validated, and hybris headers will be set in the request. If authorization header is not sent, request will be passed to the target service, but hybris headers will not be set in the request. Then service should handle such situation (e.g. return only public-available / anonymous data if hybris headers are absent). This flag can not be used with skipOAuthCheck",
"type": "boolean",
"default": false
},
"checkAllScopes": {
"description": "If set to `true`, all scopes are required in order to access the resource. If set to `false` any of the defined scopes is needed.",
"type": "boolean",
"default": false
},
"skipSubscriptionCheck": {
"description": "If set to `true`, subscription verification will be omitted.",
"type": "boolean",
"default": false
},
"credentials": {
"description": "Basic Auth credentials",
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "Basic auth username",
"pattern": "{8,33}",
"type": "string"
},
"password": {
"description": "Basic auth password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
}
}
},
"version": {
"description": "Service version",
"type": "string"
},
"type": {
"description": "Type of service (e.g. tax, shipping, payment)",
"type": "string",
"enum": [
"tax",
"payment",
"shipping"
]
},
"secured": {
"description": "[DEPRECATED, see \"regions\" field] Indicates if service is secured with HTTP Basic Authentication",
"type": "boolean",
"default": false
},
"allScopes": {
"type": "array",
"description": "Aggregated scopes from service scopes and authorization rules",
"items": {
"type": "string"
}
},
"regions": {
"type": "array",
"description": "Array with entries containing region data",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Region data",
"required": [
"region",
"secured"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"secured": {
"description": "Indicates if service is secured with HTTP Basic Authentication in given region",
"type": "boolean",
"default": false
}
}
}
}
}
}
}
Example:
[
{
"id": "UUID_1",
"projectId": "sampleproject",
"name": "superorderservice",
"publishedAt": "2014-07-07T09:53:42.523+0000",
"sourceUrl": "http://orderService.test.cf.hybris.com",
"sourceUrls": [
{
"region": "us",
"sourceUrl": "http://orderService.test.cf.hybris.com"
},
{
"region": "eu",
"sourceUrl": "http://orderService.test.cf.hybris.com"
}
],
"description": "This is a order service description",
"proxyUrl": "http://api.hybris.com/hybris/orders/v1",
"proxyUrls": [
{
"region": "us",
"urls": [
"http://api.hybris.com/hybris/orders/v1"
]
}
],
"scopes": [
{
"name": "hybris.product_manage",
"description": "With that scope service will allow to manage orders."
}
],
"documentationUrl": "http://documentation.some-domain.com",
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"serviceState": "DRAFT",
"quotas": [
{
"methods": [
"POST",
"PUT"
],
"path": "/cars",
"metricKey": "metric-1"
},
{
"methods": [
"GET"
],
"path": "/bikes",
"metricKey": "metric-2"
}
],
"authorizationRules": [
{
"path": "/notsecured/",
"methods": [
"GET"
],
"skipOAuthCheck": true
},
{
"path": "/noscopes/",
"methods": [
"GET"
]
},
{
"path": "/tenant-restricted/*",
"methods": [
"GET",
"POST"
],
"tenants": [
"tenant1",
"tenant2"
],
"scopes": [
"hybris.product_manage"
]
},
{
"path": "/anyscope/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": false
},
{
"path": "/allscopes/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": true
}
],
"version": "v1",
"type": "tax",
"secured": true,
"allScopes": [
"hybris.product_manage",
"hybris.product_view"
],
"regions": [
{
"region": "us",
"secured": true
},
{
"region": "eu",
"secured": true
}
]
}
]
HTTP status code 400
Request was syntactically incorrect. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 400,
"message": "There are validation problems, see details section for more information",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html",
"type": "validation_violation",
"details": [
{
"field": "pageNumber",
"message": "must be a positive number",
"type": "invalid_query_parameter"
}
]
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
post /projects/{projectID}/services
Creates a new service.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Service Create",
"required": [
"name",
"version",
"state",
"sourceUrl"
],
"properties": {
"name": {
"description": "Name of the service",
"type": "string"
},
"version": {
"description": "Version of the service",
"type": "string"
},
"state": {
"description": "Defines service state (possible values: 'DRAFT', 'DEPLOYED')",
"enum": [
"DRAFT",
"DEPLOYED"
],
"type": "string"
},
"sourceUrl": {
"description": "[DEPRECATED] URL of the deployed service. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
},
"sourceUrls": {
"description": "Array of a URLs of the deployed service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines Service Source URL per Region. Only one URL per Region allowed",
"required": [
"region",
"sourceUrl"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"sourceUrl": {
"description": "Source URL of the service deployed in the region. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
}
}
}
},
"personalData": {
"type": "array",
"description": "Array of service regions where personal data is stored",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "string",
"uniqueItems": true
}
},
"description": {
"description": "Description of the service",
"type": "string"
},
"documentationUrl": {
"description": "URL to the service documentation",
"type": "string",
"format": "uri"
},
"type": {
"description": "Type of the service (e.g. tax, shipping, payment)",
"type": "string",
"enum": [
"tax",
"payment",
"shipping"
]
},
"applicationId": {
"description": "Optional identifier of the application, which credentials you are going to use to call upstream services. Skip if not mashup service.",
"type": "string"
},
"scopes": {
"description": "Array of a service scopes that service is using",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name of the scope",
"type": "string",
"pattern": "^[a-zA-Z_0-9.={}-]{1,128}$"
},
"description": {
"description": "Description of the scope",
"type": "string"
}
}
}
},
"authorizationRules": {
"description": "Authorization rules. Define to secure your service endpoints.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"uniqueItems": true,
"required": [
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure (POST, GET etc.). Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"tenants": {
"description": "A list of tenants that can access the resource.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"scopes": {
"description": "Scopes that must be set to access this resource",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"skipOAuthCheck": {
"description": "Skips OAuth check (unsecured resource). This flag can not be used with optionalOAuthCheck",
"type": "boolean",
"default": false
},
"optionalOAuthCheck": {
"description": "Makes OAuth check optional. If authorization header is sent, then access token will be validated, and hybris headers will be set in the request. If authorization header is not sent, request will be passed to the target service, but hybris headers will not be set in the request. Then service should handle such situation (e.g. return only public-available / anonymous data if hybris headers are absent). This flag can not be used with skipOAuthCheck",
"type": "boolean",
"default": false
},
"checkAllScopes": {
"description": "If set to `true`, all scopes are required in order to access the resource. If set to `false` any of the defined scopes is needed.",
"type": "boolean"
},
"skipSubscriptionCheck": {
"description": "If set to `true`, subscription verification will be omitted. This flag cannot be used with skipOAuthCheck.",
"type": "boolean"
},
"credentials": {
"description": "Basic Auth credentials",
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "Basic auth username",
"pattern": "{8,33}",
"type": "string"
},
"password": {
"description": "Basic auth password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
}
}
},
"quotas": {
"description": "With this property user is able to specify which service endpoints and methods should be blocked.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"required": [
"metricKey",
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure. Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"metricKey": {
"description": "Name of the quota metric. Valid metric key cannot be empty. Must be at most 128 characters long and can contain only alphanumeric characters, '.', '-' and '%' separated with '/'.",
"type": "string"
}
}
}
},
"credentials": {
"type": "object",
"title": "Credentials",
"required": [
"username",
"password"
],
"description": "Specifies credentials used by service proxy to perform HTTP Basic Authentication when calling the service",
"properties": {
"username": {
"description": "Username for HTTP Basic Authentication",
"type": "string"
},
"password": {
"description": "Password for HTTP Basic Authentication",
"type": "string"
}
}
}
}
}
Example:
{
"name": "coreservice",
"version": "v1",
"sourceUrl": "https://core.service.com/",
"sourceUrls": [
{
"region": "us",
"sourceUrl": "https://core.service.com/"
},
{
"region": "eu",
"sourceUrl": "https://core.service.com/"
}
],
"state": "DRAFT"
}
HTTP status code 201
Service is created.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Service Resource Location",
"required": [
"id",
"link",
"proxyBasePath"
],
"properties": {
"id": {
"description": "Identifier of the service",
"type": "string"
},
"link": {
"description": "Link to the resource which represents service.",
"type": "string",
"format": "uri"
},
"proxyBasePath": {
"description": "Base path of the proxy created for this service. Service have to be used via proxy so service clients have to use this URL instead of original one.",
"type": "string",
"format": "uri"
}
}
}
Example:
{
"id": "568107e6d06e95f7a455514a",
"link": "http://api.us.yaas.io/hybris/api-management/v1/projects/testProject/services/568107e6d06e95f7a455514a",
"proxyBasePath": "/organizationBasePath/serviceName/serviceVersion"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
/projects/{projectID}/services/{serviceID}
get
Returns service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope. Requested project must be the owner of requested service.
put
Updates service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested service.
delete
Deletes service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested service.
get /projects/{projectID}/services/{serviceID}
Returns service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_view or hybris.api_manage scope. Requested project must be the owner of requested service.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 200
The request has succeeded and service is returned.
Body
Type: application/json
Schema:
{
"type": "object",
"title": "Service",
"required": [
"id",
"projectId",
"name",
"version",
"sourceUrl",
"proxyUrl",
"secured",
"state"
],
"properties": {
"id": {
"description": "Identifier of the service",
"type": "string"
},
"projectId": {
"description": "Identifier of the parent team (Ref.: Team)",
"type": "string"
},
"name": {
"description": "Name of the service",
"type": "string"
},
"publishedAt": {
"description": "Date of the service publication",
"type": "string",
"format": "date-time"
},
"sourceUrl": {
"description": "[DEPRECATED] Service source URL. Used as proxy target endpoint",
"type": "string",
"format": "uri"
},
"sourceUrls": {
"description": "Array of a URLs of the deployed service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Source URL per Region definitions. Only one URL per Region allowed",
"required": [
"region",
"urls"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"urls": {
"description": "URLs of the proxy created for this service in the region. Service have to be used via proxy so service clients have to use this URL instead of original one. If it's a master region, beta proxy url is also returned.",
"type": "array",
"items": {
"description": "URL of the proxy created for this service in the region.",
"type": "string",
"format": "uri"
}
}
}
}
},
"personalData": {
"type": "array",
"description": "Array of service regions where personal data is stored",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "string",
"uniqueItems": true
}
},
"description": {
"description": "Description of the service",
"type": "string"
},
"proxyUrl": {
"description": "URL of the proxy created for this service. Service have to be used via proxy so service clients have to use this URL instead of original one",
"type": "string",
"format": "uri"
},
"proxyUrls": {
"description": "Array of URLs of the proxy for the service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"region",
"sourceUrl"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"proxyUrl": {
"description": "URL of the proxy created for this service in the region. Service have to be used via proxy so service clients have to use this URL instead of original one",
"type": "string",
"format": "uri"
}
}
}
},
"proxyBasePath": {
"description": "Service proxy basepath",
"type": "string"
},
"applicationId": {
"description": "Optional identifier of the application, which credentials are used to call upstream services. Empty if not mashup service.",
"type": "string"
},
"scopes": {
"description": "Array of a service scopes that service is using",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name of the scope",
"type": "string"
},
"description": {
"description": "Description of the scope",
"type": "string"
}
}
}
},
"documentationUrl": {
"description": "URL to the service documentation",
"type": "string",
"format": "uri"
},
"modifiedAt": {
"description": "Date of the service publication",
"type": "string",
"format": "date-time"
},
"state": {
"description": "Defines service state (possible values: 'DRAFT', 'DEPLOYED')",
"enum": [
"DRAFT",
"DEPLOYED"
],
"type": "string"
},
"quotas": {
"description": "With this property user is able to specify which service endpoints and methods should be blocked.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"required": [
"metricKey",
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure. Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"metricKey": {
"description": "Name of the quota metric. Valid metric key cannot be empty. Must be at most 128 characters long and can contain only alphanumeric characters, '.', '-' and '%' separated with '/'.",
"type": "string"
}
}
}
},
"authorizationRules": {
"description": "Authorization rules. Define to secure your service endpoints.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"uniqueItems": true,
"required": [
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure (POST, GET etc.). Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"tenants": {
"description": "A list of tenants that can access the resource",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"scopes": {
"description": "Scopes that must be set to access this resource",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"skipOAuthCheck": {
"description": "Skips oauth check (unsecured resource)",
"type": "boolean",
"default": false
},
"optionalOAuthCheck": {
"description": "Makes OAuth check optional. If authorization header is sent, then access token will be validated, and hybris headers will be set in the request. If authorization header is not sent, request will be passed to the target service, but hybris headers will not be set in the request. Then service should handle such situation (e.g. return only public-available / anonymous data if hybris headers are absent). This flag can not be used with skipOAuthCheck",
"type": "boolean",
"default": false
},
"checkAllScopes": {
"description": "If set to `true`, all scopes are required in order to access the resource. If set to `false` any of the defined scopes is needed.",
"type": "boolean",
"default": false
},
"skipSubscriptionCheck": {
"description": "If set to `true`, subscription verification will be omitted.",
"type": "boolean",
"default": false
},
"credentials": {
"description": "Basic Auth credentials",
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "Basic auth username",
"pattern": "{8,33}",
"type": "string"
},
"password": {
"description": "Basic auth password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
}
}
},
"version": {
"description": "Service version",
"type": "string"
},
"type": {
"description": "Type of service (e.g. tax, shipping, payment)",
"type": "string"
},
"secured": {
"description": "[DEPRECATED, see regions field] Indicates if service is secured with HTTP Basic Authentication",
"type": "boolean",
"default": false
},
"allScopes": {
"type": "array",
"description": "Aggregated scopes from service \"scopes\" and authorization rules",
"items": {
"uniqueItems": true,
"type": "string"
}
},
"regions": {
"type": "array",
"description": "Array with entries containing region data",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Region data",
"required": [
"region",
"secured"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"secured": {
"description": "Indicates if service is secured with HTTP Basic Authentication in given region",
"type": "boolean",
"default": false
}
}
}
}
}
}
Example:
{
"id": "UUID_1",
"projectId": "sampleproject",
"name": "superorderservice",
"publishedAt": "2014-07-07T09:53:42.523+0000",
"sourceUrl": "http://orderService.test.cf.hybris.com",
"sourceUrls": [
{
"region": "us",
"sourceUrl": "http://orderService.test.cf.hybris.com"
}
],
"description": "This is a order service description",
"proxyUrl": "http://api.hybris.com/orders",
"proxyUrls": [
{
"region": "us",
"urls": [
"http://api.hybris.com/orders"
]
}
],
"scopes": [
{
"name": "hybris.product_manage",
"description": "With that scope service will allow to manage orders."
}
],
"documentationUrl": "http://documentation.some-domain.com",
"modifiedAt": "2014-07-07T09:53:42.523+0000",
"serviceState": "DRAFT",
"quotas": [
{
"path": "/cars",
"methods": [
"POST",
"PUT"
],
"metricKey": "metric-1"
},
{
"path": "/bikes",
"methods": [
"GET"
],
"metricKey": "metric-2"
}
],
"authorizationRules": [
{
"path": "/notsecured/",
"methods": [
"GET"
],
"skipOAuthCheck": true
},
{
"path": "/noscopes/",
"methods": [
"GET"
]
},
{
"path": "/tenant-restricted/*",
"methods": [
"GET",
"POST"
],
"tenants": [
"tenant1",
"tenant2"
],
"scopes": [
"hybris.product_manage"
]
},
{
"path": "/anyscope/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": false
},
{
"path": "/allscopes/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": true
}
],
"regions": [
{
"region": "us",
"secured": true
}
],
"version": "v1",
"type": "tax",
"secured": true,
"allScopes": [
"hybris.product_manage",
"hybris.product_view"
]
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no service with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
put /projects/{projectID}/services/{serviceID}
Updates service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested service.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Service Update",
"required": [
"name",
"version",
"state"
],
"properties": {
"name": {
"description": "Name of the service",
"type": "string"
},
"version": {
"description": "Version of the service",
"type": "string"
},
"state": {
"description": "Defines service state (possible values: 'DRAFT', 'DEPLOYED')",
"enum": [
"DRAFT",
"DEPLOYED"
],
"type": "string"
},
"sourceUrl": {
"description": "[DEPRECATED] URL of the deployed service. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
},
"sourceUrls": {
"description": "Array of a URLs of the deployed service per region.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Defines Service Source URL per Region. Only one URL per Region allowed",
"required": [
"region",
"sourceUrl"
],
"properties": {
"region": {
"description": "Name of the region",
"type": "string"
},
"sourceUrl": {
"description": "Source URL of the service deployed in the region. Must not contain '_' (underscore) in hostname.",
"type": "string",
"format": "uri"
}
}
}
},
"personalData": {
"type": "array",
"description": "Array of service regions where personal data is stored",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "string",
"uniqueItems": true
}
},
"description": {
"description": "Description of the service",
"type": "string"
},
"documentationUrl": {
"description": "URL to the service documentation",
"type": "string",
"format": "uri"
},
"type": {
"description": "Type of the service (e.g. tax, shipping, payment)",
"type": "string",
"enum": [
"tax",
"payment",
"shipping"
]
},
"applicationId": {
"description": "Optional identifier of the application, which credentials you are going to use to call upstream services. Skip if not mashup service.",
"type": "string"
},
"scopes": {
"description": "Array of a service scopes that service is using",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"description": "Service Scope",
"required": [
"name"
],
"properties": {
"name": {
"description": "Name of the scope",
"type": "string",
"pattern": "^[a-zA-Z_0-9.={}-]{1,128}$"
},
"description": {
"description": "Description of the scope",
"type": "string"
}
}
}
},
"quotas": {
"description": "With this property user is able to specify which service endpoints and methods should be blocked.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"required": [
"metricKey",
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure. Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"metricKey": {
"description": "Name of the quota metric. Valid metric key cannot be empty. Must be at most 128 characters long and can contain only alphanumeric characters, '.', '-' and '%' separated with '/'.",
"type": "string"
}
}
}
},
"authorizationRules": {
"description": "Authorization rules. Define to secure your service endpoints.",
"type": "array",
"items": {
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"uniqueItems": true,
"required": [
"path",
"methods"
],
"properties": {
"path": {
"description": "Secured path expression (e.g. /*)",
"type": "string"
},
"methods": {
"description": "HTTP methods to secure (POST, GET etc.). Use '*' if you want all methods secured.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"tenants": {
"description": "A list of tenants that can access the resource.",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"scopes": {
"description": "Scopes that must be set to access this resource",
"type": "array",
"items": {
"type": "string",
"uniqueItems": true
}
},
"skipOAuthCheck": {
"description": "Skips OAuth check (unsecured resource). This flag can not be used with optionalOAuthCheck",
"type": "boolean",
"default": false
},
"optionalOAuthCheck": {
"description": "Makes OAuth check optional. If authorization header is sent, then access token will be validated, and hybris headers will be set in the request. If authorization header is not sent, request will be passed to the target service, but hybris headers will not be set in the request. Then service should handle such situation (e.g. return only public-available / anonymous data if hybris headers are absent). This flag can not be used with skipOAuthCheck",
"type": "boolean",
"default": false
},
"checkAllScopes": {
"description": "If set to `true`, all scopes are required in order to access the resource. If set to `false` any of the defined scopes is needed.",
"type": "boolean",
"default": false
},
"skipSubscriptionCheck": {
"description": "If set to `true`, subscription verification will be omitted. This flag cannot be used with skipOAuthCheck.",
"type": "boolean",
"default": false
},
"credentials": {
"description": "Basic Auth credentials",
"type": "object",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "Basic auth username",
"pattern": "{8,33}",
"type": "string"
},
"password": {
"description": "Basic auth password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
}
}
}
}
}
Example:
{
"name": "superorderservice",
"sourceUrl": "http://orderService.test.cf.hybris.com",
"sourceUrls": [
{
"region": "us",
"sourceUrl": "http://order-service.us-east.stage.internal.yaas.io"
},
{
"region": "eu",
"sourceUrl": "http://order-service.internal.yaas.io"
}
],
"description": "This is a order service description",
"scopes": [
{
"name": "hybris.product_manage",
"description": "With that scope service will allow to manage orders."
}
],
"documentationUrl": "http://documentation.some-domain.com",
"serviceState": "DRAFT",
"quotas": [
{
"path": "/cars",
"methods": [
"POST",
"PUT"
],
"metricKey": "metric-1"
},
{
"path": "/bikes",
"methods": [
"GET"
],
"metricKey": "metric-2"
}
],
"authorizationRules": [
{
"path": "/notsecured/",
"methods": [
"GET"
],
"skipOAuthCheck": true
},
{
"path": "/noscopes/",
"methods": [
"GET"
]
},
{
"path": "/tenant-restricted/*",
"methods": [
"GET",
"POST"
],
"tenants": [
"tenant1",
"tenant2"
],
"scopes": [
"hybris.product_manage"
]
},
{
"path": "/anyscope/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": false
},
{
"path": "/allscopes/*",
"methods": [
"GET",
"POST"
],
"scopes": [
"hybris.product_manage",
"hybris.product_view"
],
"checkAllScopes": true
}
],
"type": "tax",
"secured": true
}
HTTP status code 200
The request has succeeded and service is updated.
Body
Type: application/json
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no service with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
delete /projects/{projectID}/services/{serviceID}
Deletes service with the given identifier.
Security / Access Control:
To access this method, access token must be issued for the requested project and have hybris.api_manage scope. Requested project must be the owner of requested service.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
The request has succeeded and service is deleted.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
HTTP status code 404
There is no service with the given identifier.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 404,
"type": "element_non_existing",
"message": "Object with requested ID does not exists.",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
/projects/{projectID}/services/{serviceID}/credentials
This endpoint allows you to set or delete pairs of credentials used by the proxy to call the service with Basic Authentication.
put
Sets credentials for the service for ALL regions. The proxy will use these credentials to perform HTTP Basic Authentication when calling the service. Warning: Following best security practices you should always set different credentials for each region!
To set the credentials the service sourceUrl MUST be defined with the secure protocol (https)!
Username complexity rules: length between 8 and 33 characters (inclusive).
Password complexity rules: at least one lowercase letter, at least one capital letter, at least one digit, length between 8 and 33 characters (inclusive).
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
delete
Deletes service credentials for ALL regions. You can't replace the service's sourceUrl with an insecure (http) protocol URI while there are credentials defined for the service.
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
put /projects/{projectID}/services/{serviceID}/credentials
Sets credentials for the service for ALL regions. The proxy will use these credentials to perform HTTP Basic Authentication when calling the service. Warning: Following best security practices you should always set different credentials for each region!
To set the credentials the service sourceUrl MUST be defined with the secure protocol (https)!
Username complexity rules: length between 8 and 33 characters (inclusive).
Password complexity rules: at least one lowercase letter, at least one capital letter, at least one digit, length between 8 and 33 characters (inclusive).
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Credentials",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "username",
"type": "string",
"pattern": "{8,33}"
},
"password": {
"description": "password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
Example:
{
"username": "username_8_to_33_characters",
"password": "password123ABC"
}
HTTP status code 200
Operation was successful.
HTTP status code 400
Validation error
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 400,
"message": "Wrong definition: service is configured with authentication credentials but sourceUrl uses insecure protocol (https required)",
"type": "validation_violation"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
delete /projects/{projectID}/services/{serviceID}/credentials
Deletes service credentials for ALL regions. You can't replace the service's sourceUrl with an insecure (http) protocol URI while there are credentials defined for the service.
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
Operation was successful.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
/projects/{projectID}/services/{serviceID}/credentials/{region}
This endpoint allows you to set or delete pairs of credentials used by the proxy to call the service with Basic Authentication.
put
Sets credentials for the service. The proxy will use these credentials to perform HTTP Basic Authentication when calling the service. Currently, the accepted regions are : us and eu
Warning: Following best security practices you should always set different credentials for each region!
To set the credentials the service sourceUrl MUST be defined with the secure protocol (https)!
Username complexity rules: length between 8 and 33 characters (inclusive).
Password complexity rules: at least one lowercase letter, at least one capital letter, at least one digit, length between 8 and 33 characters (inclusive).
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
delete
Deletes service credentials. You can't replace the service's sourceUrl with an insecure (http) protocol URI when there are credentials defined for the service.
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
put /projects/{projectID}/services/{serviceID}/credentials/{region}
Sets credentials for the service. The proxy will use these credentials to perform HTTP Basic Authentication when calling the service. Currently, the accepted regions are : us and eu
Warning: Following best security practices you should always set different credentials for each region!
To set the credentials the service sourceUrl MUST be defined with the secure protocol (https)!
Username complexity rules: length between 8 and 33 characters (inclusive).
Password complexity rules: at least one lowercase letter, at least one capital letter, at least one digit, length between 8 and 33 characters (inclusive).
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
- region: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema",
"type": "object",
"title": "Credentials",
"required": [
"username",
"password"
],
"properties": {
"username": {
"description": "username",
"type": "string",
"pattern": "{8,33}"
},
"password": {
"description": "password",
"type": "string",
"pattern": "(?=[^a-z]*[a-z])(?=[^A-Z]*[A-Z])(?=[^0-9]*[0-9])[^\n\r\t]{8,33}"
}
}
}
Example:
{
"username": "username_8_to_33_characters",
"password": "password123ABC"
}
HTTP status code 200
Operation was successful.
HTTP status code 400
Validation error
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 400,
"message": "Wrong definition: service is configured with authentication credentials but sourceUrl uses insecure protocol (https required)",
"type": "validation_violation"
}
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
delete /projects/{projectID}/services/{serviceID}/credentials/{region}
Deletes service credentials. You can't replace the service's sourceUrl with an insecure (http) protocol URI when there are credentials defined for the service.
Security / Access Control:
To access this method, access token must be issued for the project and have hybris.api_manage scope to manage this resource.
URI Parameters
- projectID: required (string)
Identifier of parent project
Example:
exampleproject
- serviceID: required (string)
Identifier of service (human readable).
Example:
exampleservice
- region: required (string)
Headers
- Authorization: required (string)
Used to send a valid OAuth2 access token.
Example:
Bearer access_token
HTTP status code 204
Operation was successful.
HTTP status code 401
Given request is unauthorized. Bad or expired token. Reauthenticate the user. Any details will be provided within the response payload.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}
Example:
{
"status": 401,
"message": "Authorization: Unauthorized. Bearer TOKEN is invalid",
"type": "insufficient_credentials",
"moreInfo": "https://api.yaas.io/patterns/errortypes.html"
}
HTTP status code 403
Evaluated request scopes in access token are not sufficient and do not match required scopes.
Body
Type: application/json
Schema:
{
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "error",
"description": "Schema for API specified errors.",
"type": "object",
"properties": {
"status": {
"type": "integer",
"description": "original HTTP error code, should be consistent with the response HTTP code",
"minimum": 100,
"maximum": 599
},
"type": {
"type": "string",
"description": "classification of the error type, lower case with underscore eg validation_failure",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support"
},
"details": {
"type": "array",
"description": "list of problems causing this error",
"items": {
"$schema": "http://json-schema.org/draft-04/schema#",
"title": "errorDetail",
"description": "schema for specific error cause",
"type": "object",
"properties": {
"field": {
"type": "string",
"description": "a bean notation expression specifying the element in request data causing the error, eg product.variants[3].name, this can be empty if violation was not field specific"
},
"type": {
"type": "string",
"description": "classification of the error detail type, lower case with underscore eg missing_value, this value must be always interpreted in context of the general error type.",
"pattern": "[a-z]+[a-z_]*[a-z]+"
},
"message": {
"type": "string",
"description": "descriptive error detail message for debugging"
},
"moreInfo": {
"type": "string",
"format": "uri",
"description": "link to documentation to investigate further and finding support for error detail"
}
},
"required": [
"type"
]
}
}
},
"required": [
"status",
"type"
]
}Example:
{
"status": 403,
"message": "Given request does not have required scopes in access token. It is not authorized to perform this operation.",
"type": "insufficient_permissions"
}
Events
For more information about events, see the PubSub service documentation.
The topic owner client is: core.api
| Type | Description | Schema | Payload Example |
|---|---|---|---|
| clientCreated | The client has been created. | clientCreated_v1_3 | |
| clientUpdated | The client has been updated. | clientUpdated_v1_1 | |
| clientRemoved | The client has been removed. | clientRemoved_v1_1 | |
| serviceCreated | The service has been created. | serviceCreated_v1 | |
| serviceUpdated | The service has been updated. | serviceUpdated_v1 | |
| serviceRemoved | The service has been removed. | serviceRemoved_v1 | |
Each event includes the schema key in its metadata section. This allows you to identify the version of the payload that the event contains.
Scopes in API Management Service
The API Management service is protected with these Scopes:
- hybris.api_manage - Use this scope to manage services and clients data.
- hybris.api_view - Use this scope to view services and clients data.
If the respective values are not passed in the access token, the service returns an error 403 status code for the given request. For more information, see the API Management service API Reference, and the Request Headers.
Clients
A Client in YaaS is defined by the OAuth 2.0 Authorization Framework. Clients ask for the access to the protected resources, get the tokens, and use them to interact with YaaS APIs:
graph LR
B{client}--> |1. requests access token| A[Authorization service]
A[Authorization service]-->|2. grants access token| B{client}
B-->|3. accesses protected resources| C[YaaS APIs]
When you register your client in the Builder, the unique values of the Client ID and Client Secret are automatically assigned. Each time the client requests access to the protected resources, it needs to authenticate with these values. If the resource owner grants the relevant permissions, the authorization service sends the response with the access token. Otherwise, it returns an informative error code.
Use these parameters attached to the client in requests for access tokens:
- Client ID and Client Secret to authorize a service with the Client Credentials Grant
- Client ID, Client Secret, and redirect_uri to authorize a Single Page Application with the Implicit Grant. Note that the redirect URI in your client's settings must match the value of the
redirect_uriparameter that you pass in the authorization request.
Set Up a Project and Create a Client if you have not previously done so. Your Client ID and Client Secret are now available. In the Builder, go to Projects > {Your project} > Clients > {Your client} > Client Authorization. Use them in the requests for access tokens. In this scenario, the further interactions with YaaS services are limited to the context of the parent project (tenant). You cannot view or manage any secured data outside this tenant. For example, if your access token is issued in the scope of hybris.tenant=myshop1, you cannot modify products in the project myshop2.
Play around with various services and get more confident with the YaaS environment. As your experience grows, create your own service. Find out how in the Wishlist Tutorial section of the Getting Started. You need to link a client to your service and allow it to interact within YaaS environment. If you protect your service with scopes, attach them to your client. In the Builder, go to Projects > {Your project} > Clients > {Your client} > Required scopes > Manage required scopes, select them from My project scopes and Save your changes. This allows you to include the scopes in requests for access tokens.
Take full advantage of the platform and include your service in a package. Use the authorization data of the client linked with this service to acquire access tokens on behalf of the tenants that subscribe to the package. Send the relevant hybris.tenant=$tenant scope in your request to the OAuth2 service. In this scenario, your service can interact with YaaS APIs in the context of the subscribed tenant.
Example
The project named deer subscribes to a package that includes a service created by developers from the project horse. When the service requests an access token with the hybris.tenant=deer scope, it will receive it:
sequenceDiagram
"horse" (tenant A)->>Service A: develops
Service A->>Package A: is included in
"deer" (tenant B)->>Package A:subscribes to
Service A->>Authorization Server: requests access token with the scope="hybris.tenant=deer"
Authorization Server->>Service A: Access Token
Service A->>Service Q: interacts in the context of Project "deer", for example reads orders
Note that within a project you have access to your own services without package subscriptions.
For more information, see the Key Concepts in YaaS and Scopes and Subscriptions.
Service Blocking Rules
Blocking rules, or quotas, play an essential role in the availability and management of a service. They allow you to control the resources that you offer to your customers.
The service owner defines the quotas in the definition of the service. Together with the data gathered during the analysis of metrics processed by the YaaS components, they are translated into specific rules. The API Proxy verifies these rules, and the calls are blocked once the relevant quota is reached. For more information, see the API Proxy FAQs.
As a developer, you need to make sure that your service logs the custom values that are used for blocking rules. For example, if your service allows the users to add products, and you limit the number of products per tenant (project), you must be able to store the current number of products in your logs.
Example
Define the quotas in the Builder:- Go to: Projects > {My Project} > Services > {My Service} > Blocking Rules. Select the + Blocking rule. This screen displays:
- Provide these parameters:
- Metric key - This field is required and specifies the key of the metric used to limit the quota, such as
max-storage-mb-metric. The maximum length is 128 characters. This needs to be consistent with the metric key defined for the package that includes your service. - Methods – This field is required and specifies the standard HTTP methods to be secured, such as PUT and POST. Use the
*wildcard to secure all methods. - Path – This field is required and specifies the secured path to your resource. Use path expressions and the
*wildcard. For example, /data/* secures everything below the /data path.
- Metric key - This field is required and specifies the key of the metric used to limit the quota, such as
- Save your changes.
PUT and POST method. The subsequent calls are blocked.Note that the created blocking rules must be in line with the billing plan of the package that includes your service.
Currently, the publishing of packages is restricted. For more information, see the YaaS Market.
Register Your Service in YaaS Personal Data Registry
If your service handles personal data, you must register it in the central YaaS personal data registry. You can register each of the regions in which you deployed your service independently.
To register your service in the YaaS personal data registry, send a PUT request to the /projects/{projectID}/services/{serviceID} endpoint of the API Management service. Provide the regions in which the service handles personal data as the value of the personalData body parameter.
This is a sample request to the /projects/{projectID}/services/{serviceID} endpoint of the API Management service that updates the service's description and indicates that it handles the users' personal data in the EU and the US regions. Line breaks are added for better readability.
curl -X PUT "<a href="http://api.eu.yaas.io/hybris/api-management/v1/projects/myproject/services/amazingservice">http://api.eu.yaas.io/hybris/api-management/v1/projects/myproject/services/amazingservice</a>" \
-H 'Authorization: Bearer ACCESS_TOKEN_HERE \
-H 'Content-Type: application/json' \
-d '{"description":"This is a new description of my amazing service","personalData":["EU", "US"]}'
The request must include an access token issued for the project that is the owner of the service. The token must have the hybris.api_manage scope.
If your service handles personal data, you must make sure it can respond to the events published by the Transparency service.
Multiple Credentials of Clients
Client credentials are bound with a client in your project and can be linked to multiple services. This is manageable in the Builder. Compromising the credentials causes serious security threat. The API Management service provides a clean process for replacing credentials with no downtime period. You can easily generate a new pair of the authorization data and change them in your service. Deploy the secure version and remove the compromised credentials. This can be managed in the Builder, go to: Projects > {Your project} > Services > {Your service} > Client > {Your Client} > Client Authorization. Optionally, follow the steps in this tutorial.
Use this functionality in your credentials rotation policy.
Your client must have at least one pair of credentials. The maximum number is two pairs per client.
Introduction to Tutorials
Tutorials are designed in a way that you can check the API Console and interactively learn the API. Follow the interactive tutorial and see the real-life responses from the API Management service.
Add a Client
In this tutorial, use credentials provided in the Quick Setup section to get an access token, and add a client in a project.
If you use the credentials of a client from your existing project, make sure the hybris.api_manage scope is included in its required scopes.
1. Get all your variables in one place
These are the variables used in the tutorial:
clientId = {{clientId}};
clientSecret = {{clientSecret}};
tenant = {{projectId}};
scopesRequired = 'hybris.api_manage';
The scope hybris.api_manage allows you to perform GET and POST requests in the API Management service. The parameter tenant reflects the parent project of the client.
2. Get an access token from the OAuth2 service
Create an API client for the OAuth2 service:
API.createClient('oAuth2Service',
'/services/oauth2/v1/api.raml');
Now retrieve the access token:
AccessToken = oAuth2Service.token.post({
'client_id' : clientId,
'client_secret': clientSecret,
'grant_type' : 'client_credentials',
'token_type': 'Bearer',
'scope': scopesRequired
});
When the access token is successfully issued, the service returns a 200 status code. Expand the response body and verify if the scope includes hybris.api_manage. For more information about authorization grants, see the OAuth2 API Docs.
Make the calls simpler and the code cleaner by assigning the access token to a variable:
access_token = AccessToken.body.access_token;
3. Add a client
Create an API client for the API Management service:
API.createClient('apimanagenentService',
'/services/apimanagement/v1/api.raml');
Create a body object and send the request:
app_obj = apimanagenentService.projects.projectID(tenant).clients.post(
{
"name": "sample-tutorial-app",
"appType": "SINGLE_TENANT_APP"
}, {
headers: {
'Authorization': 'Bearer ' + access_token,
'Content-type' : 'application/json'
}
}
)
When the client is successfully added to your project, the service returns a 201 status code. Expand the response body to reveal the client ID and link. The ID is created with the following naming convention: <project_identifier>.<client_name>.
For more information about error codes, see the API Reference.
Manage Multiple Credentials for a Client
In this tutorial you will add new credentials to your client and later remove a selected pair. Go to the Builder and retrieve:
- the Project ID (Identifier): Projects > {My project} > Administration
- the Client ID (Identifier): Projects > {My project} > Clients > {My client}.
Add credentials to your client
Request
To add credentials to your client you need:
- Method: POST
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/clients/{clientID}/credentials - Headers:
- Authorization: This sends a valid OAuth2 access token.
- URL Parameters:
- {projectID} - This is the identifier of the current project.
- {clientID} - This is the identifier of the current client.
Example
The following is an example of how to add credentials to a client:
curl -i -X POST -H "Authorization: Bearer 9o79bcea-1ac0-4752-55ae-pl59e8d09a25" https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/clients/photoworks.myclient/credentials
Response
The successful response returns a 201 Created status code.
Retrieve your Client Authorization data
Request
To retrieve the authorization data you need:
- Method: GET
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/clients/{clientID}/credentials - Headers:
- Authorization: This sends a valid OAuth2 access token.
- URL Parameters:
- {projectID} - This is the identifier of the current project.
- {clientID} - This is the identifier of the current client.
Example
The following is an example of how to retrieve the client authorization data:
curl -i -H "Authorization: Bearer 9o79bcea-1ac0-4752-55ae-pl59e8d09a25" https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/clients/photoworks.myclient/credentials
Response
The successful response returns a 200 status code and information about credentials pairs:
[{"clientId":"JdkJCHNYpqYnmkrJY0L2EPbhHOJuhsjD","clientSecret":"NrkD9zkgHPrHDL09"},
{"clientId":"eylvGxBuHhZHmuKLfR2oHumSiK0PoAVM","clientSecret":"Gd61BgdUSv4GVUXa"}]
Delete your Client Authorization data
Request
To delete the authorization data you need:
- Method: DELETE
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/clients/{clientID}/credentials/{clientId} - Headers:
- Authorization: This sends a valid OAuth2 access token.
- URL Parameters:
- {projectID} - This is the identifier of the current project.
- {clientID} - This is the identifier of the current client.
- {clientId} - This is the clientId of the specified client that you want to remove.
The parameters clientID and clientId are case-sensitive. They refer to two separate identifiers.
Example
The following is an example of how to delete the client authorization data:
curl -i -X DELETE -H "Authorization: Bearer 9o79bcea-1ac0-4752-55ae-pl59e8d09a25" https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/clients/photoworks.myclient/credentials/JdkJCHNYpqYnmkrJY0L2EPbhHOJuhsjD
Response
The successful response returns a 204 No content status code.
When you run the request for retrieving the authorization data again, the response includes only one credentials pair, such as in the example:
[{"clientId":"eylvGxBuHhZHmuKLfR2oHumSiK0PoAVM",
"clientSecret":"Gd61BgdUSv4GVUXa"}]
For more information about error codes, see the API Reference.
Manage Basic Authentication Credentials
In this tutorial, you add Basic Authentication Credentials for your service that is deployed in two regions: eu and us. For more information about last mile security, see the Secure a Service document.
Follow the security best practices by always setting different credentials for each region!
To use this tutorial, you need the service's parent Project ID (Identifier) from the Builder: Projects > {My project} > Administration.
The parameter serviceID cannot be retrieved from the Builder. You need to call the API Management directly and list the services in your project to obtain it.
Request
To list the services in your project you need the following:
- Method: GET
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/services - Headers:
- Authorization - This includes a valid OAuth2 access token.
To access this method, the access token must be issued for the requested project and have the scope hybris.api_view or hybris.api_manage.
- Authorization - This includes a valid OAuth2 access token.
- URL Parameters:
- {projectID} - This is the identifier of the project.
Example
The following is an example of how to list the services in your project:
curl -i -X GET -H "Authorization: Bearer 022-389496c2-e444-4046-b3e7-88f2dd36ee6e" https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/services
Response
The successful response returns a 200 OK status code. An example JSON content including the services of the requested project looks similar to the following:
[
{
"id": "7ou0jn3p92an",
"projectId": "photoworks",
"name": "tutorial",
"publishedAt": "2015-08-13T09:00:03.562+0000",
"sourceUrl": "https://sourceurl.us.com",
"sourceUrls": [
{
"region": "us",
"sourceUrl": "https://sourceurl.us.com"
},
{
"region": "eu",
"sourceUrl": "https://sourceurl.eu.com"
}
],
"description": "My service description",
"proxyUrl": "https://api.eu.yaas.io/hybris/tutorial/v1",
"proxyUrls": [
{
"region": "us",
"urls": [
"https://api.eu.yaas.io/hybris/tutorial/v1",
"https://api.beta.yaas.io/hybris/tutorial/v1"
]
},
...
"regions": [
{
"region": "us",
"secured": false
},
{
"region": "eu",
"secured": false
}
],
...
]
The examples is this tutorial use the service with an id=7ou0jn3p92an parameter.
regions
The API Management service allows you to set the HTTP Basic Authentication credentials for both regions at the same time.
Request
To set the credentials you need the following:
- Method: PUT
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/services/{serviceID}/credentials - Headers:
- Authorization - This includes a valid OAuth2 access token.
To access this method, the access token must be issued for the requested project and have the scope hybris.api_manage.
- Authorization - This includes a valid OAuth2 access token.
- URL Parameters:
- {projectID} - This is the identifier of the current project.
- {serviceID} - This is the
idof the service.
Use the parameter
id obtained in the previous request.Example
The following is an example of how to set the Basic Authentication credentials for the service with the id=7ou0jn3p92an for all regions:
curl -i -X PUT -H "Authorization: Bearer 022-389496c2-e444-4046-b3e7-88f2dd36ee6e" -H "Content-Type: application/json" -d '{"username": "username123ABC", "password": "password123ABC"}' "https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/services/7ou0jn3p92an/credentials"
Response
The successful response returns a 200 OK status code.
To improve the security of your services set different Basic Authentication credentials for each region.
Request
To set the credentials for a specified region you need the following:
- Method: PUT
- Request URL:
http://api.eu.yaas.io/hybris/api-management/v1/projects/{projectID}/services/{serviceID}/credentials/{region}
Currently, the accepted values for the parameterregionare eu, or us. - Headers:
- Authorization - This includes a valid OAuth2 access token. To access this method, the access token must be issued for the requested project and have the scope hybris.api_manage.
- URL Parameters:
- {projectID} - This is the identifier of the current project.
- {serviceID} - This is the
idof the service.
Example
The following example sets specific Basic Authentication credentials for the service with the id=7ou0jn3p92an for the eu region:
curl -i -X PUT -H "Authorization: Bearer 022-389496c2-e444-4046-b3e7-88f2dd36ee6e" -H "Content-Type: application/json" -d '{"username": "username456DEF", "password": "password456DEF"}' "https://api.eu.yaas.io/hybris/api-management/v1/projects/photoworks/services/7ou0jn3p92an/credentials/eu"
Response
The successful response returns a 200 OK status code.
When you list your services again, the value for the field secured is true:
...
"regions": [
{
"region": "us",
"secured": true
},
{
"region": "eu",
"secured": true
}
],
...
Store the Basic Authorization credentials in a safe place. There is no way to retrieve them from the service details.
For more information about error codes, see the API Reference.
Glossary
| Term | Description |
|---|---|
| client | An OAuth2 client as defined in the OAuth 2.0 Authorization Framework. It is created within a project and can interact with services in YaaS. |
| project | Company"s planned piece of work. It is required for registering clients and managing their credentials, and package subscriptions. It includes Staff members who have different User roles assigned. |
| service | Software running as a part of a hosted application on a server. |
| scopes | The access rights to resources and operations in the service, such as hybris.product_manage, which enables you to create and modify products. |
| subscription | A contract granting a user the right to use the API of the subrscribed service in a project. |
If you find any information that is unclear or incorrect, please let us know so that we can improve the Dev Portal content.
Use our private help channel. Receive updates over email and contact our specialists directly.
If you need more information about this topic, visit hybris Experts to post your own question and interact with our community and experts.