Skip to content
This repository has been archived by the owner on Dec 5, 2023. It is now read-only.

Terms and Conditions API

Alvaro Villanueva edited this page Nov 14, 2022 · 6 revisions

The following Wiki page serves as an Integration Guide for Client Applications willing to utilize the policy protection platform for the policy decision point. In particular the usage of Terms and Conditions as an optional security feature.

Concepts and Approach

As a Resource Owner there is a need to apply Terms & Conditions to resources that must be accepted before a user is granted access. This will allow services to provide their own terms and conditions for the application usage.

T&C Endpoint

In order to interact with policy operations for the PDP, it is mandatory to pass an Authenticated user to it by giving an ID_TOKEN. The endponint will receive any REST request in order to insert, delete, update and fetch policies and some mandatory parameters such as:

Terms Endpoint /terms/

Policies Endpoint (GET): /terms/

  • Parameters:
  • headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
  • Response:
  • 200: lists all T&C stored in the database
  • Example:
curl -XGET https://<HOSTNAME>/terms/ -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'

Terms Endpoint (POST): /terms/

  • Parameters:
  • payload: JSON format with T&C
  • headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
  • Response:
  • 200: JSON format with terms data
  • 401: Unauthorized
  • 404: Not found
  • Example:
curl -k -v -XPOST 'http://<DOMAIN>/terms/' -H 'Content-Type: application/json, Authorization: Bearer <OAuth access_token or JWT id_token>' -d '{"terms_id": "<some-id-for-this-term-and-condition>","terms_description": "<some-term-and-condition-description>"}'

Terms Endpoint /terms/<term_id>

Terms Endpoint (GET): /terms/<term_id>

  • Parameters:
  • headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
  • Response:
  • 200: JSON format of the policy asked
  • 404: Term not found
  • Example:

Get by term id:

curl -k -v -XGET 'http://<DOMAIN>/terms/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'

Terms Endpoint (PUT): /terms/<term_id>

The term specified will be updated with the content within the payload

  • Parameters:
  • payload: JSON format with policy content
  • headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
  • Response:
  • 200: JSON format with terms data
  • 401: Unauthorized
  • 404: Not found
  • Example:
curl -k -v -XPOST 'http://<DOMAIN>/terms/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <OAuth access_token or JWT id_token>' -d '{"terms_id": "<some-id-for-this-term-and-condition>","terms_description": "<some-term-and-condition-description>"}'

Terms Endpoint (DELETE): /terms/<term_id>

  • Parameters:
  • headers: The response will be a json format so the Content-Type must be set to application/json and the Authorization must include an ID_TOKEN from the user
  • Response:
  • 200: Term deleted
  • 401: Unauthorized
  • 404: Not found
  • Example:
curl -k -v -XDELETE 'http://<DOMAIN>/terms/5f32f236ea1bacfddd396e97' -H 'Content-Type: application/json, Authorization: Bearer <ID_TOKEN>'

⏭️ Next step: Policy Checks