diff --git a/CHANGELOG.md b/CHANGELOG.md index bb50700..533fb60 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## 1.7.0 - 2024/09/09 + +- (Plateform) New Open API file for APNF MAN Platform - Platform API Reference +- (GCO) (Certificates) Add `INVALIDATION` status to be used during CA compromission +- (GCO) (Certificates) New API method - GET /certificates/export +- (GCO) (Providers) Cleanup provider unused examples and schemas +- (GCO) (Providers) Remove users and history API methods as available as part of the **MAN Platform API Reference** document. + + ## 1.6.0 - 2023/12/13 - (BPCO) (Description) Fix spelling error in 'Rate limiting' diff --git a/README.md b/README.md index 23a50ab..2056d10 100644 --- a/README.md +++ b/README.md @@ -15,6 +15,15 @@ If you are a service provider operating in France, you need to be registered as If you are not yet a member, please contact the APNF. +## MAN Platform API +> [apnf-man-platform-openapi.yaml](apnf-man-platform-openapi.yaml) / (View in [Swagger Editor](https://editor.swagger.io/?url=https://raw.githubusercontent.com/apnf/man-openapi/main/apnf-man-platform-openapi.yaml)) + +MAN platform APIs to create and manage users, credentials, STI certificates and +all other objects that service providers can handle on the MAN platform. + +More information is available in the OpenAPI file itself. + + ## Authentication API > [apnf-man-platform-openapi-auth.yaml](apnf-man-platform-openapi-auth.yaml) / (View in [Swagger Editor](https://editor.swagger.io/?url=https://raw.githubusercontent.com/apnf/man-openapi/main/apnf-man-platform-openapi-auth.yaml)) @@ -26,10 +35,11 @@ More information is available in the OpenAPI file itself. ## GCO API > [apnf-man-platform-openapi-gco.yaml](apnf-man-platform-openapi-gco.yaml) / (View in [Swagger Editor](https://editor.swagger.io/?url=https://raw.githubusercontent.com/apnf/man-openapi/main/apnf-man-platform-openapi-gco.yaml)) -This API reference explains how to get access to all MAN platform functionalities, especially the creation and management of STI certificates to be used by service providers for signing their SIP telephone calls per the STIR SHAKEN protocol. +This API reference explains how to get access to MAN platform functionalities related to the creation and management of STI certificates to be used by service providers for signing their SIP telephone calls per the STIR SHAKEN protocol. -More information is available in the OpenAPI file itself. +This API is a subset of the [MAN Platform API](apnf-man-platform-openapi.yaml) +More information is available in the OpenAPI file itself. ## BPCO API > [apnf-man-platform-openapi-bpco.yaml](apnf-man-platform-openapi-bpco.yaml) / (View in [Swagger Editor](https://editor.swagger.io/?url=https://raw.githubusercontent.com/apnf/man-openapi/main/apnf-man-platform-openapi-bpco.yaml)) diff --git a/apnf-man-platform-openapi-auth.yaml b/apnf-man-platform-openapi-auth.yaml index 26fd5dd..86c8e3e 100644 --- a/apnf-man-platform-openapi-auth.yaml +++ b/apnf-man-platform-openapi-auth.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: APNF MAN Platform - API Authentication Reference - version: 1.6.0 + version: 1.7.0 license: name: CC-BY-SA-4.0 url: https://creativecommons.org/licenses/by-sa/4.0/legalcode @@ -44,6 +44,10 @@ info: - **MAN Platform BPCO API Reference**, listing APIs published as part of the BPCO (Base Publique des Certificats Opérateurs), the MAN platform public access service used to access STI certificates. # History + **1.7.0** - 2024/09/09 + - Reorder alphabetically components + + **1.6.0** - N/A **1.5.0** - 2023/09/27 - Clarify access token lifetime diff --git a/apnf-man-platform-openapi-bpco.yaml b/apnf-man-platform-openapi-bpco.yaml index e0a8bdc..d25c787 100644 --- a/apnf-man-platform-openapi-bpco.yaml +++ b/apnf-man-platform-openapi-bpco.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: APNF MAN Platform - BPCO API Reference - version: 1.6.0 + version: 1.7.0 license: name: CC-BY-SA-4.0 url: https://creativecommons.org/licenses/by-sa/4.0/legalcode @@ -69,6 +69,8 @@ info: - **MAN Platform Authentication API Reference**, providing the APIs to create access tokens require to authenticate against the APIs listed in this document. # History + **1.7.0** - 2024/09/09 + - Reorder alphabetically components **1.6.0** - 2023/12/13 - (Description) Fix spelling error in 'Rate limiting' @@ -677,22 +679,84 @@ paths: '503': $ref: '#/components/responses/ServiceUnavailable' components: + headers: + Content-Length: + description: Size in bytes of the response body. + schema: + type: integer + example: 80 + Content-Length-0: + description: Size in bytes of the response body. Always set to 0. + schema: + type: integer + minimum: 0 + maximum: 0 + default: 0 + example: 0 + Content-Type-Jose-Json: + description: Content-Type header set as "application/jose+json". + schema: + type: string + example: application/jose+json + Content-Type-Pkix-Crl: + description: Content-Type header set as "application/pkix-crl". + schema: + type: string + example: application/pkix-crl + Content-Type-TextPlain: + description: Content-Type header set as "text/plain". + schema: + type: string + example: text/plain + X-Correlation-Id: + description: ID generated by the API gateway. + schema: + $ref: '#/components/schemas/UUID' + example: f13371a6-40d7-48cf-a221-794b63fddbd9 + X-Response-Id: + description: Response ID that corresponds to the `X-Request-Id` request header, if provided. + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 + parameters: + CertificateSerialNumber: + name: sn + in: path + description: Certificate serial number + required: true + schema: + type: string + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + If-Modified-Since: + name: If-Modified-Since + in: header + description: Date in HTTP-Date format (RFC 7231). + required: false + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Request-Id: + name: X-Request-Id + in: header + description: Request ID that will be returned into the `X-Response-Id` response header. + required: false + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 responses: - ErrorValidation: - description: Returned when the request input validation failed. - content: - application/json: - schema: - $ref: '#/components/schemas/ErrorResponse' + ErrorInternal: + description: Returned when an unexpected error occurred while processing the request. headers: Content-Length: - $ref: '#/components/headers/Content-Length' + $ref: '#/components/headers/Content-Length-0' + Content-Type: + $ref: '#/components/headers/Content-Type-TextPlain' X-Correlation-Id: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - ErrorNotFound: - description: Returned when the object referenced by the API request does not exist. + ErrorInvalidAcceptHeader: + description: Returned when the client specifies a type in `Accept` HTTP header not supported. headers: Content-Length: $ref: '#/components/headers/Content-Length-0' @@ -713,8 +777,8 @@ components: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - ErrorInvalidAcceptHeader: - description: Returned when the client specifies a type in `Accept` HTTP header not supported. + ErrorNotFound: + description: Returned when the object referenced by the API request does not exist. headers: Content-Length: $ref: '#/components/headers/Content-Length-0' @@ -735,13 +799,15 @@ components: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - ErrorInternal: - description: Returned when an unexpected error occurred while processing the request. + ErrorValidation: + description: Returned when the request input validation failed. + content: + application/json: + schema: + $ref: '#/components/schemas/ErrorResponse' headers: Content-Length: - $ref: '#/components/headers/Content-Length-0' - Content-Type: - $ref: '#/components/headers/Content-Type-TextPlain' + $ref: '#/components/headers/Content-Length' X-Correlation-Id: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: @@ -767,77 +833,13 @@ components: - error example: error: The request failed. - UUID: - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 RFC7231.HTTP-date: type: string description: Date format as defined in RFC7231, section 7.1.1.1. pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT)$ example: Mon, 17 Jan 2022 10:12:25 GMT - parameters: - CertificateSerialNumber: - name: sn - in: path - description: Certificate serial number - required: true - schema: - type: string - pattern: ^([0-9A-Fa-f]{2,40})$ - example: 57ABB34BCA510043BDE438460F13B27E6A82C004 - If-Modified-Since: - name: If-Modified-Since - in: header - description: Date in HTTP-Date format (RFC 7231). - required: false - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - X-Request-Id: - name: X-Request-Id - in: header - description: Request ID that will be returned into the `X-Response-Id` response header. - required: false - schema: - $ref: '#/components/schemas/UUID' - example: 68831c50-2953-4047-9935-81a98ac1e1e1 - headers: - Content-Type-Jose-Json: - description: Content-Type header set as "application/jose+json". - schema: - type: string - example: application/jose+json - Content-Type-Pkix-Crl: - description: Content-Type header set as "application/pkix-crl". - schema: - type: string - example: application/pkix-crl - Content-Type-TextPlain: - description: Content-Type header set as "text/plain". - schema: - type: string - example: text/plain - Content-Length: - description: Size in bytes of the response body. - schema: - type: integer - example: 80 - Content-Length-0: - description: Size in bytes of the response body. Always set to 0. - schema: - type: integer - minimum: 0 - maximum: 0 - default: 0 - example: 0 - X-Correlation-Id: - description: ID generated by the API gateway. - schema: - $ref: '#/components/schemas/UUID' - example: f13371a6-40d7-48cf-a221-794b63fddbd9 - X-Response-Id: - description: Response ID that corresponds to the `X-Request-Id` request header, if provided. - schema: - $ref: '#/components/schemas/UUID' - example: 68831c50-2953-4047-9935-81a98ac1e1e1 + UUID: + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 diff --git a/apnf-man-platform-openapi-gco.yaml b/apnf-man-platform-openapi-gco.yaml index c7fbaf8..81a3ecc 100644 --- a/apnf-man-platform-openapi-gco.yaml +++ b/apnf-man-platform-openapi-gco.yaml @@ -1,7 +1,7 @@ openapi: 3.0.3 info: title: APNF MAN Platform - GCO API Reference - version: 1.6.0 + version: 1.7.0 license: name: CC-BY-SA-4.0 url: https://creativecommons.org/licenses/by-sa/4.0/legalcode @@ -15,6 +15,9 @@ info: Each provider registered with the APNF may request an access to the MAN platform and therefore these APIs. + Note that these APIs are a subset of APIs published by the platform. You can refer to the *References* + at the end of this section to get a list of all API references published for the MAN platform. + ## Authentication All APIs listed in this document require the API client to be authenticated. @@ -82,11 +85,19 @@ info: # References Additional API references are also available, covering other functionalities: + - **MAN Platform API Reference**, covering all APIs published by the platform, including the GCO API methods presented in this reference. - **MAN Platform Authentication API Reference**, providing the APIs to create access tokens require to authenticate against the APIs listed in this document. - **MAN Platform BPCO API Reference**, listing APIs published as part of the BPCO (Base Publique des Certificats Opérateurs), the MAN platform public access service used to access STI certificates. # History + **1.7.0** - 2024/09/09 + - (Certificates) Add `INVALIDATION` status to be used during CA compromission + - (Certificates) New API method - GET /certificates/export + - (Providers) GET /providers/{provider_id}/bypass_token - Rename response from `records` to `bypass_tokens` + - (Providers) Cleanup provider unused examples and schemas + - (Providers) Remove users and history API methods as available as part of the **MAN Platform API Reference** document. + **1.6.0** - 2023/12/13 - (Certificates) PATCH /certificates/{certificate_id} - Add constraints for expired certificates - (Certificates) POST /certificates/{certificate_id} - Add 409 HTTP status case @@ -174,21 +185,18 @@ tags: While most of these APIs can only be accessed by the MAN platform administrators to create and authorize service providers, these latter have access to a subset for updating their organization settings and reviewing their authorization status & history. - - name: Users - description: | - User creation and management APIs. - - name: API Credentials - description: | - API credentials creation and management APIs. - - API credentials are required in the API authentication process for requesting access tokens. - Refer to the *MAN Platform Authentication API Reference* on how these credentials are used. - name: STI Certificates description: | STI certificates creation and management APIs. These APIs provide to service providers a full control of their STI certificates, with support of functionalities like certificate renewal, revocation and delegation. + - name: History + description: | + Platform activity logs access and search APIs. + + These APIs give service providers a way to have access and review actions performed by their users + within the platform. - name: STI Certificates (Archived) description: | STI certificates access APIs. @@ -206,32 +214,22 @@ tags: These APIs provide access to metadata and download facilities to objects published in the BPCO, like STI certificates and CRLs. - - name: History - description: | - Platform activity logs access and search APIs. - - These APIs give service providers a way to have access and review actions performed by their users - within the platform. paths: - /providers: - parameters: - - $ref: '#/components/parameters/X-Request-Id' /providers/{provider_id}: - parameters: - - $ref: '#/components/parameters/ProviderId' - - $ref: '#/components/parameters/X-Request-Id' get: summary: Return provider details description: | Return a JSON object with provider details. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *MAN_ADMINISTRATOR* and *APNF* users can access any provider. - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can only access details of their provider. operationId: GetProvider tags: - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': description: Return a JSON object with provider details @@ -268,13 +266,15 @@ paths: description: | Update provider properties. Deleted providers cannot be updated. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *APNF* + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - *MAN_ADMINISTRATOR* and *APNF* users can update properties of any provider. - *ADMINISTRATOR* and *MANAGER* users can update properties of their own provider. Only a subset of the provider properties can be updated by these users. operationId: UpdateProvider tags: - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' requestBody: required: true description: | @@ -483,21 +483,20 @@ paths: '503': $ref: '#/components/responses/ServiceUnavailable' /providers/{provider_id}/bypass_token: - parameters: - - $ref: '#/components/parameters/ProviderId' - - $ref: '#/components/parameters/X-Request-Id' get: summary: Retrieve a paginated list of bypass tokens created for the provider. description: | The API applies any sort preferences passed to the API request and returns a paginated list of corresponding results. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* operationId: ListProviderBypassTokens tags: - Providers parameters: + - $ref: '#/components/parameters/ProviderId' - $ref: '#/components/parameters/PaginationLimit' - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': description: Return a list of bypass tokens @@ -508,7 +507,7 @@ paths: properties: metadata: $ref: '#/components/schemas/PaginationMetaData' - records: + bypass_tokens: type: array items: $ref: '#/components/schemas/BypassToken' @@ -519,10 +518,14 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' '401': $ref: '#/components/responses/ErrorNotAuthenticated' '403': $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' '415': @@ -539,9 +542,14 @@ paths: Create a new provider bypass token. The previous token will be archived. **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR*, *MANAGER* can generate bypass token for their own provider. operationId: GenerateProviderBypassToken tags: - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': description: Return a JSON object with a single `id` property containing the bypass token value. @@ -552,59 +560,6 @@ paths: examples: Successful response with bypass token details: $ref: '#/components/examples/BypassTokenCreationResponse' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /providers/{provider_id}/history: - get: - summary: Retrieve activity history on the provider - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on the provider. - Sorting and filtering are not supported for this API. - - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any provider. - - *ADMINISTRATOR* can only access the history of its own provider. - - **Note**: This API is not yet available. - operationId: GetProviderHistory - tags: - - Providers - - History - parameters: - - $ref: '#/components/parameters/ProviderId' - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -622,56 +577,162 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /users: - parameters: - - $ref: '#/components/parameters/X-Request-Id' + /certificates: post: - summary: Create a new user + summary: Initiate the creation of a STI certificate description: | - Create a new user account. + Initiate the creation of a new certificate. Shall always be called by the origin signing service provider. + Two types of certificates can be created, for which the creation process will be different: + * Direct certificates (type = `DIRECT`) are used directly by the origin signing service provider + * Indirect certificates (type = `INDIRECT`) are requested by the origin signing service provider for a technical signing service provider (OPTS). - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *APNF*. + While the creation of direct certificates is fully handled by this API, the process for indirect certificates is composed of 2 stages: + * This API initiates the certificate request + * The OPTS shall then call the `POST /certificates/{certificate_id}` to finalize the creation of the + certificate. - - *MAN_ADMINISTRATOR* users can create *MAN_ADMINISTRATOR*, *APNF* accounts. - - *MAN_ADMINISTRATOR* users can also create *ADMINISTRATOR* accounts for any provider. The first one created will be set as the provider legal administrator. - - *ADMINISTRATOR* users can create *MANAGER* and *SUPERVISOR* accounts associated to their own provider. - - *APNF* users can create *ADMINISTRATOR* accounts for any provider. - operationId: CreateUser + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* can initiate the creation of a new certificate only for its own provider. + operationId: CreateCertificate tags: - - Users + - STI Certificates + parameters: + - $ref: '#/components/parameters/X-Request-Id' requestBody: - description: Data to be set for the new user + description: Certificate details required: true content: application/json: schema: - $ref: '#/components/schemas/UserCreationRequest' + type: object + required: + - name + - type + - valid_from + properties: + name: + type: string + maxLength: 64 + description: Certificate name provided by the origin service provider. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate. + example: Description of the certificate. + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF code assigned to the technical service provider (OPTS). + Required if `type` is `INDIRECT`. + Otherwise shall not be specified. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + csr: + type: string + maxLength: 2048 + description: | + Contents of the CSR file used to create this certificate. Format of the contents is PEM. + Required if `type` is `DIRECT`. + Otherwise shall not be specified. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + test_certificate: + type: boolean + description: Is this a test certificate? + default: false + example: false + valid_from: + type: string + description: | + Certificate validity start date. Date shall be in ISO-8601 format. + + Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: | + Certificate expiration date. Date shall be in ISO-8601 format. + + Required if `type` is `INDIRECT` or if `test_certificate` is set to `true`. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. Cannot be enabled for test certificates. + + If enabled, the application will automatically create a new certificate + using the same CSR and options provided for this certificate. + + See `renewal_after` option for defining when the renewal process shall be triggered. + default: false + example: true + renewal_after: + type: integer + description: | + Number of days to wait after certificate creation (or finalization for an indirect certificate) + for the automated certificate renewal process to be triggered. + + Required if if `renewal_auto` is set to `true`. + Otherwise, shall not be specified. + example: 300 examples: - UserCreationRequestByManAdministrator: - $ref: '#/components/examples/UserCreationRequestByManAdministrator' - ProviderUserCreationRequestByManAdministrator: - $ref: '#/components/examples/ProviderUserCreationRequestByManAdministrator' - ProviderUserCreationRequestByAdministrator: - $ref: '#/components/examples/ProviderUserCreationRequestByAdministrator' + DirectCertificateRequest: + $ref: '#/components/examples/DirectCertificateRequest' + IndirectCertificateRequest: + $ref: '#/components/examples/IndirectCertificateRequest' responses: '201': description: | - Confirms the creation of the account and returns its properties in the response. + Confirms the creation of the new certificate and returns its details in the response. + This applies only to direct certificates. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + headers: + Location: + $ref: '#/components/headers/Location-Certificate' + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '202': + description: | + Confirms the indirect certificate creation request. + This applies only to indirect certificates. content: application/json: schema: - $ref: '#/components/schemas/User' + $ref: '#/components/schemas/PendingIndirectCertificate' examples: - ApnfUserCreationResponse: - $ref: '#/components/examples/ApnfUserCreationResponse' - ProviderUserCreationResponse: - $ref: '#/components/examples/ProviderUserCreationResponse' + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -689,6 +750,30 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the provider has already too many active certificates. + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: Maximum number of active certificates has been reached. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' '415': $ref: '#/components/responses/ErrorInvalidContentType' '429': @@ -703,13 +788,12 @@ paths: The API applies any sort and filter preferences passed to the API request and returns a paginated list of corresponding results. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *SUPERVISOR*, *MANAGER*, *APNF*. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *MAN_ADMINISTRATOR* and *APNF* users can access any user of any provider. - - *ADMINISTRATOR*, *SUPERVISOR* and *MANAGER* users can access any user of their provider. - operationId: SearchUsers + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: SearchCertificates tags: - - Users + - STI Certificates parameters: - name: query in: query @@ -735,24 +819,27 @@ paths: The parameter name is one of the following values: - `id` - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `firstname` - - `lastname` - - `email_address` - - `language` - - `role` + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` - `status` - - `deleted` - - `last_connected_at` + - `renewal_auto` + - `renewal_after` + - `sn` - `created_at` - `updated_at` - - `deleted_at` + - `revoked_at` + - `revoked_reason` schema: type: object additionalProperties: type: string pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ example: - status: ENABLED + provider_id: OPC000 created_at: gte:2022-01-01T00:00:00Z - $ref: '#/components/parameters/PaginationLimit' - $ref: '#/components/parameters/PaginationOffset' @@ -761,23 +848,24 @@ paths: description: | Sort preference using the format `property_name:order`, where: - `property_name` is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `firstname` - - `lastname` - - `email_address` - - `role` - - `status` - - `last_connected_at` - - `created_at` - - `updated_at` - - `deleted_at` - + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `status` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` + - `revoked_reason` - `order` may be set to `asc` or `desc`. schema: type: string - pattern: ^(id|provider_id|(first|last)name|email_address|mobile_phone|language|role|status|deleted|last_connected_at|(crea|upda|dele)ted_(at|by)):(([Aa]|[Dd][Ee])[Ss][Cc])$ - example: firstname:asc + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: name:asc + - $ref: '#/components/parameters/X-Request-Id' responses: '200': description: Return a paginated list of records @@ -795,10 +883,10 @@ paths: properties: metadata: $ref: '#/components/schemas/PaginationMetaData' - users: + certificates: type: array items: - $ref: '#/components/schemas/UserSummaryView' + $ref: '#/components/schemas/CertificateSummaryView' '400': $ref: '#/components/responses/ErrorValidation' '401': @@ -815,33 +903,35 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /users/{user_id}: - parameters: - - $ref: '#/components/parameters/UserId' - - $ref: '#/components/parameters/X-Request-Id' + /certificates/{certificate_id}: get: - summary: Return user details + summary: Return STI certificate details description: | - Return a JSON object with user details. + Return a JSON object with STI certificate details and contents. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *MAN_ADMINISTRATOR* and *APNF* users can access any user of any provider. - - *ADMINISTRATOR*, *SUPERVISOR* and *MANAGER* users can access any user belonging to their provider. - - Otherwise, all other users can access their own account details - operationId: GetUser + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: GetCertificate tags: - - Users + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': - description: Return a JSON object with user details + description: Return the JSON object with certificate properties and contents. content: application/json: schema: - $ref: '#/components/schemas/User' + $ref: '#/components/schemas/Certificate' examples: - ProviderUser: - $ref: '#/components/examples/ProviderUser' + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -865,99 +955,62 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - patch: - summary: Update user properties + post: + summary: Finalize the creation of an indirect STI certificate description: | - Update user properties. Deleted users cannot be updated. + API called by the technical signing service provider (OPTS) to finalize the creation of indirect certificates. + + Can only be called by the OPTS for which the indirect certificate has been requested for. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *APNF*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - *MAN_ADMINISTRATOR* users can update properties of *MAN_ADMINISTRATOR* and *APNF* accounts. - - *APNF* users can update the role of any provider user. - - *ADMINISTRATOR* users can update properties of all accounts belonging to their provider. - - In all cases, when editing its own account, a user is limited to a subset of properties. - operationId: UpdateUser + - *ADMINISTRATOR*, *MANAGER* users can finalize any indirect certificate created for their provider. + operationId: FinalizeIndirectCertificate tags: - - Users + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' requestBody: + description: JSON object with certificate finalization options required: true - description: | - A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties - that must be updated (with the new value). No properties can be deleted. content: - application/merge-patch+json: + application/json: schema: type: object + required: + - csr properties: - firstname: - type: string - maxLength: 64 - description: | - Change the user first name - - A user can update this property for its own account - - Cannot be deleted. - example: Jane - lastname: - type: string - maxLength: 64 - description: | - Change the user last name - - A user can update this property for its own account - - Cannot be deleted. - example: Doe - email_address: - type: string - maxLength: 254 - format: email - description: | - Change the user email address - - A user can update this property for its own account - - Cannot be deleted. - example: jane.doe@my.company - mobile_phone: + description: type: string - maxLength: 20 - description: | - Change the user mobile phone number - - A user can update this property for its own account - - Cannot be deleted. - example: 6123456789 - language: - allOf: - - $ref: '#/components/schemas/Language' - - description: | - Change the user language preference - - A user can update this property for its own account - - The list of languages available to the user depends on the provider configuration. - - Cannot be deleted. - role: - allOf: - - $ref: '#/components/schemas/UserRole' - - description: | - Change the user role - - A user cannot update this property for its own account - - Can be updated by ADMINISTRATOR users for accounts belonging to their provider - - Can be updated by MAN_ADMINISTRATOR users for MAN_ADMINISTRATOR and APNF accounts - - Cannot be deleted. - status: + maxLength: 1024 + description: OPTS additional information for this certificate. Only available to the OPTS. + example: Description of the certificate. + csr: type: string + maxLength: 2048 description: | - Change the user status. Only possible values are `ENABLED` and `DISABLED`. - - A user cannot update this property for its own account - - Can be updated by ADMINISTRATOR users for accounts belonging to their provider - - Can be updated by MAN_ADMINISTRATOR users for MAN_ADMINISTRATOR and APNF accounts - - Cannot be deleted. - enum: - - ENABLED - - DISABLED - examples: - UserPersonalUpdateRequest: - $ref: '#/components/examples/UserPersonalUpdateRequest' - UserUpdateRequest: - $ref: '#/components/examples/UserUpdateRequest' + Contents of the CSR file used to create this certificate. Format of the contents is PEM. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- responses: - '200': - description: Confirms successful processing and return the user properties in the response. + '201': + description: | + Confirms the finalization of the indirect certificate and returns its properties and contents in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -965,13 +1018,6 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - content: - application/json: - schema: - $ref: '#/components/schemas/User' - examples: - ProviderUser: - $ref: '#/components/examples/ProviderUser' '400': $ref: '#/components/responses/ErrorValidation' '401': @@ -983,22 +1029,14 @@ paths: '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' '409': - description: Error returned when the user is deleted. + description: Returned when the API request cannot be fulfilled due to the object current status. content: application/json: schema: - type: object - required: - - code - properties: - code: - type: string - description: Error code. Shall be capitalized with underscore. - example: CONFLICT - message: - type: string - description: Message providing more details and context for error that occurred - example: The user is deleted. + $ref: '#/components/schemas/ApiPayloadError' + example: + code: CONFLICT + message: Cannot finalize an expired certificate. headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1014,95 +1052,126 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - delete: - summary: Delete a user + patch: + summary: Update STI certificate properties description: | - Once deleted, the user will not anymore be able to access the platform. - - Note this is a soft-delete operation; the user will be effectively removed after 3 months, - and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` - API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR* + Update certificate properties. Once the certificate has been created (for direct certificates) + or finalized (for indirect certificates), only a subset of the certificate properties can be updated. - - *MAN_ADMINISTRATOR* users can delete any user with role *MAN_ADMINISTRATOR* or *APNF*. - - *ADMINISTRATOR* users can delete any user belonging to their provider, except their own account. - operationId: DeleteUser - tags: - - Users - responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /users/reset-credential: - post: - summary: Request for new user account password or otp - description: | - This API triggers a user account password, OTP reset process or new account activation link, where an email is sent to the email - address specified by the user at the origin of the request in order to access a page to - specify a new password or OTP or also enable his account. + - Indirect certificates that have not yet been finalised can have additional properties updated. + - Expired certificates cannot be edited - **Allowed Roles**: *MAN_ADMINISTRATOR*, *APNF* / any + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - *MAN_ADMINISTRATOR* users can request a new password for *MAN_ADMINISTRATOR* and *APNF* accounts. - - *MAN_ADMINISTRATOR* users request to renew otp or can send new account activation link for all accounts. - - *APNF* users can request a new password/otp or send new account activation link for *APNF*, *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR*. - - *ADMINISTRATOR* users can request a new password for accounts belonging to their provider. - - Otherwise, can be called by any user when they have forgotten their password - operationId: ResetUserCredential + - *ADMINISTRATOR*, *MANAGER* users can update any certificate created by/for their provider. + operationId: UpdateCertificate tags: - - Users + - STI Certificates parameters: + - $ref: '#/components/parameters/CertificateId' - $ref: '#/components/parameters/X-Request-Id' requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). content: - application/json: + application/merge-patch+json: schema: type: object properties: - user_id: - allOf: - - description: | - ID of the user to reset the password. - Can be used only by a ADMINISTRATOR user. - - $ref: '#/components/schemas/UUID' - email_address: + name: + type: string + maxLength: 64 + description: | + Change the name of the certificate. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be deleted. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: | + Change the description of the certificate. + - Can be changed for both direct and indirect certificates + - Can be changed by the origin service provider and the OPTS, each of them having their own description. + - Can be deleted. + example: Description of the certificate + test_certificate: + type: boolean + description: | + Change the test certificate flag. + - Can be changed only for indirect certificates, if not finalized + - Can be changed only by the origin service provider + - Cannot be deleted. + example: false + valid_from: + type: string description: | - Email address of the user to reset the password. + Change the certificate validity start date. Date shall be in ISO-8601 format. + - Can be changed only for indirect certificates not yet finalized + - Can be changed only by the origin service provider + - Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. + - Cannot be deleted. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: type: string - maxLength: 254 - example: john.doe@spa.domain - otp: description: | - (optional) Boolean to precise if OTP is to renew. If value is not provided or false, password will be renewed. + Change the certificate expiration date. Date shall be in ISO-8601 format. + - Can be changed only for indirect certificates not yet finalized + - Can be changed only by the origin service provider + - Cannot be deleted. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: type: boolean + description: | + Change the certificate automatic renewal option. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be enabled for test certificates + - Cannot be deleted. + example: true + renewal_after: + type: integer + description: | + Change the number of days to wait after certificate creation/finalization to trigger the automatic renewal process. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be deleted if `renewal_auto` is set to `true` for this certificate. + example: 300 examples: - PasswordResetRequestUsingEmailAddress: - $ref: '#/components/examples/PasswordResetRequestUsingEmailAddress' - OtpResetRequestUsingEmailAddress: - $ref: '#/components/examples/OtpResetRequestUsingEmailAddress' - PasswordResetRequestUsingUserId: - $ref: '#/components/examples/PasswordResetRequestUsingUserId' - ResendActivationLinkRequestUsingUserId: - $ref: '#/components/examples/ResendActivationLinkRequestUsingUserId' + DirectCertificateUpdateRequest: + $ref: '#/components/examples/DirectCertificateUpdateRequest' + PendingIndirectCertificateUpdateRequest: + $ref: '#/components/examples/PendingIndirectCertificateUpdateRequest' + IndirectCertificateUpdateRequest: + $ref: '#/components/examples/IndirectCertificateUpdateRequest' responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' + '200': + description: Confirms successful processing and returns certificate properties and contents in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' '401': $ref: '#/components/responses/ErrorNotAuthenticated' '403': @@ -1111,8 +1180,6 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - $ref: '#/components/responses/ErrorConflict' '415': $ref: '#/components/responses/ErrorInvalidContentType' '429': @@ -1121,43 +1188,57 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /users/{user_id}/history: - get: - summary: Retrieve activity history on users - NOT AVAILABLE + delete: + summary: Delete a STI certificate description: | - Retrieve a paginated list of all actions performed on a user. - Sorting and filtering are not supported for this API. + Delete a STI certificate. Only test certificates or certificates in *PENDING* status can be deleted. + + If a test certificate that is still valid is deleted, the platform will also revoke it and add it to the + STI certificates CRL in the BPCO to ensure that it cannot be used for any further calls. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* + *Warning*: the action cannot be undone. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any user. - - *ADMINISTRATOR* and *SUPERVISOR* users can access the history of any user of their provider. - - *MANAGER* users can only access the history of its own provider. + - *ADMINISTRATOR* and *MANAGER* users can request deletion of any certificate attached to their own provider. - **Note**: This API is not yet available. - operationId: GetUserHistory + *Note*: OPTS users cannot delete indirect certificates created for their provider. + operationId: DeleteCertificate tags: - - Users - - History + - STI Certificates parameters: - - $ref: '#/components/parameters/UserId' - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/CertificateId' - $ref: '#/components/parameters/X-Request-Id' responses: - '200': - description: Return a paginated list of history records + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the certificate is already active and is not a test certificate. content: application/json: schema: type: object + required: + - code properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: This certificate is already active and it is not a test certificate. headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1165,79 +1246,112 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /users/{user_id}/undelete: + /certificates/{certificate_id}/renew: post: - summary: Cancel user deletion + summary: Renew a STI certificate description: | - Rollback the deletion action performed on a user. - Upon successful processing, user will have access back to the platform. + This method creates a new certificate using the same CSR and properties used for the + creation of the certificate specified in the `certificate_id` request parameter. + + - Unless a `name` is provided, the Common Name of the new certificate will be the same, but the serial number will be different. + - The `renewed_by` property of the current certificate will be filled with the id of the new certificate. + - OPTS users cannot renew indirect certificates they have been mandated for. + - Revoked certificates cannot be renewed + - Invalid certificates cannot be renewed - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR* + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - *MAN_ADMINISTRATOR* users can call this API for any *MAN_ADMINISTRATOR* or *APNF* user. - - *ADMINISTRATOR* users can call this API for any user of their provider, except their own account. - operationId: UndeleteUser + - *ADMINISTRATOR* and *MANAGER* can request renewal of certificates owned by their provider. + operationId: RenewCertificate tags: - - Users + - STI Certificates parameters: - - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/CertificateId' - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: | + New properties may be specified for the creation of the new certificate. + If not provided, values of the previous certificate will be kept, expect for the following: + - `serial_number`: a new serial number is computed + - `valid_from`: the date will be set to the current date & time + one week. + - `valid_to`: the date will be computed so that the expiration delay will be the same than the one set for the initial certificate + required: false + content: + application/json: + schema: + type: object + properties: + name: + type: string + maxLength: 64 + description: | + Certificate name. Overrides the property set in the initial certificate used for the renewal. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: | + Additional information related to the certificate. + + If not specified, the description set to the initial certificate is reused. + example: Description of the certificate. + valid_from: + type: string + description: | + Certificate validity start date. Date shall be in ISO-8601 format. + + If not specified, the date will be set to the current date & time + one week. + The same rules used when creating a certificate also apply for renewal. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: | + Certificate expiration date. Date shall be in ISO-8601 format. + + If not specified, the date will be computed so that the expiration delay will + be the same than the one set for the initial certificate. The same rules used + when creating a certificate also apply for renewal. + + This property cannot be specified for a direct certificate that is not flagged + as a test certificate, as the expiration is fixed to one year for such certificates. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. Cannot be enabled for test certificates. + + If not specified, the property will copy the value set for the initial certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate creation (or finalization for indirect certificates) to wait for + the automated certificate renewal process to be triggered. + + Can be specified only if `renewal_auto` is set to `true`. + example: 300 responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /users/{user_id}/preferences: - parameters: - - $ref: '#/components/parameters/UserId' - - $ref: '#/components/parameters/X-Request-Id' - get: - summary: Return portal preferences of the user - description: | - Return portal preferences of the user. - operationId: GetUserPref - tags: - - Users - responses: - '200': - description: Return a JSON object with user preferences + '201': + description: | + Confirms the creation of the new certificate and returns its details and contents in the response. content: application/json: schema: - $ref: '#/components/schemas/UserPref' + $ref: '#/components/schemas/RenewedCertificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' headers: + Location: + $ref: '#/components/headers/Location-Certificate' Content-Length: $ref: '#/components/headers/Content-Length' X-Correlation-Id: @@ -1254,62 +1368,85 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the certificate is revoked + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: This certificate is revoked. '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - patch: - summary: Update portal preferences of the user + /certificates/{certificate_id}/revoke: + post: + summary: Revoke a STI certificate description: | - Update portal preferences of the user. - operationId: UpdateUserPref + Request the revocation of a certificate. + Upon successful processing, the certificate will be immediately revoked by the platform. + + - OPTS users can revoke indirect certificates they have been mandated for. + - Expired certificates cannot be revoked + - Invalid certificates cannot be revoked + - Revoked certificates cannot be revoked again + + *Warning*: the action cannot be undone. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* users can request revocation of certificates attached to their own provider. + operationId: RevokeCertificate tags: - - Users + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' requestBody: required: true - description: | - A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties - that must be updated (with the new value). No properties can be deleted. content: - application/merge-patch+json: + application/json: schema: type: object + required: + - reason properties: - pagination_limit: - type: integer + reason: + type: string + nullable: false description: | - Default number of resources per page - - A user can update this property for its own account - - Cannot be deleted. - minimum: 1 - default: 20 - maximum: 100 - show_menu: - type: boolean + Reason associated with the certificate revocation as defined in RFC 5280. + enum: + - unspecified + - keyCompromise + - affiliationChanged + - superseded + - cessationOfOperation + - certificateHold + - privilegeWithdrawn + default: unspecified + example: keyCompromise + comments: + type: string + maxLength: 64 description: | - Default menu visibility - - A user can update this property for its own account - - Cannot be deleted. - default: true + Additional comments on the reason for revoking the certificate. + example: Clé privée compromise responses: - '200': - description: Confirms successful processing and return the portal preferences of the user in the response. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - content: - application/json: - schema: - $ref: '#/components/schemas/UserPref' - examples: - ProviderUser: - $ref: '#/components/examples/ProviderUser' + '204': + $ref: '#/components/responses/SuccessNoMessage' '400': $ref: '#/components/responses/ErrorValidation' '401': @@ -1321,7 +1458,7 @@ paths: '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' '409': - description: Error returned when the user is deleted. + description: Error returned when the certificate status is `EXPIRED`, `REVOKED`, `INVALIDATION` or `INVALID` content: application/json: schema: @@ -1331,12 +1468,12 @@ paths: properties: code: type: string - description: Error code. Shall be capitalized with underscore. + description: Error code. Shall be capitalized with underscore example: CONFLICT message: type: string description: Message providing more details and context for error that occurred - example: The user is deleted. + example: This certificate is expired or is already revoked. headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1344,42 +1481,45 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /credentials: - parameters: - - $ref: '#/components/parameters/X-Request-Id' - post: - summary: Create a new API credential + /certificates/{certificate_id}/history: + get: + summary: Retrieve activity history on certificates description: | - This credential contains the `client_id` and `client_secret` information to be used in the MAN platform - authorization API call required to deliver access tokens. + Retrieve a paginated list of all actions performed on a certificate. + Sorting and filtering are not supported for this API. - *Warning:* The `client_secret` property is only provided in the response and cannot be retrieved afterward. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - **Allowed Roles**: *ADMINISTRATOR* - operationId: CreateApiCredential - requestBody: - description: Data to be set for the new API credential - required: true - content: - application/json: - schema: - $ref: '#/components/schemas/ApiCredentialCreationRequest' + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any certificate attached to their provider. + operationId: GetCertificateHistory tags: - - API Credentials + - History + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' responses: - '201': - description: | - Confirms the creation of the new API credential and returns its properties in the response. - - *Warning* This is the only time the `client_secret` property is provided. + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1387,13 +1527,6 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - content: - application/json: - schema: - $ref: '#/components/schemas/ApiCredentialCreationResponse' - examples: - ApiCredentialWithSecret: - $ref: '#/components/examples/ApiCredentialCreationResponse' '400': $ref: '#/components/responses/ErrorValidation' '401': @@ -1404,27 +1537,25 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' + /certificates/export: get: - summary: Retrieve a paginated list of records with support of sorting & filtering + summary: Retrieve a list of certificates in csv format with headers description: | - The API applies any sort and filter preferences passed to the API request and returns a paginated list of - corresponding results. + The API applies any sort and filter preferences passed to the API request and returns a list of + corresponding results in csv format. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *MAN_ADMINISTRATOR* and *APNF* users can access any credential of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any credential attached to their provider. - operationId: SearchApiCredentials + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: ExportCertificates tags: - - API Credentials + - STI Certificates parameters: - name: query in: query @@ -1450,12 +1581,25 @@ paths: The parameter name is one of the following values: - `id` - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` - `name` - - `expires_on` + - `valid_from` + - `valid_to` + - `test_certificate` + - `status` + - `renewal_auto` + - `renewal_after` + - `renewed_by` + - `url` + - `sn` - `created_at` + - `created_by` - `updated_at` - - `last_used_at` - - `client_id` + - `updated_by` + - `revoked_at` + - `revoked_by` + - `revoked_reason` schema: type: object additionalProperties: @@ -1464,27 +1608,158 @@ paths: example: provider_id: OPC000 created_at: gte:2022-01-01T00:00:00Z - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - name: sort in: query description: | Sort preference using the format `property_name:order`, where: - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` + - `url` + - `status` + - `renewal_auto` + - `renewal_after` + - `renewed_by` + - `sn` + - `created_at` + - `created_by` + - `updated_at` + - `updated_by` + - `revoked_at` + - `revoked_by` + - `revoked_reason` + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: name:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return certificates list in csv format with headers + content: + text/csv: + schema: + type: string + example: | + ID;status;name;serial_number;type;provider_code;opts;valid_from;valid_to;renewal_auto;days_before_renewal;bpco_url;description;test_certificate + 12;ACTIVE;Main Certificate;54e702c83df35b8a;DIRECT;SPC000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPC000/54e702c83df35b8a.cer;Description of the certificate.;false + 13;ACTIVE;Certificate;4df1d562e7f009e6;DIRECT;SPE000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPE000/4df1d562e7f009e6.cer;Description of the certificate.;false + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/archives: + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. + operationId: SearchArchivedCertificates + tags: + - STI Certificates (Archived) + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be URL encoded. + + The property name is one of the following values: - `id` - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` - `name` - - `expires_on` + - `valid_from` + - `valid_to` + - `test_certificate` + - `status` + - `archived` + - `renewal_auto` + - `renewal_after` + - `sn` - `created_at` - `updated_at` - - `last_used_at` - - `client_id` - + - `revoked_at` + - `revoked_reason` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_id: OPC000 + created_at: gte:2022-01-01T00:00:00Z + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `status` + - `archived` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` - `order` may be set to `asc` or `desc`. schema: type: string - pattern: ^(id|provider_id|name|expires_on|client_id|expires_on|last_used_at|(cre|upd)ated_(at|by)):(([Aa]|[Dd][Ee])[Ss][Cc])$ - example: name:asc + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|archived|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: created_at:desc + - $ref: '#/components/parameters/X-Request-Id' responses: '200': description: Return a paginated list of records @@ -1502,10 +1777,10 @@ paths: properties: metadata: $ref: '#/components/schemas/PaginationMetaData' - credentials: + certificates: type: array items: - $ref: '#/components/schemas/ApiCredentialSummaryView' + $ref: '#/components/schemas/ArchivedCertificateSummaryView' '400': $ref: '#/components/responses/ErrorValidation' '401': @@ -1522,32 +1797,31 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /credentials/{credential_id}: - parameters: - - $ref: '#/components/parameters/CredentialId' - - $ref: '#/components/parameters/X-Request-Id' + /certificates/archives/{certificate_id}: get: - summary: Return API credential details + summary: Return archived STI certificate details description: | - Return a JSON object with API credential details. + Return a JSON object with STI archived certificate details and contents. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *MAN_ADMINISTRATOR* and *APNF* users can access any API credential of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any API credential owned by their provider. - operationId: GetApiCredential + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. + operationId: GetArchivedCertificate tags: - - API Credentials + - STI Certificates (Archived) + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': - description: Return a JSON object with API credential details + description: Return the JSON object with certificate properties and contents. content: application/json: schema: - $ref: '#/components/schemas/ApiCredential' + $ref: '#/components/schemas/Certificate' examples: - credential: - $ref: '#/components/examples/ApiCredential' + DirectCertificate: + $ref: '#/components/examples/DirectArchivedCertificate' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1563,67 +1837,47 @@ paths: $ref: '#/components/responses/ErrorNoPermission' '404': $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - patch: - summary: Update API credential properties + /certificates/archives/{certificate_id}/history: + get: + summary: Retrieve activity history on STI archived certificates description: | - Update API credential properties. Only `name`, `description` and `expires_on` settings can be updated. + Retrieve a paginated list of all actions performed on an STI archived certificate. + Sorting and filtering are not supported for this API. - **Allowed Roles**: *ADMINISTRATOR* + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* - - *ADMINISTRATOR* users can update any API credential owned by their provider. - operationId: UpdateApiCredential - requestBody: - required: true - description: | - A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties - that must be updated (with the new value) or deleted (with null as value). - content: - application/merge-patch+json: - schema: - type: object - properties: - name: - type: string - maxLength: 64 - description: | - Change the name of the API credential. - - Cannot be deleted. - example: 'API Credential SI #2' - description: - type: string - maxLength: 1024 - description: | - Change the description of the API credential. - - Can be deleted. - example: Updated description of the credential. - expires_on: - type: string - description: | - Change the expiration date of the API credential. Date shall be in ISO-8601 format. - - Can be deleted. - format: date-time - example: '2022-01-24T10:12:25Z' - examples: - ApiCredentialUpdateRequest: - $ref: '#/components/examples/ApiCredentialUpdateRequest' + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any archived certificate attached to their provider. + operationId: GetArchivedCertificateHistory + tags: + - History + - STI Certificates (Archived) + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' responses: '200': - description: Confirms successful processing and return the API credential properties in the response. + description: Return a paginated list of history records content: application/json: schema: - $ref: '#/components/schemas/ApiCredential' - examples: - ApiCredential: - $ref: '#/components/examples/ApiCredential' + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1641,39 +1895,145 @@ paths: $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' + /bpco/certificates: + head: + summary: Get STI certificates last update date in BPCO + description: | + This method returns the date of the last update performed on STI certificates in the BPCO, i.e when a + certificate has been published or removed. + The date is returned in the `Last-Modified` response header. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCertificatesLastUpdateDate tags: - - API Credentials - delete: - summary: Delete an API credential + - BPCO + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + description: | + Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates in the BPCO. + headers: + Last-Modified: + description: Last update date of certificates in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' + '403': + $ref: '#/components/responses/ErrorNoPermissionNoContents' + '405': + $ref: '#/components/responses/ErrorNotAllowed' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' + '429': + $ref: '#/components/responses/ErrorRateLimitingNoContents' + '500': + $ref: '#/components/responses/ErrorInternalNoContents' + '503': + $ref: '#/components/responses/ServiceUnavailableNoContents' + get: + summary: Get a copy of STI certificates in BPCO description: | - Delete an API credential. - Any follow-up authorization API call to request an access token using this credential will be rejected. + This method returns as a GZipped TAR file a copy of all the STI certificates currently published in the BPCO. - Allowed Roles: **ADMINISTRATOR**. + If the `since` parameter is specified, the GZipped TAR file only contains the certificates published in the BPCO or + removed from it since the date provided in the parameter. + The list of certificates removed from the BPCO are available in a `removed-certificates.csv` file included in the tarball. - - *ADMINISTRATOR* users can delete any credential owned by their provider. + A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned if no certificates + have been added or removed since the date specified in the header. This latter can be filled with the value of the + `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/certificates` one. - *Warning*: the action cannot be undone. - operationId: DeleteApiCredential + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCertificatesCopy + tags: + - BPCO + parameters: + - name: since + in: query + description: | + Date in ISO-8601 format. When specified, return only the certificates added or removed since that date. + The minutes and seconds are ignored (`2022-01-17T10:12:25Z` is therefore interpreted as `2022-01-17T10:00:00Z`) + and the date cannot be older than 15 days. + required: false + schema: + type: string + format: date-time + example: '2022-01-19T10:00:00Z' + - $ref: '#/components/parameters/If-Modified-Since' + - $ref: '#/components/parameters/X-Request-Id' responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' + '200': + description: | + Return a GZipped TAR file which includes the certificates using the following structure: + ``` + |-/ + | |- .cer + | |- .cer + | `- .cer + |-/ + | |- .cer + | |- .cer + |-/ + [...] + ``` + If the `since` parameter is present, a `removed-certificates.csv` file may be included at the root of the + GZipped TAR file. + When present, this file lists all certificates deleted from the BPCO since that date, using the following + format: + ```ini + ; + ; + ; + ``` + A semicolon (`;`, `U+003B`) is used between each column and a linefeed is used between each line + (`\n`, `U+000A`). + content: + application/gzip: + schema: + type: string + format: binary + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + Last-Modified: + description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '304': + description: No changes since the date provided in the `If-Modified-Since` request header. + headers: + Last-Modified: + description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + Content-Type: + $ref: '#/components/headers/Content-Type-GZip' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' '400': $ref: '#/components/responses/ErrorValidation' '401': $ref: '#/components/responses/ErrorNotAuthenticated' '403': $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' '429': @@ -1682,27 +2042,19 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - tags: - - API Credentials - /credentials/{credential_id}/history: + /bpco/certificates/history: get: - summary: Retrieve activity history on API credentials - NOT AVAILABLE + summary: Retrieve activity history on the certificate public repository description: | - Retrieve a paginated list of all actions performed on an API credential. + Retrieve a paginated list of all actions performed on the list of STI certificates in the BPCO. Sorting and filtering are not supported for this API. - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any credential. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any credential owned by their provider. - - **Note**: This API is not yet available. - operationId: GetApiCredentialHistory + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetBpcoCertificatesHistory tags: - - API Credentials + - BPCO - History parameters: - - $ref: '#/components/parameters/CredentialId' - $ref: '#/components/parameters/PaginationLimit' - $ref: '#/components/parameters/PaginationOffset' - $ref: '#/components/parameters/X-Request-Id' @@ -1743,188 +2095,166 @@ paths: $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - /certificates: - parameters: - - $ref: '#/components/parameters/X-Request-Id' - post: - summary: Initiate the creation of a STI certificate + /bpco/crl: + head: + summary: Get STI certificates CRL last update date in BPCO description: | - Initiate the creation of a new certificate. Shall always be called by the origin signing service provider. - Two types of certificates can be created, for which the creation process will be different: - * Direct certificates (type = `DIRECT`) are used directly by the origin signing service provider - * Indirect certificates (type = `INDIRECT`) are requested by the origin signing service provider for a technical signing service provider (OPTS). + This method returns the date of the last update performed on the Certificate Revocation List (CRL) of + STI certificates in the BPCO, i.e when a STI certificate has been revoked or when certificate is remove from the CRL. + The date is returned in the `Last-Modified` response header. - While the creation of direct certificates is fully handled by this API, the process for indirect certificates is composed of 2 stages: - * This API initiates the certificate request - * The OPTS shall then call the `POST /certificates/{certificate_id}` to finalize the creation of the - certificate. + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCrlLastUpdateDate + tags: + - BPCO + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + description: | + Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates CRL in + the BPCO. + headers: + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' + '403': + $ref: '#/components/responses/ErrorNoPermissionNoContents' + '405': + $ref: '#/components/responses/ErrorNotAllowed' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' + '429': + $ref: '#/components/responses/ErrorRateLimitingNoContents' + '500': + $ref: '#/components/responses/ErrorInternalNoContents' + '503': + $ref: '#/components/responses/ServiceUnavailableNoContents' + get: + summary: Get a copy of the STI certificates CRL in BPCO + description: | + Get a copy of the STI certificates Certificate Revocation List (CRL) as available in the BPCO. + + The API returns the CRL in DER format, with the exact same contents returned by the BPCO API `GET /crl`. + + A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned + if the CRL has not been updated since the date specified in the header. This latter can be filled with the value of the + `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/crl` one. **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCrlCopy + tags: + - BPCO + parameters: + - $ref: '#/components/parameters/If-Modified-Since' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: The Certificate Revocation List in DER format. + content: + application/pkix-crl: + schema: + type: string + format: binary + example: | - - *ADMINISTRATOR* and *MANAGER* can initiate the creation of a new certificate only for its own provider. - operationId: CreateCertificate - requestBody: - description: Certificate details - required: true - content: - application/json: - schema: - type: object - required: - - name - - type - - valid_from - properties: - name: - type: string - maxLength: 64 - description: Certificate name provided by the origin service provider. - example: Main Certificate - description: - type: string - maxLength: 1024 - description: Additional information related to the certificate. - example: Description of the certificate. - type: - $ref: '#/components/schemas/CertificateType' - opts: - type: string - description: | - APNF code assigned to the technical service provider (OPTS). - Required if `type` is `INDIRECT`. - Otherwise shall not be specified. - pattern: ^([0-9A-Z]{6})$ - example: SPB000 - csr: - type: string - maxLength: 2048 - description: | - Contents of the CSR file used to create this certificate. Format of the contents is PEM. - Required if `type` is `DIRECT`. - Otherwise shall not be specified. - example: | - -----BEGIN CERTIFICATE REQUEST----- - MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG - UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp - ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw - 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA - MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb - mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= - -----END CERTIFICATE REQUEST----- - test_certificate: - type: boolean - description: Is this a test certificate? - default: false - example: false - valid_from: - type: string - description: | - Certificate validity start date. Date shall be in ISO-8601 format. - - Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: | - Certificate expiration date. Date shall be in ISO-8601 format. - - Required if `type` is `INDIRECT` or if `test_certificate` is set to `true`. - format: date-time - example: '2023-01-17T10:12:25Z' - renewal_auto: - type: boolean - description: | - Automated renewal option. Cannot be enabled for test certificates. - - If enabled, the application will automatically create a new certificate - using the same CSR and options provided for this certificate. - - See `renewal_after` option for defining when the renewal process shall be triggered. - default: false - example: true - renewal_after: - type: integer - description: | - Number of days to wait after certificate creation (or finalization for an indirect certificate) - for the automated certificate renewal process to be triggered. - - Required if if `renewal_auto` is set to `true`. - Otherwise, shall not be specified. - example: 300 - examples: - DirectCertificateRequest: - $ref: '#/components/examples/DirectCertificateRequest' - IndirectCertificateRequest: - $ref: '#/components/examples/IndirectCertificateRequest' - tags: - - STI Certificates - responses: - '201': - description: | - Confirms the creation of the new certificate and returns its details in the response. - This applies only to direct certificates. - content: - application/json: - schema: - $ref: '#/components/schemas/Certificate' - examples: - DirectCertificate: - $ref: '#/components/examples/DirectCertificate' + 00000000: 3082 0120 3081 c802 0101 300a 0608 2a86 0.. 0.....0...*. + 00000010: 48ce 3d04 0302 3067 3111 300f 0603 5504 H.=...0g1.0...U. + 00000020: 030c 0842 5043 4f20 5041 3131 0b30 0906 ...BPCO PA11.0.. + 00000030: 0355 0406 1302 4652 312a 3028 0603 5504 .U....FR1*0(..U. + 00000040: 0a0c 2142 6173 6520 6465 7320 4365 7274 ..!Base des Cert + 00000050: 6966 6963 6174 7320 4f70 c383 c2a9 7261 ificats Op....ra + 00000060: 7465 7572 3119 3017 0603 5504 0b0c 1050 teur1.0...U....P + 00000070: 6f6c 6963 7920 4175 7468 6f72 6974 7917 olicy Authority. + 00000080: 0d32 3230 3730 3431 3235 3032 305a 170d .220704125020Z.. + 00000090: 3232 3038 3033 3132 3530 3230 5aa0 3030 220803125020Z.00 + 000000a0: 2e30 1f06 0355 1d23 0418 3016 8014 097a .0...U.#..0....z + 000000b0: 34d8 9663 a43e 0250 9294 9de2 de31 8135 4..c.>.P.....1.5 + 000000c0: 3c8a 300b 0603 551d 1404 0402 0210 0030 <.0...U........0 + 000000d0: 0a06 082a 8648 ce3d 0403 0203 4700 3044 ...*.H.=....G.0D + 000000e0: 0220 58da 50e6 2670 a7e4 413d bb9d c193 . X.P.&p..A=.... + 000000f0: e0c0 3852 0138 1bd0 73fc 04fa 7328 952b ..8R.8..s...s(.+ + 00000100: e169 0220 1110 3e86 450b f0db 4345 80c9 .i. ..>.E...CE.. + 00000110: b12e d905 9f72 051a e02d fd3d 67d7 4ce2 .....r...-.=g.L. + 00000120: b92f e546 ./.F headers: - Location: - $ref: '#/components/headers/Location-Certificate' + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' Content-Length: - $ref: '#/components/headers/Content-Length' + description: Size in bytes of the DER contents provided in the response. + schema: + type: integer + example: 311 X-Correlation-Id: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - '202': - description: | - Confirms the indirect certificate creation request. - This applies only to indirect certificates. - content: - application/json: - schema: - $ref: '#/components/schemas/PendingIndirectCertificate' - examples: - PendingIndirectCertificate: - $ref: '#/components/examples/PendingIndirectCertificate' + '304': + description: No changes since the date provided in the `If-Modified-Since` request header headers: - Content-Length: - $ref: '#/components/headers/Content-Length' + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + Content-Type: + $ref: '#/components/headers/Content-Type-Pkix-Crl' X-Correlation-Id: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' '401': $ref: '#/components/responses/ErrorNotAuthenticated' '403': $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' + '405': + $ref: '#/components/responses/ErrorNotAllowed' '406': $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - description: Error returned when the provider has already too many active certificates. + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /bpco/crl/history: + get: + summary: Retrieve activity history on the CRL + description: | + Retrieve a paginated list of all actions performed on the STI certificates CRL in the BPCO. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetBpcoCrlHistory + tags: + - BPCO + - History + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records content: application/json: schema: type: object - required: - - code properties: - code: - type: string - description: Error code. Shall be capitalized with underscore. - example: CONFLICT - message: - type: string - description: Message providing more details and context for error that occurred - example: Maximum number of active certificates has been reached. + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' headers: Content-Length: $ref: '#/components/headers/Content-Length' @@ -1932,3939 +2262,29 @@ paths: $ref: '#/components/headers/X-Correlation-Id' X-Response-Id: $ref: '#/components/headers/X-Response-Id' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' '429': $ref: '#/components/responses/ErrorRateLimiting' '500': $ref: '#/components/responses/ErrorInternal' '503': $ref: '#/components/responses/ServiceUnavailable' - get: - summary: Retrieve a paginated list of records with support of sorting & filtering - description: | - The API applies any sort and filter preferences passed to the API request and returns a paginated list of - corresponding results. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. - - - *MAN_ADMINISTRATOR* and *APNF* users can access any certificate of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. - operationId: SearchCertificates - tags: - - STI Certificates - parameters: - - name: query - in: query - description: | - Filter on a property following the format `operator:value`. - - If the operator is `eq`, it can be ignored. - - For string, number or date-time property: - * `eq` and `ne` = (not) equal. - * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. - - For string property only: - * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a - single character) contains in `value`. - - For number or date-time property: - * `gt` and `gte` = greater than (or equal). - * `lt` and `lte` = less than (or equal). - - In any case, `value` must be percent encoded. - - The parameter name is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `type` - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `test_certificate` - - `status` - - `renewal_auto` - - `renewal_after` - - `sn` - - `created_at` - - `updated_at` - - `revoked_at` - - `revoked_reason` - schema: - type: object - additionalProperties: - type: string - pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ - example: - provider_id: OPC000 - created_at: gte:2022-01-01T00:00:00Z - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - name: sort - in: query - description: | - Sort preference using the format `property_name:order`, where: - - `property_name` is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `status` - - `sn` - - `created_at` - - `updated_at` - - `revoked_at` - - `revoked_reason` - - - `order` may be set to `asc` or `desc`. - schema: - type: string - pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ - example: name:asc - responses: - '200': - description: Return a paginated list of records - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - certificates: - type: array - items: - $ref: '#/components/schemas/CertificateSummaryView' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/{certificate_id}: - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/X-Request-Id' - get: - summary: Return STI certificate details - description: | - Return a JSON object with STI certificate details and contents. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access any certificate of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. - operationId: GetCertificate - tags: - - STI Certificates - responses: - '200': - description: Return the JSON object with certificate properties and contents. - content: - application/json: - schema: - $ref: '#/components/schemas/Certificate' - examples: - DirectCertificate: - $ref: '#/components/examples/DirectCertificate' - PendingIndirectCertificate: - $ref: '#/components/examples/PendingIndirectCertificate' - IndirectCertificate: - $ref: '#/components/examples/IndirectCertificate' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - post: - summary: Finalize the creation of an indirect STI certificate - description: | - API called by the technical signing service provider (OPTS) to finalize the creation of indirect certificates. - - Can only be called by the OPTS for which the indirect certificate has been requested for. - - **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - - *ADMINISTRATOR*, *MANAGER* users can finalize any indirect certificate created for their provider. - operationId: FinalizeIndirectCertificate - tags: - - STI Certificates - requestBody: - description: JSON object with certificate finalization options - required: true - content: - application/json: - schema: - type: object - required: - - csr - properties: - description: - type: string - maxLength: 1024 - description: OPTS additional information for this certificate. Only available to the OPTS. - example: Description of the certificate. - csr: - type: string - maxLength: 2048 - description: | - Contents of the CSR file used to create this certificate. Format of the contents is PEM. - example: | - -----BEGIN CERTIFICATE REQUEST----- - MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG - UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp - ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw - 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA - MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb - mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= - -----END CERTIFICATE REQUEST----- - responses: - '201': - description: | - Confirms the finalization of the indirect certificate and returns its properties and contents in the response. - content: - application/json: - schema: - $ref: '#/components/schemas/Certificate' - examples: - IndirectCertificate: - $ref: '#/components/examples/IndirectCertificate' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - description: Returned when the API request cannot be fulfilled due to the object current status. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: CONFLICT - message: Cannot finalize an expired certificate. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - patch: - summary: Update STI certificate properties - description: | - Update certificate properties. Once the certificate has been created (for direct certificates) - or finalized (for indirect certificates), only a subset of the certificate properties can be updated. - - - Indirect certificates that have not yet been finalised can have additional properties updated. - - Expired certificates cannot be edited - - **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* - - - *ADMINISTRATOR*, *MANAGER* users can update any certificate created by/for their provider. - operationId: UpdateCertificate - tags: - - STI Certificates - requestBody: - required: true - description: | - A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties - that must be updated (with the new value) or deleted (with null as value). - content: - application/merge-patch+json: - schema: - type: object - properties: - name: - type: string - maxLength: 64 - description: | - Change the name of the certificate. - - Can be changed for both direct and indirect certificates - - Can be changed only by the origin service provider - - Cannot be deleted. - example: Main Certificate - description: - type: string - maxLength: 1024 - description: | - Change the description of the certificate. - - Can be changed for both direct and indirect certificates - - Can be changed by the origin service provider and the OPTS, each of them having their own description. - - Can be deleted. - example: Description of the certificate - test_certificate: - type: boolean - description: | - Change the test certificate flag. - - Can be changed only for indirect certificates, if not finalized - - Can be changed only by the origin service provider - - Cannot be deleted. - example: false - valid_from: - type: string - description: | - Change the certificate validity start date. Date shall be in ISO-8601 format. - - Can be changed only for indirect certificates not yet finalized - - Can be changed only by the origin service provider - - Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. - - Cannot be deleted. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: | - Change the certificate expiration date. Date shall be in ISO-8601 format. - - Can be changed only for indirect certificates not yet finalized - - Can be changed only by the origin service provider - - Cannot be deleted. - format: date-time - example: '2023-01-17T10:12:25Z' - renewal_auto: - type: boolean - description: | - Change the certificate automatic renewal option. - - Can be changed for both direct and indirect certificates - - Can be changed only by the origin service provider - - Cannot be enabled for test certificates - - Cannot be deleted. - example: true - renewal_after: - type: integer - description: | - Change the number of days to wait after certificate creation/finalization to trigger the automatic renewal process. - - Can be changed for both direct and indirect certificates - - Can be changed only by the origin service provider - - Cannot be deleted if `renewal_auto` is set to `true` for this certificate. - example: 300 - examples: - DirectCertificateUpdateRequest: - $ref: '#/components/examples/DirectCertificateUpdateRequest' - PendingIndirectCertificateUpdateRequest: - $ref: '#/components/examples/PendingIndirectCertificateUpdateRequest' - IndirectCertificateUpdateRequest: - $ref: '#/components/examples/IndirectCertificateUpdateRequest' - responses: - '200': - description: Confirms successful processing and returns certificate properties and contents in the response. - content: - application/json: - schema: - $ref: '#/components/schemas/Certificate' - examples: - DirectCertificate: - $ref: '#/components/examples/DirectCertificate' - PendingIndirectCertificate: - $ref: '#/components/examples/PendingIndirectCertificate' - IndirectCertificate: - $ref: '#/components/examples/IndirectCertificate' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - delete: - summary: Delete a STI certificate - description: | - Delete a STI certificate. Only test certificates or certificates in *PENDING* status can be deleted. - - If a test certificate that is still valid is deleted, the platform will also revoke it and add it to the - STI certificates CRL in the BPCO to ensure that it cannot be used for any further calls. - - *Warning*: the action cannot be undone. - - Allowed Roles: **ADMINISTRATOR**, **MANAGER**. - - - *ADMINISTRATOR* and *MANAGER* users can request deletion of any certificate attached to their own provider. - - *Note*: OPTS users cannot delete indirect certificates created for their provider. - operationId: DeleteCertificate - tags: - - STI Certificates - responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - description: Error returned when the certificate is already active and is not a test certificate. - content: - application/json: - schema: - type: object - required: - - code - properties: - code: - type: string - description: Error code. Shall be capitalized with underscore. - example: CONFLICT - message: - type: string - description: Message providing more details and context for error that occurred - example: This certificate is already active and it is not a test certificate. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/{certificate_id}/renew: - post: - summary: Renew a STI certificate - description: | - This method creates a new certificate using the same CSR and properties used for the - creation of the certificate specified in the `certificate_id` request parameter. - - - Unless a `name` is provided, the Common Name of the new certificate will be the same, but the serial number will be different. - - The `renewed_by` property of the current certificate will be filled with the id of the new certificate. - - OPTS users cannot renew indirect certificates they have been mandated for. - - Revoked certificates cannot be renewed - - Invalid certificates cannot be renewed - - **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*. - - - *ADMINISTRATOR* and *MANAGER* can request renewal of certificates owned by their provider. - operationId: RenewCertificate - tags: - - STI Certificates - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/X-Request-Id' - requestBody: - description: | - New properties may be specified for the creation of the new certificate. - If not provided, values of the previous certificate will be kept, expect for the following: - - `serial_number`: a new serial number is computed - - `valid_from`: the date will be set to the current date & time + one week. - - `valid_to`: the date will be computed so that the expiration delay will be the same than the one set for the initial certificate - required: false - content: - application/json: - schema: - type: object - properties: - name: - type: string - maxLength: 64 - description: | - Certificate name. Overrides the property set in the initial certificate used for the renewal. - example: Main Certificate - description: - type: string - maxLength: 1024 - description: | - Additional information related to the certificate. - - If not specified, the description set to the initial certificate is reused. - example: Description of the certificate. - valid_from: - type: string - description: | - Certificate validity start date. Date shall be in ISO-8601 format. - - If not specified, the date will be set to the current date & time + one week. - The same rules used when creating a certificate also apply for renewal. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: | - Certificate expiration date. Date shall be in ISO-8601 format. - - If not specified, the date will be computed so that the expiration delay will - be the same than the one set for the initial certificate. The same rules used - when creating a certificate also apply for renewal. - - This property cannot be specified for a direct certificate that is not flagged - as a test certificate, as the expiration is fixed to one year for such certificates. - format: date-time - example: '2023-01-17T10:12:25Z' - renewal_auto: - type: boolean - description: | - Automated renewal option. Cannot be enabled for test certificates. - - If not specified, the property will copy the value set for the initial certificate. - example: true - renewal_after: - type: integer - description: | - Number of days after certificate creation (or finalization for indirect certificates) to wait for - the automated certificate renewal process to be triggered. - - Can be specified only if `renewal_auto` is set to `true`. - example: 300 - responses: - '201': - description: | - Confirms the creation of the new certificate and returns its details and contents in the response. - content: - application/json: - schema: - $ref: '#/components/schemas/RenewedCertificate' - examples: - DirectCertificate: - $ref: '#/components/examples/DirectCertificate' - headers: - Location: - $ref: '#/components/headers/Location-Certificate' - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - description: Error returned when the certificate is revoked - content: - application/json: - schema: - type: object - required: - - code - properties: - code: - type: string - description: Error code. Shall be capitalized with underscore - example: CONFLICT - message: - type: string - description: Message providing more details and context for error that occurred - example: This certificate is revoked. - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/{certificate_id}/revoke: - post: - summary: Revoke a STI certificate - description: | - Request the revocation of a certificate. - Upon successful processing, the certificate will be immediately revoked by the platform. - - - OPTS users can revoke indirect certificates they have been mandated for. - - Expired certificates cannot be revoked - - Invalid certificates cannot be revoked - - Revoked certificates cannot be revoked again - - *Warning*: the action cannot be undone. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*. - - - *MAN_ADMINISTRATOR* users can request revocation of any certificate. - - *ADMINISTRATOR* and *MANAGER* users can request revocation of certificates attached to their own provider. - operationId: RevokeCertificate - tags: - - STI Certificates - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/X-Request-Id' - requestBody: - required: true - content: - application/json: - schema: - type: object - required: - - reason - properties: - reason: - type: string - nullable: false - description: | - Reason associated with the certificate revocation as defined in RFC 5280. - enum: - - unspecified - - keyCompromise - - affiliationChanged - - superseded - - cessationOfOperation - - certificateHold - - privilegeWithdrawn - default: unspecified - example: keyCompromise - comments: - type: string - maxLength: 64 - description: | - Additional comments on the reason for revoking the certificate. - example: Clé privée compromise - responses: - '204': - $ref: '#/components/responses/SuccessNoMessage' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '409': - description: Error returned when the certificate status is `EXPIRED`, `REVOKED` or `INVALID` - content: - application/json: - schema: - type: object - required: - - code - properties: - code: - type: string - description: Error code. Shall be capitalized with underscore - example: CONFLICT - message: - type: string - description: Message providing more details and context for error that occurred - example: This certificate is expired or is already revoked. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/{certificate_id}/history: - get: - summary: Retrieve activity history on certificates - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on a certificate. - Sorting and filtering are not supported for this API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any certificate. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any certificate attached to their provider. - - **Note**: This API is not yet available. - operationId: GetCertificateHistory - tags: - - STI Certificates - - History - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/export: - parameters: - - $ref: '#/components/parameters/X-Request-Id' - get: - summary: Retrieve a list of certificates in csv format with headers - description: | - The API applies any sort and filter preferences passed to the API request and returns a list of - corresponding results in csv format. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. - - - *MAN_ADMINISTRATOR* and *APNF* users can access any certificate of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. - operationId: ExportCertificates - tags: - - STI Certificates - parameters: - - name: query - in: query - description: | - Filter on a property following the format `operator:value`. - - If the operator is `eq`, it can be ignored. - - For string, number or date-time property: - * `eq` and `ne` = (not) equal. - * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. - - For string property only: - * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a - single character) contains in `value`. - - For number or date-time property: - * `gt` and `gte` = greater than (or equal). - * `lt` and `lte` = less than (or equal). - - In any case, `value` must be percent encoded. - - The parameter name is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `type` - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `test_certificate` - - `status` - - `renewal_auto` - - `renewal_after` - - `renewed_by` - - `url` - - `sn` - - `created_at` - - `created_by` - - `updated_at` - - `updated_by` - - `revoked_at` - - `revoked_by` - - `revoked_reason` - schema: - type: object - additionalProperties: - type: string - pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ - example: - provider_id: OPC000 - created_at: gte:2022-01-01T00:00:00Z - - name: sort - in: query - description: | - Sort preference using the format `property_name:order`, where: - - `property_name` is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `type` - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `test_certificate` - - `url` - - `status` - - `renewal_auto` - - `renewal_after` - - `renewed_by` - - `sn` - - `created_at` - - `created_by` - - `updated_at` - - `updated_by` - - `revoked_at` - - `revoked_by` - - `revoked_reason` - - `order` may be set to `asc` or `desc`. - schema: - type: string - pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ - example: name:asc - responses: - '200': - description: Return certificates list in csv format with headers - content: - text/csv: - schema: - type: string - example: | - ID;status;name;serial_number;type;provider_code;opts;valid_from;valid_to;renewal_auto;days_before_renewal;bpco_url;description;test_certificate - 12;ACTIVE;Main Certificate;54e702c83df35b8a;DIRECT;SPC000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPC000/54e702c83df35b8a.cer;Description of the certificate.;false - 13;ACTIVE;Certificate;4df1d562e7f009e6;DIRECT;SPE000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPE000/4df1d562e7f009e6.cer;Description of the certificate.;false - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/archives: - get: - summary: Retrieve a paginated list of records with support of sorting & filtering - description: | - The API applies any sort and filter preferences passed to the API request and returns a paginated list of - corresponding results. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF*. - - - *MAN_ADMINISTRATOR* and *APNF* users can access any archived certificate of any provider. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. - operationId: SearchArchivedCertificates - tags: - - STI Certificates (Archived) - parameters: - - name: query - in: query - description: | - Filter on a property following the format `operator:value`. - - If the operator is `eq`, it can be ignored. - - For string, number or date-time property: - * `eq` and `ne` = (not) equal. - * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. - - For string property only: - * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a - single character) contains in `value`. - - For number or date-time property: - * `gt` and `gte` = greater than (or equal). - * `lt` and `lte` = less than (or equal). - - In any case, `value` must be URL encoded. - - The property name is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `type` - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `test_certificate` - - `status` - - `archived` - - `renewal_auto` - - `renewal_after` - - `sn` - - `created_at` - - `updated_at` - - `revoked_at` - - `revoked_reason` - schema: - type: object - additionalProperties: - type: string - pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ - example: - provider_id: OPC000 - created_at: gte:2022-01-01T00:00:00Z - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - name: sort - in: query - description: | - Sort preference using the format `property_name:order`, where: - - `property_name` is one of the following values: - - `id` - - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) - - `opts` - - `name` - - `valid_from` - - `valid_to` - - `status` - - `archived` - - `sn` - - `created_at` - - `updated_at` - - `revoked_at` - - - `order` may be set to `asc` or `desc`. - schema: - type: string - pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|archived|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ - example: created_at:desc - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of records - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - certificates: - type: array - items: - $ref: '#/components/schemas/ArchivedCertificateSummaryView' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/archives/{certificate_id}: - get: - summary: Return archived STI certificate details - description: | - Return a JSON object with STI archived certificate details and contents. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access any archived certificate. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. - operationId: GetArchivedCertificate - tags: - - STI Certificates (Archived) - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return the JSON object with certificate properties and contents. - content: - application/json: - schema: - $ref: '#/components/schemas/Certificate' - examples: - DirectCertificate: - $ref: '#/components/examples/DirectArchivedCertificate' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '415': - $ref: '#/components/responses/ErrorInvalidContentType' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /certificates/archives/{certificate_id}/history: - get: - summary: Retrieve activity history on STI archived certificates - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on an STI archived certificate. - Sorting and filtering are not supported for this API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any archived certificate. - - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any archived certificate attached to their provider. - - **Note**: This API is not yet available. - operationId: GetArchivedCertificateHistory - tags: - - STI Certificates (Archived) - - History - parameters: - - $ref: '#/components/parameters/CertificateId' - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /history: - get: - summary: Retrieve platform activity history - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on any data accessible to the user. - Sorting and filtering are not supported for this API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - - *MAN_ADMINISTRATOR* and *APNF* users can access the history of any data. - - *ADMINISTRATOR* and *SUPERVISOR* can access the history of any data attached to their own provider. - - *MANAGER* users can access the history on their own account or on certificates owned by their provider - - **Note**: This API is not yet available. - operationId: GetHistory - tags: - - History - parameters: - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /bpco/certificates: - parameters: - - $ref: '#/components/parameters/X-Request-Id' - head: - summary: Get STI certificates last update date in BPCO - description: | - This method returns the date of the last update performed on STI certificates in the BPCO, i.e when a - certificate has been published or removed. - The date is returned in the `Last-Modified` response header. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *APNF* - operationId: GetBpcoCertificatesLastUpdateDate - tags: - - BPCO - responses: - '204': - description: | - Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates in the BPCO. - headers: - Last-Modified: - description: Last update date of certificates in the BPCO. Uses HTTP-Date format (RFC 7231). - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '401': - $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' - '403': - $ref: '#/components/responses/ErrorNoPermissionNoContents' - '405': - $ref: '#/components/responses/ErrorNotAllowed' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' - '429': - $ref: '#/components/responses/ErrorRateLimitingNoContents' - '500': - $ref: '#/components/responses/ErrorInternalNoContents' - '503': - $ref: '#/components/responses/ServiceUnavailableNoContents' - get: - summary: Get a copy of STI certificates in BPCO - description: | - This method returns as a GZipped TAR file a copy of all the STI certificates currently published in the BPCO. - - If the `since` parameter is specified, the GZipped TAR file only contains the certificates published in the BPCO or - removed from it since the date provided in the parameter. - The list of certificates removed from the BPCO are available in a `removed-certificates.csv` file included in the tarball. - - A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned if no certificates - have been added or removed since the date specified in the header. This latter can be filled with the value of the - `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/certificates` one. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *APNF*. - operationId: GetBpcoCertificatesCopy - tags: - - BPCO - parameters: - - name: since - in: query - description: | - Date in ISO-8601 format. When specified, return only the certificates added or removed since that date. - The minutes and seconds are ignored (`2022-01-17T10:12:25Z` is therefore interpreted as `2022-01-17T10:00:00Z`) - and the date cannot be older than 15 days. - required: false - schema: - type: string - format: date-time - example: '2022-01-19T10:00:00Z' - - $ref: '#/components/parameters/If-Modified-Since' - responses: - '200': - description: | - Return a GZipped TAR file which includes the certificates using the following structure: - ``` - |-/ - | |- .cer - | |- .cer - | `- .cer - |-/ - | |- .cer - | |- .cer - |-/ - [...] - ``` - If the `since` parameter is present, a `removed-certificates.csv` file may be included at the root of the - GZipped TAR file. - When present, this file lists all certificates deleted from the BPCO since that date, using the following - format: - ```ini - ; - ; - ; - ``` - A semicolon (`;`, `U+003B`) is used between each column and a linefeed is used between each line - (`\n`, `U+000A`). - content: - application/gzip: - schema: - type: string - format: binary - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - Last-Modified: - description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '304': - description: No changes since the date provided in the `If-Modified-Since` request header. - headers: - Last-Modified: - description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - Content-Type: - $ref: '#/components/headers/Content-Type-GZip' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /bpco/certificates/history: - get: - summary: Retrieve activity history on the certificate public repository - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on the list of STI certificates in the BPCO. - Sorting and filtering are not supported for this API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - **Note**: This API is not yet available. - operationId: GetBpcoCertificatesHistory - tags: - - BPCO - - History - parameters: - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /bpco/crl: - parameters: - - $ref: '#/components/parameters/X-Request-Id' - head: - summary: Get STI certificates CRL last update date in BPCO - description: | - This method returns the date of the last update performed on the Certificate Revocation List (CRL) of - STI certificates in the BPCO, i.e when a STI certificate has been revoked or when certificate is remove from the CRL. - The date is returned in the `Last-Modified` response header. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *APNF* - operationId: GetBpcoCrlLastUpdateDate - tags: - - BPCO - responses: - '204': - description: | - Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates CRL in - the BPCO. - headers: - Last-Modified: - description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '401': - $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' - '403': - $ref: '#/components/responses/ErrorNoPermissionNoContents' - '405': - $ref: '#/components/responses/ErrorNotAllowed' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' - '429': - $ref: '#/components/responses/ErrorRateLimitingNoContents' - '500': - $ref: '#/components/responses/ErrorInternalNoContents' - '503': - $ref: '#/components/responses/ServiceUnavailableNoContents' - get: - summary: Get a copy of the STI certificates CRL in BPCO - description: | - Get a copy of the STI certificates Certificate Revocation List (CRL) as available in the BPCO. - - The API returns the CRL in DER format, with the exact same contents returned by the BPCO API `GET /crl`. - - A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned - if the CRL has not been updated since the date specified in the header. This latter can be filled with the value of the - `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/crl` one. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *APNF*. - operationId: GetBpcoCrlCopy - tags: - - BPCO - parameters: - - $ref: '#/components/parameters/If-Modified-Since' - responses: - '200': - description: The Certificate Revocation List in DER format. - content: - application/pkix-crl: - schema: - type: string - format: binary - example: | - - 00000000: 3082 0120 3081 c802 0101 300a 0608 2a86 0.. 0.....0...*. - 00000010: 48ce 3d04 0302 3067 3111 300f 0603 5504 H.=...0g1.0...U. - 00000020: 030c 0842 5043 4f20 5041 3131 0b30 0906 ...BPCO PA11.0.. - 00000030: 0355 0406 1302 4652 312a 3028 0603 5504 .U....FR1*0(..U. - 00000040: 0a0c 2142 6173 6520 6465 7320 4365 7274 ..!Base des Cert - 00000050: 6966 6963 6174 7320 4f70 c383 c2a9 7261 ificats Op....ra - 00000060: 7465 7572 3119 3017 0603 5504 0b0c 1050 teur1.0...U....P - 00000070: 6f6c 6963 7920 4175 7468 6f72 6974 7917 olicy Authority. - 00000080: 0d32 3230 3730 3431 3235 3032 305a 170d .220704125020Z.. - 00000090: 3232 3038 3033 3132 3530 3230 5aa0 3030 220803125020Z.00 - 000000a0: 2e30 1f06 0355 1d23 0418 3016 8014 097a .0...U.#..0....z - 000000b0: 34d8 9663 a43e 0250 9294 9de2 de31 8135 4..c.>.P.....1.5 - 000000c0: 3c8a 300b 0603 551d 1404 0402 0210 0030 <.0...U........0 - 000000d0: 0a06 082a 8648 ce3d 0403 0203 4700 3044 ...*.H.=....G.0D - 000000e0: 0220 58da 50e6 2670 a7e4 413d bb9d c193 . X.P.&p..A=.... - 000000f0: e0c0 3852 0138 1bd0 73fc 04fa 7328 952b ..8R.8..s...s(.+ - 00000100: e169 0220 1110 3e86 450b f0db 4345 80c9 .i. ..>.E...CE.. - 00000110: b12e d905 9f72 051a e02d fd3d 67d7 4ce2 .....r...-.=g.L. - 00000120: b92f e546 ./.F - headers: - Last-Modified: - description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - Content-Length: - description: Size in bytes of the DER contents provided in the response. - schema: - type: integer - example: 311 - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '304': - description: No changes since the date provided in the `If-Modified-Since` request header - headers: - Last-Modified: - description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - Content-Type: - $ref: '#/components/headers/Content-Type-Pkix-Crl' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '405': - $ref: '#/components/responses/ErrorNotAllowed' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' - /bpco/crl/history: - get: - summary: Retrieve activity history on the CRL - NOT AVAILABLE - description: | - Retrieve a paginated list of all actions performed on the STI certificates CRL in the BPCO. - Sorting and filtering are not supported for this API. - - **Allowed Roles**: *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*, *APNF* - - **Note**: This API is not yet available. - operationId: GetBpcoCrlHistory - tags: - - BPCO - - History - parameters: - - $ref: '#/components/parameters/PaginationLimit' - - $ref: '#/components/parameters/PaginationOffset' - - $ref: '#/components/parameters/X-Request-Id' - responses: - '200': - description: Return a paginated list of history records - content: - application/json: - schema: - type: object - properties: - metadata: - $ref: '#/components/schemas/PaginationMetaData' - records: - type: array - items: - $ref: '#/components/schemas/History' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - '400': - $ref: '#/components/responses/ErrorValidation' - '401': - $ref: '#/components/responses/ErrorNotAuthenticated' - '403': - $ref: '#/components/responses/ErrorNoPermission' - '404': - $ref: '#/components/responses/ErrorNotFound' - '406': - $ref: '#/components/responses/ErrorInvalidAcceptHeader' - '429': - $ref: '#/components/responses/ErrorRateLimiting' - '500': - $ref: '#/components/responses/ErrorInternal' - '503': - $ref: '#/components/responses/ServiceUnavailable' -security: - - access_token: [] -components: - securitySchemes: - access_token: - type: http - description: | - APIs need to provide an access token created using the MAN Platform Authorization API and which complies with OpenID Connect protocol. - Refer to the *MAN platform authorization API Reference* on how to generate these access tokens. - scheme: bearer - bearerFormat: JWT - responses: - SuccessCreation: - description: Returned upon successful object creation. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadCreationSuccess' - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - SuccessNoMessage: - description: Confirms successful processing. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorValidation: - description: Returned when the request input validation failed. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: BAD_REQUEST - message: The request validation failed. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNotAuthenticatedNoContents: - description: Returned when the client authentication failed. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNotAuthenticated: - description: Returned when the client authentication failed. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: UNAUTHORIZED - message: The authentication failed. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNoPermissionNoContents: - description: Returned when the client does not have the expected permissions to access the method. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNoPermission: - description: Returned when the client does not have the expected permissions to access the method. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: FORBIDDEN - message: User is not allowed to access this resource. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNotFound: - description: Returned when the object referenced by the API request does not exist. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: NOT_FOUND - message: The resource is not found. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNotAllowedNoContents: - description: Error returned when the API method is not allowed for the given object. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorNotAllowed: - description: Error returned when the API method is not allowed for the given object. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: METHOD_NOT_ALLOWED - message: The method is not allowed for the resource. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInvalidAcceptHeaderNoContents: - description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInvalidAcceptHeader: - description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: NOT_ACCEPTABLE - message: The format in the `Accept` header is not supported. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorConflict: - description: Returned when the API request cannot be fulfilled due to the object current status. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: CONFLICT - message: This resource already exists. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInvalidContentTypeNoContents: - description: Returned when the client specifies a `Content-Type` header value not supported. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInvalidContentType: - description: Returned when the client specifies a `Content-Type` header value not supported. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: UNSUPPORTED_MEDIA_TYPE - message: The format of the request body is not supported. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorRateLimitingNoContents: - description: Returned when too many requests have been sent by the client in a certain amount of time. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorRateLimiting: - description: Returned when too many requests have been sent by the client in a certain amount of time. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: TOO_MANY_REQUESTS - message: Rate limit is exceeded. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInternalNoContents: - description: Returned when an unexpected error occurred while processing the request. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ErrorInternal: - description: Returned when an unexpected error occurred while processing the request. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: INTERNAL_SERVER_ERROR - message: An unexpected error occurred while processing the request. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ServiceUnavailableNoContents: - description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. - headers: - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - ServiceUnavailable: - description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. - content: - application/json: - schema: - $ref: '#/components/schemas/ApiPayloadError' - example: - code: SERVICE_UNAVAILABLE - message: The service is currently unavailable. - headers: - Content-Length: - $ref: '#/components/headers/Content-Length' - X-Correlation-Id: - $ref: '#/components/headers/X-Correlation-Id' - X-Response-Id: - $ref: '#/components/headers/X-Response-Id' - schemas: - BypassTokenCreationResponse: - type: object - description: Response of bypass token generation request - properties: - id: - type: string - description: Token identifier - example: SPC000-YE42L73SGAG45I05 - BypassTokenId: - type: string - pattern: ^([0-9A-Z]{6})-([0-9A-Z\-]{16})$ - description: | - Token to be used in "Identity-Bypass" SIP INVITE message header when the provider has to temporarily disable its STI-AS component. - The expected format is `SPC-RANDOM`, where: - - SPC: APNF Service Provider Code - - RANDOM: 1 to 16 characters between A-Z, 0-A or '-' - example: APNF00-123456789-ABCDE - BypassToken: - type: object - required: - - id - - created_at - properties: - id: - $ref: '#/components/schemas/BypassTokenId' - created_at: - type: string - description: | - Token creation date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-01-24T10:12:25Z' - archived_at: - type: string - description: | - Token archiving date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-05-24T00:00:00Z' - UUID: - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: 9d82a078-01cb-4a70-a529-14b7e57d4a21 - HistoryId: - description: ID of the history record. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: c8d2874c-4fb8-44c0-ab39-4143e53870a4 - ProviderId: - description: ID of the provider. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - ProviderVerificationProcessId: - description: ID of the provider verification process. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: dfe3d1d4-a2d7-4fd1-a12c-acb18200dc64 - UserId: - description: ID of the user. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: 155720a6-f4c9-40ec-b479-a32d7f062553 - CredentialId: - description: ID of the API credential. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: 9152f121-f66f-421c-87ce-78b218e250d4 - CertificateId: - description: ID of the certificate. Must be unique. - type: string - format: uuid - pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ - example: d240dd9e-a077-42f5-92e3-a3d3f10e002e - RFC7231.HTTP-date: - type: string - description: Date format as defined in RFC7231, section 7.1.1.1. - pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT)$ - example: Mon, 17 Jan 2022 10:12:25 GMT - PaginationMetaData: - type: object - description: Information regarding paginated results - properties: - offset: - type: integer - description: Current offset - default: 0 - example: 40 - limit: - type: integer - description: Number of resources per page - minimum: 1 - default: 20 - maximum: 100 - links: - type: object - properties: - next: - type: string - description: Path to retrieve the next page - pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ - example: /resource?offset=60&limit=20 - first: - type: string - description: Path to retrieve the first page - pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ - example: /resource?offset=0&limit=20 - prev: - type: string - description: Path to retrieve the previous page - pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ - example: /resource?offset=20&limit=20 - EmailAddress: - type: string - maxLength: 254 - description: Email address - example: john.doe@spa.domain - Language: - type: string - enum: - - FRENCH - - ENGLISH - example: FRENCH - ProviderStatus: - type: string - description: Provider status - enum: - - REGISTRATION - - ENABLED - - DISABLED - example: ENABLED - ProviderCode: - type: string - description: Service Provider Code. Each service provider in France is assigned a unique code by the APNF. - pattern: ^([0-9A-Z]{6})$ - example: SPA000 - ProviderOIDCSettings: - type: object - description: Configuration of an OpenID Connect identity provider - properties: - authorizationUrl: - type: string - example: https://samples.auth0.com/authorize - tokenUrl: - type: string - example: https://samples.auth0.com/oauth/token - logoutUrl: - type: string - description: | - End session endpoint to use to logout user from external IDP. This is optional. - userInfoUrl: - type: string - description: | - The User Info Url. This is optional. - example: https://samples.auth0.com/userinfo - issuer: - type: string - description: | - The issuer identifier for the issuer of the response. If not provided, no validation will be performed. - example: https://samples.auth0.com/ - validateSignature: - type: boolean - description: | - Enable/disable signature validation of external IDP signatures. - example: true - useJwksUrl: - type: boolean - description: | - If true, identity provider public keys will be downloaded from given JWKS URL. - example: true - jwksUrl: - type: string - description: | - URL where identity provider keys in JWK format are stored. - example: https://samples.auth0.com/.well-known/jwks.json - clientAuthMethod: - type: string - description: | - The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). - In case of JWT signed with private key, the realm private key is used. - enum: - - clientAuth_post - - clientAuth_basic - - clientAuth_secret_jwt - - clientAuth_privatekey_jwt - example: clientAuth_post - clientId: - type: string - description: | - The client identifier registered with the identity provider. - example: kbyuFDidLLm280LIwVFiazOqjO3ty8KH - clientSecret: - type: string - description: | - The client secret registered with the identity provider. - example: 60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa - ProviderSSOSettings: - allOf: - - oneOf: - - $ref: '#/components/schemas/ProviderOIDCSettings' - - type: object - description: | - Single Sign-On configuration. - To be used only when `authentication_mode` is set to `SSO`. - default: null - properties: - type: - type: string - enum: - - OIDC - Provider: - allOf: - - type: object - required: - - id - - status - properties: - id: - $ref: '#/components/schemas/ProviderId' - status: - $ref: '#/components/schemas/ProviderStatus' - - $ref: '#/components/schemas/ProviderCreationRequest' - - description: Provider data model - - type: object - required: - - deleted - - created_at - - created_by - - updated_at - - updated_by - properties: - legal_administrator: - description: | - UUID of the user account corresponding to the provider legal administrator - $ref: '#/components/schemas/UUID' - deleted: - type: boolean - description: | - Deleted status. - The user of the deleted provider do not have access anymore to the application. this provider will be - effectively erased after 3 months. - During that period, it is possible to "undelete" a provider. - default: false - example: false - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - created_by: - type: string - maxLength: 254 - description: | - User who created the provider. Format shall be ` <>`. - May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action - is performed by the platform. - example: John Doe - updated_at: - type: string - description: | - Last Update Date. - Initially set to the same value as `created_at`. - format: date-time - example: '2022-05-17T10:12:25Z' - updated_by: - type: string - maxLength: 254 - description: | - User who updated the provider data. Format shall be ` <>`. - May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action - is performed by the platform. - Initially set to the same value as `created_by`. - example: John Doe - deleted_at: - type: string - description: Deletion date - format: date-time - nullable: true - example: '2022-05-17T10:12:25Z' - deleted_by: - type: string - maxLength: 254 - description: | - User who deleted the provider. Format shall be ` <>`. - May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action - is performed by the platform. - nullable: true - example: John Doe - bypass_token: - $ref: '#/components/schemas/BypassTokenId' - ProviderCreationRequest: - type: object - description: Provider creation request data model - required: - - name - - code - - address - - signing_provider - properties: - name: - type: string - maxLength: 64 - description: Provider name - example: Opérateur A - code: - $ref: '#/components/schemas/ProviderCode' - address: - type: string - maxLength: 255 - description: Provider HQ address - example: 30, rue de Paris 75018 Paris - technical_number: - type: string - maxLength: 15 - description: | - Phone number injected by the provider in SIP INVITE messages when the phone number specified in the `orig` field is not valid format for the STIR Shaken protocol. - Number format shall comply with E.164 protocol. - example: '33123456789' - signatory: - type: boolean - description: | - Flag to indicate if the provider is expected to sign phone calls and. - Only signatory providers shall be allowed to have certificates delivered. - default: true - opts: - type: boolean - description: | - Flag to indicate if the provider declares itself as a technical signatory provider (OPTS), - e.g. a provider that can sign phone calls on behalf of other signatory providers. - - This property can be set to `TRUE` only if `signatory` is also set to `TRUE`. - default: false - example: true - opts_contracts: - type: array - description: | - List of providers allowed to choose this provider as OPTS. - items: - $ref: '#/components/schemas/ProviderCode' - default: [] - example: - - SPB000 - - SPC000 - - SPD000 - global_notification_list: - description: | - List of email addresses for the provider 'global' notification list. - Will receive any general information published by the platform. - type: array - items: - $ref: '#/components/schemas/EmailAddress' - default: [] - example: - - john.doe@spa.domain - - jane.doe@spa.domain - certificate_notification_list: - description: | - List of email addresses for the provider 'certificate' notification list. - Will receive any information published by the platform related to certificates creation and revocation. - type: array - items: - $ref: '#/components/schemas/EmailAddress' - default: [] - example: - - john.doe@spa.domain - - jane.doe@spa.domain - deposit_notification_list: - description: | - List of email addresses for the provider 'deposit' notification list. - type: array - items: - $ref: '#/components/schemas/EmailAddress' - default: [] - example: - - john.doe@spa.domain - - jane.doe@spa.domain - legal_notification_list: - description: | - List of email addresses for the provider 'legal' notification list. - Will receive any information published by the platform related to provider authorization. - type: array - items: - $ref: '#/components/schemas/EmailAddress' - default: [] - example: - - john.doe@spa.domain - - jane.doe@spa.domain - ticketing_notification_list: - description: | - List of email addresses for the provider 'ticketing' notification list. - Will receive any information published by the platform related to ticket evolution. - type: array - items: - $ref: '#/components/schemas/EmailAddress' - default: [] - example: - - john.doe@spa.domain - - jane.doe@spa.domain - ticket_notification_active: - description: | - If the function is disabled, notifications from the ticket management tools are not sent - Unless there is a major incident on the MAN platform which requires imperative consideration of the - notification. - type: boolean - default: true - sftp_allowed_keys: - type: array - description: | - SSH public keys allowed to access the platform SFTP service created for the provider - - If no values are specified, no connection to the SFTP service will be possible. - items: - type: string - maxLength: 1024 - description: SSH public key contents - example: ssh-rsa AAAAB3NzaC...p5CSsDJ SI@host-4527 - sftp_allowed_ips: - type: array - description: | - List of IPv4 addresses to be allowed to connect to the SFTP BSM service. - - If no values are specified, connections to the SFTP service will be possible from any IP address. - items: - type: string - description: IPv4 address - format: ipv4 - pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ - example: 127.0.0.1 - languages: - type: array - description: | - List of languages to be proposed to the provider users for the platform UI. - items: - $ref: '#/components/schemas/Language' - default: - - FRENCH - example: - - FRENCH - - ENGLISH - authentication_mode: - type: string - description: Mode to be used to authenticate provider user accounts. - enum: - - SSO - - MFA - default: MFA - example: SSO - sso_settings: - $ref: '#/components/schemas/ProviderSSOSettings' - ProviderSummaryView: - type: object - description: Provider data model (summary view) - required: - - name - - code - - signing_provider - properties: - id: - $ref: '#/components/schemas/ProviderId' - status: - $ref: '#/components/schemas/ProviderStatus' - name: - type: string - maxLength: 64 - description: Provider name - example: Opérateur - code: - $ref: '#/components/schemas/ProviderCode' - signing_provider: - type: boolean - description: Shall this provider be allowed to have certificates delivered - opts: - type: boolean - description: Shall this provider be available in the list of available OPTS to be selected by origin provider - deleted: - type: boolean - description: | - Deleted status. - The user of the deleted provider do not have access anymore to the application. this provider will be - effectively erased after 3 months. - During that period, it is possible to "undelete" a provider. - default: false - example: false - ProviderVerificationProcessDetail: - type: object - description: Controls checklist with details - properties: - legal_notification_list_verified: - type: boolean - description: | - Set to `true` when the legal notification list received the email about the start of the verification - process. - default: false - example: true - provider_name_verified: - type: boolean - description: | - Set to `true` when the provider's name has been verified. - default: false - example: true - provider_address_verified: - type: boolean - description: | - Set to `true` when the provider's address has been verified. - default: false - example: true - provider_kbis_verified: - type: boolean - description: | - Set to `true` when the provider's k-bis has been verified. - default: false - example: true - contact_identity_verified: - type: boolean - description: | - Set to `true` when the contact's identity have been verified. - default: false - example: true - contact_email_verified: - type: boolean - description: | - Set to `true` when the contact's email have been verified. - default: false - example: true - contact_phone_verified: - type: boolean - description: | - Set to `true` when the contact's phone number have been verified. - default: false - example: true - certificate_notification_list_verified: - type: boolean - description: | - Set to `true` when the an email has been sent to the certificate notification list and another email - has been received from this list. - default: false - example: true - ProviderVerificationProcessUpdateRequest: - type: object - description: | - Provider authorization status (to edit). - A provider shall be authorized in order to request the generation of certificates. - Once authorized, a provider shall also be authorized back each year. - required: - - status - properties: - status: - description: Status of the verification process - type: string - enum: - - PENDING - - COMPLETED - example: COMPLETED - decision: - description: | - Decision regarding provider verification. - - Set only if the `status` property is set to `COMPLETED`. - type: boolean - nullable: true - example: true - details: - $ref: '#/components/schemas/ProviderVerificationProcessDetail' - completed_at: - type: string - description: | - Date the verification process has been completed. - Set only if the `status` property is set to `COMPLETED`. - format: date-time - example: '2022-05-17T10:12:25Z' - nullable: true - ProviderVerificationProcessCreationRequest: - allOf: - - $ref: '#/components/schemas/ProviderVerificationProcessUpdateRequest' - - type: object - description: | - Create a new provider verification process. - properties: - started_at: - type: string - description: | - Date the process has been started. - If not set, use current date and time. - format: date-time - example: '2022-01-17T10:12:25Z' - ProviderVerificationProcess: - allOf: - - type: object - required: - - id - properties: - id: - $ref: '#/components/schemas/ProviderVerificationProcessId' - - $ref: '#/components/schemas/ProviderVerificationProcessCreationRequest' - - description: | - Provider authorization status. - A provider shall be authorized in order to request the generation of certificates. - Once authorized, a provider shall also be authorized back each year. - ProviderVerificationProcessSummaryView: - type: object - description: Provider authorization status (summary view). - required: - - id - - status - properties: - id: - $ref: '#/components/schemas/ProviderVerificationProcessId' - status: - description: Status of the verification process - type: string - enum: - - PENDING - - COMPLETED - example: COMPLETED - decision: - description: | - Decision regarding provider verification. - - Set only if the `status` property is set to `COMPLETED`. - type: boolean - nullable: true - example: true - completed_at: - type: string - description: | - Date the verification process has been completed. - Set only if the `status` property is set to `COMPLETED`. - format: date-time - example: '2022-05-17T10:12:25Z' - nullable: true - UserRole: - type: string - description: | - User role defining user permissions in the application. - - The following roles are for users not associated to a service provider: - * A user with `MAN_ADMINISTRATOR` role has access to all functionalities to manage the platform. - * A user with `APNF` role has access to all providers data in read-only mode. - - The following roles are for users associated to a service provider: - * A user with `ADMINISTRATOR` role has access to all functionalities to manage a provider, their users and data. - * A user with `MANAGER` role can view all provider data and has access to APIs for managing STI certificates. - * A user with `SUPERVISOR` role has access to all provider data but in read-only mode. - enum: - - MAN_ADMINISTRATOR - - ADMINISTRATOR - - MANAGER - - SUPERVISOR - - APNF - example: MANAGER - UserStatus: - type: string - description: | - User status. Following values are possible: - - - `PENDING`: the account has been created but the user has not yet activated the account - - `ENABLED`: the account has been created and the user has activated the account - - `DISABLED`: the account has been disabled. User cannot login to the platform. - enum: - - PENDING - - ENABLED - - DISABLED - example: ENABLED - User: - type: object - description: User data model. - required: - - id - - provider_id - - firstname - - lastname - - email_address - - mobile_phone - - role - - status - - deleted - - created_at - - created_by - - updated_at - - updated_by - properties: - id: - $ref: '#/components/schemas/UserId' - provider_id: - allOf: - - description: ID of the service provider linked to the user. - - $ref: '#/components/schemas/ProviderId' - firstname: - type: string - maxLength: 64 - description: User first name - example: Jane - lastname: - type: string - maxLength: 64 - description: User last name - example: Doe - email_address: - type: string - maxLength: 254 - description: User email address - example: jane.doe@my.company - mobile_phone: - type: string - maxLength: 32 - description: Mobile phone number - example: 102030405 - language: - allOf: - - description: Language to be used in the UI for this user. - - $ref: '#/components/schemas/Language' - role: - $ref: '#/components/schemas/UserRole' - status: - $ref: '#/components/schemas/UserStatus' - deleted: - type: boolean - description: | - Deleted status. - - The deleted user do not have access anymore to the application; the count will be effectively removed after 3 months, - and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` API. - default: false - example: false - last_connected_at: - type: string - description: User last connection date. - format: date-time - example: '2022-01-17T10:12:25Z' - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - created_by: - type: string - maxLength: 254 - description: | - Origin of the create action. May be set to : - - a user. The format shall be ` <>`. - - `API` if the action is triggered by an API call - - `SYSTEM` if the action is performed by the platform - example: John Doe - updated_at: - type: string - description: | - Last Update Date`. - Initially set to the same value as `created_at`. - format: date-time - example: '2022-01-17T10:12:25Z' - updated_by: - type: string - maxLength: 254 - description: | - Origin of the update action. May be set to : - - a user. The format shall be ` <>`. - - `API` if the action is triggered by an API call - - `SYSTEM` if the action is performed by the platform - example: John Doe - deleted_at: - type: string - description: Deletion date - format: date-time - nullable: true - example: '2022-05-17T10:12:25Z' - deleted_by: - type: string - maxLength: 254 - description: | - Origin of the delete action. May be set to : - - a user. The format shall be ` <>`. - - `API` if the action is triggered by an API call - - `SYSTEM` if the action is performed by the platform - nullable: true - example: John Doe - legal_administrator: - type: boolean - description: Determine is user is legal administrator or not. - UserSummaryView: - type: object - description: User (summary view) data model. - required: - - id - - firstname - - lastname - - email_address - - role - - status - - deleted - - created_at - - updated_at - - last_connected_at - properties: - id: - $ref: '#/components/schemas/UserId' - provider_id: - allOf: - - description: ID of the service provider linked to the user. - - $ref: '#/components/schemas/ProviderId' - firstname: - type: string - maxLength: 64 - description: User first name - example: Jane - lastname: - type: string - maxLength: 64 - description: User last name - example: Doe - email_address: - type: string - maxLength: 254 - description: User email address - example: jane.doe@my.company - role: - $ref: '#/components/schemas/UserRole' - status: - $ref: '#/components/schemas/UserStatus' - deleted: - type: boolean - description: | - Deleted status. - - The deleted user do not have access anymore to the application; the count will be effectively removed after 3 months, - and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` API. - default: false - example: false - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - updated_at: - type: string - description: Last update Date - format: date-time - example: '2022-01-17T10:12:25Z' - last_connected_at: - type: string - description: Last connection Date - format: date-time - example: '2022-01-17T10:12:25Z' - UserCreationRequest: - type: object - description: User creation request data model - required: - - firstname - - lastname - - email_address - - role - properties: - provider_id: - allOf: - - description: | - Provider the user shall belong to. - Shall be provided only when the account is created by a *MAN_ADMINISTRATOR* user. - - $ref: '#/components/schemas/ProviderId' - firstname: - type: string - maxLength: 64 - description: User first name - example: Jane - lastname: - type: string - maxLength: 64 - description: User last name - example: Doe - email_address: - type: string - maxLength: 254 - description: User email address - example: john.doe@spa.domain - mobile_phone: - type: string - maxLength: 20 - description: Mobile phone number - example: 102030405 - language: - allOf: - - description: | - Language to be used in the UI for this user. - - *Note:* The list of languages available to the user depends on the provider configuration. - - default: FRENCH - - $ref: '#/components/schemas/Language' - role: - $ref: '#/components/schemas/UserRole' - UserPref: - type: object - description: Portal preferences of the user. - properties: - pagination_limit: - type: integer - description: Default number of resources per page - minimum: 1 - default: 20 - maximum: 100 - show_menu: - type: boolean - description: Default menu visibility - default: true - ApiCredentialCreationRequest: - type: object - description: Provider (to create) data model - required: - - name - properties: - name: - type: string - maxLength: 64 - description: Name of the credential - example: 'API Credential SI #1' - description: - type: string - maxLength: 1024 - description: Optional information - example: Description of the credential. - expires_on: - type: string - description: | - Credential expiration date. Date shall be in ISO-8601 format. - - When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data - associated with this credential - format: date-time - example: '2022-01-24T10:12:25Z' - ApiCredentialCreationResponse: - allOf: - - $ref: '#/components/schemas/ApiCredential' - - type: object - description: | - API credential data model. - Contains the `client_id` and `client_secret` data to be used in OAuth 2.0 authorization API call for - access token delivery. - required: - - client_secret - properties: - client_secret: - type: string - maxLength: 32 - description: | - data to be passed to the OAuth 2.0 authorization call to get a new access token. - ApiCredential: - type: object - description: | - API credential data model. - Contains the `client_id` (without `client_secret`) data to be used in OAuth 2.0 authorization API call for - access token delivery. - required: - - id - - provider_id - - name - - created_at - - created_by - - updated_at - - updated_by - - client_id - properties: - id: - allOf: - - $ref: '#/components/schemas/CredentialId' - provider_id: - allOf: - - description: ID of the service provider that requested the credential. - - $ref: '#/components/schemas/ProviderId' - name: - type: string - maxLength: 64 - description: Name of the API credential - example: 'API Credential SI #1' - description: - type: string - maxLength: 1024 - description: Additional information - example: Description of the credential. - expires_on: - type: string - description: | - Credential expiration date. Date shall be in ISO-8601 format. - When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data - associated with this credential - format: date-time - example: '2022-01-24T10:12:25Z' - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - created_by: - type: string - maxLength: 254 - description: | - User who created the credential. Format shall be ` <>`. - May otherwise be set to `API` if the update has been triggered by an API call or `SYSTEM` if the action - is performed by the platform. - example: John Doe - updated_at: - type: string - description: | - Last Update Date. - Initially set to the same value as `created_at`. - format: date-time - example: '2022-01-17T10:12:25Z' - updated_by: - type: string - maxLength: 254 - description: | - User who updated the credential settings. Format shall be ` <>`. - May otherwise be set to `API` if the update has been triggered by an API call or `SYSTEM` if the action - is performed by the platform. - Initially set to the same value as `created_by`. - example: John Doe - last_used_at: - type: string - description: Date the API credential has been last used to deliver an access token. - format: date-time - example: '2022-01-20T10:12:25Z' - client_id: - type: string - description: data to be passed to the OAuth 2.0 authorization call to get a new access token. - ApiCredentialSummaryView: - type: object - description: | - API credential data model (summary view). - Contains the `client_id` (without `client_secret`) data to be used in OAuth 2.0 authorization API call for - access token delivery. - required: - - id - - provider_id - - name - - client_id - properties: - id: - allOf: - - $ref: '#/components/schemas/CredentialId' - provider_id: - allOf: - - description: ID of the service provider that requested the credential. - - $ref: '#/components/schemas/ProviderId' - name: - type: string - maxLength: 64 - description: Name of the API credential - example: 'API Credential SI #1' - expires_on: - type: string - description: | - Credential expiration date. Date shall be in ISO-8601 format. - When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data - associated with this credential - format: date-time - example: '2022-01-24T10:12:25Z' - client_id: - type: string - maxLength: 64 - description: data to be passed to the OAuth 2.0 authorization call to get a new access token. - CertificateType: - type: string - description: | - Certificate type. A direct certificate is expected to be used directly by the service provider, - while an indirect certificate is requested by the service provider for a technical signing service provider (OPTS). - enum: - - DIRECT - - INDIRECT - example: DIRECT - ArchivedCertificateStatus: - type: string - description: Archived Certificate status. Allowed values are a subset of those accepted for `CertificateStatus` schema. - enum: - - REVOKED - - EXPIRED - - INVALID - example: EXPIRED - CertificateStatus: - type: string - description: Certificate status. - enum: - - PENDING - - ACTIVE - - REVOKED - - EXPIRED - - INVALID - example: ACTIVE - Certificate: - type: object - description: Certificate data model. This model will be used for both active and archived certificates. - required: - - id - - provider_id - - type - - name - - valid_from - - valid_to - - test_certificate - - status - - archived - - renewal_auto - - created_at - - created_by - - updated_at - - updated_by - properties: - id: - $ref: '#/components/schemas/CertificateId' - provider_id: - allOf: - - description: ID of the service provider that requested the certificate. - - $ref: '#/components/schemas/ProviderId' - type: - $ref: '#/components/schemas/CertificateType' - opts: - type: string - description: | - APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, - `null` otherwise. - pattern: ^([0-9A-Z]{6})$ - example: SPB000 - name: - type: string - maxLength: 64 - description: | - Certificate name provided by the origin service provider. Used to construct certificate Common Name. - example: Main Certificate - description: - type: string - maxLength: 1024 - description: Additional information related to the certificate - example: Description of the certificate. - valid_from: - type: string - description: Certificate validity start date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: Certificate expiration date. Date shall be in ISO-8601 format. - format: date-time - example: '2023-01-17T10:12:25Z' - test_certificate: - type: boolean - description: Is this a test certificate? - example: false - status: - $ref: '#/components/schemas/CertificateStatus' - archived: - type: boolean - description: Has the certificate been archived? - example: false - renewal_auto: - type: boolean - description: | - Automated renewal option. If enabled, the application will create a new certificate using the same CSR and - options provided for this certificate. - example: true - renewal_after: - type: integer - description: | - Number of days to wait after certificate creation (or finalization for an indirect certificate) - for the automated certificate renewal process to be triggered. - - Set only if `renewal_auto` is set to `true`. - example: 300 - renewed_by: - allOf: - - description: ID of the new certificate that replaces this certificate. - - $ref: '#/components/schemas/UUID' - url: - type: string - maxLength: 2048 - description: URL of the certificate in the certificate public repository - example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer - sn: - type: string - description: Certificate serial number - pattern: ^([0-9A-Fa-f]{2,40})$ - example: 57ABB34BCA510043BDE438460F13B27E6A82C004 - contents: - type: string - maxLength: 2048 - description: Certificate contents in PEM format. - example: | - -----BEGIN CERTIFICATE----- - MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw - gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl - MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD - g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw - NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD - MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL - DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ - qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 - ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j - RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E - BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 - Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK - DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv - bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww - CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV - YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv - -----END CERTIFICATE----- - csr: - type: string - maxLength: 2048 - description: Contents of the CSR file used to create this certificate. Format of the contents is PEM. - example: | - -----BEGIN CERTIFICATE REQUEST----- - MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG - UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp - ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw - 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA - MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb - mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= - -----END CERTIFICATE REQUEST----- - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - created_by: - type: string - maxLength: 254 - description: | - User who requested the certificate. Format shall be ` <>`. - May be set to `SYSTEM` if the certificate has been automatically created by the platform via the - automated renewal logic. - May otherwise be set to `API` if the request has been received via an API call. - example: John Doe - updated_at: - type: string - description: | - Last Update Date. - Initially set to the same value as `created_at`. - format: date-time - example: '2022-01-17T10:12:25Z' - updated_by: - type: string - maxLength: 254 - description: | - User who updated the certificate data. Format shall be ` <>`. - May be set to `API` if the request has been received via an API call. - Initially set to the same value as `created_by`. - example: John Doe - revoked_at: - type: string - description: | - Certificate revocation date. Only set if the certificate has been revoked, i.e if `status` is set to - 'REVOKED'. - format: date-time - example: '2022-08-17T10:12:25Z' - revoked_by: - type: string - maxLength: 254 - description: | - User who revoked the certificate. Format shall be ` <>`. - May be set to `API` if the request has been received via an API call, or to `CA` if the certificate has - been revoked by the Certificate Authority. - example: John Doe - revoked_reason: - type: string - description: | - Reason associated with the certificate revocation as defined in RFC 5280. - Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. - enum: - - unspecified - - keyCompromise - - affiliationChanged - - superseded - - cessationOfOperation - - certificateHold - - privilegeWithdrawn - default: unspecified - example: keyCompromise - revoked_comments: - type: string - maxLength: 1024 - description: | - Additional comments on the reason associated with the certificate revocation. - Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. - example: Clé privée compromise - RenewedCertificate: - allOf: - - $ref: '#/components/schemas/Certificate' - type: object - required: - - id - - provider_id - - opts - - type - - name - - valid_from - - valid_to - - test_certificate - - url - - sn - - contents - - status - - renewal_auto - - created_at - - created_by - PendingIndirectCertificate: - type: object - description: | - Indirect Certificate Request data model. This model is used when the origin service provider requests the - creation of a certificate for a technical provider (OPTS) - required: - - id - - provider_id - - opts - - type - - name - - valid_from - - valid_to - - test_certificate - - status - - renewal_auto - - created_at - - created_by - properties: - id: - $ref: '#/components/schemas/CertificateId' - provider_id: - allOf: - - description: ID of the service provider that requested the certificate. - - $ref: '#/components/schemas/ProviderId' - type: - allOf: - - enum: - - INDIRECT - - example: INDIRECT - - $ref: '#/components/schemas/CertificateType' - opts: - type: string - description: APNF Code of the technical signing service provider (OPTS). - pattern: ^([0-9A-Z]{6})$ - example: SPB000 - name: - type: string - maxLength: 64 - description: Certificate name provided by the origin service provider - example: Indirect Certificate - description: - type: string - maxLength: 1024 - description: Additional information related to the certificate - example: Description of the certificate. - test_certificate: - type: boolean - description: Is this certificate a test? - example: false - valid_from: - type: string - description: Certificate validity start date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: Certificate expiration date. Date shall be in ISO-8601 format. - format: date-time - example: '2023-01-17T10:12:25Z' - renewal_auto: - type: boolean - description: | - Automated renewal option. If enabled, the application will create a new certificate using the same CSR and - options provided for this certificate. - example: true - renewal_after: - type: integer - description: | - Number of days to wait after certificate creation (or finalization for an indirect certificate) - for the automated certificate renewal process to be triggered. - - Set only if `renewal_auto` is set to `true`. - example: 300 - status: - type: string - description: Certificate status. Will always be set to PENDING - enum: - - PENDING - example: PENDING - default: PENDING - created_at: - type: string - description: Creation Date - format: date-time - example: '2022-01-17T10:12:25Z' - created_by: - type: string - maxLength: 254 - description: | - User who requested the certificate. Format shall be ` <>`. - May be set to `SYSTEM` if the certificate has been automatically created by the platform via the - automated renewal logic. - May otherwise be set to `API` if the request has been received via an API call. - example: John Doe - CertificateSummaryView: - type: object - description: | - Certificate data model (summary view). This model will be used for both active and archived certificates. - required: - - id - - provider_id - - type - - name - - valid_from - - valid_to - - test_certificate - - status - - archived - - renewal_auto - properties: - id: - $ref: '#/components/schemas/CertificateId' - provider_id: - allOf: - - description: ID of the service provider that requested the certificate. - - $ref: '#/components/schemas/ProviderId' - type: - $ref: '#/components/schemas/CertificateType' - opts: - type: string - description: | - APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, - `null` otherwise. - pattern: ^([0-9A-Z]{6})$ - example: SPB000 - name: - type: string - maxLength: 64 - description: | - Certificate name provided by the origin service provider. Used to construct certificate Common Name. - example: Main Certificate - valid_from: - type: string - description: Certificate validity start date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: Certificate expiration date. Date shall be in ISO-8601 format. - format: date-time - example: '2023-01-17T10:12:25Z' - test_certificate: - type: boolean - description: Is this a test certificate? - example: false - url: - type: string - maxLength: 2048 - description: URL of the certificate in the certificate public repository - example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer - status: - $ref: '#/components/schemas/CertificateStatus' - archived: - type: boolean - description: Has the certificate been archived? - example: false - renewal_auto: - type: boolean - description: | - Automated renewal option. If enabled, the application will create a new certificate using the same CSR and - options provided for this certificate. - example: true - sn: - type: string - description: Certificate serial number - pattern: ^([0-9A-Fa-f]{2,40})$ - example: 57ABB34BCA510043BDE438460F13B27E6A82C004 - ArchivedCertificateSummaryView: - type: object - description: | - Archived Certificate data model (summary view). This model will be used for both active and archived certificates. - required: - - id - - provider_id - - type - - name - - valid_from - - valid_to - - test_certificate - - status - - archived - - renewal_auto - properties: - id: - $ref: '#/components/schemas/CertificateId' - provider_id: - allOf: - - description: ID of the service provider that requested the certificate. - - $ref: '#/components/schemas/ProviderId' - type: - $ref: '#/components/schemas/CertificateType' - opts: - type: string - description: | - APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, - `null` otherwise. - pattern: ^([0-9A-Z]{6})$ - example: SPB000 - name: - type: string - maxLength: 64 - description: | - Certificate name provided by the origin service provider. Used to construct certificate Common Name. - example: Main Certificate - valid_from: - type: string - description: Certificate validity start date. Date shall be in ISO-8601 format. - format: date-time - example: '2022-01-17T10:12:25Z' - valid_to: - type: string - description: Certificate expiration date. Date shall be in ISO-8601 format. - format: date-time - example: '2023-01-17T10:12:25Z' - test_certificate: - type: boolean - description: Is this a test certificate? - example: false - url: - type: string - maxLength: 2048 - description: URL of the certificate in the certificate public repository - example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer - status: - $ref: '#/components/schemas/ArchivedCertificateStatus' - archived: - type: boolean - description: Has the certificate been archived? - example: true - renewal_auto: - type: boolean - description: | - Automated renewal option. If enabled, the application will create a new certificate using the same CSR and - options provided for this certificate. - example: true - sn: - type: string - description: Certificate serial number - pattern: ^([0-9A-Fa-f]{2,40})$ - example: 57ABB34BCA510043BDE438460F13B27E6A82C004 - History: - description: | - Data model for history / activity log records. - A history / activity log describes an action performed on an object in the application. - type: object - required: - - id - - object_type - - action - - message - - performed_at - properties: - id: - $ref: '#/components/schemas/HistoryId' - object_type: - type: string - description: Type of the object - example: USER - enum: - - PROVIDER - - USER - - API_CREDENTIAL - - CERTIFICATE - - BPCO_CERTIFICATES - - BPCO_CRL - object_id: - allOf: - - description: ID of the object - - $ref: '#/components/schemas/UUID' - object_name: - type: string - description: Name of the object - maxLength: 254 - example: John Doe - action: - description: Action performed on the object - type: string - example: PASSWORD_RESET - enum: - - CREATE - - UPDATE - - DELETE - - UNDELETE - - LOGIN - - LOGOUT - - PASSWORD_RESET - - REGISTER - - AUTHORIZE - - RENEW - - REVOKE - message: - type: string - maxLength: 1024 - description: Message providing details on the action performed - example: Password reset has been requested from login page - changes: - type: object - description: List of the changes applied - properties: - property: - type: string - description: Name of the property - old_value: - type: string - maxLength: 2048 - description: Old value - new_value: - type: string - maxLength: 2048 - description: New value - ip_address: - type: string - description: IP address of the user / API client at the origin of the action - format: ipv4 - pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ - example: 127.0.0.1 - performed_at: - type: string - description: Date of the action using ISO-8601 date format (UTC timezone) - format: date-time - example: '2022-01-17T10:12:25Z' - performed_by: - type: string - maxLength: 254 - description: | - Source of the action. May be set to : - - a user if the action has been performed by the user from the platform UI. The format shall be ` <>`. - - `API` if the action is triggered by an API call - - `SYSTEM` if the action is performed by the platform - - null if the user is unknown (ex: password reset from the login page) - example: John Doe - ApiPayloadError: - type: object - description: Data model for error responses. - required: - - code - - message - properties: - code: - type: string - maxLength: 64 - description: Error code. Shall be capitalized with underscores. - message: - type: string - maxLength: 1024 - description: Message providing more details and context for the error that occurred. - ApiPayloadCreationSuccess: - type: object - description: | - Data model for responses returned by creation API endpoints when the object could have been successfully created. - required: - - id - properties: - id: - allOf: - - description: ID of the object newly created. - - $ref: '#/components/schemas/UUID' - message: - type: string - maxLength: 1024 - description: Message confirming the creation of the object - example: Resource has been successfully created. - parameters: - If-Modified-Since: - name: If-Modified-Since - in: header - description: Date in HTTP-Date format (RFC 7231). - required: false - schema: - $ref: '#/components/schemas/RFC7231.HTTP-date' - X-Request-Id: - name: X-Request-Id - in: header - description: Request ID that will be returned into the `X-Response-Id` response header. - required: false - schema: - $ref: '#/components/schemas/UUID' - example: 68831c50-2953-4047-9935-81a98ac1e1e1 - PaginationLimit: - name: limit - in: query - description: 'Number of records to return (Max: 100)' - required: false - schema: - type: integer - minimum: 1 - maximum: 100 - default: 20 - PaginationOffset: - name: offset - in: query - description: Offset to start the pagination - required: false - schema: - type: integer - default: 0 - ProviderId: - name: provider_id - in: path - description: ID of the provider - required: true - example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - schema: - $ref: '#/components/schemas/UUID' - UserId: - name: user_id - in: path - description: ID of the user - required: true - example: 155720a6-f4c9-40ec-b479-a32d7f062553 - schema: - $ref: '#/components/schemas/UUID' - CredentialId: - name: credential_id - in: path - description: ID of the credential to retrieve the history records - required: true - example: 9152f121-f66f-421c-87ce-78b218e250d4 - schema: - $ref: '#/components/schemas/UUID' - CertificateId: - name: certificate_id - in: path - description: ID of the certificate to retrieve history records - required: true - example: d240dd9e-a077-42f5-92e3-a3d3f10e002e - schema: - $ref: '#/components/schemas/UUID' - headers: - Content-Length: - description: Size in bytes of the response body. - schema: - type: integer - example: 80 - Content-Length-0: - description: Size in bytes of the response body. Always set to 0. - schema: - type: integer - minimum: 0 - maximum: 0 - default: 0 - example: 0 - Content-Type-GZip: - description: Content-Type header set as "application/gzip". - schema: - type: string - example: application/gzip - Content-Type-Pkix-Crl: - description: Content-Type header set as "application/pkix-crl". - schema: - type: string - example: application/pkix-crl - Location-Certificate: - description: Certificate access URL in the BPCO. - schema: - type: string - example: https://api.man-bpco.fr/certs/SPC000/a44cbe3916e8cd6e.cer - X-Correlation-Id: - description: ID generated by the API gateway. - schema: - $ref: '#/components/schemas/UUID' - example: f13371a6-40d7-48cf-a221-794b63fddbd9 - X-Response-Id: - description: Response ID that corresponds to the `X-Request-Id` request header, if provided. - schema: - $ref: '#/components/schemas/UUID' - example: 68831c50-2953-4047-9935-81a98ac1e1e1 - examples: - BypassTokenCreationResponse: - value: - id: SPC000-YE42L73SGAG45I05 - ProviderCreationRequest: - summary: Provider properties to use for creation - value: - name: Opérateur A - code: SPA000 - address: 30, rue de Paris 75018 Paris - technical_number: '33123456789' - signatory: true - opts: true - opts_contracts: - - SPB000 - - SPC000 - - SPD000 - global_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - certificate_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - legal_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticketing_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticket_notification_active: true - sftp_allowed_ips: - - 172.16.25.6 - languages: - - FRENCH - - ENGLISH - authentication_mode: MFA - ProviderDetails: - value: - id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - status: REGISTRATION - name: Opérateur A - code: SPA000 - address: 30, rue de Paris 75018 Paris - technical_number: '33123456789' - signatory: true - opts: true - legal_administrator: 9152f121-f66f-421c-87ce-78b218e250d5 - opts_contracts: - - SPB000 - - SPC000 - - SPD000 - global_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - certificate_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - legal_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticketing_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - deposit_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticket_notification_active: true - sftp_allowed_ips: - - 172.16.25.6 - languages: - - FRENCH - - ENGLISH - authentication_mode: MFA - deleted: false - created_at: '2022-01-17T10:12:25Z' - created_by: MAN Administrator - updated_at: '2022-01-17T10:12:25Z' - updated_by: MAN Administrator - bypass_token: SPC000-YE42L73SGAG45I05 - ProviderUpdateRequestByManAdministrator: - summary: Request to update all possible provider properties with a MAN administrator user - value: - status: DISABLED - name: Opérateur A - address: 30, rue de Paris 75018 Paris - technical_number: '33123456789' - signatory: true - opts: true - legal_administrator: 9152f121-f66f-421c-87ce-78b218e250d5 - opts_contracts: - - SPB000 - - SPC000 - - SPD000 - global_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - certificate_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - legal_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticketing_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticket_notification_active: true - sftp_allowed_ips: - - 172.16.25.6 - languages: - - FRENCH - - ENGLISH - authentication_mode: MFA - ProviderUpdateRequestByAdministrator: - summary: Request to update all possible provider properties with an administrator user - value: - address: 30, rue de Paris 75018 Paris - technical_number: '33123456789' - global_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - certificate_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - legal_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticketing_notification_list: - - john.doe@spa.domain - - jane.doe@spa.domain - ticket_notification_active: true - sftp_allowed_ips: - - 172.16.25.6 - languages: - - FRENCH - - ENGLISH - authentication_mode: MFA - ProviderVerificationProcessDetails: - value: - id: dfe3d1d4-a2d7-4fd1-a12c-acb18200dc64 - status: PENDING - started_at: '2022-05-17T10:12:25Z' - details: - legal_notification_list_verified: null - provider_name_verified: null - provider_address_verified: null - provider_kbis_verified: null - contact_identity_verified: null - contact_email_verified: null - contact_phone_verified: null - certificate_notification_list_verified: null - ProviderVerificationProcessUpdateRequest: - value: - id: dfe3d1d4-a2d7-4fd1-a12c-acb18200dc64 - status: COMPLETED - decision: true - completed_at: '2022-05-17T10:12:25Z' - details: - legal_notification_list_verified: true - provider_name_verified: true - provider_address_verified: true - provider_kbis_verified: true - contact_identity_verified: true - contact_email_verified: true - contact_phone_verified: true - certificate_notification_list_verified: true - UserCreationRequestByManAdministrator: - summary: Creation of an APNF user by platform administrator - value: - firstname: Mark - lastname: Jones - email_address: mark.jones@apnf - mobile_phone: '0612345678' - role: APNF - ProviderUserCreationRequestByManAdministrator: - summary: Creation of a provider ADMINISTRATOR user by platform administrator - value: - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - language: ENGLISH - role: ADMINISTRATOR - ProviderUserCreationRequestByAdministrator: - summary: Creation of a provider MANAGER user by provider administrator - value: - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - role: MANAGER - ApnfUserCreationResponse: - summary: Response for APNF user creation - value: - id: 155720a6-f4c9-40ec-b479-a32d7f062553 - firstname: Mark - lastname: Jones - email_address: mark.jones@apnf - mobile_phone: '0612345678' - language: FRENCH - role: APNF - status: PENDING - created_at: '2022-01-17T10:12:25Z' - created_by: MAN Administrator - updated_at: '2022-01-17T10:12:25Z' - updated_by: MAN Administrator - ProviderUserCreationResponse: - summary: Response for provider ADMINISTRATOR user creation - value: - id: 155720a6-f4c9-40ec-b479-a32d7f062553 - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - language: ENGLISH - role: ADMINISTRATOR - status: PENDING - created_at: '2022-01-17T10:12:25Z' - created_by: MAN Administrator - updated_at: '2022-01-17T10:12:25Z' - updated_by: MAN Administrator - ProviderUser: - summary: Details of a provider user - value: - id: 155720a6-f4c9-40ec-b479-a32d7f062553 - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - language: ENGLISH - role: ADMINISTRATOR - status: PENDING - created_at: '2022-01-17T10:12:25Z' - created_by: MAN Administrator - updated_at: '2022-01-17T10:12:25Z' - updated_by: MAN Administrator - last_connected_at: '2022-03-07T08:30:12Z' - legal_administrator: true - UserPersonalUpdateRequest: - summary: Request to update all possible properties for one's own account - value: - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - language: ENGLISH - UserUpdateRequest: - summary: Request to update all possible properties for another account - value: - firstname: Jane - lastname: Doe - email_address: jane.doe@spa.domain - mobile_phone: '0612345678' - language: ENGLISH - role: ADMINISTRATOR - status: DISABLED - PasswordResetRequestUsingEmailAddress: - summary: Password Reset Request using an email address - value: - email_address: john.doe@spa.domain - OtpResetRequestUsingEmailAddress: - summary: OTP Reset Request using an email address - value: - email_address: john.doe@spa.domain - otp: true - PasswordResetRequestUsingUserId: - summary: Request using a user ID (MAN_ADMINISTRATOR / ADMINISTRATOR only) - value: - user_id: 155720a6-f4c9-40ec-b479-a32d7f062553 - ResendActivationLinkRequestUsingUserId: - summary: Request new activation link using a user ID (MAN_ADMINISTRATOR / ADMINISTRATOR only) - value: - user_id: 155720a6-f4c9-40ec-b479-a32d7f062553 - activation_link: true - ApiCredential: - summary: Details of an API credential - value: - id: 9152f121-f66f-421c-87ce-78b218e250d4 - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - name: 'API Credential SI #1' - description: Description of the credential. - expires_on: '2022-01-24T10:12:25Z' - last_used_at: '2022-01-20T10:12:25Z' - created_at: '2022-01-17T10:12:25Z' - created_by: John Doe - updated_at: '2022-01-17T10:12:25Z' - updated_by: John Doe - client_id: OPC000_001 - ApiCredentialCreationResponse: - summary: API credential creation response - value: - id: 9152f121-f66f-421c-87ce-78b218e250d4 - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - name: 'API Credential SI #1' - description: Description of the credential. - expires_on: '2022-01-24T10:12:25Z' - created_at: '2022-01-17T10:12:25Z' - created_by: John Doe - updated_at: '2022-01-17T10:12:25Z' - updated_by: John Doe - client_id: OPC000_001 - client_secret: 7AD6F8F12F5B091E6DAEB1979F76DFBB - ApiCredentialUpdateRequest: - summary: Request to update all possible properties of an API credential - value: - name: API Credential (no expiration) - description: This API credential shall not expire - expires_on: null - DirectCertificateRequest: - summary: Request for a direct certificate - value: - type: DIRECT - name: Main Certificate - description: Description of the certificate. - test_certificate: false - valid_from: '2022-01-17T10:12:25Z' - renewal_auto: true - renewal_after: 300 - csr: | - -----BEGIN CERTIFICATE REQUEST----- - MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG - UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp - ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw - 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA - MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb - mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= - -----END CERTIFICATE REQUEST----- - DirectCertificate: - summary: Details of an active direct certificate +components: + examples: + BypassTokenCreationResponse: + value: + id: SPC000-YE42L73SGAG45I05 + DirectArchivedCertificate: + summary: Details of an archived direct certificate value: id: d240dd9e-a077-42f5-92e3-a3d3f10e002e provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 @@ -5872,12 +2292,12 @@ components: name: Main Certificate description: Description of the certificate. test_certificate: false - valid_from: '2022-01-17T10:12:25Z' + valid_from: '2021-01-17T10:12:25Z' valid_to: '2023-01-17T10:12:25Z' renewal_auto: true renewal_after: 300 - status: ACTIVE - archived: false + status: REVOKED + archived: true sn: 57ABB34BCA510043BDE438460F13B27E6A82C004 url: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer contents: | @@ -5908,12 +2328,16 @@ components: MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= -----END CERTIFICATE REQUEST----- - created_at: '2022-01-17T10:12:25Z' + created_at: '2021-01-17T10:12:25Z' created_by: John Doe updated_at: '2022-01-17T10:12:25Z' updated_by: John Doe - DirectArchivedCertificate: - summary: Details of an archived direct certificate + revoked_at: '2022-01-30T09:10:00Z' + revoked_by: John Doe + revoked_reason: keyCompromise + revoked_comments: Clé privée compromise + DirectCertificate: + summary: Details of an active direct certificate value: id: d240dd9e-a077-42f5-92e3-a3d3f10e002e provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 @@ -5921,12 +2345,12 @@ components: name: Main Certificate description: Description of the certificate. test_certificate: false - valid_from: '2021-01-17T10:12:25Z' + valid_from: '2022-01-17T10:12:25Z' valid_to: '2023-01-17T10:12:25Z' renewal_auto: true renewal_after: 300 - status: REVOKED - archived: true + status: ACTIVE + archived: false sn: 57ABB34BCA510043BDE438460F13B27E6A82C004 url: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer contents: | @@ -5957,44 +2381,35 @@ components: MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= -----END CERTIFICATE REQUEST----- - created_at: '2021-01-17T10:12:25Z' + created_at: '2022-01-17T10:12:25Z' created_by: John Doe updated_at: '2022-01-17T10:12:25Z' updated_by: John Doe - revoked_at: '2022-01-30T09:10:00Z' - revoked_by: John Doe - revoked_reason: keyCompromise - revoked_comments: Clé privée compromise - IndirectCertificateRequest: - summary: Request for an indirect certificate + DirectCertificateRequest: + summary: Request for a direct certificate value: - type: INDIRECT - opts: SPB000 - name: Indirect Certificate + type: DIRECT + name: Main Certificate description: Description of the certificate. test_certificate: false - valid_from: '2022-03-01T00:00:00Z' - valid_to: 2022-05-3123:59:59Z - renewal_auto: false - PendingIndirectCertificate: - summary: Details of an indirect certificate not yet finalized + valid_from: '2022-01-17T10:12:25Z' + renewal_auto: true + renewal_after: 300 + csr: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + DirectCertificateUpdateRequest: + summary: Request to update all possible properties of a direct certificate value: - id: d240dd9e-a077-42f5-92e3-a3d3f10e002e - provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 - type: INDIRECT - opts: SPB000 - name: Indirect Certificate - description: Description of the certificate. - test_certificate: false - valid_from: '2022-03-01T00:00:00Z' - valid_to: 2022-05-3123:59:59Z + name: Certificate new name. + description: Updated description of the certificate. renewal_auto: false - status: PENDING - archived: false - created_at: '2022-01-17T10:12:25Z' - created_by: John Doe - updated_at: '2022-01-17T10:12:25Z' - updated_by: John Doe IndirectCertificate: summary: Details of an indirect certificate finalized by the OPTS value: @@ -6044,12 +2459,43 @@ components: created_by: John Doe updated_at: '2022-01-17T10:12:25Z' updated_by: Jane Doe - DirectCertificateUpdateRequest: - summary: Request to update all possible properties of a direct certificate + IndirectCertificateRequest: + summary: Request for an indirect certificate + value: + type: INDIRECT + opts: SPB000 + name: Indirect Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-03-01T00:00:00Z' + valid_to: 2022-05-3123:59:59Z + renewal_auto: false + IndirectCertificateUpdateRequest: + summary: Request to update all possible properties of a finalized indirect certificate value: name: Certificate new name. description: Updated description of the certificate. + renewal_auto: true + renewal_after: 300 + PendingIndirectCertificate: + summary: Details of an indirect certificate not yet finalized + value: + id: d240dd9e-a077-42f5-92e3-a3d3f10e002e + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + type: INDIRECT + opts: SPB000 + name: Indirect Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-03-01T00:00:00Z' + valid_to: 2022-05-3123:59:59Z renewal_auto: false + status: PENDING + archived: false + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe PendingIndirectCertificateUpdateRequest: summary: Request to update all possible properties of a pending indirect certificate value: @@ -6060,10 +2506,1449 @@ components: valid_to: '2023-01-00T00:00:00Z' renewal_auto: true renewal_after: 300 - IndirectCertificateUpdateRequest: - summary: Request to update all possible properties of a finalized indirect certificate + ProviderDetails: value: - name: Certificate new name. - description: Updated description of the certificate. - renewal_auto: true - renewal_after: 300 + id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + status: REGISTRATION + name: Opérateur A + code: SPA000 + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + signatory: true + opts: true + legal_administrator: John Doe + opts_contracts: + - SPB000 + - SPC000 + - SPD000 + opts_allowed: + - SPE000 + - SPF000 + - SPG000 + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + last_verification: + id: 9152f121-f66f-421c-87ce-78b218e250d4 + status: COMPLETED + decision: true + completed_at: '2022-05-18T10:12:25Z' + deleted: false + created_at: '2022-01-17T10:12:25Z' + created_by: MAN Administrator + updated_at: '2022-01-17T10:12:25Z' + updated_by: MAN Administrator + bypass_token: SPC000-YE42L73SGAG45I05 + ProviderUpdateRequestByAdministrator: + summary: Request to update all possible provider properties with an administrator user + value: + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + ProviderUpdateRequestByManAdministrator: + summary: Request to update all possible provider properties with a MAN administrator user + value: + status: DISABLED + name: Opérateur A + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + signatory: true + opts: true + legal_administrator: 155720a6-f4c9-40ec-b479-a32d7f062553 + opts_contracts: + - SPB000 + - SPC000 + - SPD000 + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + headers: + Content-Length: + description: Size in bytes of the response body. + schema: + type: integer + example: 80 + Content-Type-GZip: + description: Content-Type header set as "application/gzip". + schema: + type: string + example: application/gzip + Content-Type-Pkix-Crl: + description: Content-Type header set as "application/pkix-crl". + schema: + type: string + example: application/pkix-crl + Location-Certificate: + description: Certificate access URL in the BPCO. + schema: + type: string + example: https://api.man-bpco.fr/certs/SPC000/a44cbe3916e8cd6e.cer + X-Correlation-Id: + description: ID generated by the API gateway. + schema: + $ref: '#/components/schemas/UUID' + example: f13371a6-40d7-48cf-a221-794b63fddbd9 + X-Response-Id: + description: Response ID that corresponds to the `X-Request-Id` request header, if provided. + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 + parameters: + CertificateId: + name: certificate_id + in: path + description: ID of the certificate to retrieve history records + required: true + example: d240dd9e-a077-42f5-92e3-a3d3f10e002e + schema: + $ref: '#/components/schemas/UUID' + If-Modified-Since: + name: If-Modified-Since + in: header + description: Date in HTTP-Date format (RFC 7231). + required: false + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + PaginationLimit: + name: limit + in: query + description: 'Number of records to return (Max: 100)' + required: false + schema: + type: integer + minimum: 1 + maximum: 100 + default: 20 + PaginationOffset: + name: offset + in: query + description: Offset to start the pagination + required: false + schema: + type: integer + default: 0 + ProviderId: + name: provider_id + in: path + description: ID of the provider + required: true + example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + schema: + $ref: '#/components/schemas/UUID' + X-Request-Id: + name: X-Request-Id + in: header + description: Request ID that will be returned into the `X-Response-Id` response header. + required: false + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 + responses: + ErrorInternal: + description: Returned when an unexpected error occurred while processing the request. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: INTERNAL_SERVER_ERROR + message: An unexpected error occurred while processing the request. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInternalNoContents: + description: Returned when an unexpected error occurred while processing the request. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidAcceptHeader: + description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: NOT_ACCEPTABLE + message: The format in the `Accept` header is not supported. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidAcceptHeaderNoContents: + description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidContentType: + description: Returned when the client specifies a `Content-Type` header value not supported. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: UNSUPPORTED_MEDIA_TYPE + message: The format of the request body is not supported. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNoPermission: + description: Returned when the client does not have the expected permissions to access the method. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: FORBIDDEN + message: User is not allowed to access this resource. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNoPermissionNoContents: + description: Returned when the client does not have the expected permissions to access the method. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAllowed: + description: Error returned when the API method is not allowed for the given object. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: METHOD_NOT_ALLOWED + message: The method is not allowed for the resource. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAuthenticated: + description: Returned when the client authentication failed. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: UNAUTHORIZED + message: The authentication failed. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAuthenticatedNoContents: + description: Returned when the client authentication failed. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotFound: + description: Returned when the object referenced by the API request does not exist. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: NOT_FOUND + message: The resource is not found. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorRateLimiting: + description: Returned when too many requests have been sent by the client in a certain amount of time. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: TOO_MANY_REQUESTS + message: Rate limit is exceeded. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorRateLimitingNoContents: + description: Returned when too many requests have been sent by the client in a certain amount of time. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorValidation: + description: Returned when the request input validation failed. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: BAD_REQUEST + message: The request validation failed. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ServiceUnavailable: + description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: SERVICE_UNAVAILABLE + message: The service is currently unavailable. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ServiceUnavailableNoContents: + description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + SuccessNoMessage: + description: Confirms successful processing. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + schemas: + ApiPayloadError: + type: object + description: Data model for error responses. + required: + - code + - message + properties: + code: + type: string + maxLength: 64 + description: Error code. Shall be capitalized with underscores. + message: + type: string + maxLength: 1024 + description: Message providing more details and context for the error that occurred. + ArchivedCertificateStatus: + type: string + description: Archived Certificate status. Allowed values are a subset of those accepted for `CertificateStatus` schema. + enum: + - REVOKED + - EXPIRED + - INVALID + example: EXPIRED + ArchivedCertificateSummaryView: + type: object + description: | + Archived Certificate data model (summary view). This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + status: + $ref: '#/components/schemas/ArchivedCertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: true + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + BypassToken: + type: object + required: + - id + - created_at + properties: + id: + $ref: '#/components/schemas/BypassTokenId' + created_at: + type: string + description: | + Token creation date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + archived_at: + type: string + description: | + Token archiving date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + BypassTokenCreationResponse: + type: object + description: Response of bypass token generation request + required: + - id + properties: + id: + $ref: '#/components/schemas/BypassTokenId' + BypassTokenId: + type: string + pattern: ^([0-9A-Z]{6})-([0-9A-Z\-]{16})$ + description: | + Current token to be used by provider in "Identity-Bypass" SIP INVITE message header + when the provider has to temporarily disable its STI-AS component. + + The expected format is `SPC-RANDOM`, where: + - SPC: APNF Service Provider Code + - RANDOM: 1 to 16 characters between A-Z, 0-A or '-' + example: SPC000-YE42L73SGAG45I05 + Certificate: + type: object + description: Certificate data model. This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + - created_at + - created_by + - updated_at + - updated_by + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate + example: Description of the certificate. + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + status: + $ref: '#/components/schemas/CertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: false + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate creation to wait for the automated certificate renewal process to be + triggered. + Set only if `renewal_auto` is set to `true`. + example: 300 + renewed_by: + allOf: + - description: ID of the new certificate that replaces this certificate. + - $ref: '#/components/schemas/UUID' + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + contents: + type: string + maxLength: 2048 + description: Certificate contents in PEM format. + example: | + -----BEGIN CERTIFICATE----- + MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw + gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl + MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD + g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw + NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD + MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL + DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ + qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 + ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j + RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E + BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 + Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK + DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv + bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww + CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV + YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv + -----END CERTIFICATE----- + csr: + type: string + maxLength: 2048 + description: Contents of the CSR file used to create this certificate. Format of the contents is PEM. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who requested the certificate. Format shall be ` <>`. + May be set to `SYSTEM` if the certificate has been automatically created by the platform via the + automated renewal logic. + May otherwise be set to `API` if the request has been received via an API call. + example: John Doe + updated_at: + type: string + description: | + Last Update Date. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-01-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + User who updated the certificate data. Format shall be ` <>`. + May be set to `API` if the request has been received via an API call. + Initially set to the same value as `created_by`. + example: John Doe + revoked_at: + type: string + description: | + Certificate revocation date. Only set if the certificate has been revoked, i.e if `status` is set to + 'REVOKED'. + format: date-time + example: '2022-08-17T10:12:25Z' + revoked_by: + type: string + maxLength: 254 + description: | + User who revoked the certificate. Format shall be ` <>`. + May be set to `API` if the request has been received via an API call, or to `CA` if the certificate has + been revoked by the Certificate Authority. + example: John Doe + revoked_reason: + type: string + description: | + Reason associated with the certificate revocation as defined in RFC 5280. + Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. + enum: + - unspecified + - keyCompromise + - affiliationChanged + - superseded + - cessationOfOperation + - certificateHold + - privilegeWithdrawn + default: unspecified + example: keyCompromise + revoked_comments: + type: string + maxLength: 1024 + description: | + Additional comments on the reason associated with the certificate revocation. + Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. + example: Clé privée compromise + CertificateId: + description: ID of the certificate. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: d240dd9e-a077-42f5-92e3-a3d3f10e002e + CertificateStatus: + type: string + description: Certificate status. + enum: + - PENDING + - ACTIVE + - REVOKED + - EXPIRED + - INVALIDATION + - INVALID + example: ACTIVE + CertificateSummaryView: + type: object + description: | + Certificate data model (summary view). This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + status: + $ref: '#/components/schemas/CertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: false + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + CertificateType: + type: string + description: | + Certificate type. A direct certificate is expected to be used directly by the service provider, + while an indirect certificate is requested by the service provider for a technical signing service provider (OPTS). + enum: + - DIRECT + - INDIRECT + example: DIRECT + EmailAddress: + type: string + maxLength: 254 + description: Email address + example: john.doe@spa.domain + History: + description: | + Data model for history / activity log records. + A history / activity log describes an action performed on an object in the application. + type: object + required: + - id + - object_type + - action + - message + - performed_at + properties: + id: + $ref: '#/components/schemas/HistoryId' + object_type: + type: string + description: Type of the object + example: USER + enum: + - PROVIDER + - USER + - API_CREDENTIAL + - CERTIFICATE + - BPCO_CERTIFICATES + - BPCO_CRL + object_id: + allOf: + - description: ID of the object + - $ref: '#/components/schemas/UUID' + object_name: + type: string + description: Name of the object + maxLength: 254 + example: John Doe + action: + description: Action performed on the object + type: string + example: PASSWORD_RESET + enum: + - CREATE + - UPDATE + - DELETE + - UNDELETE + - LOGIN + - LOGOUT + - PASSWORD_RESET + - REGISTER + - AUTHORIZE + - RENEW + - REVOKE + message: + type: string + maxLength: 1024 + description: Message providing details on the action performed + example: Password reset has been requested from login page + changes: + type: object + description: List of the changes applied + properties: + property: + type: string + description: Name of the property + old_value: + type: string + maxLength: 2048 + description: Old value + new_value: + type: string + maxLength: 2048 + description: New value + ip_address: + type: string + description: IP address of the user / API client at the origin of the action + format: ipv4 + pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ + example: 127.0.0.1 + performed_at: + type: string + description: Date of the action using ISO-8601 date format (UTC timezone) + format: date-time + example: '2022-01-17T10:12:25Z' + performed_by: + type: string + maxLength: 254 + description: | + Source of the action. May be set to : + - a user if the action has been performed by the user from the platform UI. The format shall be ` <>`. + - `API` if the action is triggered by an API call + - `SYSTEM` if the action is performed by the platform + - null if the user is unknown (ex: password reset from the login page) + example: John Doe + HistoryId: + description: ID of the history record. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: c8d2874c-4fb8-44c0-ab39-4143e53870a4 + Language: + type: string + enum: + - FRENCH + - ENGLISH + example: FRENCH + PaginationMetaData: + type: object + description: Information regarding paginated results + properties: + offset: + type: integer + description: Current offset + default: 0 + example: 40 + limit: + type: integer + description: Number of resources per page + minimum: 1 + default: 20 + maximum: 100 + links: + type: object + properties: + next: + type: string + description: Path to retrieve the next page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=60&limit=20 + first: + type: string + description: Path to retrieve the first page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=0&limit=20 + prev: + type: string + description: Path to retrieve the previous page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=20&limit=20 + PendingIndirectCertificate: + type: object + description: | + Indirect Certificate Request data model. This model is used when the origin service provider requests the + creation of a certificate for a technical provider (OPTS) + required: + - id + - provider_id + - opts + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - renewal_auto + - created_at + - created_by + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + allOf: + - enum: + - INDIRECT + - example: INDIRECT + - $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: APNF Code of the technical signing service provider (OPTS). + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: Certificate name provided by the origin service provider + example: Indirect Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate + example: Description of the certificate. + test_certificate: + type: boolean + description: Is this certificate a test? + example: false + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate creation to wait for the automated certificate renewal process to be + triggered. + Set only if `renewal_auto` is set to `true`. + example: 300 + status: + type: string + description: Certificate status. Will always be set to PENDING + enum: + - PENDING + example: PENDING + default: PENDING + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who requested the certificate. Format shall be ` <>`. + May be set to `SYSTEM` if the certificate has been automatically created by the platform via the + automated renewal logic. + May otherwise be set to `API` if the request has been received via an API call. + example: John Doe + Provider: + allOf: + - type: object + required: + - id + - status + properties: + id: + $ref: '#/components/schemas/ProviderId' + status: + $ref: '#/components/schemas/ProviderStatus' + - $ref: '#/components/schemas/ProviderCreationRequest' + - description: Provider data model + - type: object + required: + - last_verification + - deleted + - created_at + - created_by + - updated_at + - updated_by + properties: + legal_administrator: + type: string + description: | + Represent the user which is the legal agent of the provider + example: John Doe + opts_allowed: + type: array + description: | + List of providers OPTS that can be used to create an indirect certificate. + + This list is generated by the platform based on `opts_contracts`. + items: + $ref: '#/components/schemas/ProviderCode' + default: [] + example: + - SPB000 + - SPC000 + - SPD000 + deleted: + type: boolean + description: | + Deleted status. + The user of the deleted provider do not have access anymore to the application. this provider will be + effectively erased after 3 months. + During that period, it is possible to "undelete" a provider. + default: false + example: false + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who created the provider. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + example: John Doe + updated_at: + type: string + description: | + Last Update Date. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-05-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + User who updated the provider data. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + Initially set to the same value as `created_by`. + example: John Doe + deleted_at: + type: string + description: Deletion date + format: date-time + nullable: true + example: '2022-05-17T10:12:25Z' + deleted_by: + type: string + maxLength: 254 + description: | + User who deleted the provider. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + nullable: true + example: John Doe + bypass_token: + $ref: '#/components/schemas/BypassTokenId' + ProviderCode: + type: string + description: Service Provider Code. Each service provider in France is assigned a unique code by the APNF. + pattern: ^([0-9A-Z]{6})$ + example: SPA000 + ProviderCreationRequest: + type: object + description: Provider creation request data model + required: + - name + - code + - address + - signing_provider + properties: + name: + type: string + maxLength: 64 + description: Provider name + example: Opérateur A + code: + $ref: '#/components/schemas/ProviderCode' + address: + type: string + maxLength: 255 + description: Provider HQ address + example: 30, rue de Paris 75018 Paris + technical_number: + type: string + maxLength: 15 + description: | + Phone number injected by the provider in SIP INVITE messages when the phone number specified in the `orig` field is not valid format for the STIR Shaken protocol. + Number format shall comply with E.164 protocol. + example: '33123456789' + signatory: + type: boolean + description: | + Flag to indicate if the provider is expected to sign phone calls and. + Only signatory providers shall be allowed to have certificates delivered. + default: true + opts: + type: boolean + description: | + Flag to indicate if the provider declares itself as a technical signatory provider (OPTS), + e.g. a provider that can sign phone calls on behalf of other signatory providers. + + This property can be set to `TRUE` only if `signatory` is also set to `TRUE`. + default: false + example: true + opts_contracts: + type: array + description: | + List of providers allowed to choose this provider as OPTS. + items: + $ref: '#/components/schemas/ProviderCode' + default: [] + example: + - SPB000 + - SPC000 + - SPD000 + global_notification_list: + description: | + List of email addresses for the provider 'global' notification list. + Will receive any general information published by the platform. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + description: | + List of email addresses for the provider 'certificate' notification list. + Will receive any information published by the platform related to certificates creation and revocation. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + deposit_notification_list: + description: | + List of email addresses for the provider 'deposit' notification list. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + description: | + List of email addresses for the provider 'legal' notification list. + Will receive any information published by the platform related to provider authorization. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + description: | + List of email addresses for the provider 'ticketing' notification list. + Will receive any information published by the platform related to ticket evolution. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: + description: | + If the function is disabled, notifications from the ticket management tools are not sent + Unless there is a major incident on the MAN platform which requires imperative consideration of the + notification. + type: boolean + default: true + sftp_allowed_keys: + type: array + description: | + SSH public keys allowed to access the platform SFTP service created for the provider + + If no values are specified, no connection to the SFTP service will be possible. + items: + type: string + maxLength: 1024 + description: SSH public key contents + example: ssh-rsa AAAAB3NzaC...p5CSsDJ SI@host-4527 + sftp_allowed_ips: + type: array + description: | + List of IPv4 addresses to be allowed to connect to the SFTP BSM service. + + If no values are specified, connections to the SFTP service will be possible from any IP address. + items: + type: string + description: IPv4 address + format: ipv4 + pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ + example: 127.0.0.1 + languages: + type: array + description: | + List of languages to be proposed to the provider users for the platform UI. + items: + $ref: '#/components/schemas/Language' + default: + - FRENCH + example: + - FRENCH + - ENGLISH + authentication_mode: + type: string + description: Mode to be used to authenticate provider user accounts. + enum: + - SSO + - MFA + default: MFA + example: SSO + sso_settings: + $ref: '#/components/schemas/ProviderSSOSettings' + ProviderId: + description: ID of the provider. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + ProviderOIDCSettings: + type: object + description: Configuration of an OpenID Connect identity provider + properties: + authorizationUrl: + type: string + example: https://samples.auth0.com/authorize + tokenUrl: + type: string + example: https://samples.auth0.com/oauth/token + logoutUrl: + type: string + description: | + End session endpoint to use to logout user from external IDP. This is optional. + userInfoUrl: + type: string + description: | + The User Info Url. This is optional. + example: https://samples.auth0.com/userinfo + issuer: + type: string + description: | + The issuer identifier for the issuer of the response. If not provided, no validation will be performed. + example: https://samples.auth0.com/ + validateSignature: + type: boolean + description: | + Enable/disable signature validation of external IDP signatures. + example: true + useJwksUrl: + type: boolean + description: | + If true, identity provider public keys will be downloaded from given JWKS URL. + example: true + jwksUrl: + type: string + description: | + URL where identity provider keys in JWK format are stored. + example: https://samples.auth0.com/.well-known/jwks.json + clientAuthMethod: + type: string + description: | + The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). + In case of JWT signed with private key, the realm private key is used. + enum: + - clientAuth_post + - clientAuth_basic + - clientAuth_secret_jwt + - clientAuth_privatekey_jwt + example: clientAuth_post + clientId: + type: string + description: | + The client identifier registered with the identity provider. + example: kbyuFDidLLm280LIwVFiazOqjO3ty8KH + clientSecret: + type: string + description: | + The client secret registered with the identity provider. + example: 60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa + ProviderSSOSettings: + allOf: + - oneOf: + - $ref: '#/components/schemas/ProviderOIDCSettings' + - type: object + description: | + Single Sign-On configuration. + To be used only when `authentication_mode` is set to `SSO`. + default: null + properties: + type: + type: string + enum: + - OIDC + ProviderStatus: + type: string + description: Provider status + enum: + - REGISTRATION + - ENABLED + - DISABLED + example: ENABLED + RFC7231.HTTP-date: + type: string + description: Date format as defined in RFC7231, section 7.1.1.1. + pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT)$ + example: Mon, 17 Jan 2022 10:12:25 GMT + RenewedCertificate: + allOf: + - $ref: '#/components/schemas/Certificate' + type: object + required: + - id + - provider_id + - opts + - type + - name + - valid_from + - valid_to + - test_certificate + - url + - sn + - contents + - status + - renewal_auto + - created_at + - created_by + UUID: + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: 9d82a078-01cb-4a70-a529-14b7e57d4a21 + securitySchemes: + access_token: + type: http + description: | + APIs need to provide an access token created using the MAN Platform Authorization API and which complies with OpenID Connect protocol. + Refer to the *MAN platform authorization API Reference* on how to generate these access tokens. + scheme: bearer + bearerFormat: JWT diff --git a/apnf-man-platform-openapi.yaml b/apnf-man-platform-openapi.yaml new file mode 100644 index 0000000..23e92c9 --- /dev/null +++ b/apnf-man-platform-openapi.yaml @@ -0,0 +1,8666 @@ +openapi: 3.0.3 +info: + title: APNF MAN Platform - Platform API Reference + version: 1.7.0 + description: | + # Introduction + + Welcome to the APNF MAN platform API reference. + + The APIs listed in this reference provide all functionalities available to service providers, including: + - create and manage the STI certificates to be used for signing their SIP telephone calls per the STIR SHAKEN + protocol + - crate and manage along with functionalities to manage access to the MAN platform. + - crate and manage users who shall be given access to the platform + + Each provider registered with the APNF may request an access to the MAN platform and therefore these APIs. + + ## Authentication + + All APIs listed in this document require the API client to be authenticated. + The authentication process relies on OAuth 2.0 protocol, where an access token needs + to be passed to the API request as a JSON Web TOKEN using the Bearer `Authorization` header. + + ``` + Authorization: Bearer + ``` + + Refer to the *MAN Platform Authorization API Reference* on how to generate access tokens. Note that in order to + request an access token, you will first need to create an **API credential** as described in this reference. + + ## Requests & Headers + + - A Bearer `Authorization` header is required, where the Bearer token shall be set with the access token generated by the MAN platform authorization API. + - A `X-Request-Id` header can be provided with an uuid. If provided, this header will be returned in the + `X-Response-Id` response header. + + ## Responses & Headers + + Unless explicitly specified, all responses will use JSON for the response body format. + The `Content-Type` header will be included in all responses to make the type explicit. + + Following headers are also included in responses: + - `Content-Type`: format of the response, if a body is included in the response. + - `Content-Length`: size in bytes of the response body, if a body is included in the response. + - `X-Response-Id`: uniquely identifies the response sent to the client. It corresponds to the `X-Request-Id` + request header if provided. Otherwise, a new value is generated, + - `X-Correlation-Id`: ID generated by the API gateway to track the request between the different services. This + value can be different from the `X-Response-Id` header. + + ## Dates + + Unless specified, all dates exposed in this API comply with the ISO-8601 date format using UTC as the timezone. + + ## Common Error Codes + + The following error codes can be returned: + + | Error code | Description | + |:----------:|-------------------------------------------------------------------------| + | **400** | The request is malformed. | + | **401** | The authentication failed. | + | **403** | User is not allowed to access to the resource. | + | **404** | The resource does not exist. | + | **405** | The method is not allowed for the resource. | + | **406** | The format in the `Accept` header is not supported. | + | **409** | There is a conflict between the object status and the action requested | + | **415** | The format in the `Content-Type` header is not supported. | + | **429** | Too many requests have been sent by the client (see Rate Limiting). | + | **500** | An unexpected error occurred while processing the request. | + | **503** | The service is unavailable. | + + ## Rate Limiting + + To ensure availability to all clients, concurrent accesses to this API are restricted per + below rate limiting logic: + + - Each IP address is allowed to perform up to 600 calls during a period of 1 minute. + - The `GET /bpco/certificates` API method has an additional restriction, limiting calls to 1 per minute. + - Any additional call will be rejected by the API using a 429 "TOO_MANY_REQUESTS" error code + + + # References + + Additional API references are also available, covering other functionalities: + - **MAN Platform Authentication API Reference**, providing the APIs to create access tokens require to authenticate against the APIs listed in this document. + - **MAN Platform GCO API Reference**, listing the MAN platform GCO (Gestionnaires des Certificats Opérateurs) module APIs, to manage service provider data in the MAN platform, including STI certificates. + - **MAN Platform BPCO API Reference**, listing APIs published as part of the BPCO (Base Publique des Certificats Opérateurs), the MAN platform public access service used to access STI certificates. + + # History + + **1.7.0** - 2024/09/09 + - First release +servers: + - url: https://api.man-plateforme.fr/ + description: Production platform + - url: https://api.pprod.man-plateforme.fr/ + description: Preproduction platform + - url: https://api.vabf.man-plateforme.fr/ + description: VABF platform +tags: + - name: Call Traces + description: | + Call traces are provided by service providers to identity calls + that seem legitimate to be broken due to invalid STIR SHAKEN implementation. + + These traces are accessible only to the service providers identified + in the trace as being playing a role in the call transmission (signatory, transit, termination, etc...) + - name: Monitored SIP Interconnections + description: | + Creation and management APIs for SIP Interconnections between service providers. + - name: MAN Weather Reports + description: | + MAN platform weather reports can be generated by the platform itself or a service + provider to respectively identify issues on the platform with a potential impact + on normal operations, and issues on the service provider side leading to disengage + the STIR-SHAKEN signature process of their calls. + - name: Providers + description: | + Service provider registration, authorization and data management APIs. + + While most of these APIs can only be accessed by the MAN platform administrators + to create and authorize service providers, these latter have access to a subset + for updating their organization settings and reviewing their authorization status & history. + - name: History + description: | + Platform activity logs access and search APIs. + + These APIs give service providers a way to have access and review actions performed by their users + within the platform. + - name: Users + description: | + User creation and management APIs. + - name: Tickets + description: | + Tickets are created by a service provider to another provider to let + the latter know of a potential issue of their STIR-SHAKEN implementation + that needs to be investigated as soon as possible. + + Tickets are therefore the official communication way between service providers + to discuss and resolve STIR-SHAKEN issues. + - name: API Credentials + description: | + API credentials creation and management APIs. + + API credentials are required in the API authentication process for requesting access tokens. + Refer to the *MAN Platform Authentication API Reference* on how these credentials are used. + - name: STI Certificates + description: | + STI certificates creation and management APIs. + + These APIs provide to service providers a full control of their STI certificates, with + support of functionalities like certificate renewal, revocation and delegation. + - name: STI Certificates (Archived) + description: | + STI certificates access APIs. + + 3 months after their expiration, STI certificates are automatically archived by the platform + and removed from the list of certificates. For tracking and forensics purposes, they however remain + available for 3 years in a dedicated list, after which they are deleted + once for all from the platform. + + These APIs just provide read-only access; no updates are allowed on certificates once archived. + - name: BPCO + description: | + APIs related to BPCO (Base Publique des Certificats Opérateurs), the MAN platform public access + service to STI certificates. + + These APIs provide access to metadata and download facilities to objects + published in the BPCO, like STI certificates and CRLs. +paths: + /calltraces: + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a + paginated list of corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any trace attached to their + provider (as `author_provider`, `optv`, `opts`,`egress_provider`, `terminating_provider`, + `signatory_provider` or `ingress_provider`). + operationId: SearchTraces + tags: + - Call Traces + parameters: + - in: query + name: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number, date-time or enum property: + * `eq` and `ne` = (not) equal. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more + characters and `?` for a single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `author_provider` + - `author_provider_role` + - `provider` + - `searched_provider` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `searched_provider_role` + - `optv` + - `opts` + - `egress_provider` + - `terminating_provider` + - `signatory_provider` + - `ingress_provider` + - `displayed_number_type` + - `called_number_type` + - `start_call_timestamp` + - `broken_call` + - `identity_header` + - `sip_reject_code` + - `sip_reject_subcode` + - `attestation` + - `emergency_call` + - `displayed_number` + - `pai` + - `called_number` + + If the `searched_provider` is used (only for *MAN_ADMINISTRATOR* and *APNF* users), the + request will return any traces where the `searched_provider` is the `author_provider`, + the `optv`, the `opts`, the `egress_provider`, the `terminating_provider`, the `signatory_provider` + or the `ingress_provider` until the `searched_provider_role` is used. + If `searched_provider_role` is used, the request will return any traces where the + `searched_provider` has the role present into `searched_provider_role` + (`author_provider`, `optv`, `opts`, `egress_provider`, `terminating_provider`, + `signatory_provider` or `ingress_provider`). + schema: + additionalProperties: + type: string + pattern: ^((eq|ne|(not_)?match|[lg]te?):)?.+$ + example: + author_provider: OPC000 + start_call_timestamp: gte:2022-01-01T00:00:00Z + type: object + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `author_provider` + - `provider` + - `signatory_provider` + - `start_call_timestamp` + - `broken_call` + - `identity_header` + - `sip_reject_code` + - `attestation` + - `emergency_call` + + - `order` may be set to `asc` or `desc`. + schema: + example: start_call_timestamp:asc + pattern: ^((author_|signatory_|)provider|start_call_timestamp|broken_call|identity_header|sip_reject_code|attestation|emergency_call)(:(([Aa]|[Dd][Ee])[Ss][Cc]))?$ + type: string + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + traces: + items: + $ref: '#/components/schemas/TraceSummaryView' + type: array + type: object + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /calltraces/{trace_id}: + get: + summary: Return traces details + description: | + Return a JSON object with trace details. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any trace attached to their provider. + operationId: GetTrace + tags: + - Call Traces + parameters: + - in: path + name: trace_id + description: ID of the trace. + required: true + schema: + $ref: '#/components/schemas/TraceId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with trace properties. + content: + application/json: + schema: + $ref: '#/components/schemas/Trace' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ism: + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any monitored SIP interconnections attached to their provider. + operationId: SearchIsm + tags: + - Monitored SIP Interconnections + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `provider_emitter_code` + - `provider_emitter_status` + - `provider_receiver_code` + - `provider_receiver_status` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_emitter_code: OPC000 + provider_emitter_status: eq:MAN + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + interconnections: + type: array + items: + $ref: '#/components/schemas/ISMSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Initiate the creation of a monitored SIP interconnection + description: | + Initiate the creation of a new monitored SIP interconnection. Shall always be called by the provider emitter of the interconnection. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: CreateIsm + tags: + - Monitored SIP Interconnections + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: ISM details + required: true + content: + application/json: + schema: + type: object + required: + - provider_emitter_status + - provider_receiver_code + - provider_receiver_status + properties: + provider_emitter_status: + type: string + description: | + The status of the provider emitter + example: FULL MAN + provider_receiver_code: + type: string + description: | + The code of the provider receiver + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + provider_receiver_status: + type: string + description: | + Default value = "NOT MAN" + - Can be set if the status of the emitting provider is different from "NOT MAN" + example: FULL MAN + interconnection_description: + type: string + description: | + Change the description of the interconnection + example: Une nouvelle description + responses: + '201': + description: Confirms the creation of the new monitored SIP interconnection properties and contents. + content: + application/json: + schema: + $ref: '#/components/schemas/ISMSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ism/export: + get: + summary: Return monitored SIP interconnections list in CSV format + description: | + Allows you to return, in CSV format, the list of monitored interconnections + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any monitored SIP interconnection attached to their provider. + operationId: ExportIsm + tags: + - Monitored SIP Interconnections + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return monitored SIP interconnections list in csv format + content: + text/csv: + example: | + ID;provider_emitter_code;provider_emitter_status;date_last_update_emitter;provider_receiver_code;provider_receiver_status;date_last_update_receiver;creation_date;interconnection_description + 2f211b73-4a09-9830-b6e4-064f39399c36;GAMMA0;PARTIAL_MAN;2023-05-24T09:39:44;GAMMA1;NOT_MAN;2023-05-24T09:39:44;2023-05-24T09:39:44;Description + schema: + type: string + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ism/{ism_id}: + delete: + summary: Delete monitored SIP interconnection + description: | + *Warning*: the action cannot be undone. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can delete any monitored SIP interconnection attached to their provider and by a provider emitter. + operationId: DeleteIsm + tags: + - Monitored SIP Interconnections + parameters: + - name: ism_id + in: path + description: ID of the interconnection. + required: true + schema: + $ref: '#/components/schemas/UUID' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + description: Confirms successful processing + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + get: + summary: Return monitored SIP interconnection details + description: | + Return a JSON object with monitored SIP interconnection details and contents. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any monitored SIP interconnection attached to their provider. + operationId: GetIsm + tags: + - Monitored SIP Interconnections + parameters: + - name: ism_id + in: path + description: ID of the interconnection. + required: true + schema: + $ref: '#/components/schemas/UUID' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with monitored SIP interconnection properties and contents. + content: + application/json: + schema: + $ref: '#/components/schemas/ISMSummaryView' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update interconnection properties + description: | + Update interconnection properties. Only a subset of the interconnection properties can be updated and depending on the status of the provider's interconnection. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* users can update any interconnection created by/for their provider. + operationId: UpdateIsm + tags: + - Monitored SIP Interconnections + parameters: + - name: ism_id + in: path + description: ID of the interconnection. + required: true + schema: + $ref: '#/components/schemas/UUID' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + type: object + properties: + provider_emitter_status: + type: string + description: | + Change the status of the provider emitter + - Can only be changed by the provider emitter + example: FULL MAN + provider_receiver_status: + type: string + description: | + Change the status of the provider receiver + - Can only be changed by the provider receiver if the status of the emitting provider is different from "Non MAN" + example: FULL MAN + interconnection_description: + type: string + description: | + Change the description of the interconnection + example: Une nouvelle description + responses: + '200': + description: Return the JSON object with monitored SIP interconnection properties and contents. + content: + application/json: + schema: + $ref: '#/components/schemas/ISMSummaryView' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /meteo: + get: + summary: Return a list of meteo events matching the filters + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - Anyone with access to the interface can read the events + operationId: ListMeteos + tags: + - MAN Weather Reports + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + * `gtn` and `gten` = null or greater than (or equal). + * `ltn` and `lten` = null or less than (or equal). + + For multi-valued strings: + * `has` = has at least the specified `value` in the multi-valued field + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `criticality` + - `tags` + - `start_date` + - `end_date` + - `provider_author_apnf_code` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?n?|has):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + status: ENABLED + authorization_date: gte:2022-01-01T00:00:00Z + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + * `property_name` is one of the following values: + - `criticality` + - `start_date` + - `end_date` + - `provider_author_apnf_code` + + * `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(criticality|(start|end)_date|provider_author_apnf_code):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: start_date:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + meteos: + type: array + items: + $ref: '#/components/schemas/Meteo' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Create a new meteo event + description: | + Create a new event. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - Any user can create new events. + operationId: CreateMeteo + tags: + - MAN Weather Reports + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: Meteo event details + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/MeteoForCreation' + responses: + '201': + description: | + Confirms the creation of the new event and returns its details in the response + content: + application/json: + schema: + $ref: '#/components/schemas/Meteo' + examples: + ticket: + $ref: '#/components/examples/MeteoCreation' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /meteo/{meteo_id}: + get: + summary: Return details of a meteo event + description: | + Return a JSON object with meteo event details + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - Any user can read the events + operationId: GetMeteo + tags: + - MAN Weather Reports + parameters: + - name: meteo_id + in: path + description: reference id to the meteo (integer). + required: true + schema: + type: integer + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with ticket details. + content: + application/json: + schema: + $ref: '#/components/schemas/Meteo' + examples: + ticket: + $ref: '#/components/examples/Meteo' + ticket_disengagement: + $ref: '#/components/examples/MeteoDisengagement' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update a meteo event + description: | + Update a meteo event, for example to add an end date + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* can modify events created by their provider + operationId: UpdateMeteo + tags: + - MAN Weather Reports + parameters: + - name: meteo_id + in: path + description: reference id to the meteo (integer). + required: true + schema: + type: integer + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + $ref: '#/components/schemas/MeteoPatch' + examples: + UpdateMeteo: + $ref: '#/components/examples/MeteoPatch' + responses: + '200': + description: Confirms successful processing and returns updated event in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Meteo' + examples: + Meteo: + $ref: '#/components/examples/Meteo' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/code_name: + get: + summary: Return a dictionnary of provider names by provider code. + description: | + Dictionary of provider names by provider code that are not deleted. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetProvidersCodeName + tags: + - Providers + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a dictionnary of provider names by provider code + content: + application/json: + schema: + additionalProperties: + type: string + example: + SPA000: Opérateur SPA000 + SPA001: Opérateur SPA001 + type: object + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/id_code: + get: + summary: Return a dictionnary of provider names by provider code. + description: | + Dictonary of provider codes by provider id. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetProvidersIdCode + tags: + - Providers + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a dictionnary of provider codes by provider id. + content: + application/json: + schema: + additionalProperties: + type: string + example: + aa120f71-d6a2-41fb-8ba1-eb710ba3a076: SPA000 + 92d44669-df5b-4ce2-b7d4-48ea18407a4a: SPA001 + type: object + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/opts: + get: + summary: Return the APNF codes of allowed OPTS providers + description: | + Return the APNF codes for all service providers that can operate as OPTS. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetOPTSProviders + tags: + - Providers + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a list of OPTS providers + content: + application/json: + schema: + items: + $ref: '#/components/schemas/ProviderCode' + type: array + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/referential: + get: + summary: Retrieve a listing of all service providers in .csv format. + description: | + Provides listing of both MAN and non-MAN service providers in .csv format. + + The file contains the following items for each provider, with headers at first line: + - ARCEP code (string) + - APNF code as (string) + - a label related to the provider (string) + - whether or not the provider subscribed to MAN (boolean) + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetProvidersReferential + tags: + - Providers + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return providers's informations in csv format. + content: + text/csv: + schema: + type: string + example: | + arcep_code;apnf_code;label;subscription + GAMMA0;GAMMA0;Provider Label;true + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/{provider_id}: + get: + summary: Return provider details + description: | + Return a JSON object with provider details. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can only access details of their provider. + operationId: GetProvider + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object with provider details + content: + application/json: + schema: + $ref: '#/components/schemas/Provider' + examples: + Provider Details: + $ref: '#/components/examples/ProviderDetails' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update provider properties + description: | + Update provider properties. Deleted providers cannot be updated. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* users can update properties of their own provider. Only a subset of the provider properties can be updated by these users. + operationId: UpdateProvider + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + type: object + properties: + status: + type: string + description: | + Change the provider status. Only possible values are `ENABLED` and `DISABLED`. + - Only *MAN_ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + enum: + - ENABLED + - DISABLED + name: + type: string + maxLength: 64 + description: | + Change the provider name + - Only *MAN_ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + example: Opérateur + address: + type: string + maxLength: 255 + description: | + Change the provider HQ address + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + example: 30, rue de Paris 75018 Paris + technical_number: + type: string + maxLength: 15 + description: | + Change the provider technical phone number + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + signatory: + type: boolean + description: | + Change the provider signatory flag + - Only *MAN_ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + default: true + opts: + type: string + description: | + Change the provider opts flag + - Only *MAN_ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + opts_contracts: + type: array + description: | + Change the list of providers allowed to select this provider as OPTS. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR*, *MANAGER* and *APNF* users can update this property + - Can be deleted. + items: + $ref: '#/components/schemas/ProviderCode' + legal_administrator: + description: | + UUID of the user account to change the provider legal administrator + $ref: '#/components/schemas/UUID' + global_notification_list: + description: | + Change the list of email addresses for the provider 'global' notification list. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + legal_notification_list: + description: | + Change the list of email addresses for the provider 'legal' notification list. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + certificate_notification_list: + description: | + Change the list of email addresses for the provider 'certificate' notification list. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + ticketing_notification_list: + description: | + Change the list of email addresses for the provider 'ticketing' notification list. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + deposit_notification_list: + description: | + Change the list of email addresses for the provider 'deposit' notification list. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + ticket_notification_active: + description: | + Change the flag to receive ticket notifications. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Can be deleted. + type: boolean + example: true + sftp_allowed_keys: + type: array + description: | + Change the SSH public keys allowed to access the platform SFTP service created for the provider. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - All values shall be passed when updating the property + - Can be deleted. + items: + type: string + maxLength: 1024 + description: SSH public key contents + example: ssh-rsa AAAAB3NzaC...p5CSsDJ SI@host-4527 + sftp_allowed_ips: + type: array + description: | + Change the list of IPv4 addresses to be allowed to connect to the SFTP BSM service. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - All values shall be passed when updating the property + - Can be deleted. + items: + type: string + description: IPv4 address + format: ipv4 + pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ + example: 127.0.0.1 + languages: + type: array + description: | + Change the list of languages to be proposed to the provider users for the platform UI. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - All values shall be passed when updating the property + - Cannot be deleted. + items: + $ref: '#/components/schemas/Language' + example: + - FRENCH + - ENGLISH + authentication_mode: + type: string + description: | + Change the mode to be used to authenticate provider user accounts. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - Cannot be deleted. + enum: + - SSO + - MFA + default: MFA + example: SSO + sso_settings: + type: object + description: | + Change the Single Sign-On configuration. + - *MAN_ADMINISTRATOR*, *ADMINISTRATOR* and *APNF* users can update this property + - To be used only when `authentication_mode` is set to `SSO`. + - All values shall be passed when updating the property + examples: + ProviderUpdateRequestByManAdministrator: + $ref: '#/components/examples/ProviderUpdateRequestByManAdministrator' + ProviderUpdateRequestByAdministrator: + $ref: '#/components/examples/ProviderUpdateRequestByAdministrator' + responses: + '200': + description: Confirms successful processing and return the provider properties in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Provider' + examples: + Successful response with provider properties: + $ref: '#/components/examples/ProviderDetails' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/{provider_id}/bypass_token: + get: + summary: Retrieve a paginated list of bypass tokens created for the provider. + description: | + The API applies any sort preferences passed to the API request and returns a paginated list of corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: ListProviderBypassTokens + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a list of bypass tokens + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + bypass_tokens: + type: array + items: + $ref: '#/components/schemas/BypassToken' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Generate new provider bypass token + description: | + Create a new provider bypass token. The previous token will be archived. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR*, *MANAGER* can generate bypass token for their own provider. + operationId: GenerateProviderBypassToken + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object with a single `id` property containing the bypass token value. + content: + application/json: + schema: + $ref: '#/components/schemas/BypassTokenCreationResponse' + examples: + Successful response with bypass token details: + $ref: '#/components/examples/BypassTokenCreationResponse' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/{provider_id}/history: + get: + summary: Retrieve activity history on the provider + description: | + Retrieve a paginated list of all actions performed on the provider. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* can only access the history of its own provider. + operationId: GetProviderHistory + tags: + - History + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/{provider_id}/verification: + get: + summary: Return the details for a provider verification + description: | + Return the details for a provider verification + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can view their own provider verification. + operationId: GetProviderVerification + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the provider verification details + content: + application/json: + schema: + description: | + Provider authorization status. + A provider shall be authorized in order to request the generation of certificates. + Once authorized, a provider shall also be authorized back each year. + properties: + appointments: + description: When the meeting can be scheduled + items: + type: string + format: date-time + maxItems: 3 + minItems: 3 + type: array + contact: + $ref: '#/components/schemas/ProviderVerificationContact' + date_next_validation_meeting: + description: When the meeting is scheduled + format: date-time + type: string + details: + description: What details were verified + properties: + contact_email_verified: + description: Whether or not the administrator mail was verified + type: boolean + contact_identity_verified: + description: Whether or not the administrator identity was verified + type: boolean + contact_phone_verified: + description: Whether or not the administrator phone was verified + type: boolean + global_notification_list_verified: + description: Whether or not the global mailing list was verified + type: boolean + legal_notification_list_verified: + description: Whether or not the legal mailing list was verified + type: boolean + provider_address_verified: + description: Whether or not the provider address was verified + type: boolean + provider_name_verified: + description: Whether or not the provider name was verified + type: boolean + provider: + type: object + properties: + address: + description: the physical address of the provider + type: string + code: + allOf: + - description: APNF code of the provider + - $ref: '#/components/schemas/ProviderCode' + global_notification_list: + items: + $ref: '#/components/schemas/EmailAddress' + minItems: 1 + type: array + id: + allOf: + - description: ID of the provider + - $ref: '#/components/schemas/UUID' + legal_notification_list: + items: + $ref: '#/components/schemas/EmailAddress' + minItems: 1 + type: array + name: + description: Name of the provider + type: string + status: + allOf: + - description: Status of the provider + - $ref: '#/components/schemas/ProviderStatus' + required: + - address + - code + - global_notification_list + - id + - legal_notification_list + - name + - status + secret: + allOf: + - $ref: '#/components/schemas/ProviderVerificationSecret' + - description: The shared secret as proof of verification (MAN_VALIDATOR) + status: + description: Status of the verification + enum: + - HOLD + - TO_SCHEDULE + - SCHEDULED + - VALIDATED + - DOUBTFUL + type: string + ticket_number: + description: The ticket number from NSDC when the provider sent his appointments + type: integer + valid_until: + description: When the provider must be verified before + type: string + format: date-time + required: + - provider + - status + type: object + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /providers/{provider_id}/verification/appointments: + post: + summary: Set appointments for a provider verification + description: | + Set appointments for a provider verification + + **Allowed Roles**: *ADMINISTRATOR* + operationId: UpdateProviderVerificationAppointmentsStep + tags: + - Providers + parameters: + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + requestBody: + content: + application/json: + schema: + properties: + appointments: + description: When the meeting can be scheduled + items: + format: date-time + type: string + maxItems: 3 + minItems: 3 + type: array + contact: + $ref: '#/components/schemas/ProviderVerificationContact' + required: + - appointments + - contact + type: object + description: Data to be set suggesting appointments for the provider verification + required: true + /users: + post: + summary: Create a new user + description: | + Create a new user account. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can create *MANAGER* and *SUPERVISOR* accounts associated to their own provider. + operationId: CreateUser + tags: + - Users + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: Data to be set for the new user + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/UserCreationRequest' + examples: + UserCreationRequestByManAdministrator: + $ref: '#/components/examples/UserCreationRequestByManAdministrator' + ProviderUserCreationRequestByManAdministrator: + $ref: '#/components/examples/ProviderUserCreationRequestByManAdministrator' + ProviderUserCreationRequestByAdministrator: + $ref: '#/components/examples/ProviderUserCreationRequestByAdministrator' + responses: + '201': + description: | + Confirms the creation of the account and returns its properties in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/User' + examples: + ApnfUserCreationResponse: + $ref: '#/components/examples/ApnfUserCreationResponse' + ProviderUserCreationResponse: + $ref: '#/components/examples/ProviderUserCreationResponse' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *SUPERVISOR* and *MANAGER* users can access any user of their provider. + operationId: SearchUsers + tags: + - Users + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `firstname` + - `lastname` + - `email_address` + - `language` + - `role` + - `status` + - `deleted` + - `last_connected_at` + - `created_at` + - `updated_at` + - `deleted_at` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + status: ENABLED + created_at: gte:2022-01-01T00:00:00Z + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `firstname` + - `lastname` + - `email_address` + - `role` + - `status` + - `last_connected_at` + - `created_at` + - `updated_at` + - `deleted_at` + + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|(first|last)name|email_address|mobile_phone|language|role|status|deleted|last_connected_at|(crea|upda|dele)ted_(at|by)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: firstname:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + users: + type: array + items: + $ref: '#/components/schemas/UserSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/preview/{role}/provider/{provider_id}: + get: + summary: Return complete list of users of a given provider and role + description: | + Return the list of all users of the given provider and with specified role. + + **Allowed Roles**: *ADMINISTRATOR* + operationId: PreviewUserRoleInProvider + tags: + - Users + parameters: + - name: role + in: path + description: Role of the user + required: true + schema: + $ref: '#/components/schemas/UserRole' + - $ref: '#/components/parameters/ProviderId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object mapping uuid with user detail + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + examples: + ProviderUser: + $ref: '#/components/examples/UserPreview' + schema: + additionalProperties: + type: string + example: + 68831c50-2953-4047-9935-81a98ac1e1e1: John Doe + type: object + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/{user_id}: + get: + summary: Return user details + description: | + Return a JSON object with user details. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *SUPERVISOR* and *MANAGER* users can access any user belonging to their provider. + operationId: GetUser + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object with user details + content: + application/json: + schema: + $ref: '#/components/schemas/User' + examples: + ProviderUser: + $ref: '#/components/examples/ProviderUser' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update user properties + description: | + Update user properties. Deleted users cannot be updated. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR* users can update properties of all accounts belonging to their provider. + - In all cases, when editing its own account, a user is limited to a subset of properties. + operationId: UpdateUser + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value). No properties can be deleted. + content: + application/merge-patch+json: + schema: + type: object + properties: + firstname: + type: string + maxLength: 64 + description: | + Change the user first name + - A user can update this property for its own account + - Cannot be deleted. + example: Jane + lastname: + type: string + maxLength: 64 + description: | + Change the user last name + - A user can update this property for its own account + - Cannot be deleted. + example: Doe + email_address: + type: string + maxLength: 254 + format: email + description: | + Change the user email address + - A user can update this property for its own account + - Cannot be deleted. + example: jane.doe@my.company + mobile_phone: + type: string + maxLength: 20 + description: | + Change the user mobile phone number + - A user can update this property for its own account + - Cannot be deleted. + example: 6123456789 + language: + allOf: + - $ref: '#/components/schemas/Language' + - description: | + Change the user language preference + - A user can update this property for its own account + - The list of languages available to the user depends on the provider configuration. + - Cannot be deleted. + role: + allOf: + - $ref: '#/components/schemas/UserRole' + - description: | + Change the user role + - A user cannot update this property for its own account + - Can be updated by ADMINISTRATOR users for accounts belonging to their provider + - Can be updated by MAN_ADMINISTRATOR users for MAN_ADMINISTRATOR and APNF accounts + - Cannot be deleted. + status: + type: string + description: | + Change the user status. Only possible values are `ENABLED` and `DISABLED`. + - A user cannot update this property for its own account + - Can be updated by ADMINISTRATOR users for accounts belonging to their provider + - Can be updated by MAN_ADMINISTRATOR users for MAN_ADMINISTRATOR and APNF accounts + - Cannot be deleted. + enum: + - ENABLED + - DISABLED + examples: + UserPersonalUpdateRequest: + $ref: '#/components/examples/UserPersonalUpdateRequest' + UserUpdateRequest: + $ref: '#/components/examples/UserUpdateRequest' + responses: + '200': + description: Confirms successful processing and return the user properties in the response. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + $ref: '#/components/schemas/User' + examples: + ProviderUser: + $ref: '#/components/examples/ProviderUser' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the user is deleted. + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: The user is deleted. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + delete: + summary: Delete a user + description: | + Once deleted, the user will not anymore be able to access the platform. + + Note this is a soft-delete operation; the user will be effectively removed after 3 months, + and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` + API. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can delete any user belonging to their provider, except their own account. + operationId: DeleteUser + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/reset-credential: + post: + summary: Request for new user account password or otp + description: | + This API triggers a user account password, OTP reset process or new account activation link, where an email is sent to the email + address specified by the user at the origin of the request in order to access a page to + specify a new password or OTP or also enable his account. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR* users can request a new password for accounts belonging to their provider. + - Otherwise, can be called by any user when they have forgotten their password + operationId: ResetUserCredential + tags: + - Users + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + content: + application/json: + schema: + type: object + properties: + user_id: + allOf: + - description: | + ID of the user to reset the password. + Can be used only by a ADMINISTRATOR user. + - $ref: '#/components/schemas/UUID' + email_address: + description: | + Email address of the user to reset the password. + type: string + maxLength: 254 + example: john.doe@spa.domain + otp: + description: | + (optional) Boolean to precise if OTP is to renew. If value is not provided or false, password will be renewed. + type: boolean + examples: + PasswordResetRequestUsingEmailAddress: + $ref: '#/components/examples/PasswordResetRequestUsingEmailAddress' + OtpResetRequestUsingEmailAddress: + $ref: '#/components/examples/OtpResetRequestUsingEmailAddress' + PasswordResetRequestUsingUserId: + $ref: '#/components/examples/PasswordResetRequestUsingUserId' + ResendActivationLinkRequestUsingUserId: + $ref: '#/components/examples/ResendActivationLinkRequestUsingUserId' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + $ref: '#/components/responses/ErrorConflict' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/{user_id}/history: + get: + summary: Retrieve activity history on users + description: | + Retrieve a paginated list of all actions performed on a user. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR* and *SUPERVISOR* users can access the history of any user of their provider. + - *MANAGER* users can only access the history of its own provider. + operationId: GetUserHistory + tags: + - History + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/{user_id}/undelete: + post: + summary: Cancel user deletion + description: | + Rollback the deletion action performed on a user. + Upon successful processing, user will have access back to the platform. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can call this API for any user of their provider, except their own account. + operationId: UndeleteUser + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /users/{user_id}/preferences: + get: + summary: Return portal preferences of the user + description: | + Return portal preferences of the user. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetUserPref + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object with user preferences + content: + application/json: + schema: + $ref: '#/components/schemas/UserPref' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update portal preferences of the user + description: | + Update portal preferences of the user. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: UpdateUserPref + tags: + - Users + parameters: + - $ref: '#/components/parameters/UserId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value). No properties can be deleted. + content: + application/merge-patch+json: + schema: + type: object + properties: + pagination_limit: + type: integer + description: | + Default number of resources per page + - A user can update this property for its own account + - Cannot be deleted. + minimum: 1 + default: 20 + maximum: 100 + show_menu: + type: boolean + description: | + Default menu visibility + - A user can update this property for its own account + - Cannot be deleted. + default: true + responses: + '200': + description: Confirms successful processing and return the portal preferences of the user in the response. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + $ref: '#/components/schemas/UserPref' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the user is deleted. + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: The user is deleted. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ticket: + get: + summary: Return a list of tickets matching the filters + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*: can retrieve tickets where they are involved. + operationId: ListTickets + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + * `gtn` and `gten` = null or greater than (or equal). + * `ltn` and `lten` = null or less than (or equal). + + For multi-valued strings: + * `has` = has at least the specified `value` in the multi-valued field + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `status` + - `reference_id` + - `issue_type` + - `communication_type` + - `criticality` + - `provider_author_apnf_code` + - `next_action_required_by` + - `creation_date` + - `typology_code` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?n?|has):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + status: OPEN + creation_date: gte:2022-01-01T00:00:00Z + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + * `property_name` is one of the following values: + - `status` + - `reference_id` + - `issue_type` + - `communication_type` + - `criticality` + - `provider_author_apnf_code` + - `next_action_required_by` + - `creation_date` + + * `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(status|reference_id|(issue|communication)_type|criticality|provider_author_apnf_code|next_action_required_by|creation_date):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: start_date:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + tickets: + type: array + items: + $ref: '#/components/schemas/TicketSummary' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Create a new ticket + description: | + Create a new ticket and notify the other provider(s) involved (notification will be sent to all email addresses defined for the providers). + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: CreateTicket + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: Ticket details + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/TicketForCreation' + responses: + '201': + description: | + Confirms the creation of the new event and returns its details in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + examples: + ticket: + $ref: '#/components/examples/Ticket' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ticket/typology: + get: + summary: Return a list of typologies + description: | + Return the full list of possible typologies that can be associated to a ticket. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: ListTicketTypologies + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TicketTypologyListView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ticket/{ticket_id}: + get: + summary: Return details of a ticket + description: | + Return a JSON object with ticket details + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*: can retrieve tickets where they are involved. + operationId: GetTicket + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/TicketId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with ticket details. + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + examples: + ticket: + $ref: '#/components/examples/Ticket' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update a ticket + description: | + Update a ticket, for example to add a new involved provider + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR*: can update tickets where they are involved. + operationId: UpdateTicket + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/TicketId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + $ref: '#/components/schemas/TicketPatch' + examples: + UpdateTicket: + $ref: '#/components/examples/TicketPatch' + responses: + '200': + description: Confirms successful processing and returns updated ticket in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + examples: + Meteo: + $ref: '#/components/examples/Ticket' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ticket/{ticket_id}/close: + post: + summary: Close a ticket + description: | + Close a ticket and send a notofication to all other providers involved (notification will be sent to all email addresses defined for the providers). + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can close tickets they have opened. + operationId: CloseTicket + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/TicketId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - resolution + properties: + resolution: + $ref: '#/components/schemas/TicketResolution' + comment: + type: string + description: a comment to be added + example: this ticket is fixed + responses: + '200': + description: Return the JSON object with ticket details. + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + examples: + ticket: + $ref: '#/components/examples/TicketClosed' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /ticket/{ticket_id}/comment: + get: + summary: Return the comments for a ticket + description: | + Return the full list of comments made on a ticket. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* can retrieve comments for any tickets they are involved in. + operationId: ListTicketComments + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/TicketId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/TicketComment' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Comment a ticket and send a notification. + description: | + Adds a comment to the ticket. + + The first time the ticket is commented by the recipient provider, the status is automatically updated to "in progress" + Sends a notification to the other involved providers (notification will be sent to all email addresses defined for the providers) + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* users can comment tickets they are involved in. + operationId: CommentTicket + tags: + - Tickets + parameters: + - $ref: '#/components/parameters/TicketId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - comment + properties: + comment: + type: string + description: the text of the comment + example: this is my comment + maxLength: 500 + responses: + '200': + description: Return the JSON object with ticket details. + content: + application/json: + schema: + $ref: '#/components/schemas/TicketComment' + examples: + ticket: + $ref: '#/components/examples/TicketComment' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /credentials: + post: + summary: Create a new API credential + description: | + This credential contains the `client_id` and `client_secret` information to be used in the MAN platform + authorization API call required to deliver access tokens. + + *Warning:* The `client_secret` property is only provided in the response and cannot be retrieved afterward. + + **Allowed Roles**: *ADMINISTRATOR* + operationId: CreateApiCredential + tags: + - API Credentials + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: Data to be set for the new API credential + required: true + content: + application/json: + schema: + $ref: '#/components/schemas/ApiCredentialCreationRequest' + responses: + '201': + description: | + Confirms the creation of the new API credential and returns its properties in the response. + + *Warning* This is the only time the `client_secret` property is provided. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + $ref: '#/components/schemas/ApiCredentialCreationResponse' + examples: + ApiCredentialWithSecret: + $ref: '#/components/examples/ApiCredentialCreationResponse' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any credential attached to their provider. + operationId: SearchApiCredentials + tags: + - API Credentials + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `name` + - `expires_on` + - `created_at` + - `updated_at` + - `last_used_at` + - `client_id` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_id: OPC000 + created_at: gte:2022-01-01T00:00:00Z + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `name` + - `expires_on` + - `created_at` + - `updated_at` + - `last_used_at` + - `client_id` + + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|name|expires_on|client_id|expires_on|last_used_at|(cre|upd)ated_(at|by)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: name:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + credentials: + type: array + items: + $ref: '#/components/schemas/ApiCredentialSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /credentials/{credential_id}: + get: + summary: Return API credential details + description: | + Return a JSON object with API credential details. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any API credential owned by their provider. + operationId: GetApiCredential + tags: + - API Credentials + parameters: + - $ref: '#/components/parameters/CredentialId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a JSON object with API credential details + content: + application/json: + schema: + $ref: '#/components/schemas/ApiCredential' + examples: + credential: + $ref: '#/components/examples/ApiCredential' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update API credential properties + description: | + Update API credential properties. Only `name`, `description` and `expires_on` settings can be updated. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can update any API credential owned by their provider. + operationId: UpdateApiCredential + tags: + - API Credentials + parameters: + - $ref: '#/components/parameters/CredentialId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + type: object + properties: + name: + type: string + maxLength: 64 + description: | + Change the name of the API credential. + - Cannot be deleted. + example: 'API Credential SI #2' + description: + type: string + maxLength: 1024 + description: | + Change the description of the API credential. + - Can be deleted. + example: Updated description of the credential. + expires_on: + type: string + description: | + Change the expiration date of the API credential. Date shall be in ISO-8601 format. + - Can be deleted. + format: date-time + example: '2022-01-24T10:12:25Z' + examples: + ApiCredentialUpdateRequest: + $ref: '#/components/examples/ApiCredentialUpdateRequest' + responses: + '200': + description: Confirms successful processing and return the API credential properties in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiCredential' + examples: + ApiCredential: + $ref: '#/components/examples/ApiCredential' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + delete: + summary: Delete an API credential + description: | + Delete an API credential. + Any follow-up authorization API call to request an access token using this credential will be rejected. + + **Allowed Roles**: *ADMINISTRATOR* + + - *ADMINISTRATOR* users can delete any credential owned by their provider. + + *Warning*: the action cannot be undone. + operationId: DeleteApiCredential + tags: + - API Credentials + parameters: + - $ref: '#/components/parameters/CredentialId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /credentials/{credential_id}/history: + get: + summary: Retrieve activity history on API credentials + description: | + Retrieve a paginated list of all actions performed on an API credential. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any credential owned by their provider. + operationId: GetApiCredentialHistory + tags: + - API Credentials + - History + parameters: + - $ref: '#/components/parameters/CredentialId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates: + post: + summary: Initiate the creation of a STI certificate + description: | + Initiate the creation of a new certificate. Shall always be called by the origin signing service provider. + Two types of certificates can be created, for which the creation process will be different: + * Direct certificates (type = `DIRECT`) are used directly by the origin signing service provider + * Indirect certificates (type = `INDIRECT`) are requested by the origin signing service provider for a technical signing service provider (OPTS). + + While the creation of direct certificates is fully handled by this API, the process for indirect certificates is composed of 2 stages: + * This API initiates the certificate request + * The OPTS shall then call the `POST /certificates/{certificate_id}` to finalize the creation of the + certificate. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* can initiate the creation of a new certificate only for its own provider. + operationId: CreateCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: Certificate details + required: true + content: + application/json: + schema: + type: object + required: + - name + - type + - valid_from + properties: + name: + type: string + maxLength: 64 + description: Certificate name provided by the origin service provider. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate. + example: Description of the certificate. + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF code assigned to the technical service provider (OPTS). + Required if `type` is `INDIRECT`. + Otherwise shall not be specified. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + csr: + type: string + maxLength: 2048 + description: | + Contents of the CSR file used to create this certificate. Format of the contents is PEM. + Required if `type` is `DIRECT`. + Otherwise shall not be specified. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + test_certificate: + type: boolean + description: Is this a test certificate? + default: false + example: false + valid_from: + type: string + description: | + Certificate validity start date. Date shall be in ISO-8601 format. + + Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: | + Certificate expiration date. Date shall be in ISO-8601 format. + + Required if `type` is `INDIRECT` or if `test_certificate` is set to `true`. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. Cannot be enabled for test certificates. + + If enabled, the application will automatically create a new certificate + using the same CSR and options provided for this certificate. + + See `renewal_after` option for defining when the renewal process shall be triggered. + default: false + example: true + renewal_after: + type: integer + description: | + Number of days to wait after certificate validity start date + for the automated certificate renewal process to be triggered. + + Required if if `renewal_auto` is set to `true`. + Otherwise, shall not be specified. + example: 300 + examples: + DirectCertificateRequest: + $ref: '#/components/examples/DirectCertificateRequest' + IndirectCertificateRequest: + $ref: '#/components/examples/IndirectCertificateRequest' + responses: + '201': + description: | + Confirms the creation of the new certificate and returns its details in the response. + This applies only to direct certificates. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + headers: + Location: + $ref: '#/components/headers/Location-Certificate' + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '202': + description: | + Confirms the indirect certificate creation request. + This applies only to indirect certificates. + content: + application/json: + schema: + $ref: '#/components/schemas/PendingIndirectCertificate' + examples: + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the provider has already too many active certificates. + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: Maximum number of active certificates has been reached. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: SearchCertificates + tags: + - STI Certificates + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` + - `status` + - `renewal_auto` + - `renewal_after` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` + - `revoked_reason` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_id: OPC000 + created_at: gte:2022-01-01T00:00:00Z + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `status` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` + - `revoked_reason` + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: name:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + certificates: + type: array + items: + $ref: '#/components/schemas/CertificateSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/{certificate_id}: + get: + summary: Return STI certificate details + description: | + Return a JSON object with STI certificate details and contents. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: GetCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with certificate properties and contents. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + post: + summary: Finalize the creation of an indirect STI certificate + description: | + API called by the technical signing service provider (OPTS) to finalize the creation of indirect certificates. + + Can only be called by the OPTS for which the indirect certificate has been requested for. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR*, *MANAGER* users can finalize any indirect certificate created for their provider. + operationId: FinalizeIndirectCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: JSON object with certificate finalization options + required: true + content: + application/json: + schema: + type: object + required: + - csr + properties: + description: + type: string + maxLength: 1024 + description: OPTS additional information for this certificate. Only available to the OPTS. + example: Description of the certificate. + csr: + type: string + maxLength: 2048 + description: | + Contents of the CSR file used to create this certificate. Format of the contents is PEM. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + responses: + '201': + description: | + Confirms the finalization of the indirect certificate and returns its properties and contents in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Returned when the API request cannot be fulfilled due to the object current status. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: CONFLICT + message: Cannot finalize an expired certificate. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + patch: + summary: Update STI certificate properties + description: | + Update certificate properties. Once the certificate has been created (for direct certificates) + or finalized (for indirect certificates), only a subset of the certificate properties can be updated. + + - Indirect certificates that have not yet been finalised can have additional properties updated. + - Expired certificates cannot be edited + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR*, *MANAGER* users can update any certificate created by/for their provider. + operationId: UpdateCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + description: | + A [JSON Merge Patch (RFC 7386)](https://datatracker.ietf.org/doc/html/rfc7386) containing only the properties + that must be updated (with the new value) or deleted (with null as value). + content: + application/merge-patch+json: + schema: + type: object + properties: + name: + type: string + maxLength: 64 + description: | + Change the name of the certificate. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be deleted. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: | + Change the description of the certificate. + - Can be changed for both direct and indirect certificates + - Can be changed by the origin service provider and the OPTS, each of them having their own description. + - Can be deleted. + example: Description of the certificate + test_certificate: + type: boolean + description: | + Change the test certificate flag. + - Can be changed only for indirect certificates, if not finalized + - Can be changed only by the origin service provider + - Cannot be deleted. + example: false + valid_from: + type: string + description: | + Change the certificate validity start date. Date shall be in ISO-8601 format. + - Can be changed only for indirect certificates not yet finalized + - Can be changed only by the origin service provider + - Unless `test_certificate` is set to `true`, the date shall be at least one week in the future. + - Cannot be deleted. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: | + Change the certificate expiration date. Date shall be in ISO-8601 format. + - Can be changed only for indirect certificates not yet finalized + - Can be changed only by the origin service provider + - Cannot be deleted. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Change the certificate automatic renewal option. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be enabled for test certificates + - Cannot be deleted. + example: true + renewal_after: + type: integer + description: | + Change the number of days to wait after certificate validity start date to trigger the automatic renewal process. + - Can be changed for both direct and indirect certificates + - Can be changed only by the origin service provider + - Cannot be deleted if `renewal_auto` is set to `true` for this certificate. + example: 300 + examples: + DirectCertificateUpdateRequest: + $ref: '#/components/examples/DirectCertificateUpdateRequest' + PendingIndirectCertificateUpdateRequest: + $ref: '#/components/examples/PendingIndirectCertificateUpdateRequest' + IndirectCertificateUpdateRequest: + $ref: '#/components/examples/IndirectCertificateUpdateRequest' + responses: + '200': + description: Confirms successful processing and returns certificate properties and contents in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + PendingIndirectCertificate: + $ref: '#/components/examples/PendingIndirectCertificate' + IndirectCertificate: + $ref: '#/components/examples/IndirectCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + delete: + summary: Delete a STI certificate + description: | + Delete a STI certificate. Only test certificates or certificates in *PENDING* status can be deleted. + + If a test certificate that is still valid is deleted, the platform will also revoke it and add it to the + STI certificates CRL in the BPCO to ensure that it cannot be used for any further calls. + + *Warning*: the action cannot be undone. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* users can request deletion of any certificate attached to their own provider. + + *Note*: OPTS users cannot delete indirect certificates created for their provider. + operationId: DeleteCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the certificate is already active and is not a test certificate. + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore. + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: This certificate is already active and it is not a test certificate. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/{certificate_id}/renew: + post: + summary: Renew a STI certificate + description: | + This method creates a new certificate using the same CSR and properties used for the + creation of the certificate specified in the `certificate_id` request parameter. + + - Unless a `name` is provided, the Common Name of the new certificate will be the same, but the serial number will be different. + - The `renewed_by` property of the current certificate will be filled with the id of the new certificate. + - OPTS users cannot renew indirect certificates they have been mandated for. + - Revoked certificates cannot be renewed + - Invalid certificates cannot be renewed + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* can request renewal of certificates owned by their provider. + operationId: RenewCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + description: | + New properties may be specified for the creation of the new certificate. + If not provided, values of the previous certificate will be kept, expect for the following: + - `serial_number`: a new serial number is computed + - `valid_from`: the date will be set to the current date & time + one week. + - `valid_to`: the date will be computed so that the expiration delay will be the same than the one set for the initial certificate + required: false + content: + application/json: + schema: + type: object + properties: + name: + type: string + maxLength: 64 + description: | + Certificate name. Overrides the property set in the initial certificate used for the renewal. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: | + Additional information related to the certificate. + + If not specified, the description set to the initial certificate is reused. + example: Description of the certificate. + valid_from: + type: string + description: | + Certificate validity start date. Date shall be in ISO-8601 format. + + If not specified, the date will be set to the current date & time + one week. + The same rules used when creating a certificate also apply for renewal. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: | + Certificate expiration date. Date shall be in ISO-8601 format. + + If not specified, the date will be computed so that the expiration delay will + be the same than the one set for the initial certificate. The same rules used + when creating a certificate also apply for renewal. + + This property cannot be specified for a direct certificate that is not flagged + as a test certificate, as the expiration is fixed to one year for such certificates. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. Cannot be enabled for test certificates. + + If not specified, the property will copy the value set for the initial certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate validity start date to wait for + the automated certificate renewal process to be triggered. + + Can be specified only if `renewal_auto` is set to `true`. + example: 300 + responses: + '201': + description: | + Confirms the creation of the new certificate and returns its details and contents in the response. + content: + application/json: + schema: + $ref: '#/components/schemas/RenewedCertificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectCertificate' + headers: + Location: + $ref: '#/components/headers/Location-Certificate' + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the certificate is revoked + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: This certificate is revoked. + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/{certificate_id}/revoke: + post: + summary: Revoke a STI certificate + description: | + Request the revocation of a certificate. + Upon successful processing, the certificate will be immediately revoked by the platform. + + - OPTS users can revoke indirect certificates they have been mandated for. + - Expired certificates cannot be revoked + - Invalid certificates cannot be revoked + - Revoked certificates cannot be revoked again + + *Warning*: the action cannot be undone. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + + - *ADMINISTRATOR* and *MANAGER* users can request revocation of certificates attached to their own provider. + operationId: RevokeCertificate + tags: + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - reason + properties: + reason: + type: string + nullable: false + description: | + Reason associated with the certificate revocation as defined in RFC 5280. + enum: + - unspecified + - keyCompromise + - affiliationChanged + - superseded + - cessationOfOperation + - certificateHold + - privilegeWithdrawn + default: unspecified + example: keyCompromise + comments: + type: string + maxLength: 64 + description: | + Additional comments on the reason for revoking the certificate. + example: Clé privée compromise + responses: + '204': + $ref: '#/components/responses/SuccessNoMessage' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '409': + description: Error returned when the certificate status is `EXPIRED`, `REVOKED`, `INVALIDATION` or `INVALID` + content: + application/json: + schema: + type: object + required: + - code + properties: + code: + type: string + description: Error code. Shall be capitalized with underscore + example: CONFLICT + message: + type: string + description: Message providing more details and context for error that occurred + example: This certificate is expired or is already revoked. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/{certificate_id}/history: + get: + summary: Retrieve activity history on certificates + description: | + Retrieve a paginated list of all actions performed on a certificate. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any certificate attached to their provider. + operationId: GetCertificateHistory + tags: + - History + - STI Certificates + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/export: + get: + summary: Retrieve a list of certificates in csv format with headers + description: | + The API applies any sort and filter preferences passed to the API request and returns a list of + corresponding results in csv format. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any certificate attached to their provider. + operationId: ExportCertificates + tags: + - STI Certificates + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be percent encoded. + + The parameter name is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` + - `status` + - `renewal_auto` + - `renewal_after` + - `renewed_by` + - `url` + - `sn` + - `created_at` + - `created_by` + - `updated_at` + - `updated_by` + - `revoked_at` + - `revoked_by` + - `revoked_reason` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_id: OPC000 + created_at: gte:2022-01-01T00:00:00Z + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` + - `url` + - `status` + - `renewal_auto` + - `renewal_after` + - `renewed_by` + - `sn` + - `created_at` + - `created_by` + - `updated_at` + - `updated_by` + - `revoked_at` + - `revoked_by` + - `revoked_reason` + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: name:asc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return certificates list in csv format with headers + content: + text/csv: + schema: + type: string + example: | + ID;status;name;serial_number;type;provider_code;opts;valid_from;valid_to;renewal_auto;days_before_renewal;bpco_url;description;test_certificate + 12;ACTIVE;Main Certificate;54e702c83df35b8a;DIRECT;SPC000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPC000/54e702c83df35b8a.cer;Description of the certificate.;false + 13;ACTIVE;Certificate;4df1d562e7f009e6;DIRECT;SPE000;;2025-12-01T10:12:25Z;2026-01-01T10:12:25Z;true;9;https://api.man-bpco.fr/certs/SPE000/4df1d562e7f009e6.cer;Description of the certificate.;false + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/archives: + get: + summary: Retrieve a paginated list of records with support of sorting & filtering + description: | + The API applies any sort and filter preferences passed to the API request and returns a paginated list of + corresponding results. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. + operationId: SearchArchivedCertificates + tags: + - STI Certificates (Archived) + parameters: + - name: query + in: query + description: | + Filter on a property following the format `operator:value`. + + If the operator is `eq`, it can be ignored. + + For string, number or date-time property: + * `eq` and `ne` = (not) equal. + * `in` and `not_in` = (not) in a list. `value` contains an array such as `[val1,val2,val3]`. + + For string property only: + * `match` and `not_match` = (not) match the wildcard pattern (`*` for zero or more characters and `?` for a + single character) contains in `value`. + + For number or date-time property: + * `gt` and `gte` = greater than (or equal). + * `lt` and `lte` = less than (or equal). + + In any case, `value` must be URL encoded. + + The property name is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `type` + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `test_certificate` + - `status` + - `archived` + - `renewal_auto` + - `renewal_after` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` + - `revoked_reason` + schema: + type: object + additionalProperties: + type: string + pattern: ^(((eq|ne|(not_)?match|[lg]te?):)?.+|(in|not_in):\[.+(,.+)*\])$ + example: + provider_id: OPC000 + created_at: gte:2022-01-01T00:00:00Z + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - name: sort + in: query + description: | + Sort preference using the format `property_name:order`, where: + - `property_name` is one of the following values: + - `id` + - `provider_id` (only for *MAN_ADMINISTRATOR* and *APNF* users) + - `opts` + - `name` + - `valid_from` + - `valid_to` + - `status` + - `archived` + - `sn` + - `created_at` + - `updated_at` + - `revoked_at` + - `order` may be set to `asc` or `desc`. + schema: + type: string + pattern: ^(id|provider_id|type|opts|name|valid_(from|to)|test_certificate|url|status|archived|renew(al_a(uto|fter)|ed_by)|sn|(cre|upd)ated_(at|by)|revoked_(at|by|reason)):(([Aa]|[Dd][Ee])[Ss][Cc])$ + example: created_at:desc + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of records + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + certificates: + type: array + items: + $ref: '#/components/schemas/ArchivedCertificateSummaryView' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/archives/{certificate_id}: + get: + summary: Return archived STI certificate details + description: | + Return a JSON object with STI archived certificate details and contents. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access any archived certificate attached to their provider. + operationId: GetArchivedCertificate + tags: + - STI Certificates (Archived) + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return the JSON object with certificate properties and contents. + content: + application/json: + schema: + $ref: '#/components/schemas/Certificate' + examples: + DirectCertificate: + $ref: '#/components/examples/DirectArchivedCertificate' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '415': + $ref: '#/components/responses/ErrorInvalidContentType' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /certificates/archives/{certificate_id}/history: + get: + summary: Retrieve activity history on STI archived certificates + description: | + Retrieve a paginated list of all actions performed on an STI archived certificate. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR*, *MANAGER* and *SUPERVISOR* users can access the history of any archived certificate attached to their provider. + operationId: GetArchivedCertificateHistory + tags: + - History + - STI Certificates (Archived) + parameters: + - $ref: '#/components/parameters/CertificateId' + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /history: + get: + summary: Retrieve platform activity history + description: | + Retrieve a paginated list of all actions performed on any data accessible to the user. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + + - *ADMINISTRATOR* and *SUPERVISOR* can access the history of any data attached to their own provider. + - *MANAGER* users can access the history on their own account or on certificates owned by their provider + operationId: GetHistory + tags: + - History + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /bpco/certificates: + head: + summary: Get STI certificates last update date in BPCO + description: | + This method returns the date of the last update performed on STI certificates in the BPCO, i.e when a + certificate has been published or removed. + The date is returned in the `Last-Modified` response header. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCertificatesLastUpdateDate + tags: + - BPCO + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + description: | + Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates in the BPCO. + headers: + Last-Modified: + description: Last update date of certificates in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' + '403': + $ref: '#/components/responses/ErrorNoPermissionNoContents' + '405': + $ref: '#/components/responses/ErrorNotAllowed' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' + '429': + $ref: '#/components/responses/ErrorRateLimitingNoContents' + '500': + $ref: '#/components/responses/ErrorInternalNoContents' + '503': + $ref: '#/components/responses/ServiceUnavailableNoContents' + get: + summary: Get a copy of STI certificates in BPCO + description: | + This method returns as a GZipped TAR file a copy of all the STI certificates currently published in the BPCO. + + If the `since` parameter is specified, the GZipped TAR file only contains the certificates published in the BPCO or + removed from it since the date provided in the parameter. + The list of certificates removed from the BPCO are available in a `removed-certificates.csv` file included in the tarball. + + A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned if no certificates + have been added or removed since the date specified in the header. This latter can be filled with the value of the + `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/certificates` one. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCertificatesCopy + tags: + - BPCO + parameters: + - name: since + in: query + description: | + Date in ISO-8601 format. When specified, return only the certificates added or removed since that date. + The minutes and seconds are ignored (`2022-01-17T10:12:25Z` is therefore interpreted as `2022-01-17T10:00:00Z`) + and the date cannot be older than 15 days. + required: false + schema: + type: string + format: date-time + example: '2022-01-19T10:00:00Z' + - $ref: '#/components/parameters/If-Modified-Since' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: | + Return a GZipped TAR file which includes the certificates using the following structure: + ``` + |-/ + | |- .cer + | |- .cer + | `- .cer + |-/ + | |- .cer + | |- .cer + |-/ + [...] + ``` + If the `since` parameter is present, a `removed-certificates.csv` file may be included at the root of the + GZipped TAR file. + When present, this file lists all certificates deleted from the BPCO since that date, using the following + format: + ```ini + ; + ; + ; + ``` + A semicolon (`;`, `U+003B`) is used between each column and a linefeed is used between each line + (`\n`, `U+000A`). + content: + application/gzip: + schema: + type: string + format: binary + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + Last-Modified: + description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '304': + description: No changes since the date provided in the `If-Modified-Since` request header. + headers: + Last-Modified: + description: Last update date of STI certificates in the BPCO. Uses HTTP-Date format (RFC 7231) + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + Content-Type: + $ref: '#/components/headers/Content-Type-GZip' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /bpco/certificates/history: + get: + summary: Retrieve activity history on the certificate public repository + description: | + Retrieve a paginated list of all actions performed on the list of STI certificates in the BPCO. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetBpcoCertificatesHistory + tags: + - BPCO + - History + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /bpco/crl: + head: + summary: Get STI certificates CRL last update date in BPCO + description: | + This method returns the date of the last update performed on the Certificate Revocation List (CRL) of + STI certificates in the BPCO, i.e when a STI certificate has been revoked or when certificate is remove from the CRL. + The date is returned in the `Last-Modified` response header. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCrlLastUpdateDate + tags: + - BPCO + parameters: + - $ref: '#/components/parameters/X-Request-Id' + responses: + '204': + description: | + Returns no contents. The `Last-Modified` header is set with the last update date of STI certificates CRL in + the BPCO. + headers: + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticatedNoContents' + '403': + $ref: '#/components/responses/ErrorNoPermissionNoContents' + '405': + $ref: '#/components/responses/ErrorNotAllowed' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeaderNoContents' + '429': + $ref: '#/components/responses/ErrorRateLimitingNoContents' + '500': + $ref: '#/components/responses/ErrorInternalNoContents' + '503': + $ref: '#/components/responses/ServiceUnavailableNoContents' + get: + summary: Get a copy of the STI certificates CRL in BPCO + description: | + Get a copy of the STI certificates Certificate Revocation List (CRL) as available in the BPCO. + + The API returns the CRL in DER format, with the exact same contents returned by the BPCO API `GET /crl`. + + A `If-Modified-Since` request header may also be specified. In that case, a **304** response is returned + if the CRL has not been updated since the date specified in the header. This latter can be filled with the value of the + `Last-Modified` response header collected from a previous call to this API or the `HEAD /bpco/crl` one. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER* + operationId: GetBpcoCrlCopy + tags: + - BPCO + parameters: + - $ref: '#/components/parameters/If-Modified-Since' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: The Certificate Revocation List in DER format. + content: + application/pkix-crl: + schema: + type: string + format: binary + example: | + + 00000000: 3082 0120 3081 c802 0101 300a 0608 2a86 0.. 0.....0...*. + 00000010: 48ce 3d04 0302 3067 3111 300f 0603 5504 H.=...0g1.0...U. + 00000020: 030c 0842 5043 4f20 5041 3131 0b30 0906 ...BPCO PA11.0.. + 00000030: 0355 0406 1302 4652 312a 3028 0603 5504 .U....FR1*0(..U. + 00000040: 0a0c 2142 6173 6520 6465 7320 4365 7274 ..!Base des Cert + 00000050: 6966 6963 6174 7320 4f70 c383 c2a9 7261 ificats Op....ra + 00000060: 7465 7572 3119 3017 0603 5504 0b0c 1050 teur1.0...U....P + 00000070: 6f6c 6963 7920 4175 7468 6f72 6974 7917 olicy Authority. + 00000080: 0d32 3230 3730 3431 3235 3032 305a 170d .220704125020Z.. + 00000090: 3232 3038 3033 3132 3530 3230 5aa0 3030 220803125020Z.00 + 000000a0: 2e30 1f06 0355 1d23 0418 3016 8014 097a .0...U.#..0....z + 000000b0: 34d8 9663 a43e 0250 9294 9de2 de31 8135 4..c.>.P.....1.5 + 000000c0: 3c8a 300b 0603 551d 1404 0402 0210 0030 <.0...U........0 + 000000d0: 0a06 082a 8648 ce3d 0403 0203 4700 3044 ...*.H.=....G.0D + 000000e0: 0220 58da 50e6 2670 a7e4 413d bb9d c193 . X.P.&p..A=.... + 000000f0: e0c0 3852 0138 1bd0 73fc 04fa 7328 952b ..8R.8..s...s(.+ + 00000100: e169 0220 1110 3e86 450b f0db 4345 80c9 .i. ..>.E...CE.. + 00000110: b12e d905 9f72 051a e02d fd3d 67d7 4ce2 .....r...-.=g.L. + 00000120: b92f e546 ./.F + headers: + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + Content-Length: + description: Size in bytes of the DER contents provided in the response. + schema: + type: integer + example: 311 + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '304': + description: No changes since the date provided in the `If-Modified-Since` request header + headers: + Last-Modified: + description: Last update date of STI certificates CRL in the BPCO. Uses HTTP-Date format (RFC 7231). + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + Content-Type: + $ref: '#/components/headers/Content-Type-Pkix-Crl' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '405': + $ref: '#/components/responses/ErrorNotAllowed' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' + /bpco/crl/history: + get: + summary: Retrieve activity history on the CRL + description: | + Retrieve a paginated list of all actions performed on the STI certificates CRL in the BPCO. + Sorting and filtering are not supported for this API. + + **Allowed Roles**: *ADMINISTRATOR*, *MANAGER*, *SUPERVISOR* + operationId: GetBpcoCrlHistory + tags: + - BPCO + - History + parameters: + - $ref: '#/components/parameters/PaginationLimit' + - $ref: '#/components/parameters/PaginationOffset' + - $ref: '#/components/parameters/X-Request-Id' + responses: + '200': + description: Return a paginated list of history records + content: + application/json: + schema: + type: object + properties: + metadata: + $ref: '#/components/schemas/PaginationMetaData' + records: + type: array + items: + $ref: '#/components/schemas/History' + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + '400': + $ref: '#/components/responses/ErrorValidation' + '401': + $ref: '#/components/responses/ErrorNotAuthenticated' + '403': + $ref: '#/components/responses/ErrorNoPermission' + '404': + $ref: '#/components/responses/ErrorNotFound' + '406': + $ref: '#/components/responses/ErrorInvalidAcceptHeader' + '429': + $ref: '#/components/responses/ErrorRateLimiting' + '500': + $ref: '#/components/responses/ErrorInternal' + '503': + $ref: '#/components/responses/ServiceUnavailable' +security: + - access_token: [] +components: + examples: + ApiCredential: + summary: Details of an API credential + value: + id: 9152f121-f66f-421c-87ce-78b218e250d4 + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + name: 'API Credential SI #1' + description: Description of the credential. + expires_on: '2022-01-24T10:12:25Z' + last_used_at: '2022-01-20T10:12:25Z' + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe + client_id: OPC000_001 + ApiCredentialCreationResponse: + summary: API credential creation response + value: + id: 9152f121-f66f-421c-87ce-78b218e250d4 + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + name: 'API Credential SI #1' + description: Description of the credential. + expires_on: '2022-01-24T10:12:25Z' + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe + client_id: OPC000_001 + client_secret: 7AD6F8F12F5B091E6DAEB1979F76DFBB + ApiCredentialUpdateRequest: + summary: Request to update all possible properties of an API credential + value: + name: API Credential (no expiration) + description: This API credential shall not expire + expires_on: null + ApnfUserCreationResponse: + summary: Response for APNF user creation + value: + id: 155720a6-f4c9-40ec-b479-a32d7f062553 + firstname: Mark + lastname: Jones + email_address: mark.jones@apnf + mobile_phone: '0612345678' + language: FRENCH + role: APNF + status: PENDING + created_at: '2022-01-17T10:12:25Z' + created_by: MAN Administrator + updated_at: '2022-01-17T10:12:25Z' + updated_by: MAN Administrator + BypassTokenCreationResponse: + value: + id: SPC000-YE42L73SGAG45I05 + DirectArchivedCertificate: + summary: Details of an archived direct certificate + value: + id: d240dd9e-a077-42f5-92e3-a3d3f10e002e + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + type: DIRECT + name: Main Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2021-01-17T10:12:25Z' + valid_to: '2023-01-17T10:12:25Z' + renewal_auto: true + renewal_after: 300 + status: REVOKED + archived: true + sn: 57ABB34BCA510043BDE438460F13B27E6A82C004 + url: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + contents: | + -----BEGIN CERTIFICATE----- + MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw + gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl + MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD + g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw + NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD + MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL + DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ + qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 + ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j + RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E + BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 + Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK + DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv + bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww + CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV + YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv + -----END CERTIFICATE----- + csr: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + created_at: '2021-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe + revoked_at: '2022-01-30T09:10:00Z' + revoked_by: John Doe + revoked_reason: keyCompromise + revoked_comments: Clé privée compromise + DirectCertificate: + summary: Details of an active direct certificate + value: + id: d240dd9e-a077-42f5-92e3-a3d3f10e002e + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + type: DIRECT + name: Main Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-01-17T10:12:25Z' + valid_to: '2023-01-17T10:12:25Z' + renewal_auto: true + renewal_after: 300 + status: ACTIVE + archived: false + sn: 57ABB34BCA510043BDE438460F13B27E6A82C004 + url: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + contents: | + -----BEGIN CERTIFICATE----- + MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw + gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl + MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD + g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw + NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD + MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL + DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ + qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 + ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j + RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E + BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 + Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK + DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv + bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww + CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV + YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv + -----END CERTIFICATE----- + csr: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe + DirectCertificateRequest: + summary: Request for a direct certificate + value: + type: DIRECT + name: Main Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-01-17T10:12:25Z' + renewal_auto: true + renewal_after: 300 + csr: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + DirectCertificateUpdateRequest: + summary: Request to update all possible properties of a direct certificate + value: + name: Certificate new name. + description: Updated description of the certificate. + renewal_auto: false + IndirectCertificate: + summary: Details of an indirect certificate finalized by the OPTS + value: + id: d240dd9e-a077-42f5-92e3-a3d3f10e002e + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + type: INDIRECT + opts: SPB000 + name: Indirect Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-03-01T00:00:00Z' + valid_to: 2022-05-3123:59:59Z + renewal_auto: false + status: ACTIVE + archived: false + sn: 57ABB34BCA510043BDE438460F13B27E6A82C004 + url: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + contents: | + -----BEGIN CERTIFICATE----- + MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw + gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl + MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD + g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw + NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD + MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL + DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ + qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 + ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j + RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E + BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 + Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK + DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv + bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww + CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV + YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv + -----END CERTIFICATE----- + csr: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: Jane Doe + IndirectCertificateRequest: + summary: Request for an indirect certificate + value: + type: INDIRECT + opts: SPB000 + name: Indirect Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-03-01T00:00:00Z' + valid_to: 2022-05-3123:59:59Z + renewal_auto: false + IndirectCertificateUpdateRequest: + summary: Request to update all possible properties of a finalized indirect certificate + value: + name: Certificate new name. + description: Updated description of the certificate. + renewal_auto: true + renewal_after: 300 + Meteo: + value: + ID: 14fa2014-8b50-4159-a250-789ebf4500e6 + provider_author_apnf_code: OPE100 + short_description: L'opérateur OPE1 est en débrayage + long_description: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... ' + criticality: INFORMATION + start_date: '2022-01-17T10:12:25Z' + end_date: '2022-01-18T10:12:25Z' + tags: + - APPLICATION_MAN + reference_id: 1 + MeteoCreation: + value: + ID: 14fa2014-8b50-4159-a250-789ebf4500e6 + provider_author_apnf_code: OPE100 + short_description: L'opérateur OPE1 est en débrayage + long_description: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... ' + criticality: INFORMATION + start_date: '2022-01-17T10:12:25Z' + MeteoDisengagement: + value: + ID: 14fa2014-8b50-4159-a250-789ebf4500e8 + provider_author_apnf_code: OPE100 + short_description: L'opérateur OPE1 est en débrayage + long_description: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... ' + criticality: INFORMATION + start_date: '2022-01-17T10:12:25Z' + end_date: '2022-01-18T10:12:25Z' + tags: + - DISENGAGEMENT + disengagement_id: APNF00-123456789-ABCDE + reference_id: 1 + MeteoPatch: + value: + short_description: L'opérateur OPE1 est en débrayage + long_description: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... et il est intervenu pour... ' + criticality: INFORMATION + start_date: '2022-01-17T10:12:25Z' + end_date: '2022-01-18T10:12:25Z' + OtpResetRequestUsingEmailAddress: + summary: OTP Reset Request using an email address + value: + email_address: john.doe@spa.domain + otp: true + PasswordResetRequestUsingEmailAddress: + summary: Password Reset Request using an email address + value: + email_address: john.doe@spa.domain + PasswordResetRequestUsingUserId: + summary: Request using a user ID (MAN_ADMINISTRATOR / ADMINISTRATOR only) + value: + user_id: 155720a6-f4c9-40ec-b479-a32d7f062553 + PendingIndirectCertificate: + summary: Details of an indirect certificate not yet finalized + value: + id: d240dd9e-a077-42f5-92e3-a3d3f10e002e + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + type: INDIRECT + opts: SPB000 + name: Indirect Certificate + description: Description of the certificate. + test_certificate: false + valid_from: '2022-03-01T00:00:00Z' + valid_to: 2022-05-3123:59:59Z + renewal_auto: false + status: PENDING + archived: false + created_at: '2022-01-17T10:12:25Z' + created_by: John Doe + updated_at: '2022-01-17T10:12:25Z' + updated_by: John Doe + PendingIndirectCertificateUpdateRequest: + summary: Request to update all possible properties of a pending indirect certificate + value: + name: Certificate new name. + description: Updated description of the certificate. + test_certificate: false + valid_from: '2022-06-01T00:00:00Z' + valid_to: '2023-01-00T00:00:00Z' + renewal_auto: true + renewal_after: 300 + ProviderDetails: + value: + id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + status: REGISTRATION + name: Opérateur A + code: SPA000 + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + signatory: true + opts: true + legal_administrator: John Doe + opts_contracts: + - SPB000 + - SPC000 + - SPD000 + opts_allowed: + - SPE000 + - SPF000 + - SPG000 + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + last_verification: + id: 9152f121-f66f-421c-87ce-78b218e250d4 + status: COMPLETED + decision: true + completed_at: '2022-05-18T10:12:25Z' + deleted: false + created_at: '2022-01-17T10:12:25Z' + created_by: MAN Administrator + updated_at: '2022-01-17T10:12:25Z' + updated_by: MAN Administrator + bypass_token: SPC000-YE42L73SGAG45I05 + ProviderUpdateRequestByAdministrator: + summary: Request to update all possible provider properties with an administrator user + value: + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + ProviderUpdateRequestByManAdministrator: + summary: Request to update all possible provider properties with a MAN administrator user + value: + status: DISABLED + name: Opérateur A + address: 30, rue de Paris 75018 Paris + technical_number: '33123456789' + signatory: true + opts: true + legal_administrator: 155720a6-f4c9-40ec-b479-a32d7f062553 + opts_contracts: + - SPB000 + - SPC000 + - SPD000 + global_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: true + sftp_allowed_ips: + - 172.16.25.6 + languages: + - FRENCH + - ENGLISH + authentication_mode: MFA + ProviderUser: + summary: Details of a provider user + value: + id: 155720a6-f4c9-40ec-b479-a32d7f062553 + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + language: ENGLISH + role: ADMINISTRATOR + status: PENDING + created_at: '2022-01-17T10:12:25Z' + created_by: MAN Administrator + updated_at: '2022-01-17T10:12:25Z' + updated_by: MAN Administrator + last_connected_at: '2022-03-07T08:30:12Z' + legal_administrator: true + ProviderUserCreationRequestByAdministrator: + summary: Creation of a provider MANAGER user by provider administrator + value: + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + role: MANAGER + ProviderUserCreationRequestByManAdministrator: + summary: Creation of a provider ADMINISTRATOR user by platform administrator + value: + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + language: ENGLISH + role: ADMINISTRATOR + ProviderUserCreationResponse: + summary: Response for provider ADMINISTRATOR user creation + value: + id: 155720a6-f4c9-40ec-b479-a32d7f062553 + provider_id: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + language: ENGLISH + role: ADMINISTRATOR + status: PENDING + created_at: '2022-01-17T10:12:25Z' + created_by: MAN Administrator + updated_at: '2022-01-17T10:12:25Z' + updated_by: MAN Administrator + ResendActivationLinkRequestUsingUserId: + summary: Request new activation link using a user ID (MAN_ADMINISTRATOR / ADMINISTRATOR only) + value: + user_id: 155720a6-f4c9-40ec-b479-a32d7f062553 + activation_link: true + Ticket: + value: + ID: 24fa2014-8b50-4159-a250-789ebf4500e6 + issue_type: INCIDENT + communication_type: VOICE + typology_code: 2A + category: Constatation ou suspicion d'usurpation de numéro + typology_label: Numéro appelant usurpé (suite à vérification) + description: Ce n'est pas la première fois + source: PROVIDER + number_of_communications: 1 + provider_author_role: SIGNATORY_OPTS + next_action_required_by: OPE2 + signatory: OPE1 + opts: OPTS + ingress_provider: OPE3 + egress_provider: OPE3 + termination_provider: TERM + optv: OPTV + display_number: 102030406 + display_number_type: LANDLINE + has_identity_header: true + is_sti_vs_valid: true + called_number: 102030407 + call_timestamp: 1660742563701 + shaken_attestation_value: A + last_known_interconnection: SIP + sip_reject_code: '' + sip_reject_sub_code: '' + is_emergency_call: false + calling_number: 102030408 + is_reoccurring_issue: false + is_related_to_single_called_customer: false + estimated_issue_date: '2022-01-17T10:12:25Z' + is_call_breakable: false + is_call_broken: false + provider_author_apnf_code: OPE100 + status: OPEN + resolution: null + creation_date: '2022-01-17T10:12:25Z' + creation_author: 61757468-6f72-2d31-3030-000000000000 + modification_date: '2022-01-17T10:12:25Z' + modification_author: 61757468-6f72-2d31-3030-000000000123 + criticality: 2 + reference_id: 1 + TicketClosed: + value: + ID: 24fa2014-8b50-4159-a250-789ebf4500e6 + issue_type: INCIDENT + communication_type: VOICE + typology_code: 2A + category: Constatation ou suspicion d'usurpation de numéro + typology_label: Numéro appelant usurpé (suite à vérification) + description: Ce n'est pas la première fois + source: PROVIDER + number_of_communications: 1 + provider_author_role: SIGNATORY_OPTS + next_action_required_by: OPE2 + signatory: OPE1 + opts: OPTS + ingress_provider: OPE3 + egress_provider: OPE3 + termination_provider: TERM + optv: OPTV + display_number: 102030406 + display_number_type: LANDLINE + has_identity_header: true + is_sti_vs_valid: true + called_number: 102030407 + call_timestamp: 1660742563701 + shaken_attestation_value: A + last_known_interconnection: SIP + sip_reject_code: '' + sip_reject_sub_code: '' + is_emergency_call: false + calling_number: 102030408 + is_reoccurring_issue: false + is_related_to_single_called_customer: false + estimated_issue_date: '2022-01-17T10:12:25Z' + is_call_breakable: false + is_call_broken: false + provider_author_apnf_code: OPE100 + status: CLOSED + resolution: FIXED + creation_date: '2022-01-17T10:12:25Z' + creation_author: 61757468-6f72-2d31-3030-000000000000 + modification_date: '2022-01-17T10:12:25Z' + modification_author: 61757468-6f72-2d31-3030-000000000123 + criticality: 2 + reference_id: 1 + TicketComment: + value: + text: this is my comment + provider_author_apnf_code: OPE100 + creation_date: '2022-01-17T10:12:25Z' + TicketPatch: + value: + next_action_required_by: OPE100 + signatory: OPE100 + opts: OPE200 + ingress_provider: OPE300 + egress_provider: OPE300 + termination_provider: OPE400 + optv: OPE500 + UserCreationRequestByManAdministrator: + summary: Creation of an APNF user by platform administrator + value: + firstname: Mark + lastname: Jones + email_address: mark.jones@apnf + mobile_phone: '0612345678' + role: APNF + UserPersonalUpdateRequest: + summary: Request to update all possible properties for one's own account + value: + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + language: ENGLISH + UserPreview: + summary: Map of : <> + value: 155720a6-f4c9-40ec-b479-a32d7f062553:"John doe " + UserUpdateRequest: + summary: Request to update all possible properties for another account + value: + firstname: Jane + lastname: Doe + email_address: jane.doe@spa.domain + mobile_phone: '0612345678' + language: ENGLISH + role: ADMINISTRATOR + status: DISABLED + headers: + Content-Length: + description: Size in bytes of the response body. + schema: + type: integer + example: 80 + Content-Type-GZip: + description: Content-Type header set as "application/gzip". + schema: + type: string + example: application/gzip + Content-Type-Pkix-Crl: + description: Content-Type header set as "application/pkix-crl". + schema: + type: string + example: application/pkix-crl + Location-Certificate: + description: Certificate access URL in the BPCO. + schema: + type: string + example: https://api.man-bpco.fr/certs/SPC000/a44cbe3916e8cd6e.cer + X-Correlation-Id: + description: ID generated by the API gateway. + schema: + $ref: '#/components/schemas/UUID' + example: f13371a6-40d7-48cf-a221-794b63fddbd9 + X-Response-Id: + description: Response ID that corresponds to the `X-Request-Id` request header, if provided. + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 + parameters: + CertificateId: + name: certificate_id + in: path + description: ID of the certificate to retrieve history records + required: true + example: d240dd9e-a077-42f5-92e3-a3d3f10e002e + schema: + $ref: '#/components/schemas/UUID' + CredentialId: + name: credential_id + in: path + description: ID of the credential to retrieve the history records + required: true + example: 9152f121-f66f-421c-87ce-78b218e250d4 + schema: + $ref: '#/components/schemas/UUID' + If-Modified-Since: + name: If-Modified-Since + in: header + description: Date in HTTP-Date format (RFC 7231). + required: false + schema: + $ref: '#/components/schemas/RFC7231.HTTP-date' + PaginationLimit: + name: limit + in: query + description: 'Number of records to return (Max: 100)' + required: false + schema: + type: integer + minimum: 1 + maximum: 100 + default: 20 + PaginationOffset: + name: offset + in: query + description: Offset to start the pagination + required: false + schema: + type: integer + default: 0 + ProviderId: + name: provider_id + in: path + description: ID of the provider + required: true + example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + schema: + $ref: '#/components/schemas/UUID' + TicketId: + name: ticket_id + in: path + description: reference id to the ticket (integer). + required: true + schema: + type: integer + UserId: + name: user_id + in: path + description: ID of the user + required: true + example: 155720a6-f4c9-40ec-b479-a32d7f062553 + schema: + $ref: '#/components/schemas/UUID' + X-Request-Id: + name: X-Request-Id + in: header + description: Request ID that will be returned into the `X-Response-Id` response header. + required: false + schema: + $ref: '#/components/schemas/UUID' + example: 68831c50-2953-4047-9935-81a98ac1e1e1 + responses: + ErrorConflict: + description: Returned when the API request cannot be fulfilled due to the object current status. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: CONFLICT + message: This resource already exists. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInternal: + description: Returned when an unexpected error occurred while processing the request. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: INTERNAL_SERVER_ERROR + message: An unexpected error occurred while processing the request. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInternalNoContents: + description: Returned when an unexpected error occurred while processing the request. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidAcceptHeader: + description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: NOT_ACCEPTABLE + message: The format in the `Accept` header is not supported. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidAcceptHeaderNoContents: + description: Returned when the client specifies a type not supported by the platform in the `Accept` HTTP header. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorInvalidContentType: + description: Returned when the client specifies a `Content-Type` header value not supported. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: UNSUPPORTED_MEDIA_TYPE + message: The format of the request body is not supported. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNoPermission: + description: Returned when the client does not have the expected permissions to access the method. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: FORBIDDEN + message: User is not allowed to access this resource. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNoPermissionNoContents: + description: Returned when the client does not have the expected permissions to access the method. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAllowed: + description: Error returned when the API method is not allowed for the given object. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: METHOD_NOT_ALLOWED + message: The method is not allowed for the resource. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAuthenticated: + description: Returned when the client authentication failed. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: UNAUTHORIZED + message: The authentication failed. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotAuthenticatedNoContents: + description: Returned when the client authentication failed. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorNotFound: + description: Returned when the object referenced by the API request does not exist. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: NOT_FOUND + message: The resource is not found. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorRateLimiting: + description: Returned when too many requests have been sent by the client in a certain amount of time. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: TOO_MANY_REQUESTS + message: Rate limit is exceeded. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorRateLimitingNoContents: + description: Returned when too many requests have been sent by the client in a certain amount of time. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ErrorValidation: + description: Returned when the request input validation failed. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: BAD_REQUEST + message: The request validation failed. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ServiceUnavailable: + description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. + content: + application/json: + schema: + $ref: '#/components/schemas/ApiPayloadError' + example: + code: SERVICE_UNAVAILABLE + message: The service is currently unavailable. + headers: + Content-Length: + $ref: '#/components/headers/Content-Length' + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + ServiceUnavailableNoContents: + description: Returned when the service is unavailable (e.g. maintenance mode) and cannot process the request. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + SuccessNoMessage: + description: Confirms successful processing. + headers: + X-Correlation-Id: + $ref: '#/components/headers/X-Correlation-Id' + X-Response-Id: + $ref: '#/components/headers/X-Response-Id' + schemas: + ApiCredential: + type: object + description: | + API credential data model. + Contains the `client_id` (without `client_secret`) data to be used in OAuth 2.0 authorization API call for + access token delivery. + required: + - id + - provider_id + - name + - created_at + - created_by + - updated_at + - updated_by + - client_id + properties: + id: + $ref: '#/components/schemas/CredentialId' + provider_id: + allOf: + - description: ID of the service provider that requested the credential. + - $ref: '#/components/schemas/ProviderId' + name: + type: string + maxLength: 64 + description: Name of the API credential + example: 'API Credential SI #1' + description: + type: string + maxLength: 1024 + description: Additional information + example: Description of the credential. + expires_on: + type: string + description: | + Credential expiration date. Date shall be in ISO-8601 format. + When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data + associated with this credential + format: date-time + example: '2022-01-24T10:12:25Z' + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who created the credential. Format shall be ` <>`. + May otherwise be set to `API` if the update has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + example: John Doe + updated_at: + type: string + description: | + Last Update Date. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-01-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + User who updated the credential settings. Format shall be ` <>`. + May otherwise be set to `API` if the update has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + Initially set to the same value as `created_by`. + example: John Doe + last_used_at: + type: string + description: Date the API credential has been last used to deliver an access token. + format: date-time + example: '2022-01-20T10:12:25Z' + client_id: + type: string + description: data to be passed to the OAuth 2.0 authorization call to get a new access token. + ApiCredentialCreationRequest: + type: object + description: Provider (to create) data model + required: + - name + properties: + name: + type: string + maxLength: 64 + description: Name of the credential + example: 'API Credential SI #1' + description: + type: string + maxLength: 1024 + description: Optional information + example: Description of the credential. + expires_on: + type: string + description: | + Credential expiration date. Date shall be in ISO-8601 format. + + When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data + associated with this credential + format: date-time + example: '2022-01-24T10:12:25Z' + ApiCredentialCreationResponse: + allOf: + - $ref: '#/components/schemas/ApiCredential' + - type: object + description: | + API credential data model. + Contains the `client_id` and `client_secret` data to be used in OAuth 2.0 authorization API call for + access token delivery. + required: + - client_secret + properties: + client_secret: + type: string + maxLength: 32 + description: | + data to be passed to the OAuth 2.0 authorization call to get a new access token. + ApiCredentialSummaryView: + type: object + description: | + API credential data model (summary view). + Contains the `client_id` (without `client_secret`) data to be used in OAuth 2.0 authorization API call for + access token delivery. + required: + - id + - provider_id + - name + - client_id + properties: + id: + $ref: '#/components/schemas/CredentialId' + provider_id: + allOf: + - description: ID of the service provider that requested the credential. + - $ref: '#/components/schemas/ProviderId' + name: + type: string + maxLength: 64 + description: Name of the API credential + example: 'API Credential SI #1' + expires_on: + type: string + description: | + Credential expiration date. Date shall be in ISO-8601 format. + When expired, no more access tokens can be delivered using the `client_id` and `client_secret` data + associated with this credential + format: date-time + example: '2022-01-24T10:12:25Z' + client_id: + type: string + maxLength: 64 + description: data to be passed to the OAuth 2.0 authorization call to get a new access token. + ApiPayloadError: + type: object + description: Data model for error responses. + required: + - code + - message + properties: + code: + type: string + maxLength: 64 + description: Error code. Shall be capitalized with underscores. + message: + type: string + maxLength: 1024 + description: Message providing more details and context for the error that occurred. + ArchivedCertificateStatus: + type: string + description: Archived Certificate status. Allowed values are a subset of those accepted for `CertificateStatus` schema. + enum: + - REVOKED + - EXPIRED + - INVALID + example: EXPIRED + ArchivedCertificateSummaryView: + type: object + description: | + Archived Certificate data model (summary view). This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + status: + $ref: '#/components/schemas/ArchivedCertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: true + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + BypassToken: + type: object + required: + - id + - created_at + properties: + id: + $ref: '#/components/schemas/BypassTokenId' + created_at: + type: string + description: | + Token creation date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + archived_at: + type: string + description: | + Token archiving date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + BypassTokenCreationResponse: + type: object + description: Response of bypass token generation request + required: + - id + properties: + id: + $ref: '#/components/schemas/BypassTokenId' + BypassTokenId: + type: string + pattern: ^([0-9A-Z]{6})-([0-9A-Z\-]{16})$ + description: | + Current token to be used by provider in "Identity-Bypass" SIP INVITE message header + when the provider has to temporarily disable its STI-AS component. + + The expected format is `SPC-RANDOM`, where: + - SPC: APNF Service Provider Code + - RANDOM: 1 to 16 characters between A-Z, 0-A or '-' + example: SPC000-YE42L73SGAG45I05 + Certificate: + type: object + description: Certificate data model. This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + - created_at + - created_by + - updated_at + - updated_by + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate + example: Description of the certificate. + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + status: + $ref: '#/components/schemas/CertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: false + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate validity start date to wait + for the automated certificate renewal process to be triggered. + Set only if `renewal_auto` is set to `true`. + example: 300 + renewed_by: + allOf: + - description: ID of the new certificate that replaces this certificate. + - $ref: '#/components/schemas/UUID' + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + contents: + type: string + maxLength: 2048 + description: Certificate contents in PEM format. + example: | + -----BEGIN CERTIFICATE----- + MIIC/DCCAqOgAwIBAgIUV6uzS8pRAEO95DhGDxOyfmqCwAQwCgYIKoZIzj0EAwIw + gYcxLDAqBgNVBAMMI0JQQ08gQ0ExIMOiwoDCkyBTSEFLRU4gSW50ZXJtZWRpYXRl + MQswCQYDVQQGEwJGUjEqMCgGA1UECgwhQmFzZSBkZXMgQ2VydGlmaWNhdHMgT3DD + g8KpcmF0ZXVyMR4wHAYDVQQLDBVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMjIw + NzA0MTAwMDMxWhcNMjIxMDAyMTAwMDMxWjBXMRYwFAYDVQQDDA1TSEFLRU4gT1BD + MDAwMQswCQYDVQQGEwJGUjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQL + DBBTZXJ2aWNlIFByb3ZpZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/ + qQeNfCytgqjIETfjmVEw7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0 + ULplSrl9+QrrpKLwjKOCARowggEWMB0GA1UdDgQWBBRk53mcS8XiTcavdh4VBd3j + RA803zAfBgNVHSMEGDAWgBRNelLrS9FcVoyWR7d8FHJRlixuBDAOBgNVHQ8BAf8E + BAMCB4AwDAYDVR0TAQH/BAIwADCBmwYDVR0fBIGTMIGQMIGNoB6gHIYaaHR0cHM6 + Ly88ZG9tYWluZS1icGNvPi9jcmyia6RpMGcxCzAJBgNVBAYTAkZSMSowKAYDVQQK + DCFCYXNlIGRlcyBDZXJ0aWZpY2F0cyBPcMODwqlyYXRldXIxGTAXBgNVBAsMEFBv + bGljeSBBdXRob3JpdHkxETAPBgNVBAMMCEJQQ08gUEExMBgGCCsGAQUFBwEaBAww + CqAIFgZPUEMwMDAwCgYIKoZIzj0EAwIDRwAwRAIgNBAcIP/Gwx1rXvI2/PiflboV + YVc3KWvfczSpXEMF61oCIG64G0cYxoO00MBdY+vg6umsNtA6eT0q5G6wW7dNjOTv + -----END CERTIFICATE----- + csr: + type: string + maxLength: 2048 + description: Contents of the CSR file used to create this certificate. Format of the contents is PEM. + example: | + -----BEGIN CERTIFICATE REQUEST----- + MIIBEjCBuQIBADBXMRYwFAYDVQQDDA1TSEFLRU4gT1BDMDAwMQswCQYDVQQGEwJG + UjEVMBMGA1UECgwMT3DDg8KpcmF0ZXVyMRkwFwYDVQQLDBBTZXJ2aWNlIFByb3Zp + ZGVyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE2qw/qQeNfCytgqjIETfjmVEw + 7R7PrKZFaHLhaOxJabV1BN/AGp0Shm5f/pOZ19S9GVT0ULplSrl9+QrrpKLwjKAA + MAoGCCqGSM49BAMCA0gAMEUCIADk95rHd2LAI6vCuz8OjqlA9FJAWC1j/QcK8HSb + mMWkAiEAsVc1L/LvTKlEI98lsfDmCtKsJuQ4iBBuZ5Hzp0T1Xr8= + -----END CERTIFICATE REQUEST----- + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who requested the certificate. Format shall be ` <>`. + May be set to `SYSTEM` if the certificate has been automatically created by the platform via the + automated renewal logic. + May otherwise be set to `API` if the request has been received via an API call. + example: John Doe + updated_at: + type: string + description: | + Last Update Date. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-01-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + User who updated the certificate data. Format shall be ` <>`. + May be set to `API` if the request has been received via an API call. + Initially set to the same value as `created_by`. + example: John Doe + revoked_at: + type: string + description: | + Certificate revocation date. Only set if the certificate has been revoked, i.e if `status` is set to + 'REVOKED'. + format: date-time + example: '2022-08-17T10:12:25Z' + revoked_by: + type: string + maxLength: 254 + description: | + User who revoked the certificate. Format shall be ` <>`. + May be set to `API` if the request has been received via an API call, or to `CA` if the certificate has + been revoked by the Certificate Authority. + example: John Doe + revoked_reason: + type: string + description: | + Reason associated with the certificate revocation as defined in RFC 5280. + Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. + enum: + - unspecified + - keyCompromise + - affiliationChanged + - superseded + - cessationOfOperation + - certificateHold + - privilegeWithdrawn + default: unspecified + example: keyCompromise + revoked_comments: + type: string + maxLength: 1024 + description: | + Additional comments on the reason associated with the certificate revocation. + Set only if the certificate has been revoked, i.e if `status` is set to `REVOKED`. + example: Clé privée compromise + CertificateId: + description: ID of the certificate. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: d240dd9e-a077-42f5-92e3-a3d3f10e002e + CertificateStatus: + type: string + description: Certificate status. + enum: + - PENDING + - ACTIVE + - REVOKED + - EXPIRED + - INVALIDATION + - INVALID + example: ACTIVE + CertificateSummaryView: + type: object + description: | + Certificate data model (summary view). This model will be used for both active and archived certificates. + required: + - id + - provider_id + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - archived + - renewal_auto + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: | + APNF Code of the technical signing service provider (OPTS). Mandatory when certificate `type` is `INDIRECT`, + `null` otherwise. + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: | + Certificate name provided by the origin service provider. Used to construct certificate Common Name. + example: Main Certificate + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + test_certificate: + type: boolean + description: Is this a test certificate? + example: false + url: + type: string + maxLength: 2048 + description: URL of the certificate in the certificate public repository + example: https://api.man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + status: + $ref: '#/components/schemas/CertificateStatus' + archived: + type: boolean + description: Has the certificate been archived? + example: false + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + sn: + type: string + description: Certificate serial number + pattern: ^([0-9A-Fa-f]{2,40})$ + example: 57ABB34BCA510043BDE438460F13B27E6A82C004 + CertificateType: + type: string + description: | + Certificate type. A direct certificate is expected to be used directly by the service provider, + while an indirect certificate is requested by the service provider for a technical signing service provider (OPTS). + enum: + - DIRECT + - INDIRECT + example: DIRECT + CredentialId: + description: ID of the API credential. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: 9152f121-f66f-421c-87ce-78b218e250d4 + EmailAddress: + type: string + maxLength: 254 + description: Email address + example: john.doe@spa.domain + History: + description: | + Data model for history / activity log records. + A history / activity log describes an action performed on an object in the application. + type: object + required: + - id + - object_type + - action + - message + - performed_at + properties: + id: + $ref: '#/components/schemas/HistoryId' + object_type: + type: string + description: Type of the object + example: USER + enum: + - PROVIDER + - USER + - API_CREDENTIAL + - CERTIFICATE + - BPCO_CERTIFICATES + - BPCO_CRL + object_id: + allOf: + - description: ID of the object + - $ref: '#/components/schemas/UUID' + object_name: + type: string + description: Name of the object + maxLength: 254 + example: John Doe + action: + description: Action performed on the object + type: string + example: PASSWORD_RESET + enum: + - CREATE + - UPDATE + - DELETE + - UNDELETE + - LOGIN + - LOGOUT + - PASSWORD_RESET + - REGISTER + - AUTHORIZE + - RENEW + - REVOKE + message: + type: string + maxLength: 1024 + description: Message providing details on the action performed + example: Password reset has been requested from login page + changes: + type: object + description: List of the changes applied + properties: + property: + type: string + description: Name of the property + old_value: + type: string + maxLength: 2048 + description: Old value + new_value: + type: string + maxLength: 2048 + description: New value + ip_address: + type: string + description: IP address of the user / API client at the origin of the action + format: ipv4 + pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ + example: 127.0.0.1 + performed_at: + type: string + description: Date of the action using ISO-8601 date format (UTC timezone) + format: date-time + example: '2022-01-17T10:12:25Z' + performed_by: + type: string + maxLength: 254 + description: | + Source of the action. May be set to : + - a user if the action has been performed by the user from the platform UI. The format shall be ` <>`. + - `API` if the action is triggered by an API call + - `SYSTEM` if the action is performed by the platform + - null if the user is unknown (ex: password reset from the login page) + example: John Doe + HistoryId: + description: ID of the history record. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: c8d2874c-4fb8-44c0-ab39-4143e53870a4 + ISMInterconnectionType: + description: | + Interconnection type. + FULL MAN Interconnection : the provider is ready to activate the MAN's STIR-SHAKEN + PARTIAL MAN : the provider is not completely ready to activate the MAN's STIR-SHAKEN + NOT MAN : the provider is not ready to activate the MAN's STIR-SHAKEN + enum: + - FULL MAN + - PARTIAL MAN + - NOT MAN + example: FULL MAN + type: string + ISMSummaryView: + description: | + Interconnections data model. This model will be used for list view and details view. + properties: + creation_date: + type: string + description: Deadline for taking into account by operators status changes on interconnections not less than 7 days. + format: date-time + example: '2022-01-21T10:12:25Z' + date_last_update_emitter: + type: string + description: Last update provider emitter. To be calculated when inserting or modifying an interconnection. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + date_last_update_receiver: + type: string + description: Last update provider receiver. To be calculated when inserting or modifying an interconnection. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + interconnection_description: + type: string + maxLength: 2048 + description: Description of the interconnection. + example: mobile vers mobile + id: + allOf: + - description: ID of the interconnection. + - $ref: '#/components/schemas/UUID' + provider_emitter_code: + type: string + description: | + APNF Code of the technical provider emitter + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + provider_emitter_status: + $ref: '#/components/schemas/ISMInterconnectionType' + provider_receiver_code: + type: string + description: | + APNF Code of the technical provider receiver. + pattern: ^([0-9A-Z]{6})$ + example: IPDI01 + provider_receiver_status: + $ref: '#/components/schemas/ISMInterconnectionType' + required: + - creation_date + - id + - date_last_update_emitter + - date_last_update_receiver + - interconnection_description + - provider_emitter_code + - provider_emitter_status + - provider_receiver_code + - provider_receiver_status + type: object + Language: + type: string + enum: + - FRENCH + - ENGLISH + example: FRENCH + Meteo: + allOf: + - $ref: '#/components/schemas/MeteoForCreation' + - type: object + required: + - ID + - creation_author + - reference_id + properties: + ID: + $ref: '#/components/schemas/UUID' + provider_author_apnf_code: + type: string + description: APNF code for the provider creating the ticket + pattern: ^([0-9A-Z]{6})$ + creation_author: + $ref: '#/components/schemas/MeteoCreationAuthor' + reference_id: + type: integer + description: integer used to reference the meteo + example: 1 + MeteoCreationAuthor: + allOf: + - description: id for the user who created the ticket or event + - $ref: '#/components/schemas/UUID' + MeteoCriticality: + description: the impact fo the meteo event + enum: + - INFORMATION + - NO_IMPACT + - OVERALL_IMPACT + - PARTIAL_IMPACT + type: string + MeteoForCreation: + properties: + criticality: + $ref: '#/components/schemas/MeteoCriticality' + disengagement_id: + type: string + pattern: ^([0-9A-Z]{6})-([0-9A-Z\-]{0,16})$ + description: the current disengagement_id for the provider. if the tag DISENGAGEMENT is selected, it is mandatory , else it is forbidden. + example: APNF00-123456789-ABCDE + end_date: + type: string + description: end date of the event. Date shall be in ISO-8601 format + format: date-time + example: '2022-01-17T10:12:25Z' + long_description: + type: string + description: A short description of the event + example: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... ' + maxLength: 1000 + short_description: + type: string + description: A short description of the event + example: L'opérateur OPE1 est en débrayage + maxLength: 120 + start_date: + type: string + description: start date of the event (if different from opening date). Date shall be in ISO-8601 format + format: date-time + example: '2022-01-17T10:12:25Z' + tags: + type: array + items: + type: string + description: The elements of MAN involved in the event + enum: + - BPCO + - BSM_SFTP_SERVICES + - DISENGAGEMENT + - MAN_APPLICATION + required: + - criticality + - long_description + - short_description + - start_date + type: object + MeteoPatch: + properties: + criticality: + $ref: '#/components/schemas/MeteoCriticality' + disengagement_id: + type: string + pattern: ^([0-9A-Z]{6})-([0-9A-Z\-]{0,16})$ + description: the current disengagement_id for the provider. if the tag DISENGAGEMENT is selected, it is mandatory , else it is forbidden. + example: APNF00-123456789-ABCDE + end_date: + type: string + description: end date of the event. Date shall be in ISO-8601 format + format: date-time + example: '2022-01-17T10:12:25Z' + long_description: + type: string + description: A short description of the event + maxLength: 1000 + example: 'L''opérateur OPE1 est en débrayage car il a rencontré un problème lors d''une opération de... ' + short_description: + type: string + description: A short description of the event + maxLength: 120 + example: L'opérateur OPE1 est en débrayage + start_date: + type: string + description: start date of the event (if different from opening date). Date shall be in ISO-8601 format + format: date-time + example: '2022-01-17T10:12:25Z' + tags: + type: array + items: + type: string + description: The elements of MAN involved in the event + enum: + - BPCO + - MAN_APPLICATION + - BSM_SFTP_SERVICES + - DISENGAGEMENT + type: object + PaginationMetaData: + type: object + description: Information regarding paginated results + properties: + offset: + type: integer + description: Current offset + default: 0 + example: 40 + limit: + type: integer + description: Number of resources per page + minimum: 1 + default: 20 + maximum: 100 + links: + type: object + properties: + next: + type: string + description: Path to retrieve the next page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=60&limit=20 + first: + type: string + description: Path to retrieve the first page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=0&limit=20 + prev: + type: string + description: Path to retrieve the previous page + pattern: ^(\/([\w-.~]|%[0-9A-Za-z]{2})*)*(\?([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?((&|;)([\w-.~]|%[0-9A-Za-z]{2})+(=([\w-.~]|%[0-9A-Za-z]{2})+)?)*)?(#([\w-.~]|%[0-9A-Za-z]{2})+)?$ + example: /resource?offset=20&limit=20 + PendingIndirectCertificate: + type: object + description: | + Indirect Certificate Request data model. This model is used when the origin service provider requests the + creation of a certificate for a technical provider (OPTS) + required: + - id + - provider_id + - opts + - type + - name + - valid_from + - valid_to + - test_certificate + - status + - renewal_auto + - created_at + - created_by + properties: + id: + $ref: '#/components/schemas/CertificateId' + provider_id: + allOf: + - description: ID of the service provider that requested the certificate. + - $ref: '#/components/schemas/ProviderId' + type: + allOf: + - enum: + - INDIRECT + - example: INDIRECT + - $ref: '#/components/schemas/CertificateType' + opts: + type: string + description: APNF Code of the technical signing service provider (OPTS). + pattern: ^([0-9A-Z]{6})$ + example: SPB000 + name: + type: string + maxLength: 64 + description: Certificate name provided by the origin service provider + example: Indirect Certificate + description: + type: string + maxLength: 1024 + description: Additional information related to the certificate + example: Description of the certificate. + test_certificate: + type: boolean + description: Is this certificate a test? + example: false + valid_from: + type: string + description: Certificate validity start date. Date shall be in ISO-8601 format. + format: date-time + example: '2022-01-17T10:12:25Z' + valid_to: + type: string + description: Certificate expiration date. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + renewal_auto: + type: boolean + description: | + Automated renewal option. If enabled, the application will create a new certificate using the same CSR and + options provided for this certificate. + example: true + renewal_after: + type: integer + description: | + Number of days after certificate validity start date to wait + for the automated certificate renewal process to be triggered. + Set only if `renewal_auto` is set to `true`. + example: 300 + status: + type: string + description: Certificate status. Will always be set to PENDING + enum: + - PENDING + example: PENDING + default: PENDING + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who requested the certificate. Format shall be ` <>`. + May be set to `SYSTEM` if the certificate has been automatically created by the platform via the + automated renewal logic. + May otherwise be set to `API` if the request has been received via an API call. + example: John Doe + Provider: + allOf: + - type: object + required: + - id + - status + properties: + id: + $ref: '#/components/schemas/ProviderId' + status: + $ref: '#/components/schemas/ProviderStatus' + - $ref: '#/components/schemas/ProviderCreationRequest' + - description: Provider data model + - type: object + required: + - last_verification + - deleted + - created_at + - created_by + - updated_at + - updated_by + properties: + legal_administrator: + type: string + description: | + Represent the user which is the legal agent of the provider + example: John Doe + opts_allowed: + type: array + description: | + List of providers OPTS that can be used to create an indirect certificate. + + This list is generated by the platform based on `opts_contracts`. + items: + $ref: '#/components/schemas/ProviderCode' + default: [] + example: + - SPB000 + - SPC000 + - SPD000 + deleted: + type: boolean + description: | + Deleted status. + The user of the deleted provider do not have access anymore to the application. this provider will be + effectively erased after 3 months. + During that period, it is possible to "undelete" a provider. + default: false + example: false + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + User who created the provider. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + example: John Doe + updated_at: + type: string + description: | + Last Update Date. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-05-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + User who updated the provider data. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + Initially set to the same value as `created_by`. + example: John Doe + deleted_at: + type: string + description: Deletion date + format: date-time + nullable: true + example: '2022-05-17T10:12:25Z' + deleted_by: + type: string + maxLength: 254 + description: | + User who deleted the provider. Format shall be ` <>`. + May otherwise be set to `API` if the action has been triggered by an API call or `SYSTEM` if the action + is performed by the platform. + nullable: true + example: John Doe + bypass_token: + $ref: '#/components/schemas/BypassTokenId' + ProviderCode: + type: string + description: Service Provider Code. Each service provider in France is assigned a unique code by the APNF. + pattern: ^([0-9A-Z]{6})$ + example: SPA000 + ProviderCreationRequest: + type: object + description: Provider creation request data model + required: + - name + - code + - address + - signing_provider + properties: + name: + type: string + maxLength: 64 + description: Provider name + example: Opérateur A + code: + $ref: '#/components/schemas/ProviderCode' + address: + type: string + maxLength: 255 + description: Provider HQ address + example: 30, rue de Paris 75018 Paris + technical_number: + type: string + maxLength: 15 + description: | + Phone number injected by the provider in SIP INVITE messages when the phone number specified in the `orig` field is not valid format for the STIR Shaken protocol. + Number format shall comply with E.164 protocol. + example: '33123456789' + signatory: + type: boolean + description: | + Flag to indicate if the provider is expected to sign phone calls and. + Only signatory providers shall be allowed to have certificates delivered. + default: true + opts: + type: boolean + description: | + Flag to indicate if the provider declares itself as a technical signatory provider (OPTS), + e.g. a provider that can sign phone calls on behalf of other signatory providers. + + This property can be set to `TRUE` only if `signatory` is also set to `TRUE`. + default: false + example: true + opts_contracts: + type: array + description: | + List of providers allowed to choose this provider as OPTS. + items: + $ref: '#/components/schemas/ProviderCode' + default: [] + example: + - SPB000 + - SPC000 + - SPD000 + global_notification_list: + description: | + List of email addresses for the provider 'global' notification list. + Will receive any general information published by the platform. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + certificate_notification_list: + description: | + List of email addresses for the provider 'certificate' notification list. + Will receive any information published by the platform related to certificates creation and revocation. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + deposit_notification_list: + description: | + List of email addresses for the provider 'deposit' notification list. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + legal_notification_list: + description: | + List of email addresses for the provider 'legal' notification list. + Will receive any information published by the platform related to provider authorization. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + ticketing_notification_list: + description: | + List of email addresses for the provider 'ticketing' notification list. + Will receive any information published by the platform related to ticket evolution. + type: array + items: + $ref: '#/components/schemas/EmailAddress' + default: [] + example: + - john.doe@spa.domain + - jane.doe@spa.domain + ticket_notification_active: + description: | + If the function is disabled, notifications from the ticket management tools are not sent + Unless there is a major incident on the MAN platform which requires imperative consideration of the + notification. + type: boolean + default: true + sftp_allowed_keys: + type: array + description: | + SSH public keys allowed to access the platform SFTP service created for the provider + + If no values are specified, no connection to the SFTP service will be possible. + items: + type: string + maxLength: 1024 + description: SSH public key contents + example: ssh-rsa AAAAB3NzaC...p5CSsDJ SI@host-4527 + sftp_allowed_ips: + type: array + description: | + List of IPv4 addresses to be allowed to connect to the SFTP BSM service. + + If no values are specified, connections to the SFTP service will be possible from any IP address. + items: + type: string + description: IPv4 address + format: ipv4 + pattern: ^((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.){3}(25[0-5]|(2[0-4]|1\d|[1-9]|)\d)$ + example: 127.0.0.1 + languages: + type: array + description: | + List of languages to be proposed to the provider users for the platform UI. + items: + $ref: '#/components/schemas/Language' + default: + - FRENCH + example: + - FRENCH + - ENGLISH + authentication_mode: + type: string + description: Mode to be used to authenticate provider user accounts. + enum: + - SSO + - MFA + default: MFA + example: SSO + sso_settings: + $ref: '#/components/schemas/ProviderSSOSettings' + ProviderId: + description: ID of the provider. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: cc4519cb-b2b6-45ad-904c-7698fdf72ba2 + ProviderOIDCSettings: + type: object + description: Configuration of an OpenID Connect identity provider + properties: + authorizationUrl: + type: string + example: https://samples.auth0.com/authorize + tokenUrl: + type: string + example: https://samples.auth0.com/oauth/token + logoutUrl: + type: string + description: | + End session endpoint to use to logout user from external IDP. This is optional. + userInfoUrl: + type: string + description: | + The User Info Url. This is optional. + example: https://samples.auth0.com/userinfo + issuer: + type: string + description: | + The issuer identifier for the issuer of the response. If not provided, no validation will be performed. + example: https://samples.auth0.com/ + validateSignature: + type: boolean + description: | + Enable/disable signature validation of external IDP signatures. + example: true + useJwksUrl: + type: boolean + description: | + If true, identity provider public keys will be downloaded from given JWKS URL. + example: true + jwksUrl: + type: string + description: | + URL where identity provider keys in JWK format are stored. + example: https://samples.auth0.com/.well-known/jwks.json + clientAuthMethod: + type: string + description: | + The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). + In case of JWT signed with private key, the realm private key is used. + enum: + - clientAuth_post + - clientAuth_basic + - clientAuth_secret_jwt + - clientAuth_privatekey_jwt + example: clientAuth_post + clientId: + type: string + description: | + The client identifier registered with the identity provider. + example: kbyuFDidLLm280LIwVFiazOqjO3ty8KH + clientSecret: + type: string + description: | + The client secret registered with the identity provider. + example: 60Op4HFM0I8ajz0WdiStAbziZ-VFQttXuxixHHs2R7r7-CW8GR79l-mmLqMhc-Sa + ProviderSSOSettings: + allOf: + - oneOf: + - $ref: '#/components/schemas/ProviderOIDCSettings' + - type: object + description: | + Single Sign-On configuration. + To be used only when `authentication_mode` is set to `SSO`. + default: null + properties: + type: + type: string + enum: + - OIDC + ProviderStatus: + type: string + description: Provider status + enum: + - REGISTRATION + - ENABLED + - DISABLED + example: ENABLED + ProviderVerificationContact: + description: the contact who will be checked during the meeting + properties: + email: + allOf: + - $ref: '#/components/schemas/EmailAddress' + - description: the mail address of the contact + first_name: + description: the first name of the contact + type: string + language: + allOf: + - $ref: '#/components/schemas/Language' + - description: the spoken language of the contact + last_name: + description: the last name of the contact + type: string + phone_number: + description: the phone number of the contact + maxLength: 20 + type: string + required: + - email + - first_name + - language + - last_name + - phone_number + type: object + ProviderVerificationSecret: + description: The shared secret as proof of verification + pattern: ^([0-9]{6})$ + type: string + RFC7231.HTTP-date: + type: string + description: Date format as defined in RFC7231, section 7.1.1.1. + pattern: ^((Mon|Tue|Wed|Thu|Fri|Sat|Sun), \d{2} (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) \d{4} \d{2}:\d{2}:\d{2} GMT)$ + example: Mon, 17 Jan 2022 10:12:25 GMT + RenewedCertificate: + allOf: + - $ref: '#/components/schemas/Certificate' + type: object + required: + - id + - provider_id + - opts + - type + - name + - valid_from + - valid_to + - test_certificate + - url + - sn + - contents + - status + - renewal_auto + - created_at + - created_by + Ticket: + allOf: + - $ref: '#/components/schemas/TicketForCreation' + - properties: + ID: + $ref: '#/components/schemas/UUID' + typology_label: + type: string + description: the label for the typology of the ticket + example: Numéro appelant usurpé (suite à vérification) + provider_author_apnf_code: + $ref: '#/components/schemas/TicketProviderAuthorApnfCode' + resolution: + $ref: '#/components/schemas/TicketResolution' + creation_date: + $ref: '#/components/schemas/TicketCreationDate' + creation_author: + $ref: '#/components/schemas/TicketCreationAuthor' + modification_date: + type: string + description: date of the last modification + format: date-time + example: '2022-01-17T10:12:25Z' + modification_author: + allOf: + - description: user who made the last modification + - $ref: '#/components/schemas/UUID' + issue_type: + $ref: '#/components/schemas/TicketIssueType' + typology_criticality: + $ref: '#/components/schemas/TicketCriticality' + typology_category: + $ref: '#/components/schemas/TicketCategory' + status: + $ref: '#/components/schemas/TicketStatus' + reference_id: + type: integer + description: integer used to reference the ticket + example: 1 + required: + - ID + - provider_author_apnf_code + - creation_date + - creation_author + - modification_date + - modification_author + - issue_type + - typology_criticality + - typology_category + - status + - reference_id + - type: object + TicketCategory: + type: string + description: the category for the typology + example: Constatation ou suspicion d'usurpation de numéro + TicketComment: + type: object + properties: + text: + description: the text of the comment + type: string + example: this a comment + maxLength: 500 + provider_author_apnf_code: + $ref: '#/components/schemas/TicketProviderAuthorApnfCode' + creation_date: + type: string + description: date of creation of the comment + format: date-time + example: '2022-01-17T10:12:25Z' + TicketCommunicationType: + type: string + description: 'The type of communication: voice or text' + enum: + - VOICE + - TEXT + example: VOICE + TicketCreationAuthor: + allOf: + - description: id for the user who created the ticket or event + - $ref: '#/components/schemas/UUID' + TicketCreationDate: + type: string + description: creation date of the ticket + format: date-time + example: '2022-01-17T10:12:25Z' + TicketCriticality: + type: integer + description: the criticality level of the issue (as an integer from 1 to 3) + enum: + - 1 + - 2 + - 3 + TicketEgressProvider: + type: string + description: | + Only for Voice issues + Provider to whom the call is delivered (APNF code) + pattern: ^([0-9A-Z]{6})$ + example: OPE100 + TicketEmitter: + type: string + description: | + Only for Message issues + APNF code for the OPTV ( technical validation provider) + pattern: ^([0-9A-Z]{6})$ + TicketForCreation: + allOf: + - $ref: '#/components/schemas/TicketVoice' + - $ref: '#/components/schemas/TicketMessage' + - type: object + required: + - typology_code + - description + - source + - number_of_communications + - provider_author_role + - next_action_required_by + properties: + communication_type: + $ref: '#/components/schemas/TicketCommunicationType' + typology_code: + $ref: '#/components/schemas/TicketTypologyCode' + description: + type: string + description: The description of the ticket + example: Ce n'est pas la première fois + maxLength: 500 + source: + type: string + description: The source who reported the issue + enum: + - PROVIDER + - CLIENT + example: PROVIDER + number_of_communications: + type: integer + minimum: 1 + description: | + For Voice issues :The number of calls affected by the issue + For Text issues :The number of messages affected by the issue + example: 1 + provider_author_role: + type: string + description: | + role of the provider creating the ticket + for Voice communications, may be SIGNATORY_OPTS, SIGNATORY_STI_AS, OPTS, TRANSIT, ONLY_VERIFICATION (OPTV) , ONLY TERMINATION, VERIFICATION_TERMINATION + for Text communications, may be EMITTER or TERMINATION_VOICE + enum: + - SIGNATORY_OPTS + - SIGNATORY_STI_AS + - OPTS + - TRANSIT + - ONLY_VERIFICATION + - ONLY TERMINATION + - VERIFICATION_TERMINATION + - EMITTER + - TERMINATION_VOICE + example: SIGNATORY_OPTS + next_action_required_by: + $ref: '#/components/schemas/TicketNextActionRequiredBy' + called_number: + type: string + description: called number (or alias) + pattern: ^((\+|)[0-9]{0,13})|((\+[1-9]|0)\d{1,14})$ + example: '102030406' + communication_timestamp: + type: integer + description: | + for Voice issues, the timestamp of the call + for Text issues, the timestamp of the message + example: '1660742563701' + is_reoccurring_issue: + type: boolean + description: is the issue reoccurring ? + example: false + is_related_to_single_called_customer: + type: boolean + description: | + is the issue related to a single customer ? + example: false + estimated_issue_date: + type: string + description: Estimated date of issue noticing (if different from opening date). Date shall be in ISO-8601 format + format: date-time + example: '2022-01-17T10:12:25Z' + author_ticket_internal_id: + type: string + maxLength: 50 + description: Identifiant interne de l'opérateur auteur + TicketIngressProvider: + type: string + description: | + Only for Voice issues + Upstream provider who delivered the call (APNF code) + pattern: ^([0-9A-Z]{6})$ + example: OPE100 + TicketIssueType: + type: string + description: 'The type of the issue: Incident or Reporting' + enum: + - INCIDENT + - REPORTING + example: INCIDENT + TicketMessage: + type: object + properties: + emitter: + $ref: '#/components/schemas/TicketEmitter' + termination_message: + $ref: '#/components/schemas/TicketTerminationProviderMessage' + other_non_provider_actor: + type: string + maxLength: 50 + description: | + Only for Message issues, mandatory + Agregator + example: Agregator + message_type: + type: string + description: | + Only for Message issues, mandatory + the type of the message + enum: + - SMS + - MMS + - RCS + example: SMS + displayed_identifier: + type: string + maxLength: 20 + description: | + Only for Message issues + the displayed identifier + can be alphanumeric + example: '102030406' + issuer_id: + type: string + maxLength: 50 + description: Identifiant émetteur (si différent de l’identifiant affiché) + TicketNextActionRequiredBy: + type: string + description: next action is required by this provider (APNF code) + pattern: ^([0-9A-Z]{6})$ + example: OPE200 + TicketOpts: + type: string + description: | + Only for Voice issues + APNF code for the OPTS ( technical signature provider) + pattern: ^([0-9A-Z]{6})$ + example: OPE100 + TicketOptv: + type: string + description: | + Only for Voice issues + APNF code for the OPTV ( technical validation provider) + pattern: ^([0-9A-Z]{6})$ + example: OPTV00 + TicketPatch: + properties: + egress_provider: + $ref: '#/components/schemas/TicketEgressProvider' + emitter: + $ref: '#/components/schemas/TicketEmitter' + ingress_provider: + $ref: '#/components/schemas/TicketIngressProvider' + next_action_required_by: + $ref: '#/components/schemas/TicketNextActionRequiredBy' + opts: + $ref: '#/components/schemas/TicketOpts' + optv: + $ref: '#/components/schemas/TicketOptv' + signatory: + $ref: '#/components/schemas/TicketSignatory' + termination_message: + $ref: '#/components/schemas/TicketTerminationProviderMessage' + termination_provider: + $ref: '#/components/schemas/TicketTerminationProvider' + type: object + TicketProviderAuthorApnfCode: + type: string + description: APNF code for the provider creating the ticket + pattern: ^([0-9A-Z]{6})$ + TicketResolution: + type: string + description: the resolution code + example: FIXED + enum: + - FIXED + - JUSTIFIED + - REJECTED + - WRONGLY_OPENED + - AUTOMATICALLY_CLOSED + TicketSignatory: + type: string + description: | + Only for Voice issues + APNF code for the original signatory provider, certificate provider + pattern: ^([0-9A-Z]{6})$ + example: OPE100 + TicketStatus: + type: string + description: the current status of the ticket open, in progress or closed + enum: + - OPEN + - IN_PROGRESS + - CLOSED + example: OPEN + TicketSummary: + properties: + communication_type: + $ref: '#/components/schemas/TicketCommunicationType' + creationDate: + $ref: '#/components/schemas/TicketCreationDate' + ID: + $ref: '#/components/schemas/UUID' + issue_type: + $ref: '#/components/schemas/TicketIssueType' + next_action_required_by: + $ref: '#/components/schemas/TicketNextActionRequiredBy' + provider_author_apnf_code: + $ref: '#/components/schemas/TicketProviderAuthorApnfCode' + reference_id: + type: integer + description: integer used to reference the ticket + example: 1 + status: + $ref: '#/components/schemas/TicketStatus' + typology_category: + $ref: '#/components/schemas/TicketCategory' + typology_code: + $ref: '#/components/schemas/TicketTypologyCode' + typology_criticality: + $ref: '#/components/schemas/TicketCriticality' + required: + - communication_type + - creationDate + - ID + - issue_type + - next_action_required_by + - provider_author_apnf_code + - reference_id + - status + - typology_category + - typology_code + - typology_criticality + type: object + TicketTerminationProvider: + type: string + description: | + Only for Voice issues + Termination provider (APNF code) + pattern: ^([0-9A-Z]{6})$ + example: TERM00 + TicketTerminationProviderMessage: + type: string + description: | + Only for Message issues + APNF code for the OPTV ( technical validation provider) + pattern: ^([0-9A-Z]{6})$ + example: TERM00 + TicketTypologyCode: + type: string + description: The type of the ticket + example: M1 + TicketTypologyLabel: + type: string + description: The label of the typology + example: Numero appelant usurpe + TicketTypologyListView: + type: object + required: + - typology_code + - typology_label + - typology_category + - issue_type + - criticality + properties: + issue_type: + $ref: '#/components/schemas/TicketIssueType' + typology_category: + $ref: '#/components/schemas/TicketCategory' + typology_label: + $ref: '#/components/schemas/TicketTypologyLabel' + typology_code: + $ref: '#/components/schemas/TicketTypologyCode' + criticality: + $ref: '#/components/schemas/TicketCriticality' + can_have_called_number: + type: boolean + description: ticket related to this typlogy can have a called number + example: true + can_have_calling_number: + type: boolean + description: ticket related to this typlogy can have a calling number and a display number + example: true + TicketVoice: + type: object + properties: + signatory: + $ref: '#/components/schemas/TicketSignatory' + opts: + $ref: '#/components/schemas/TicketOpts' + ingress_provider: + $ref: '#/components/schemas/TicketIngressProvider' + egress_provider: + $ref: '#/components/schemas/TicketEgressProvider' + termination_provider: + $ref: '#/components/schemas/TicketTerminationProvider' + optv: + $ref: '#/components/schemas/TicketOptv' + display_number: + type: string + description: | + Only for Voice issues + the displayed phone number + pattern: ^((\+|)[0-9]{0,13})|((\+[1-9]|0)\d{1,14})$ + example: '102030406' + display_number_type: + type: string + description: | + Only for Voice issues, mandatory + the type of the display number: landline, mobile or other + enum: + - LANDLINE + - MOBILE + - OTHER + example: LANDLINE + has_identity_header: + type: boolean + description: | + Only for Voice issues, mandatory + is the Identity header present ? + example: true + is_sti_vs_valid: + type: boolean + description: | + Only for Voice issues + does the call has a valid STI-VS + example: true + shaken_attestation_value: + type: string + description: | + Only for Voice issues + The shaken attestation value + enum: + - A + - B + - C + example: A + last_known_interconnection: + type: string + description: | + Only for Voice issues + last known interconnection (SIP, RTC, OTHER) + enum: + - SIP + - RTC + - OTHER + example: SIP + sip_reject_code: + type: string + maxLength: 20 + description: | + Only for Voice issues + SIP reject code + example: '' + sip_reject_sub_code: + type: string + maxLength: 120 + description: | + Only for Voice issues + SIP reject sub code + example: '' + is_emergency_call: + type: boolean + description: | + Only for Voice issues + Is the call an emergency call + example: false + calling_number: + type: string + description: | + Only for Voice issues + Calling number (if different of display number) + (to be completed if known and different from display number) + pattern: ^((\+|)[0-9]{0,13})|((\+[1-9]|0)\d{1,14})$ + example: '123456789' + is_call_breakable: + type: boolean + description: | + Only for Voice issues + is the call breakable ? + example: false + is_call_broken: + type: boolean + description: | + Only for Voice issues + is the call broken ? + example: false + Trace: + description: | + Traces data model. + properties: + author_provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + Provider responsible who made the trace. + This field has the same value as `author_provider` if `author_provider_role` is + `terminating`, `transit`, `optv_client` or `unknown`. Otherwise, it has the same + value as `terminating_provider`. + author_provider_role: + allOf: + - $ref: '#/components/schemas/TraceProviderRole' + - description: Role of the provider who made the trace. + attestation: + allOf: + - $ref: '#/components/schemas/TraceShakenAttestationLevel' + - description: | + Shaken attestation level. + Mandatory if `identity_header` is `yes` and `author_provider_role` is different than + `transit`. + broken_call: + allOf: + - $ref: '#/components/schemas/TraceStateYesNo' + - description: | + Is it a broken call? + Only the values `yes` and `no` are allowed. + called_number: + allOf: + - $ref: '#/components/schemas/TraceTruncatedPhoneNumber' + - description: | + Truncated called phone number. + Four last digits of the phone number. + called_number_type: + allOf: + - $ref: '#/components/schemas/TraceNumberType' + - description: Type of the called number. + disengagement_id: + allOf: + - $ref: '#/components/schemas/TraceDisengagementToken' + - description: | + Disengagement id from the `P-Identity-Bypass` header. + Mandatory if `provider_disengagement` is `yes`. + displayed_number: + allOf: + - $ref: '#/components/schemas/TraceTruncatedPhoneAnonymeNumber' + - description: | + Truncated displayed phone number (from). + Four last digits of the phone number or `anonymous`, `unavailable` or `invalid`. + displayed_number_type: + allOf: + - $ref: '#/components/schemas/TraceNumberType' + - description: Type of the displayed number. + egress_provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + APNF Code of the provider who receive the call. + Mandatory when `author_provider_role` is `transit` or `optv`, `null` otherwise. + emergency_call: + allOf: + - $ref: '#/components/schemas/TraceStateYesNoUnknown' + - description: | + Is it an emergency call? + Mandatory if `provider_disengagement` is `no`. + Only the values `yes`, `no` and `unknown` are allowed. + id: + allOf: + - $ref: '#/components/schemas/TraceId' + - description: ID of the trace. + identity_header: + allOf: + - $ref: '#/components/schemas/TraceStateYesNo' + - description: | + Is there an identity header? + Only the values `yes` and `no` are allowed. + Mandatory if `provider_disengagement` is `no`. + opts: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + APNF Code of the Opts provider if exist, `null` otherwise. + optv: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + APNF Code of the technical service provider for signature verification (OPTV). + Mandatory when `author_provider_role` is `optv` or `optv_client`, `null` otherwise. + pai: + allOf: + - $ref: '#/components/schemas/TraceTruncatedPhoneNumber' + - description: | + Truncated PAI phone number. + Four last digits of the phone number. + provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + Provider responsible for the trace. + This field has the same value as `author_provider` if `author_provider_role` is + `terminating`, `transit`, `optv_client` or `unknown`. Otherwise, it has the same + value as `terminating_provider`. + terminating_provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + APNF Code of the termination provider. + Mandatory when `author_provider_role` is `optv`, `optv_client` or `terminating`, + `null` otherwise. + signatory_provider: + allOf: + - $ref: '#/components/schemas/TraceProviderCodeUnknown' + - description: | + APNF Code of the provider who emit the call. + ingress_provider: + allOf: + - $ref: '#/components/schemas/TraceProviderCodeUnknown' + - description: | + APNF Code of the provider who emit the call. + start_call_timestamp: + type: string + description: Timestamp of the call start. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + provider_disengagement: + allOf: + - $ref: '#/components/schemas/TraceStateYesNo' + - description: | + Is the disengagement of the provider on its STI-AS activated ? (presence of the + `P-Identity-Bypass` header) + Only the values `yes` and `no` are allowed. + redirected_call: + allOf: + - $ref: '#/components/schemas/TraceStateYesNoUnknown' + - description: Unused property + redirecting_number: + allOf: + - $ref: '#/components/schemas/TraceTruncatedPhoneAnonymeNumber' + - description: Unused property + redirected_provider: + allOf: + - $ref: '#/components/schemas/TraceProviderCodeUnknown' + - description: Unused property + sip_reject_code: + type: integer + description: | + SIP reject code. + Mandatory if `provider_disengagement` is `no`. + example: 436 + sip_reject_subcode: + type: string + description: | + SIP reject subcode. + Mandatory if `provider_disengagement` is `no`. + example: Bad Identity Info + url: + type: string + description: | + `info` field (certificate URL) from the identity header. + Mandatory if `identity_header` is `yes`. + format: uri + example: https://man-bpco.fr/OPC000/57ABB34BCA510043BDE438460F13B27E6A82C004.cer + required: + - id + - author_provider_role + - author_provider + - broken_call + - called_number + - called_number_type + - displayed_number + - displayed_number_type + - ingress_provider + - pai + - provider + - provider_disengagement + - signatory_provider + - start_call_timestamp + type: object + TraceDisengagementToken: + type: string + description: Disengagement token. + pattern: ^IDENTITY-BYPASS-([0-9A-Z]{6})-([0-9A-Z\-]{1,16})$ + example: IDENTITY-BYPASS-OPC000-7WVF1P3NLZE8TL9R$ + TraceId: + type: string + description: Id of the trace. + TraceNumberType: + type: string + description: Phone number type. + enum: + - fixe + - mobile + - other + example: mobile + TraceProviderCodeUnknown: + type: string + description: | + Service Provider Code or `unknown`. + Each service provider in France is assigned a unique code by the APNF. + pattern: ^([0-9A-Z]{6}|unknown)$ + example: OPC000 + TraceProviderRole: + type: string + description: Role of the provider. + enum: + - transit + - terminating + - optv + - optv_client + - unknown + example: transit + TraceShakenAttestationLevel: + type: string + description: Shaken attestation level. + enum: + - A + - B + - C + example: C + TraceStateYesNo: + type: string + enum: + - 'yes' + - 'no' + example: 'yes' + TraceStateYesNoUnknown: + type: string + enum: + - 'yes' + - 'no' + - unknown + example: 'yes' + TraceSummaryView: + type: object + description: | + Traces data model (summary view). + properties: + attestation: + allOf: + - $ref: '#/components/schemas/TraceShakenAttestationLevel' + - description: | + Shaken attestation level. + Mandatory if `identity_header` is `yes` and `author_provider_role` is different than + `transit`. + author_provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + Provider responsible who made the trace. + This field has the same value as `author_provider` if `author_provider_role` is + `terminating`, `transit`, `optv_client` or `unknown`. Otherwise, it has the same + value as `terminating_provider`. + author_provider_role: + allOf: + - $ref: '#/components/schemas/TraceProviderRole' + - description: Role of the provider who made the trace. + broken_call: + allOf: + - $ref: '#/components/schemas/TraceStateYesNo' + - description: | + Is it a broken call? + Only the values `yes` and `no` are allowed. + emergency_call: + allOf: + - $ref: '#/components/schemas/TraceStateYesNoUnknown' + - description: | + Is it an emergency call? + Mandatory if `provider_disengagement` is `no`. + Only the values `yes`, `no` and `unknown` are allowed. + id: + allOf: + - $ref: '#/components/schemas/TraceId' + - description: ID of the trace. + identity_header: + allOf: + - $ref: '#/components/schemas/TraceStateYesNo' + - description: | + Is there an identity header? + Only the values `yes` and `no` are allowed. + Mandatory if `provider_disengagement` is `no`. + provider: + allOf: + - $ref: '#/components/schemas/ProviderCode' + - description: | + Provider responsible for the trace. + This field has the same value as `author_provider` if `author_provider_role` is + `terminating`, `transit`, `optv_client` or `unknown`. Otherwise, it has the same + value as `terminating_provider`. + signatory_provider: + allOf: + - $ref: '#/components/schemas/TraceProviderCodeUnknown' + - description: | + APNF Code of the provider who emit the call. + sip_reject_code: + type: integer + description: | + SIP reject code. + Mandatory if `provider_disengagement` is `no`. + example: 436 + start_call_timestamp: + type: string + description: Timestamp of the call start. Date shall be in ISO-8601 format. + format: date-time + example: '2023-01-17T10:12:25Z' + required: + - author_provider_role + - author_provider + - broken_call + - id + - provider + - signatory_provider + - start_call_timestamp + TraceTruncatedPhoneAnonymeNumber: + type: string + description: Four last digits of the phone number or `anonymous`, `unavailable` or `invalid`. + pattern: ^([0-9]{4}|anonymous|unavailable|invalid)$ + example: 1234 + TraceTruncatedPhoneNumber: + type: string + description: Four last digits of the phone number. + pattern: ^[0-9]{4}$ + example: 1234 + UUID: + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: 9d82a078-01cb-4a70-a529-14b7e57d4a21 + User: + type: object + description: User data model. + required: + - id + - provider_id + - firstname + - lastname + - email_address + - mobile_phone + - role + - status + - deleted + - created_at + - created_by + - updated_at + - updated_by + properties: + id: + $ref: '#/components/schemas/UserId' + provider_id: + allOf: + - description: ID of the service provider linked to the user. + - $ref: '#/components/schemas/ProviderId' + firstname: + type: string + maxLength: 64 + description: User first name + example: Jane + lastname: + type: string + maxLength: 64 + description: User last name + example: Doe + email_address: + type: string + maxLength: 254 + description: User email address + example: jane.doe@my.company + mobile_phone: + type: string + maxLength: 32 + description: Mobile phone number + example: 102030405 + language: + allOf: + - description: Language to be used in the UI for this user. + - $ref: '#/components/schemas/Language' + role: + $ref: '#/components/schemas/UserRole' + status: + $ref: '#/components/schemas/UserStatus' + deleted: + type: boolean + description: | + Deleted status. + + The deleted user do not have access anymore to the application; the count will be effectively removed after 3 months, + and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` API. + default: false + example: false + last_connected_at: + type: string + description: User last connection date. + format: date-time + example: '2022-01-17T10:12:25Z' + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + created_by: + type: string + maxLength: 254 + description: | + Origin of the create action. May be set to : + - a user. The format shall be ` <>`. + - `API` if the action is triggered by an API call + - `SYSTEM` if the action is performed by the platform + example: John Doe + updated_at: + type: string + description: | + Last Update Date`. + Initially set to the same value as `created_at`. + format: date-time + example: '2022-01-17T10:12:25Z' + updated_by: + type: string + maxLength: 254 + description: | + Origin of the update action. May be set to : + - a user. The format shall be ` <>`. + - `API` if the action is triggered by an API call + - `SYSTEM` if the action is performed by the platform + example: John Doe + deleted_at: + type: string + description: Deletion date + format: date-time + nullable: true + example: '2022-05-17T10:12:25Z' + deleted_by: + type: string + maxLength: 254 + description: | + Origin of the delete action. May be set to : + - a user. The format shall be ` <>`. + - `API` if the action is triggered by an API call + - `SYSTEM` if the action is performed by the platform + nullable: true + example: John Doe + legal_administrator: + type: boolean + description: Determine is user is legal administrator or not. + UserCreationRequest: + type: object + description: User creation request data model + required: + - firstname + - lastname + - email_address + - role + properties: + provider_id: + allOf: + - description: | + Provider the user shall belong to. + Shall be provided only when the account is created by a *MAN_ADMINISTRATOR* user. + - $ref: '#/components/schemas/ProviderId' + firstname: + type: string + maxLength: 64 + description: User first name + example: Jane + lastname: + type: string + maxLength: 64 + description: User last name + example: Doe + email_address: + type: string + maxLength: 254 + description: User email address + example: john.doe@spa.domain + mobile_phone: + type: string + maxLength: 20 + description: Mobile phone number + example: 102030405 + language: + allOf: + - description: | + Language to be used in the UI for this user. + + *Note:* The list of languages available to the user depends on the provider configuration. + - $ref: '#/components/schemas/Language' + role: + $ref: '#/components/schemas/UserRole' + UserId: + description: ID of the user. Must be unique. + type: string + format: uuid + pattern: ^([0-9A-Fa-f]{8}(-[0-9A-Fa-f]{4}){3}-[0-9A-Fa-f]{12})$ + example: 155720a6-f4c9-40ec-b479-a32d7f062553 + UserPref: + type: object + description: Portal preferences of the user. + properties: + pagination_limit: + type: integer + description: Default number of resources per page + minimum: 1 + default: 20 + maximum: 100 + show_menu: + type: boolean + description: Default menu visibility + default: true + UserRole: + type: string + description: | + User role defining user permissions in the application. + + The following roles are for users not associated to a service provider: + * A user with `MAN_ADMINISTRATOR` role has access to all functionalities to manage the platform. + * A user with `APNF` role has access to all providers data in read-only mode. + + The following roles are for users associated to a service provider: + * A user with `ADMINISTRATOR` role has access to all functionalities to manage a provider, their users and data. + * A user with `MANAGER` role can view all provider data and has access to APIs for managing STI certificates. + * A user with `SUPERVISOR` role has access to all provider data but in read-only mode. + enum: + - MAN_ADMINISTRATOR + - ADMINISTRATOR + - MANAGER + - SUPERVISOR + - APNF + example: MANAGER + UserStatus: + type: string + description: | + User status. Following values are possible: + + - `PENDING`: the account has been created but the user has not yet activated the account + - `ENABLED`: the account has been created and the user has activated the account + - `DISABLED`: the account has been disabled. User cannot login to the platform. + enum: + - PENDING + - ENABLED + - DISABLED + example: ENABLED + UserSummaryView: + type: object + description: User (summary view) data model. + required: + - id + - firstname + - lastname + - email_address + - role + - status + - deleted + - created_at + - updated_at + - last_connected_at + properties: + id: + $ref: '#/components/schemas/UserId' + provider_id: + allOf: + - description: ID of the service provider linked to the user. + - $ref: '#/components/schemas/ProviderId' + firstname: + type: string + maxLength: 64 + description: User first name + example: Jane + lastname: + type: string + maxLength: 64 + description: User last name + example: Doe + email_address: + type: string + maxLength: 254 + description: User email address + example: jane.doe@my.company + role: + $ref: '#/components/schemas/UserRole' + status: + $ref: '#/components/schemas/UserStatus' + deleted: + type: boolean + description: | + Deleted status. + + The deleted user do not have access anymore to the application; the count will be effectively removed after 3 months, + and during that period a rollback of the delete action is possible using the `POST /users/{user_id}/undelete` API. + default: false + example: false + created_at: + type: string + description: Creation Date + format: date-time + example: '2022-01-17T10:12:25Z' + updated_at: + type: string + description: Last update Date + format: date-time + example: '2022-01-17T10:12:25Z' + last_connected_at: + type: string + description: Last connection Date + format: date-time + example: '2022-01-17T10:12:25Z' + securitySchemes: + access_token: + type: http + description: | + APIs need to provide an access token created using the MAN Platform Authorization API and which complies with OpenID Connect protocol. + Refer to the *MAN platform authorization API Reference* on how to generate these access tokens. + scheme: bearer + bearerFormat: JWT