Skip to content

Latest commit

 

History

History
489 lines (406 loc) · 15.9 KB

README.adoc

File metadata and controls

489 lines (406 loc) · 15.9 KB

Life Event Verification (LEV) API Guide

Note
This documentation is limited by GitHub’s version of ASCII Docs, the full version may be viewed in the docs repo: https://ukhomeoffice.github.io/lev-api-docs
Important

The contents of this repo are automatically generated; to make changes follow these steps:

  1. git clone https://gitlab.digital.homeoffice.gov.uk/lev/lev-api-scala

  2. edit the lev-api-scala/docs/README.adoc file

  3. commit and push your changes (to a new branch)

  4. create a merge request detailing the changes

  5. upon successful approval of the merge request the changes will be automatically added to the lev-api-docs repo

1. Mock API

It is possible to run a mock version of the API as follows:

1.1. Running a mock API with docker (from Quay.io)

The latest version of the mock API can be run straight from the quay.io hosted image:

docker pull quay.io/ukhomeofficedigital/lev-api-mock
docker run -p 8080:8080 quay.io/ukhomeofficedigital/lev-api-mock

1.2. Running a mock API with docker (from this repo)

Note
The paths in this section refer to the root of the docs project: https://github.com/UKHomeOffice/lev-api-docs

The easiest way to run the mock API is with Docker

./mock/build_mock_api_docker.sh
./mock/run_mock_api_docker.sh

1.3. Running a mock API without docker

It is also possible to run it without docker if you have the wiremock jar file:

cd mock
java -jar wiremock.jar --port=8080

2. Authenticating with the API

To use the API you will need to provide 2 forms of authentication:

  1. A client certificate

  2. An auth token, which must be obtained by hitting the /oauth/login endpoint

Important

The client certificate must be included in every request to the API, but is NOT shown in this documentation for simplicity.

Adding a client certificate to a curl request can easily be achieved by adding the following arguments:

curl --cert-type pem --key client.key --cert client.crt ...
Note
The client certificate is not needed when sending requests to the mock API.

The rest of this section contains examples which have been provided to help troubleshoot issues with authentication.

2.1. A successful request with valid credentials

Example curl request with dummy credentials

Example HTTP request with dummy credentials

Example response containing the access token

2.2. Authentication problems

Generally authentication problems are reported as 401 Unauthorized errors.

2.2.1. A request with invalid credentials

Example curl request with invalid credentials

Example HTTP request with invalid credentials

Example response detailing the error

2.2.2. An unauthorised request

Example curl request without the required Authorization header

Example HTTP request without the required Authorization header

Example response detailing the error

2.2.3. A request with missing credentials

Example curl request without the required password parameter

Example HTTP request without the required password parameter

Example response detailing the error

2.2.4. A request with no client certificate

Whilst none of the examples here contain the required client certificate, this example has been explicitly included to show how the resulting 403 Forbidden error would look.

Example curl request without the required client certificate

Example HTTP request without the required client certificate

Example response detailing the error

3. Requesting birth record data

All successful requests to the API will result in a 200 OK HTTP status code and are described in this section.

3.1. Requesting a specific birth record using a System Number

The best way to get birth data is by providing the relevant System Number, a nine digit unique identifier for the birth record.

Example curl request specifying a System Number

Example HTTP request specifying a System Number

Example response is a JSON object containing the birth record data

3.2. Searching for a birth record

When the System Number of the birth record is not known, a search of the records can be made by supplying the following three parameters in the URL query string:

  • forenames : the first name is mandatory, and can be accompanied by any middle names (all separated by spaces)

  • lastname : the last name is mandatory

  • dateofbirth : the date of birth is also mandatory

Example curl request with search parameters

Example HTTP request with search parameters

Example response is a JSON array containing three matching birth records

Tip
The API will only return at most 25 matching records. In the unlikely case where there might be more than 25 people with the same first name, last name, and date of birth; you will have to add middle names to the query to make the search more exacting.

3.3. When no matching records are found

If no records matching the search terms can be found, the API will return an empty array.

Example curl request

Example HTTP request

Example response is an empty JSON array

4. Common errors and responses

4.1. Non-existent route

Making a request to an invalid end point will result in the standard 404 Not Found error.

4.1.1. Requesting an endpoint that doesn’t exist

Example curl request to an invalid endpoint

Example HTTP request to an invalid endpoint

Example response detailing the error

4.1.2. Specifying a System Number that doesn’t exist

Example curl request with a non-existing System Number

Example HTTP request with a non-existing System Number

Example response detailing the error

4.2. Missing search parameters

Missing search parameters will result in a standard 400 Bad Request error.

4.2.1. Missing forenames parameter

Example curl request without the forenames parameter

Example HTTP request without the forenames parameter

Example response detailing the error

4.2.2. Missing last name parameter

Example curl request without the lastname parameter

Example HTTP request without the lastname parameter

Example response detailing the error

4.2.3. Missing date of birth parameter

Example curl request without the required dateofbirth parameter

Example HTTP request without the required dateofbirth parameter

Example response detailing the error

4.3. Other request errors

4.3.1. Invalid date of birth provided

Example curl request with an incorrect dateofbirth parameter

Example HTTP request with an incorrect dateofbirth parameter

Example response detailing the error

Note
Currently the response status is 500 Internal Server Error; this is not the intention and will be fixed in a future release to show the proper 400 Bad Request instead.

4.3.2. Incorrectly providing forenames

The easiest way to provide forenames is using the forenames parameter, however forenames may alternatively be provided using the numbered version: forename1, forename2, forename3, and forenames4. Providing a mix of the forename parameters will result in a standard 400 Bad Request error.

Example curl request with both forenames and forename1 parameters

Example HTTP request with both forenames and forename1 parameters

Example response detailing the error

Note
The use of forename1, forename2, forename3, and forename4 is strongly discouraged and should be considered deprecated in favour of the forenames parameter.
summary:after { content: "[+]"; right: 0px; } details[open] summary:after { content: "[-]"; }

5. Retrieving audit information

For certain users with special permissions, it is possible to retrieve an aggregated count of system users' search activity.

5.1. Auditor level access

All requests to the audit information end points must be made by a user with auditor level permissions, otherwise the request will fail with the standard 401 Unauthorised error.

Example curl request by an API user without the special auditor permissions

Example HTTP request by an API user without the special auditor permissions

Example response detailing the error

5.2. Audit record filters

The audit record data returned can be filtered by providing the following parameters.

5.2.1. A date range

The date range is optional. It can be omitted entirely, only one part specified, or fully specified by providing the from and to date parameters.

Example curl request filtering out records except those made between yesterday and one minute ago

Example HTTP request filtering out records except those made between yesterday and one minute ago

Example response detailing the error