A pact between GDS API Adapters and Account API

Requests from GDS API Adapters to Account API

Interactions

Given there is a valid user session, with a 'wizard-news' email subscription, upon receiving a delete-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "delete",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 204
}

Given there is a valid user session, upon receiving a delete-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "delete",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 404
}

Upon receiving a delete-user request from GDS API Adapters, with

{
  "method": "delete",
  "path": "/api/oidc-users/the-subject-identifier",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 404
}

Given there is a user with subject identifier 'the-subject-identifier', upon receiving a delete-user request for 'the-subject-identifier' from GDS API Adapters, with

{
  "method": "delete",
  "path": "/api/oidc-users/the-subject-identifier",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 204
}

Given there is a valid user session, upon receiving a get-attributes request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/attributes",
  "query": "attributes[]=transition_checker_state",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "values": {
    }
  }
}

Given there is a valid user session, with an attribute called 'transition_checker_state', upon receiving a get-attributes request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/attributes",
  "query": "attributes[]=transition_checker_state",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "values": {
      "transition_checker_state": {
        "array": [
          1,
          2,
          3
        ],
        "some": {
          "nested": "json"
        }
      }
    }
  }
}

Given there is a valid user session, upon receiving a get-user request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/user",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "id": "user-id",
    "mfa": true,
    "email": "user@example.com",
    "email_verified": true,
    "has_unconfirmed_email": true,
    "services": {
      "transition_checker": "no"
    }
  }
}

Given there is a user with email address 'email@example.com', upon receiving a match-user-by-email request for 'email@example.com' from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/user/match-by-email",
  "query": "email=email%40example.com",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "match": false
  }
}

Upon receiving a match-user-by-email request for 'email@example.com' from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/user/match-by-email",
  "query": "email=email%40example.com",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 404
}

Given there is a valid user session, upon receiving a put-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "put",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json",
    "GOVUK-Account-Session": "logged-in-user-session"
  },
  "body": {
    "topic_slug": "wizard-news-topic-slug"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "email_subscription": {
      "name": "wizard-news",
      "topic_slug": "wizard-news-topic-slug"
    }
  }
}

Given there is a valid user session, with a 'wizard-news' email subscription, upon receiving a put-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "put",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json",
    "GOVUK-Account-Session": "logged-in-user-session"
  },
  "body": {
    "topic_slug": "wizard-news-topic-slug"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "email_subscription": {
      "name": "wizard-news",
      "topic_slug": "wizard-news-topic-slug"
    }
  }
}

Given there is a valid user session, upon receiving a set-attributes request from GDS API Adapters, with

{
  "method": "patch",
  "path": "/api/attributes",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json",
    "GOVUK-Account-Session": "logged-in-user-session"
  },
  "body": {
    "attributes": {
      "transition_checker_state": {
        "array": [
          1,
          2,
          3
        ],
        "some": {
          "nested": "json"
        }
      }
    }
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id"
  }
}

Given there is a valid user session, with a 'wizard-news' email subscription, upon receiving a show-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "email_subscription": {
      "name": "wizard-news",
      "topic_slug": "wizard-news-topic-slug"
    }
  }
}

Given there is a valid user session, upon receiving a show-subscription request for 'wizard-news' from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/email-subscriptions/wizard-news",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 404
}

Upon receiving a sign-in request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/oauth2/sign-in",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "auth_uri": "http://authentication-provider/some/oauth/url",
    "state": "value-to-use-for-csrf-prevention"
  }
}

Given there is a valid OAuth response, upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id"
  }
}

Given there is a valid OAuth response, with cookie consent 'true', upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "cookie_consent": true
  }
}

Given there is a valid OAuth response, with the redirect path '/some-arbitrary-path', upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "redirect_path": "/some-arbitrary-path"
  }
}

Upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 401
}

Upon receiving an end-session request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/oauth2/end-session",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/75.3.0 ()"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "end_session_uri": "http://authentication-provider/some/end/session/url"
  }
}