A pact between GDS API Adapters and Account API

Requests from GDS API Adapters to Account API

Interactions

Upon receiving a create-state request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/state",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "attributes": {
      "foo": "bar"
    }
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "state_id": "reference-to-pass-to-get_sign_in_url"
  }
}

Given there is a valid user session, upon receiving a get-attributes request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/attributes",
  "query": "attributes[]=foo",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "values": {
    }
  }
}

Given there is a valid user session, with an attribute called 'foo', upon receiving a get-attributes request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/attributes",
  "query": "attributes[]=foo",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "values": {
      "foo": {
        "bar": "baz"
      }
    }
  }
}

Given there is a valid user session, upon receiving a has-subscription request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/transition-checker-email-subscription",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "has_subscription": false
  }
}

Given there is a valid user session, with a transition checker email subscription, upon receiving a has-subscription request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/transition-checker-email-subscription",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "GOVUK-Account-Session": "logged-in-user-session"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "has_subscription": true
  }
}

Given there is a valid user session, upon receiving a set-attributes request from GDS API Adapters, with

{
  "method": "patch",
  "path": "/api/attributes",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "Content-Type": "application/json",
    "GOVUK-Account-Session": "logged-in-user-session"
  },
  "body": {
    "attributes": {
      "foo": "[1,2,3]",
      "bar": "{\"nested\":\"json\"}"
    }
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id"
  }
}

Given there is a valid user session, upon receiving a set-subscription request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/transition-checker-email-subscription",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "Content-Type": "application/json",
    "GOVUK-Account-Session": "logged-in-user-session"
  },
  "body": {
    "slug": "brexit-emails-123"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id"
  }
}

Upon receiving a sign-in request from GDS API Adapters, with

{
  "method": "get",
  "path": "/api/oauth2/sign-in",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "auth_uri": "http://authentication-provider/some/oauth/url",
    "state": "value-to-use-for-csrf-prevention"
  }
}

Given there is a valid OAuth response, upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id"
  }
}

Given there is a valid OAuth response, with the redirect path '/some-arbitrary-path', upon receiving a validation request from GDS API Adapters, with

{
  "method": "post",
  "path": "/api/oauth2/callback",
  "headers": {
    "Accept": "application/json",
    "User-Agent": "gds-api-adapters/70.0.0 ()",
    "Content-Type": "application/json"
  },
  "body": {
    "code": "code",
    "state": "state"
  }
}

Account API will respond with:

{
  "status": 200,
  "headers": {
    "Content-Type": "application/json; charset=utf-8"
  },
  "body": {
    "govuk_account_session": "user-session-id",
    "redirect_path": "/some-arbitrary-path"
  }
}