1click-api
Handlers
Merchant
Needs an valid merchant ApiKey
Needs header Authorization: Bearer <APIKEY>
Oyst
Needs header Oyst-Authorization: Oyst <DATA>
Where <DATA>
is a base64
encoded stringified
object
Sessions
Needs header oyst-session
Returns a 403
if header is not present
Routes
Error handling
When calling this API except for internal errors, the API should return a json
POST
/orders/authorize
Handle the server to server authentication for the oneclick. This route should be called by the merchant during the function getOneclickUrl()
.
The iframe url is returned.
Payload:
Joiobject product_reference: Joi variation_reference: Joi user: Joiobject quantity: Joi
Handler: merchant
Returns
403
on authentication failure- On success
GET
/version
Informations are in package.json
Returns
POST
/orders
Handle the order creation when user is known.
It calls:
- payment-api
- user-api
- catalog-api
Payload
Joiobject encrypted_card: Joi
encrypted_card
should be send only when user changes his card
Handler: Oyst Session
Returns
DELETE
/orders/{:id}
Delete specific order and clean associated session
It calls:
- payment-api
- user-api
- catalog-api
QueryParams
Joiobject id: Joi
Handler: Oyst Session
Returns
GET
/users
Check if user exists using the phone number. If found, sms is send with a link
QueryParams
Joiobject phone: phoneRule
Where phoneRule
is the npm package joi-phone-validator
Handler: Oyst
Returns
POST
/users/card
Called when user is not found. Store the encrypted_card
in REDIS Session.
Then send a SMS with a link that display a code. Like 3DS
Payload
Joiobject encrypted_card: Joi
Handler: Oyst
Returns
GET
/users/phone/mfa
Activate the code when user clicked on the SMS link
QueryParams
Joiobject id: Joi p: phoneRule
Where phoneRule
is the npm package joi-phone-validator
Returns
Redirects to ${DISPLAY_CODE_URL}?${Querystring.stringify({ id, phone: p })}
where DISPLAY_CODE_URL
is the url of the ReactAPP to display the code on mobile
POST
/users/phone/valid
Activate the phone when user clicked on the SMS link. Send PUSHER_EVENT
on success.
- Remove phone from
PhoneSession
- Remove short-link from the
PhoneChecker
Payload
Joiobject id: Joi phone: phoneRule session: Joi user_id: Joi
Where phoneRule
is the npm package joi-phone-validator
Returns
Redirects to PHONE_SUCCESS_URL
that is the static url of success
GET
/mfa
- Get the code from
PhoneChecker
- Send
PUSHER_EVENT
on success with paramscode: true and uuid
QueryParams
Joiobject id: Joi phone: phoneRule
Where phoneRule
is the npm package joi-phone-validator
Returns
POST
/mfa/codes
- Get the code from
PhoneChecker
- Send
PUSHER_EVENT
on success with paramscode: true and uuid
Payload
Joiobject code: Joi uuid: Joi phone: phoneRule
Where phoneRule
is the npm package joi-phone-validator
Returns
POST
/users
- Add card with minimum authorization
- Create the user using user-api
Handler: Oyst Session
Payload
Joiobject address: address billing_address: address email: Joi first_name: Joi language: Joilength2 last_name: Joi
where address
is
Joiobject city: Joi company_name: allowEmpty complementary: allowEmpty country: Joi first_name: Joi label: Joi last_name: Joi postcode: allowEmpty region: allowEmpty street: Joi
and allowEmpty
is
Joi
Where phoneRule
is the npm package joi-phone-validator
Returns
POST
/notifications
- Handle payment-api notifications
For now notification are not treated this is only usefull for the payment-api not to crashed
TO FIX when order-api will be able to handle payment informations
Payload
Joiobject live: Joi notification: Joiobject
Returns
OK