POST /api/contracts
Requests a new contract between a specific version of an app and a specific version of an API. Also used to revise a contract.
Revising an existing, active contract creates a new contract. However, there can only be one original contract and one revised contract. An attempt to create a second revision will fail.
Authorization Roles/Permissions: Must be logged in. App team member
Workflow: When a completely new contract is created (the first contract between a specific app version and a specific API version in a specific environment), the @Create initial action is used to start the workflow for the new contract. When a contract is revised, a new contract is created that is a revision of the existing contract, and the existing contract remains in place. In this scenario, the @Revise initial action is used to start the workflow for the revised contract. When there is a revised contract in place, any subsequent requests to create a contract for the app/API/environment combination will fail, since only one revised contract is allowed at one time.
This topic includes the following sections:
HTTP Method
POST
URL
https://{hostname}/api/contracts
Sample Request
The examples below show several requests for a new API contract, under different conditions.
Sample Request URL
https://{hostname}/api/contracts
Sample request headers
POST /api/contracts HTTP/1.1 Accept: application/json Content-Type: application/json AtmoAuthToken_acmepaymentscorp=TokenID%3Dcd36a4bd-e600-4e99-961a-c4ca0cfc93cd%2Cclaimed_id%3Durn%3Aatmosphere%3Auser%3Aacmepaymentscorp%3A14b1902f-3dfc-43e3-b09a-81137f091b96%2CissueTime%3D1614802132363%2CexpirationTime%3D1614803992357%2C... X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...
Sample request body #1
API doesn't use licenses and no quota policy is defined. Request is for access to the Sandbox implementation.
{ "APIVersionID":"38fcd5ae-08ae-4161-9fd3-65288dffb92e.acmepaymentscorp", "RuntimeID":"k2zGu3E93UPvYp0AtwVhHMzY8LVRc4L9pPMikmpX.acmepaymentscorp", "Environment":"Sandbox", "Policies":{ "Policy":[ ] }, "ContractScope":{ "Restricted":false } }
Sample request body #2
API doesn't use licenses but app developer wants a quota policy. Request is for access to the Live implementation.
{ "APIVersionID":"b49ef94a-3a4b-4cc4-b894-ef067d9a0de9.acmepaymentscorp", "RuntimeID":"7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp", "Environment":"Production", "Policies":{ "Policy":[ { "PolicyKey":"urn:uuid:a28e7b76-499c-11e4-bfe5-b1a96aa04935" } ] }, "ContractScope":{ "Restricted":false } }
Sample request body #3
API uses licenses and app developer wants unrestricted access. Request is for access to the Live implementation.
{ "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp", "Environment":"Production", "Policies":{ "Policy":[ ] }, "ContractScope":{ "Restricted":false } }
Sample request body #4
API uses licenses and app requests access with one license. Request is for access to the Sandbox implementation.
{ "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID":"7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp", "Environment":"Sandbox", "Policies":{ "Policy":[ ] }, "ContractScope":{ "Restricted":true, "LicenseID":[ "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp" ] } }
Sample request body #5
API uses licenses and app developer requests access with all licenses. Request is for access to the Live implementation.
{ "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp", "Environment":"Production", "Policies":{ "Policy":[ ] }, "ContractScope":{ "Restricted":true, "LicenseID":[ "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp", "e18cd5b6-93a6-4f30-b089-5ea374d2818d.acmepaymentscorp", "104d523d-5d49-4bc3-b523-7de6725fcaae.acmepaymentscorp" ] } }
Request Headers
For general information on request header values, refer to HTTP Request Headers.
Header | Description |
---|---|
Accept | application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
Content-Type |
Any one of the following media types is valid for the request Content-Type: application/json or application/xml application/vnd.soa.v71+json or application/vnd.soa.v71+xml application/vnd.soa.v72+json or application/vnd.soa.v72+xml application/vnd.soa.v80+json or application/vnd.soa.v80+xml application/vnd.soa.v81+json or application/vnd.soa.v81+xml |
Cookie | AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies. |
X-Csrf-Token_{fedmemberID} | The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login. |
Request Parameters
Parameter | Parm Type | Data Type | Required | Description |
---|---|---|---|---|
Contract | Body | Contract | Required |
Includes the APIVersionID and RuntimeID for the app version requesting the contract. In this scenario, the RuntimeID is the unique ID defined by the user for the app version, if applicable. |
Response
If successful, this operation returns HTTP status code 200, with information about the contract.
Sample Response
The sample response below returns the expanded Contract object with additional values of ContractID, Environment, and State.
Sample response headers
HTTP/1.1 200 OK Date: Tue, 02 Mar 2021 21:58:57 GMT Content-Type: application/json
Sample response body: response to sample request #1
API doesn't use licenses and no quota policy is defined. Request is for access to the Sandbox implementation.
{ "ContractID": "e2b171f2-1896-4e9f-8b1c-66fbf8faca3d.acmepaymentscorp", "APIVersionID":"38fcd5ae-08ae-4161-9fd3-65288dffb92e.acmepaymentscorp", "RuntimeID":"k2zGu3E93UPvYp0AtwVhHMzY8LVRc4L9pPMikmpX.acmepaymentscorp", "Environment": "Sandbox", "State": "apicontract.status.approved", "ContractScope": { "Restricted": false }, "Updated": "2021-03-02T21:58:58Z", "UpdatedInMillis": 1614722338000, "Status": "com.soa.apicontract.draft" }
Sample response body: response to sample request #2
API doesn't use licenses but app developer wants a quota policy. Request is for access to the Live implementation.
{ "ContractID" : "77824aa2-b370-4348-aa4f-0be60d1b710c.acmepaymentscorp", "APIVersionID" : "b49ef94a-3a4b-4cc4-b894-ef067d9a0de9.acmepaymentscorp", "RuntimeID" : "7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp", "Environment" : "Production", "State" : "apicontract.status.pending_approval", "ContractScope" : { "Restricted" : false }, "Updated" : "2014-10-01T19:59:35Z", "UpdatedInMillis" : 1412193575000, "Status" : "com.soa.apicontract.draft" }
Sample response body: response to sample request #3
API uses licenses and app developer wants unrestricted access. Request is for access to the Live implementation.
{ "ContractID" : "fa11ed81-ccde-4104-9d3a-109aa880fdde.acmepaymentscorp", "APIVersionID" : "3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID" : "2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp", "Environment" : "Production", "State" : "apicontract.status.pending_approval", "ContractScope" : { "Restricted" : false }, "Updated" : "2014-10-01T20:02:48Z", "UpdatedInMillis" : 1412193768000, "Status" : "com.soa.apicontract.draft" }
Sample response body: response to sample request #4
API uses licenses and app requests access with one license. Request is for access to the Sandbox implementation.
{ "ContractID" : "9d38e862-6f34-4681-98b4-c826813e4d5c.acmepaymentscorp", "APIVersionID" : "3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID" : "7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp", "Environment" : "Sandbox", "State" : "apicontract.status.activated", "ContractScope" : { "Restricted" : true, "LicenseID" : [ "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp" ] }, "Updated" : "2014-10-01T20:05:03Z", "UpdatedInMillis" : 1412193903000, "Status" : "com.soa.apicontract.draft" }
Sample response body: response to sample request #5
API uses licenses and app developer requests access with all licenses. Request is for access to the Live implementation.
{ "ContractID":"a57f7275-c812-410b-ab70-941c93d8f793.acmepaymentscorp", "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp", "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp", "Environment":"Production", "State":"apicontract.status.pending_approval", "ContractScope":{ "Restricted":true, "LicenseID":[ "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp", "e18cd5b6-93a6-4f30-b089-5ea374d2818d.acmepaymentscorp", "104d523d-5d49-4bc3-b523-7de6725fcaae.acmepaymentscorp" ] }, "Updated":"2014-10-01T20:11:40Z", "UpdatedInMillis":1412194300000, "Status":"com.soa.apicontract.draft" }
Response Headers
For general information on response header values, refer to HTTP Response Headers.
Header | Description |
---|---|
Content-Type | application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml |
Response Body
Name | Type | Description |
---|---|---|
Contract | Contract |
Includes the following values for the contract:
|
Error Codes/Messages
If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.
Item | Value |
---|---|
401 | Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing. |
405 | Method Not Allowed. You might get this if there is an error in the URL, or if you used the wrong HTTP verb. You would also get this if you provided incorrect values in the body of the request message. |
500 | An error occurred processing the call. |
More information about Akana API Platform API error messages.