PUT /api/contracts/{ContractID}

Updates scopes (licenses selected) and/or the QoS policy assignments for an app/API contract.

Note: This corresponds to the Revise option in the Community Manager developer portal. This option is only available for a contract when licenses and QoS policies are associated with an API.

Authorization Roles/Permissions: Must be logged in. To complete this operation successfully, a user must be a member of the applicable team (App team member or API Admin).

This topic includes the following sections:

HTTP Method

PUT

URL

https://{hostname}/api/contracts/{ContractID}

Sample Request

The example below shows a request to update the policies associated with a contract. Previously there were two policies; this example removes one, so there will be only one policy assigned to the contract.

Sample Request URL

https://{hostname}/api/contracts/70db5aae-9c12-41ff-b809-dd5941db1730.acmepaymentscorp

Sample request headers

Accept: application/json
Content-Type: application/json
AtmoAuthToken_acmepaymentscorp=TokenID%3Dcd36a4bd-e600-4e99-961a-c4ca0cfc93cd%2Cclaimed_id%3Durn%3Aatmosphere%3Auser%3Aacmepaymentscorp%3A14b1902f-3dfc-43e3-b09a-81137f091b96%2CissueTime%3D1614802132363%2CexpirationTime%3D1614803992357%2C...
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body

{
  "ContractID": "70db5aae-9c12-41ff-b809-dd5941db1730.acmepaymentscorp",
  "APIVersionID": "9daf2b49-0b00-45c2-8ccf-db5ef3d478af.acmepaymentscorp",
  "RuntimeID": "wbN3rqWphd4z6LtgwI5oMRbrZoYrwQ4OvKrBn19o.acmepaymentscorp",
  "Environment": "Production",
  "Policies": {
    "Policy": [
      {
        "PolicyKey": "uddi:0e725858-48de-47aa-90a3-10c2cf49aab2",
        "Name": "Throughput Quota QoS policy",
        "Description": "Throughput Quota QoS policy",
        "PolicyType": "Service Level Policy",
        "PolicySubType": "policy.qos.throughputquota"
      }
    ]
  },
  "State": "apicontract.status.approved",
  "ContractScope": {
    "Restricted": false
  },
  "Updated": "2019-09-06T21:22:13Z",
  "UpdatedInMillis": 1567804933000,
  "Status": "com.soa.apicontract.draft"
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Content-Type

Any one of the following media types is valid for the request Content-Type:

application/json or application/xml

application/vnd.soa.v71+json or application/vnd.soa.v71+xml

application/vnd.soa.v72+json or application/vnd.soa.v72+xml

application/vnd.soa.v80+json or application/vnd.soa.v80+xml

application/vnd.soa.v81+json or application/vnd.soa.v81+xml

Cookie AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter Parm Type Data Type Required Description
ContractID Path string Required The unique ID for a specific contract between an app version and an API version.
Contract Body Contract Required Information about the contract, with the updated values.

Response

If successful, this operation returns HTTP status code 200, with information about the updated contract.

Sample Response

The sample response below shows successful completion of this operation.

Note: the response does not show the policies attached to the contract. In this example, there were previously two policies, and the request removed one of them. To see an updated list of the policies associated with the contract, use the GET /api/contracts/{ContractID} operation.

Sample response headers: application/json

Status Code: 200 OK
Content-Type: application/json
Date: Fri, 06 Sep 2019 21:23:58 GMT

Sample response body: application/json

{
  "ContractID": "70db5aae-9c12-41ff-b809-dd5941db1730.acmepaymentscorp",
  "APIVersionID": "9daf2b49-0b00-45c2-8ccf-db5ef3d478af.acmepaymentscorp",
  "RuntimeID": "wbN3rqWphd4z6LtgwI5oMRbrZoYrwQ4OvKrBn19o.acmepaymentscorp",
  "Environment": "Production",
  "State": "apicontract.status.approved",
  "ContractScope": {
    "Restricted": false
  },
  "Updated": "2019-09-06T21:23:59Z",
  "UpdatedInMillis": 1567805039000,
  "Status": "com.soa.apicontract.draft"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml

Response Body

Name Type Description
Contract Contract Contains information about a contract between an app and an API.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
400 Bad request: Returned if the client sends a malformed request; for example, invalid parameters or body content.For example, you might get this response if you specified an incorrect content-type value for the request.
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.