Skip to content
This repository has been archived by the owner on Sep 2, 2020. It is now read-only.

Doc updates to include bulk issuing #128

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Doc updates to include bulk issuing #128

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4919c48
Update api-endpoints.md
SueSmith Sep 24, 2014
3f32950
Update issuing.md
SueSmith Sep 24, 2014
87d702b
Update assessment.md
SueSmith Sep 24, 2014
c73020b
Update authorization.md
SueSmith Oct 2, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/api-endpoints.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,9 @@ See the following overview of the available BadgeKit API endpoints - browse to t
* **POST** /systems/:slug/badges/:slug/instances
* **POST** /systems/:slug/issuers/:slug/badges/:slug/instances
* **POST** /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances
* **POST** /systems/:slug/badges/:slug/instances/bulk
* **POST** /systems/:slug/issuers/:slug/badges/:slug/instances/bulk
* **POST** /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances/bulk
* **DELETE** /systems/:slug/badges/:slug/instances/:email
* **DELETE** /systems/:slug/issuers/:slug/badges/:slug/instances/:email
* **DELETE** /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances/:email
Expand Down
3 changes: 2 additions & 1 deletion docs/assessment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,10 +91,11 @@ GET /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/applications

#### Available request parameters

* **`processed`** - boolean indicating whether to return processed or unprocessed applications
* **`page`:** - page of results to return
* **`count`:** - count of results to return per page

e.g. `/systems/<slug>/applications?count=2&page=1`
e.g. `/systems/<slug>/applications?processed=true&count=2&page=1`

### Expected response

Expand Down
12 changes: 7 additions & 5 deletions docs/authorization.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## Overview

Authorization is done by generating a JWT token for each request and putting it in the HTTP `Authorization` header with the auth-scheme `JWT`, under the auth-param `token`. Example (line breaks are for display purposes only):
Authorization is carried out by generating a JWT token for each request and putting it in the HTTP `Authorization` header with the auth-scheme `JWT`, under the auth-param `token`. Example (_line breaks are for display purposes only_):

```
Authorization: JWT token="eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJrZXkiO\
Expand Down Expand Up @@ -33,7 +33,9 @@ Use the `HS256` (HMAC-SHA256) algorithm. Example header:

### Secret

Ask one of us for the secret.
If you're running your own self-hosted instance of BadgeKit, the secret should be whatever you set as `MASTER_SECRET` in your environment configuration.

If you're using the Mozilla hosted version of BadgeKit - get in touch with the team for the secret.

### Example in JavaScript
```js
Expand All @@ -60,7 +62,7 @@ var token = jws.sign({
## Purpose of Each Claim

* **key**: To look up the secret used to sign the token.
* **exp**: General protection against replay attacks: a short lived token has limited opportunity for re-use.
* **method**: Protection from replay attacks against the same URL with a different method, e.g., converting a POST request into a DELETE request.
* **path**: Protection from replay attacks with the same method but against a new URL, e.g, using the same token for a POST to `/systems/chicago` as the token for a POST to `/systems/new-york`.
* **exp**: General protection against replay attacks - a short lived token has limited opportunity for re-use.
* **method**: Protection from replay attacks against the same URL with a different method, e.g. converting a `POST` request into a `DELETE` request.
* **path**: Protection from replay attacks with the same method but against a new URL, e.g using the same token for a `POST` to `/systems/chicago` as the token for a `POST` to `/systems/new-york`.
* **body**: Protection from data tampering; ensures the data that the client intended to send is the data received.
83 changes: 83 additions & 0 deletions docs/issuing.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ Issuing is the process of awarding a badge to a specific earner. In BadgeKit API
* `POST /systems/:slug/badges/:slug/instances`
* `POST /systems/:slug/issuers/:slug/badges/:slug/instances`
* `POST /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances`
* [Create Multiple Badge Instances](#create-multiple-badge-instances)
* `POST /systems/:slug/badges/:slug/instances/bulk`
* `POST /systems/:slug/issuers/:slug/badges/:slug/instances/bulk`
* `POST /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances/bulk`
* [Delete an Instance](#delete-an-instance)
* `DELETE /systems/:slug/badges/:slug/instances/:email`
* `DELETE /systems/:slug/issuers/:slug/badges/:slug/instances/:email`
Expand Down Expand Up @@ -274,6 +278,85 @@ The assertion URL represents the location of the badge assertion. A badge assert
}
```

## Create Multiple Badge Instances

The API supports bulk issuing of badges. The endpoint allows a particular badge to be issued to multiple earner email addresses.

### Expected request

```
POST /systems/:slug/badges/:slug/instances/bulk
POST /systems/:slug/issuers/:slug/badges/:slug/instances/bulk
POST /systems/:slug/issuers/:slug/programs/:slug/badges/:slug/instances/bulk
```

Requests can be sent as `application/json`, `application/x-www-form-urlencoded` or `multipart/form-data`.

| Parameters | Required | Description |
|:-----------------------|-----------------|--------------------------|
| **emails** | required | Array of email addresses for the earners the badge is being issued to. |

### Expected response

```
HTTP/1.1 201 Created
Content-Type: application/json
```

```json
{
"status": "created",
"instances": [{
"slug": "abcdefghi123456789abcdefghi123456789",
"email": "[email protected]",
"expires": null,
"issuedOn": "2014-05-29T10:16:01.654Z",
"claimCode": "abcde12345",
"assertionUrl": "http://issuersite.com/public/assertions/abcdefghi123456789abcdefghi123456789",
"badge": null
},
...
]
}
```

The bulk issuing route does not accept the claim code parameter. If the badge has already been issued to an email address in the passed array, it will not be issued again and the returned array will not contain a badge instance for that email. Similarly, if an email address was included twice in the array, only one instance will be created and returned.

#### Response structure

* status
* instances `[ ]`
* slug
* email
* expires
* issuedOn
* claimCode
* assertionUrl
* [badge](badges.md)

#### Potential errors

* **Invalid data**

```
HTTP/1.1 400 Bad Request
Content-Type: application/json
```

```json
{
"code": "ValidationError",
"message": "Could not validate required fields",
"details": [
{
"field": "email",
"value": "..."
},
...
]
}
```

## Delete an Instance

Delete a badge instance within a system, issuer or program context.
Expand Down