-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrocket-lawyer-authentication-api.postman_collection.json
More file actions
458 lines (458 loc) · 20.5 KB
/
Copy pathrocket-lawyer-authentication-api.postman_collection.json
File metadata and controls
458 lines (458 loc) · 20.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
{
"item": [
{
"id": "d227d671-1a09-4e2c-8d74-b9744d9ba81c",
"name": "Access Token Creation",
"request": {
"name": "Access Token Creation",
"description": {
"content": "Request the creation of an Access Token, whether or not it be associated with a Service Token. Requires passing credentials (App Key and Secret) in posted request body. For plain Access Tokens, grant type must be `client_credentials`. For Access Tokens associated with a Service Token, grant type must be `authorization_code` with Service Token passed in a request body field named `code`.",
"type": "text/plain"
},
"url": {
"path": [
"accesstoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"auth": null,
"body": {
"mode": "raw",
"raw": "{\n \"client_id\": \"<string>\",\n \"client_secret\": \"<string>\",\n \"grant_type\": \"<string>\",\n \"code\": \"<string>\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"response": [
{
"id": "72a279c4-d677-4580-b148-42f520b7ac6d",
"name": "OK",
"originalRequest": {
"url": {
"path": [
"accesstoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"client_id\": \"your-App-key\",\n \"client_secret\": \"your-App-secret\",\n \"grant_type\": \"client_credentials\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "OK",
"code": 200,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"organization_name\": \"rocketlawyer-internal\",\n \"developer.email\": \"pdu-test-automation@rocketlawyer.com\",\n \"issued_at\": \"1633969487428\",\n \"client_id\": \"your-apigee-app-key\",\n \"token_type\": \"BearerToken\",\n \"access_token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJyb2NrZXRsYXd5ZXIuY29tIiwiYXVkIjoicm9ja2V0bGF3eWVyLmNvbS9hY2Nlc3MtdG9rZW5zIiwiZXhwIjoxNjM0MDA3Njg1LCJpYXQiOjE2MzM5NzE2ODUsInJsX2FwaV9jbGllbnRfaWQiOiI3ZmI5YzAwMy1iNzc3LTQwYzYtYWRlMC1hYzk0NWM5ZDcxMGIiLCJybF91c2VyX2lkIjpudWxsLCJzcnYiOnsib3JpZ2luYWxUZW5hbnRJZCI6IjZiYmRkYzJjLTljN2MtNGVhZC05Y2E5LWJkYTRmZDc4YWNjNSIsImV4cGlyYXRpb25UaW1lIjoxNjcxNzc2NTQyLCJwYXJ0bmVySWQiOiIwZDc5MGY5ZC03ZmY5LTRiYzItODU3Ny0yNTVlYWY0NTk0YzAiLCJvcmlnaW5hbENsaWVudElkIjoiN2ZiOWMwMDMtYjc3Ny00MGM2LWFkZTAtYWM5NDVjOWQ3MTBiIiwicHVycG9zZSI6ImFwaS5yb2NrZXRsYXd5ZXIuY29tL2RlbW8vdGhpbmdzIiwiYnJhbmRJZCI6IjVkZWQwYWNiLTJjZDItNDA1Zi05NTY4LTk5NmU0ODBmZjQ2NiIsIm93bmVyIjoidXNlcjEifSwiY2kiOm51bGx9.<content redacted>\",\n \"application_name\": \"4e8dc68b-cc3c-4ffc-aab3-f76f817ad321\",\n \"expires_in\": \"35998\",\n \"api_product_list\": [\n \"rocketdoc-api-product-sandbox\",\n \"partner-auth-service-product-sandbox\",\n \"binders-product-document-manager-sandbox\"\n ]\n}",
"cookie": [],
"_postman_previewlanguage": "json"
},
{
"id": "8398c460-63d2-490f-a5b9-ec12445ca877",
"name": "Bad Request. Possible reasons are:\n- Missing or invalid grant_type\n- Missing or invalid code\n",
"originalRequest": {
"url": {
"path": [
"accesstoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"client_id\": \"your-App-key\",\n \"client_secret\": \"your-App-secret\",\n \"grant_type\": \"client_credentials\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "Bad Request",
"code": 400,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"fault\": {\n \"faultstring\": \"Missing or invalid grant_type\",\n \"detail\": {\n \"errorcode\": \"Bad Request\"\n }\n }\n}",
"cookie": [],
"_postman_previewlanguage": "json"
},
{
"id": "a2627bc4-165f-48ae-a300-0e17c5e61c71",
"name": "Unauthorized",
"originalRequest": {
"url": {
"path": [
"accesstoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"client_id\": \"your-App-key\",\n \"client_secret\": \"your-App-secret\",\n \"grant_type\": \"client_credentials\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "Unauthorized",
"code": 401,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"fault\": {\n \"faultstring\": \"Invalid Client Credentials\",\n \"detail\": {\n \"errorcode\": \"Unauthorized\"\n }\n }\n}",
"cookie": [],
"_postman_previewlanguage": "json"
}
],
"event": [],
"protocolProfileBehavior": {
"disableBodyPruning": true
}
},
{
"id": "1e7d879e-1d93-4d57-b314-49694143862a",
"name": "Service Token Creation",
"request": {
"name": "Service Token Creation",
"description": {
"content": "Request the creation of a Service Token by posting one purpose with a related claim claim parameter. In order for the Client Application to be allowed to request Service Tokens, its associated RL Api Client must have been created with at least one of the recognized RL backend System Roles.",
"type": "text/plain"
},
"url": {
"path": [
"servicetoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"key": "Content-Type",
"value": "application/json"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"auth": {
"type": "bearer",
"bearer": [
{
"key": "token",
"value": "{{bearerToken}}"
}
]
},
"body": {
"mode": "raw",
"raw": "{\n \"purpose\": \"<string>\",\n \"expirationTime\": \"<integer>\",\n \"upid\": \"<string>\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"response": [
{
"id": "1251d8f9-65ad-4fbb-9e26-a50270cddb50",
"name": "OK",
"originalRequest": {
"url": {
"path": [
"servicetoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"description": {
"content": "Added as a part of security scheme: bearer",
"type": "text/plain"
},
"key": "Authorization",
"value": "Bearer <token>"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"purpose\": \"api.rocketlawyer.com/binder-party-access\",\n \"expirationTime\": 1671776542,\n \"upid\": \"d790696c-a0d8-4ba2-ad65-0092e89904ac\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "OK",
"code": 200,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"purpose\": \"api.rocketlawyer.com/binder-party-access\",\n \"expirationTime\": 1607803932,\n \"token\": \"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJyb2NrZXRsYXd5ZXIuY29tIiwiYXVkIjoicm9ja2V0bGF3eWVyLmNvbS9zZXJ2aWNlLXRva2VucyIsImV4cCI6MTY3MTc3NjU0MiwiaWF0IjoxNjMzOTcxNjg0LCJzcnYiOnsib3JpZ2luYWxUZW5hbnRJZCI6IjZiYmRkYzJjLTljN2MtNGVhZC05Y2E5LWJkYTRmZDc4YWNjNSIsImV4cGlyYXRpb25UaW1lIjoxNjcxNzc2NTQyLCJwYXJ0bmVySWQiOiIwZDc5MGY5ZC03ZmY5LTRiYzItODU3Ny0yNTVlYWY0NTk0YzAiLCJvcmlnaW5hbENsaWVudElkIjoiN2ZiOWMwMDMtYjc3Ny00MGM2LWFkZTAtYWM5NDVjOWQ3MTBiIiwicHVycG9zZSI6ImFwaS5yb2NrZXRsYXd5ZXIuY29tL2RlbW8vdGhpbmdzIiwiYnJhbmRJZCI6IjVkZWQwYWNiLTJjZDItNDA1Zi05NTY4LTk5NmU0ODBmZjQ2NiIsIm93bmVyIjoidXNlcjEifX0.<content redacted> \"\n}",
"cookie": [],
"_postman_previewlanguage": "json"
},
{
"id": "9eb3a1e7-4c63-41d3-8221-5c6f177b11d3",
"name": "Bad Request. Possible reasons are:\n- Invalid purpose\n- Expiration Time is in the past\n- Mandatory claim missing for purpose\n- Claim not valid for purpose\n",
"originalRequest": {
"url": {
"path": [
"servicetoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"description": {
"content": "Added as a part of security scheme: bearer",
"type": "text/plain"
},
"key": "Authorization",
"value": "Bearer <token>"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"purpose\": \"api.rocketlawyer.com/binder-party-access\",\n \"expirationTime\": 1671776542,\n \"upid\": \"d790696c-a0d8-4ba2-ad65-0092e89904ac\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "Bad Request",
"code": 400,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"message\": \"Request is missing mandatory fields or contains non-acceptable fields for purpose or purpose is invalid\",\n \"error\": \"BAD_REQUEST\",\n \"status\": 400,\n \"timestamp\": \"2021-10-13T15:56:40.980+00:00\"\n}",
"cookie": [],
"_postman_previewlanguage": "json"
},
{
"id": "2937706a-b5e6-4f88-931a-e4220a4b1a3b",
"name": "Unauthorized",
"originalRequest": {
"url": {
"path": [
"servicetoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"description": {
"content": "Added as a part of security scheme: bearer",
"type": "text/plain"
},
"key": "Authorization",
"value": "Bearer <token>"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"purpose\": \"api.rocketlawyer.com/binder-party-access\",\n \"expirationTime\": 1671776542,\n \"upid\": \"d790696c-a0d8-4ba2-ad65-0092e89904ac\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "Unauthorized",
"code": 401,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"fault\": {\n \"faultstring\": \"Access Token expired\",\n \"detail\": {\n \"errorcode\": \"keymanagement.service.access_token_expired\"\n }\n }\n}",
"cookie": [],
"_postman_previewlanguage": "json"
},
{
"id": "bddeaae0-7bdc-4a12-ab41-17a4f47e080f",
"name": "Forbidden. Possible reasons are:\n- None of the system roles are authorized to request Service Tokens\n- RL Header not allowed\n- Claim not allowed for purpose\n",
"originalRequest": {
"url": {
"path": [
"servicetoken"
],
"host": [
"{{baseUrl}}"
],
"query": [],
"variable": []
},
"header": [
{
"description": {
"content": "Added as a part of security scheme: bearer",
"type": "text/plain"
},
"key": "Authorization",
"value": "Bearer <token>"
},
{
"key": "Accept",
"value": "application/json"
}
],
"method": "POST",
"body": {
"mode": "raw",
"raw": "{\n \"purpose\": \"api.rocketlawyer.com/binder-party-access\",\n \"expirationTime\": 1671776542,\n \"upid\": \"d790696c-a0d8-4ba2-ad65-0092e89904ac\"\n}",
"options": {
"raw": {
"language": "json"
}
}
}
},
"status": "Forbidden",
"code": 403,
"header": [
{
"key": "Content-Type",
"value": "application/json"
}
],
"body": "{\n \"timestamp\": \"2022-03-18T18:28:40.239+00:00\",\n \"status\": 403,\n \"error\": \"FORBIDDEN\",\n \"message\": \"none of the system roles are authorized to request Service Tokens\",\n \"path\": \"/partners/v1/auth/servicetoken\"\n}",
"cookie": [],
"_postman_previewlanguage": "json"
}
],
"event": [],
"protocolProfileBehavior": {
"disableBodyPruning": true
}
}
],
"event": [],
"variable": [
{
"type": "string",
"value": "https://api-sandbox.rocketlawyer.com/partners/v1/auth",
"key": "baseUrl"
}
],
"info": {
"_postman_id": "4dc598e1-470b-460c-8f50-86bf45966878",
"name": "Authentication API",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"description": {
"content": "This API documentation describes the authentication mechanisms that enable access to the Rocket Lawyer’s APIs. The Rocket Lawyer API Platform uses Oauth 2.0 access tokens (as per [RFC 6750](https://datatracker.ietf.org/doc/html/rfc6750)) to authenticate API requests and protect your resources. \n\nThis page provides a comprehensive overview of the three types of tokens — Access Tokens, Service Tokens, and Scoped Access Tokens — along with guidance on using these tokens effectively during interactions with Rocket Lawyer’s APIs.\n\nGuides that provide step-by-step instructions for how to authenticate using the Rocket Lawyer embeddable UXs can be viewed in the [Guides section](/guides)). \n\nExplore the different authentication tokens and their usage within Rocket Lawyer's API ecosystem using the sections below:\n\n# Access Token\n\nAccess Tokens are used whenever backend systems need to interact with Rocket Lawyer's APIs. Calls made with these tokens can access the data for all of your customers associated with the App you created in the developer center. Example usage is to start new interviews or retrieve all documents and binders.\n\nTo create an Access Token, issue a POST to /auth/accesstoken using valid credentials, these can be obtained from the [RocketLawyer Developer Portal](https://developer.rocketlawyer.com/) - see the [Welcome Guide](/welcome-guide)) for how to obtain these.\n\nThen include the Access Token as a bearer token in the Authorization header of your API requests to access our API resources.\n\nThis token can be used to start a new interview and retrieve the necessary document templates, establishing a secure foundation for the session.\n\nAccess Tokens expire after 10 hours. During this time, you should securely store this token in your backend for use in future requests. Creating a new access token does not invalidate any previously generated access tokens, your app can have more than one valid access token at a time.\n\n# Service Token\n\nService Tokens are a means for one application to delegate authority to API resources to less privileged applications. Typically a backend application will generate a service token to be distributed to a frontend application, to securely access a specific API resource. Service Tokens are generated with parameters like the purpose, interview ID, and Unique Party Identifier (UPID) that describe the scope of access that can be granted to the frontend application.\n\nGenerate a Service Token by sending a request to the Authentication endpoint with the necessary parameters. \n\nThe Service Token can then be passed to your frontend to be used in an Embedded UX component or to enable your frontend to access the Rocket Lawyer APIs through the creation of a scoped access token. This token has a 1-year expiration time.\n\n\n# Scoped Access Token\n\nA Scoped Access Token is typically used to authenticate frontend interactions. You need to create these tokens only if calling the Rocket Lawyer APIs from your front-end, for example if building your own UX. If using the embedded UX then these tokens are created and handled within the component.\n\nScoped Access Tokens grant access to specific resources, such as an interview (identified by interviewId) or linked to a particular party (identified by a UPID). \n\nTo obtain a Scoped Access Token, you must first generate a Service Token that specifies the resources that can be accessed. To create a scoped access token you need to create a new Developer app in the [RocketLawyer Developer Portal](https://developer.rocketlawyer.com/) that has front-end only scope. Contact Rocket Lawyer developer support (api@rocketlawyer.com) who will help provide this. The key and secret from this front-end app should be used to create the scoped access token. \n\nYou should include this token in the Authorization header of your frontend API requests.\n\n# Application Scope \nDeveloper apps can be created with either backend or frontend access scope. Apps with backend scope are used for server-to-server communication and can access all our APIs. Apps with frontend scope are used by a web frontend to access our APIs and are restricted in the calls they can make to support the UX. If building your own UX, you will need an app with frontend scope.\n\n**Note** You must not use a Developer App that has backend access to authenticate into Rocket Lawyer APIs from your front-end. This will expose your backend credentials that have access to all your customers' data in the browser.\n",
"type": "text/plain"
}
}
}