User Access Removal
User Access Removal web service API revokes entitlements to CME Group services and applications, including API IDs, associated with a CME Group Login ID. Legacy and third-party application entitlements will not be revoked by this service.
Please contact Enterprise Application and System Entitlements (EASE) to both obtain system entitlements to use this service and to verify that all legacy and third party system access has been removed after using this service.
Testing and Certification
Certification is not required.
Restricted Access
This service is secured using HTTP Basic Access Authentication protocol. All requests must contain client’s API credential in Authorization HTTP header.
Authorization and Entitlement
The following entitlement is required to invoke the service:
Application: Referential Webservices (External)
Role: Authorization Admin
Scope: Domain(s)
To obtain system entitlements, contact Enterprise Application and System Entitlements (EASE).
Server Endpoints
HTTP Method
POST
Parameters
Put ‘email’ parameter in HTTP body, for example:
POST /refsecuritywebservices/securityservice/revokeEntitlementByEmail HTTP/1.1
Accept: application/json, application/*+json
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/x-www-form-urlencoded
email=johndoe@mycompany.com
Response
Successful: HTTP status code 200 is returned.
Failure: Returns error details in JSON format
Exception Handling
When a service error occurs, a JSON with the following attributes will be returned in HTTP response body.
Attribute | Description |
---|---|
errorCode | The code that represents the error. |
subErrorCodes | The codes to provide a detailed explanation about the error. For example, if a validation error occurs, the subErrorCodes usually contains an explanation about which fields have the error and what kind of error. Based on these codes, the client can react appropriately. |
errorMessage | The message explaining the error, usually in human-readable language. |
requestInfo | Metadata about the request. The following sub-attributes are returned:
internalRequestId: Internal request identifier, useful for debugging purposes. This is internally generated ID and cannot be supplied by client. |
Below is an example of the HTTP response returned when validation error occurs:
HTTP/1.1 400 Bad Request
Content-Type: application/json
X-UNO-WS-Request-ID: d6d8a01a-1756-4c64-8223-afe26229f309
X-UNO-WS-Internal-Request-ID: 6b0d0a4d-0677-4789-9113-ef2b8d3e02b3
X-UNO-WS-App-API-ID: API_TEST
{
"errorCode":"VALIDATION_ERROR",
"subErrorCodes":["applicationId.NotBlank","role.NotBlank","userId.NotBlank"],
"errorMessage":"Application ID is required, Role is required, User ID is required",
"requestInfo":
{
"appApiId":"API_TEST",
"requestId":"c71e13b9-5ced-4dff-a359-3a185cb5c667",
"internalRequestId": "6b0d0a4d-0677-4789-9113-ef2b8d3e02b3"
}
}
Request Tagging
A request can be tracked with a request ID using X-UNO-WS-Request-ID HTTP header. The value should be a unique ID identifying the request. If no value is supplied, service will generate one for you. In addition, any HTTP response from the web service will contain the following header:
X-UNO-WS-Request-ID
X-UNO-WS-Internal-Request-ID
X-UNO-WS-App-API-ID
Below is an example on how to make a request with X-UNO-WS-Request-ID HTTP header.
POST /refsecuritywebservices/securityservice/revokeEntitlementByEmail HTTP/1.1
Accept: application/json, application/*+json
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXX
X-UNO-WS-Request-ID: ABC-1234567
As shown in the example below, when an exception occurs, the value of X-UNO-WS-Request-ID will be reflected back to the caller in the requestInfo.requestId attribute in the JSON response and X-UNO-WS-Request-ID response header:
How was your Client Systems Wiki Experience? Submit Feedback
Copyright © 2024 CME Group Inc. All rights reserved.