Skip to end of banner
Go to start of banner

User Access Removal

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

User Access Removal web service API revokes entitlements to CME Group services and applications, including API IDs, associated with a CME Group Login ID.  Legacy and third-party application entitlements will not be revoked by this service.

Please contact Enterprise Application and System Entitlements (EASE) to both obtain system entitlements to use this service and to verify that all legacy and third party system access has been removed after using this service.  

Testing and Certification

Certification is not required.

Restricted Access

This service is secured using HTTP Basic Access Authentication protocol. All requests must contain client’s API credential in Authorization HTTP header.

Authorization and Entitlement

The following entitlement is required to invoke the service:

  • Application: Referential Webservices (External)
  • Role: Authorization Admin
  • Scope: Domain(s)

To obtain system entitlements, contact Enterprise Application and System Entitlements (EASE).

Server Endpoints

HTTP Method

POST

Parameters

Put ‘email’ parameter in HTTP body, for example:

POST /refsecuritywebservices/securityservice/revokeEntitlementByEmail HTTP/1.1
Accept: application/json, application/*+json
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXX
Content-Type: application/x-www-form-urlencoded

email=johndoe@mycompany.com

Response

  • Successful: HTTP status code 200 is returned.
  • Failure: Returns error details in JSON format

Exception Handling

When a service error occurs, a JSON with the following attributes will be returned in HTTP response body.

AttributeDescription
errorCodeThe code that represents the error.
subErrorCodesThe codes to provide a detailed explanation about the error. For example, if a validation error occurs, the subErrorCodes usually contains an explanation about which fields have the error and what kind of error. Based on these codes, the client can react appropriately.
errorMessageThe message explaining the error, usually in human-readable language.
requestInfo

Metadata about the request. The following sub-attributes are returned:

  • appApiId: The API ID used to connect to this service.
  • requestId: Request identifier, useful for debugging purposes. This value can be supplied by the caller (see Request Tagging section below).
internalRequestId: Internal request identifier, useful for debugging purposes. This is internally generated ID and cannot be supplied by client.

Below is an example of the HTTP response returned when validation error occurs:

 HTTP/1.1 400 Bad Request
 Content-Type: application/json
 X-UNO-WS-Request-ID: d6d8a01a-1756-4c64-8223-afe26229f309
 X-UNO-WS-Internal-Request-ID: 6b0d0a4d-0677-4789-9113-ef2b8d3e02b3
 X-UNO-WS-App-API-ID: API_TEST

 {
        "errorCode":"VALIDATION_ERROR",
        "subErrorCodes":["applicationId.NotBlank","role.NotBlank","userId.NotBlank"],
        "errorMessage":"Application ID is required, Role is required, User ID is required",
        "requestInfo":
             {
                  "appApiId":"API_TEST",
                  "requestId":"c71e13b9-5ced-4dff-a359-3a185cb5c667",
                  "internalRequestId": "6b0d0a4d-0677-4789-9113-ef2b8d3e02b3"
             }
 }

Request Tagging

A request can be tracked with a request ID using X-UNO-WS-Request-ID HTTP header. The value should be a unique ID identifying the request. If no value is supplied, service will generate one for you. In addition, any HTTP response from the web service will contain the following header:

X-UNO-WS-Request-ID

X-UNO-WS-Internal-Request-ID

X-UNO-WS-App-API-ID

Below is an example on how to make a request with X-UNO-WS-Request-ID HTTP header.

POST /refsecuritywebservices/securityservice/revokeEntitlementByEmail HTTP/1.1
Accept: application/json, application/*+json
Authorization: Basic XXXXXXXXXXXXXXXXXXXXXXX
X-UNO-WS-Request-ID: ABC-1234567

As shown in the example below, when an exception occurs, the value of X-UNO-WS-Request-ID will be reflected back to the caller in the requestInfo.requestId attribute in the JSON response and X-UNO-WS-Request-ID response header:

HTTP/1.1 400 Bad Request

 Content-Type: application/json
 X-UNO-WS-Request-ID: ABC-1234567
 X-UNO-WS-Internal-Request-ID: 6b0d0a4d-0677-4789-9113-ef2b8d3e02b3
 X-UNO-WS-App-API-ID: API_TEST

 {
        "errorCode":"VALIDATION_ERROR",
        "subErrorCodes":["applicationId.NotBlank","email.NotBlank","role.NotBlank"],
        "errorMessage":"Email is required, User ID is required, Role is required",
        "requestInfo":
             {
                   "appApiId":"API_TEST",
                   "requestId":"ABC-1234567",
                   "internalRequestId": "6b0d0a4d-0677-4789-9113-ef2b8d3e02b3"
             }
 }
  • No labels