Articles in this section

Customer Membership Validation Service

Faraday Networks
  • Updated
Follow

Spectrum provides a generic API interface to let customers to integrate with their own CRM solutions in order to customize login flow. Here, in this document you will be provided a guideline of integrating your current system with Spectrum's API.

LOGIN FLOW

Screen_Shot_2017-08-04_at_08.17.51.png 

Figure 1: Validation Flow 
 

VERSION 2 (CURRENT VERSION)

By default, all requests receive the v2 version of the REST API. Requests will be made with version number via the Accept header.

Accept: application/vnd.faraday.spectrum.v2+json 

VERSION 1 

Accept: application/vnd.faraday.spectrum.v1+json 


SCHEMA

Communication with Spectrum is done in JSON format, every request and response must have Content-Type: application/json;charset=UTF-8 in header.

 

SECURITY

Spectrum takes some security measures to be sure that responses to API calls belongs to our customers.
Every customer is given two system-wide-unique keys: public and secret keys.
Public key is sent with Spectrum requests. It can be used in customer's service to verify if request is made from Spectrum: 

Accept: application/vnd.faraday.spectrum.v2+json 
Content-Type: application/json;charset=UTF-8 
X-Api-Key: fJLFhUWTxF8LdNZnvG23

Private key resides in service to be integrated. It's used to verify response is generated by customer.

Spectrum expects to get two headers in response:
• X-Timestamp, UNIX timestamp value.
• X-Auth: Value of following function: SHA-256(<API Secret>-<UNIX Timestamp>)

Example: If your API secret is OeaH2OTRCJa8REtSvKXb then you can use following Java code to generate X-Auth value.

char[] DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] bytes = digest.digest("OeaH2OTRCJa8REtSvKXb-1501580580".getBytes());
int length = bytes.length;
char[] out = new char[length << 1];
int i=0;
for(intj=0;i<length;i++){
    out[(j++)] = DIGITS[((0xF0 & bytes[i]) >>> 4)]; 
    out[(j++)] = DIGITS[(0xF & bytes[i])];
}
return new String(out);
 
Accept: application/vnd.faraday.spectrum.v2+json
Content-Type: application/json;charset=UTF-8
X-Timestamp: 1501570580
X-Auth: f7cd126b700c2626b71dfd65ba6acc7e51f340c7872e7af5a0af249d80271c15


ENDPOINTS

IsMember

Parameters

API Version         Parameters

v1
  • email
  • phone
v2
  • email
  • phone
  • birthDate (MMDDYYYY)
  • custom_attr (max 30 characters)


IsMember is request is sent from Spectrum to consumer service to check if visitor is a registered member. At least one of email and phone will be sent in request.

Phone number will begin with country code, without leading plus or zeros.

Returns

• HTTP 200 - visitor is already a member

API Version         Content

v1

     No content
v2 
{
 phone: string, //optional
 passport: string, //optional
 national_id: string, //optional
 email: string, //optional
 birthDate: string, //optional - MMDDYYYY
 fullname: string, //optional
 gender: string //optional - M/F
}

• HTTP 404 - member not found. 

Example Request

 curl -X GET 'http://example.com/api/IsMember?phone=15410000000&custom_attr=202 &birthDate=03212018' \
-H 'Accept: application/vnd.faraday.spectrum.v1+json' \
-H 'X-Api-Key: fJLFhUWTxF8LdNZnvG23' \
-H 'Content-Type: application/json;charset=UTF-8'


Expected Response

 200
 { phone: "+15410000000", fullname: "John Doe" }
Content-Type application/json;charset=UTF-8
 X-Timestamp 1501570580
 X-Auth f7cd126b700c2626b71dfd65ba6acc7e51f340c7872e7af5a0af249d80271c15


SERVER RESPONSES:

• 200 OK - the request was successful (some API calls may return 201 instead).
• 201 Created - the request was successful and a resource was created.
• 204 No Content - the request was successful but there is no representation to return (i.e. the response is empty). • 400 Bad Request - the request could not be understood or was missing required parameters.
• 401 Unauthorized - authentication failed or user doesn't have permissions for requested operation.
• 403 Forbidden - access denied.
• 404 Not Found - resource was not found.
• 405 Method Not Allowed - requested method is not supported for resource.

Comments

0 comments

Article is closed for comments.

Powered by Zendesk