OVERVIEW
Faraday Edge provides a generic API interface to let customers integrate with their own CRM solutions in order to customize login flow. Here, in this document, you will be provided a guideline for integrating your current system with Faraday Edge's API.
LOGIN FLOW
CURRENT VERSION
By default, all requests receive the v3 of the REST API. Requests will be made with version number via the Accept header.
Accept: application/vnd.faraday.edge.v3+json
Previous Versions |
|
v1 |
Accept: application/vnd.faraday.edge.v1+json |
v2 |
Accept: application/vnd.faraday.edge.v2+json |
v3 |
Accept: application/vnd.faraday.edge.v3+json |
SCHEMA
Communication with Edge is done in JSON format, every request and response must have Content-Type: application/json;charset=UTF-8 in the header.
SECURITY
Faraday Edge takes security measures to make sure that responses to API calls belong to our customers.
Every customer is given two system-wide-unique keys: public and secret keys.
The public key is sent with Faraday Edge requests. It can be used in the customer's service to verify if the request is made from Faraday Edge:
Accept: application/vnd.faraday.edge.v3+json |
The private key resides in service to be integrated. It's used to verify the response that is generated by the customer.
Faraday Edge expects to get two headers in response:
- X-Timestamp, UNIX timestamp value.
- X-Auth: Value of the following function: SHA-256(<API Secret>-<UNIX Timestamp>)
Example: If your API secret is OeaH2OTRCJa8REtSvKXb then you can use the following Java code to generate X-Auth value.
char[] DIGITS = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
MessageDigest digest = MessageDigest.getInstance("SHA-256");
byte[] bytes = digest.digest("OeaH2OTRCJa8REtSvKXb-1501580580".getBytes());
int length = bytes.length;
char[] out = new char[length << 1];
int i = 0;
for (int j = 0; i < length; i++) {
out[(j++)] = DIGITS[((0xF0 & bytes[i]) >>> 4)];
out[(j++)] = DIGITS[(0xF & bytes[i])];
}
return new String(out)
Accept: application/vnd.faraday.edge.v3+json
Content-Type: application/json;charset=UTF-8
X-Timestamp: 1501570580
X-Auth: f7cd126b700c2626b71dfd65ba6acc7e51f340c7872e7af5a0af249d80271c15
ENDPOINTS
IsMember
Description
IsMember request is sent from Faraday Edge to consumer service to check if the visitor is a registered member.
Parameters
API VERSION |
PARAMETERS |
V1 |
|
V2-V3 |
|
Parameters from above, corresponding to the components placed on Visualize (Captive Portal design tool), will be sent in the requests.
The phone number will begin with country code, without leading plus or zeros.
Responses
- HTTP 200 - the visitor is already a member
API VERSION |
CONTENT |
V1 |
No Content |
V2 |
Content: { phone: string, //optional passport: string, //optional national_id: string, //optional email: string, //optional birthDate: string, //optional - MMDDYYYY fullname: string, //optional gender: string //optional - M/F } |
V3 |
Headers: X-FN-Role: string //optional X-FN-Ad: number //optional X-FN-Survey: number //optional Content: { phone: string, //optional passport: string, //optional national_id: string, //optional email: string, //optional birthDate: string, //optional - MMDDYYYY fullname: string, //optional gender: string //optional - M/F } |
Starting from v2, API requires the phone or passport field in response when legal logging is enabled and they are not included in the request.
Example Request:
curl -X GET 'http://example.com/api/IsMember?phone=15410000000&custom_attr=202 |
Example Response:
200
{
phone: "+15410000000",
fullname: "John Doe"
}
Content-Type: application/json;charset=UTF-8
X-FN-Role: role-123234
X-Timestamp: 1501570580
X-Auth: f7cd126b700c2626b71dfd65ba6acc7e51f340c7872e7af5a0af249d80271c15
200 OK - the request was successful (some API calls may return 201 instead).
SERVER RESPONSES
- 201 Created - the request was successful and a resource was created.
- 204 No Content - the request was successful but there is no representation to return (i.e. the response is empty).
- 400 Bad Request - the request could not be understood or was missing the required parameters.
- 401 Unauthorized - authentication failed or the user doesn't have permissions for the requested operation.
- 403 Forbidden - access denied.
- 404 Not Found - member was not found.
- 405 Method Not Allowed - requested method is not supported for the resource.
Comments
0 comments
Article is closed for comments.