POST /api/apis/versions/{APIVersionID}/viewers

Invites a group to have visibility of an API version, with visibility limited to one or more specified scopes.

Currently, the user interfaces offers a two-step process to invite a private viewer with scope:

  1. First, invite a private viewer (group), without scope specification, using the POST /api/apis/versions/{APIVersionID}/viewers/{ViewerID} operation.
  2. Then, modify the scope for the group, using the: PUT /api/apis/versions/{APIVersionID}/viewers/{ViewerID} operation.

You can accomplish both the above steps in one using this operation.

Authorization Roles/Permissions: Must have permission to modify the API; an API Admin or Business Admin.

Authorization token renewal: This operation changes information that is reflected in the authorization token; therefore, when invoking this operation, you must also renew the token.

Metadata indexing: When this operation is run successfully, the platform metadata is automatically reindexed. Since the API documentation might include a metadata.xml file that directs visibility, the index must be updated when the API documentation resources are updated, to ensure the correct API documentation visibility settings are implemented.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/apis/versions/{APIVersionID}/viewers

Back to top

Sample Request

The example below invites a specific group to have visibility of an API version, limited to a single specified scope.

Request URL

https://{hostname}/api/apis/versions/9e3846ee-bbbf-4982-82ca-5a2411ec619b.acmepaymentscorp/viewers

Sample request headers

Accept: application/json
X-Csrf-Token_{tenant}: {TokenID}

Sample request body

{
  "ResourceID":"9e3846ee-bbbf-4982-82ca-5a2411ec619b.acmepaymentscorp",
  "ViewerID":"53d6c4cc-4e3a-42e2-a7d6-d12707f613d4.acmepaymentscorp",
  "ViewerType":"group",
  "RestrictedScope":"true",
  "LicenseID":[
    "759aa82d-aeb7-4fa0-8dd1-e62d7f38e858.acmepaymentscorp"
  ]
}

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept

application/json, application/xml

application/vnd.soa.v71+json, application/vnd.soa.v71+xml

application/vnd.soa.v72+json, application/vnd.soa.v72+xml

application/vnd.soa.v80+json, application/vnd.soa.v80+xml

application/vnd.soa.v81+json, application/vnd.soa.v81+xml

Content-Type

Any one of the following media types is valid for the request Content-Type:

application/json or application/xml

application/vnd.soa.v71+json or application/vnd.soa.v71+xml

application/vnd.soa.v72+json or application/vnd.soa.v72+xml

application/vnd.soa.v80+json or application/vnd.soa.v80+xml

application/vnd.soa.v81+json or application/vnd.soa.v81+xml

X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
APIVersionID Path string Required The unique ID for a specific API version.
visibilityScope Body VisibilityContract Required Contains information about a visibility contract between a resource and a viewer.

Back to top

Response

If successful, this operation returns HTTP status code 200, with information about the group's visibility of the API version.

Back to top

Sample Response

The sample response below shows successful completion of this operation. The specified group has been granted visibility of the API version, limited to one specified scope.

Sample response headers: application/json

Status Code: 200 OK
Atmo-Renew-Token: renew
Content-Type: application/json
Expires: Mon, 23 Jun 2014 10:43:27 GMT

Sample response body: application/json

{
  "ResourceID" : "9e3846ee-bbbf-4982-82ca-5a2411ec619b.acmepaymentscorp",
  "ResourceType" : "apiversion",
  "ViewerID" : "53d6c4cc-4e3a-42e2-a7d6-d12707f613d4.acmepaymentscorp",
  "ViewerType" : "group",
  "RestrictedScope" : true,
  "License" : [ {
    "LicenseID" : "759aa82d-aeb7-4fa0-8dd1-e62d7f38e858.acmepaymentscorp",
    "Name" : "Bronze",
    "Description" : "Read-only access at no charge. Both environments, public, approval required.",
    "Visibility" : "Public",
    "SandboxAccessAutoApproved" : false,
    "ProductionAccessAutoApproved" : false,
    "LicenseParts" : {
      "LicensePart" : [ {
        "Name" : "060718d2-03f0-4bc5-bc3d-67218bed0ad9",
        "ResourceID" : [ "2f8604c3-8ffe-4f0e-b3ea-2c4e3fbd3138.acmepaymentscorp" ]
      } ]
    },
    "BusinessID" : "tenantbusiness.acmepaymentscorp"
  } ]
}

Back to top

Sample response headers: application/xml

Accept: application/xml

Sample response body: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<VisibilityContractDetails xmlns="http://soa.com/xsd/resource/1.0" xmlns:ns2="http://soa.com/xsd/business/1.0" xmlns:ns3="http://soa.com/xsd/legals/1.0" 
xmlns:ns4="http://soa.com/xsd/dnmodel/1.0" xmlns:ns5="http://soa.com/xsd/user/1.0">
  <ResourceID>9e3846ee-bbbf-4982-82ca-5a2411ec619b.acmepaymentscorp</ResourceID>
  <ResourceType>apiversion</ResourceType>
  <ViewerID>53d6c4cc-4e3a-42e2-a7d6-d12707f613d4.acmepaymentscorp</ViewerID>
  <ViewerType>group</ViewerType>
  <RestrictedScope>true</RestrictedScope>
  <ns2:License>
    <ns2:LicenseID>759aa82d-aeb7-4fa0-8dd1-e62d7f38e858.acmepaymentscorp</ns2:LicenseID>
    <ns2:Name>Bronze</ns2:Name>
    <ns2:Description>Read-only access at no charge. Both environments, public, approval required.</ns2:Description>
    <ns2:Visibility>Public</ns2:Visibility>
    <ns2:SandboxAccessAutoApproved>false</ns2:SandboxAccessAutoApproved>
    <ns2:ProductionAccessAutoApproved>false</ns2:ProductionAccessAutoApproved>
    <ns2:LicenseParts>
      <ns2:LicensePart>
        <ns2:Name>060718d2-03f0-4bc5-bc3d-67218bed0ad9</ns2:Name>
        <ns2:ResourceID>2f8604c3-8ffe-4f0e-b3ea-2c4e3fbd3138.acmepaymentscorp</ns2:ResourceID>
      </ns2:LicensePart>
    </ns2:LicenseParts>
    <ns2:BusinessID>tenantbusiness.acmepaymentscorp</ns2:BusinessID>
  </ns2:License>
</VisibilityContractDetails>

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type

application/json, application/xml

application/vnd.soa.v71+json, application/vnd.soa.v71+xml

application/vnd.soa.v72+json, application/vnd.soa.v72+xml

application/vnd.soa.v80+json, application/vnd.soa.v80+xml

application/vnd.soa.v81+json, application/vnd.soa.v81+xml

Atmo-Renew-Token renew

Back to top

Response Body

Name Type Description
VisibilityContractDetails VisibilityContractDetails Contains information about a viewer's visibility of a specific resource.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header.
404 The resource could not be found. For example, you might get this if you had a typo in a request parameter.
405 Method Not Allowed. For example, you might get this if you specified an invalid Accept header or omitted a required Content-Type header.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics