POST /api/apis/versions/{APIVersionID}/viewers

Invites a group to have visibility of an API version, and also specifies visibility permissions—one or more specific licenses, or unlimited visibility.

Currently, the user interface offers a two-step process to invite a group to have visibility of an API, and then limit the licenses available to the group:

  1. First, invite a private viewer (group), without specifying licenses, using the POST /api/apis/versions/{APIVersionID}/viewers/{ViewerID} operation.

    Corresponds to API > Visibility > Groups > Invite Group in the user interface.

  2. Then, modify the visibility of the group to view one or more licenses or all licenses, using the PUT /api/apis/versions/{APIVersionID}/viewers/{ViewerID} operation.

    Corresponds to API > Visibility > Groups > choose group > Edit Licenses in the user interface.

You can accomplish both the above steps in one action using this operation.

Authorization Roles/Permissions: Must be logged in. Must have permission to modify the API; an API Admin or Business Admin.

Authorization token renewal: This operation changes information that is reflected in the authorization token; therefore, when invoking this operation, you must also renew the token.

Metadata indexing: When this operation is run successfully, the platform metadata is automatically reindexed. Since the API documentation might include a metadata.xml file that directs visibility, the index must be updated when the API documentation resources are updated, to ensure the correct API documentation visibility settings are implemented.

This topic includes the following sections:

HTTP Method

POST

URL

https://{hostname}/api/apis/versions/{APIVersionID}/viewers

Sample Request

The example below invites a specific group to have visibility of an API version, limited to a single license.

Sample Request URL

https://{hostname}/api/apis/versions/74ae5862-de41-4779-818e-a40b7bed0c68.rcoaless/viewers

Sample request headers

Accept: application/json
Content-Type: application/json
AtmoAuthToken_rcoaless=TokenID%3D1edb9803-f56d-4a5a-b705-44acb77bd3e6%2Cclaimed_id%3Durn%3Aa...
X-Csrf-Token_rcoaless: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body

{
  "ResourceID":"74ae5862-de41-4779-818e-a40b7bed0c68.rcoaless",
  "ViewerID":"cd519032-b0a3-47f8-9fb6-987e0d85432c.rcoaless",
  "ViewerType":"group",
  "RestrictedScope":"true",
  "LicenseID":[
    "08f2f183-d3d7-48b9-bd1d-8f5301eaf8ae.rcoaless"
  ]
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Content-Type

Any one of the following media types is valid for the request Content-Type:

application/json or application/xml

application/vnd.soa.v71+json or application/vnd.soa.v71+xml

application/vnd.soa.v72+json or application/vnd.soa.v72+xml

application/vnd.soa.v80+json or application/vnd.soa.v80+xml

application/vnd.soa.v81+json or application/vnd.soa.v81+xml

Cookie AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter Parm Type Data Type Required Description
APIVersionID Path string Required The unique ID for a specific API version.
VisibilityContract Body VisibilityContract Required Contains information about a visibility contract between a resource and a viewer. It includes the API version, the group that has visibility, and the visibility permissions—one or more specific licenses, or unlimited visibility.

Response

If successful, this operation returns HTTP status code 200, with information about the group's visibility of the API version.

Sample Response

The sample response below shows successful completion of this operation. The specified group has been granted visibility of the API version, limited to one specified license.

Sample response headers: application/json

Status Code: 200 OK
Atmo-Renew-Token: renew
Content-Type: application/json
Date: Wed, 12 May 2021 18:26:58 GMT
Set-Cookie: AtmoAuthToken_rcoaless=TokenID%3D54276169-8903-4a6d-90d3-8e42878138ad...

Sample response body: application/json

{
  "ResourceID":"74ae5862-de41-4779-818e-a40b7bed0c68.rcoaless",
  "ResourceType":"apiversion",
  "ViewerID":"cd519032-b0a3-47f8-9fb6-987e0d85432c.rcoaless",
  "ViewerType":"group",
  "RestrictedScope":true,
  "License":[
    {
      "LicenseID":"08f2f183-d3d7-48b9-bd1d-8f5301eaf8ae.rcoaless",
      "Name":"Bronze",
      "Description":"Bronze",
      "Visibility":"Public",
      "SandboxAccessAutoApproved":true,
      "ProductionAccessAutoApproved":false,
      "LicenseParts":{
        "LicensePart":[
          {
            "Name":"5d8c46e5-b981-44cd-883a-a11790181651",
            "ResourceID":[
              "42b97e0a-322a-43c1-b335-969d6ec6ed39.rcoaless"
            ]
          }
        ]
      },
      "BusinessID":"tenantbusiness.rcoaless"
    }
  ]
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Atmo-Renew-Token renew

Response Body

Name Type Description
VisibilityContractDetails VisibilityContractDetails Contains information about a group's visibility of a specific resource.

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
404 The resource could not be found. For example, you might get this if you had a typo in a request parameter.
405 Method Not Allowed. You might get this if there is an error in the URL, or if you used the wrong HTTP verb.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.