POST /api/apps

Adds a new app, which includes the first app version. Legacy operation: as of version 8.4.11, this operation is replaced by POST /api/apps (extended functionality, different headers). Use the newer operation.

Note: When you add a new app or a new app version, if the platform includes APIs that are set to automatically create contracts, a contract is automatically created with your new app/app version.

Authorization Roles/Permissions: Must be logged in. User

Workflow: There is no default workflow for new apps. However, a custom workflow might be in place. There is only one initial action valid for Akana API Platform workflows relating to apps, the @Create initial action. For more information on workflow, see Executing Workflow Actions.

Authorization token renewal: This operation changes information that is reflected in the authorization token; therefore, when invoking this operation, you must also renew the token.

This topic includes the following sections:

HTTP Method

POST

Back to top

URL

https://{hostname}/api/apps

Back to top

Sample Request

The example below adds a crossword puzzle app.

Sample request URL

https://{hostname}/api/apps

Sample request headers

POST /api/apps HTTP/1.1
Host: {hostname}
Accept: */*
Content-Type: application/json; charset=UTF-8
X-Csrf-Token_acmepaymentscorp":"TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body #1

In this example, the App ID and shared secret values are not included since the platform settings do not allow the user to specify these values. the App ID is assigned automatically when the app is added to the database.

{
  "Name":"Crosfhocal",
  "Summary":"Crossword puzzle app",
  "Description":"Crossword puzzle app for Android phones and iPhones",
  "ApplicationVersion":{
    "Name":"1.0",
    "Description":"Initial version",
    "Tag":[
      "puzzle",
      "language",
      "learning",
      "iPhone",
      "Android"
    ],
    "Visibility":"Public",
    "Identity":"",
    "SharedSecret":"",
    "WebsiteAddress":"http://www.acmepaymentscorp.com/crosfhocal"
  },
  "PictureID":""
}

Sample request body #2

In this example, the platform settings allow the user to specify App ID (a user-defined unique identity value for the app; not the same as the platform's App ID) and Shared Secret, so those two fields are included in the request object. The settings are controlled by the Site Admin. In the UI: Administration > Settings > Apps > User-Defined Identity. In the API: PUT /api/businesses/{BusinessID}/appsettings operation.

{
  "Name":"Crosfhocal",
  "Summary":"Crossword puzzle app",
  "Description":"Crossword puzzle app",
  "ApplicationVersion":{
    "Name":"1.0",
    "Description":"Initial version",
    "Tag":[
      "puzzle",
      "language",
      "learning"
    ],
    "InitialEnvironment":"Sandbox",
    "Visibility":"Public",
    "WebsiteAddress":"http://www.acmepaymentscorp.com/crosfhocal",
    "Identity":"myappversionid",
    "SharedSecret":"1234567890123456789012345678901234567890"
  }
}

Sample request body #3

Adds an app in the context of a specific business organization on the platform.

{
  "Name":"Billing App 2",
  "Summary":"Crossword puzzle app",
  "Description":"Billing App 2",
  "ApplicationVersion":{
    "Name":"v1",
    "Description":"v1",
    "Tag":[

    ],
    "Visibility":"Public",
    "Identity":"",
    "SharedSecret":"",
    "WebsiteAddress":""
  },
  "PictureID":"",
  "BusinessID":"8c7d0ba1-b73f-41ee-9144-b5a90173382d.acmepaymentscorp"
}

Back to top

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept Any Accept header value that supports a response Content-Type of text/plain is valid; for example, */*.
Content-Type

Any one of the following media types is valid for the request Content-Type:

application/json, application/vnd.soa.v71+json, application/vnd.soa.v72+json, application/vnd.soa.v80+json, application/vnd.soa.v81+json

X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Back to top

Request Parameters

Parameter Parm Type Data Type Required Description
Application Body Application Required Information about the app, and initial app version, being added.

Back to top

Response

If successful, this operation returns HTTP status code 200, with the AppID of the new app.

Back to top

Sample Response

The sample response below shows the AppID in plain text.

Sample response headers

HTTP/1.1 200 OK
Content-Type: text/plain
Expires: Fri, 25 Sep 2015 09:18:59 GMT
Atmo-Renew-Token: renew

Sample response body

7b9f3d33-f6df-4255-a729-d42320bee5f9.acmepaymentscorp

Back to top

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type text/plain
Atmo-Renew-Token renew

Back to top

Response Body

Name Type Description
AppID string The unique ID for a specific app.

Back to top

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
404 The resource could not be found. For example, you might get this if you include invalid POST content, or have an invalid media type for your Accept header.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.

Back to top

Related Topics