POST /api/contracts

Requests a new contract between a specific version of an app and a specific version of an API. Also used to revise a contract.

Revising an existing, active contract creates a new contract. However, there can only be one original contract and one revised contract. An attempt to create a second revision will fail.

Authorization Roles/Permissions: Must be logged in. App team member

Workflow: When a completely new contract is created (the first contract between a specific app version and a specific API version in a specific environment), the @Create initial action is used to start the workflow for the new contract. When a contract is revised, a new contract is created that is a revision of the existing contract, and the existing contract remains in place. In this scenario, the @Revise initial action is used to start the workflow for the revised contract. When there is a revised contract in place, any subsequent requests to create a contract for the app/API/environment combination will fail, since only one revised contract is allowed at one time.

This topic includes the following sections:

HTTP Method

POST

URL

https://{hostname}/api/contracts

Sample Request

The examples below show several requests for a new API contract, under different conditions.

Sample Request URL

https://{hostname}/api/contracts

Sample request headers

POST /api/contracts HTTP/1.1
Accept: application/json
Content-Type: application/json
AtmoAuthToken_acmepaymentscorp=TokenID%3Dcd36a4bd-e600-4e99-961a-c4ca0cfc93cd%2Cclaimed_id%3Durn%3Aatmosphere%3Auser%3Aacmepaymentscorp%3A14b1902f-3dfc-43e3-b09a-81137f091b96%2CissueTime%3D1614802132363%2CexpirationTime%3D1614803992357%2C...
X-Csrf-Token_acmepaymentscorp: TokenID%3D8ed70a13-8469-11e8-b37a-b155e4eabeb8%2CexpirationTime%3D153...

Sample request body #1

API doesn't use licenses and no quota policy is defined. Request is for access to the Sandbox implementation.

{
  "APIVersionID":"38fcd5ae-08ae-4161-9fd3-65288dffb92e.acmepaymentscorp",
  "RuntimeID":"k2zGu3E93UPvYp0AtwVhHMzY8LVRc4L9pPMikmpX.acmepaymentscorp",
  "Environment":"Sandbox",
  "Policies":{
    "Policy":[
    ]
  },
  "ContractScope":{
    "Restricted":false
  }
}

Sample request body #2

API doesn't use licenses but app developer wants a quota policy. Request is for access to the Live implementation.

{
  "APIVersionID":"b49ef94a-3a4b-4cc4-b894-ef067d9a0de9.acmepaymentscorp",
  "RuntimeID":"7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp",
  "Environment":"Production",
  "Policies":{
    "Policy":[
      {
        "PolicyKey":"urn:uuid:a28e7b76-499c-11e4-bfe5-b1a96aa04935"
      }
    ]
  },
  "ContractScope":{
    "Restricted":false
  }
}

Sample request body #3

API uses licenses and app developer wants unrestricted access. Request is for access to the Live implementation.

{
  "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp",
  "Environment":"Production",
  "Policies":{
    "Policy":[
    ]
  },
  "ContractScope":{
    "Restricted":false
  }
}

Sample request body #4

API uses licenses and app requests access with one license. Request is for access to the Sandbox implementation.

{
  "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID":"7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp",
  "Environment":"Sandbox",
  "Policies":{
    "Policy":[
    ]
  },
  "ContractScope":{
    "Restricted":true,
    "LicenseID":[
      "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp"
    ]
  }
}

Sample request body #5

API uses licenses and app developer requests access with all licenses. Request is for access to the Live implementation.

{
  "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp",
  "Environment":"Production",
  "Policies":{
    "Policy":[
    ]
  },
  "ContractScope":{
    "Restricted":true,
    "LicenseID":[
      "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp",
      "e18cd5b6-93a6-4f30-b089-5ea374d2818d.acmepaymentscorp",
      "104d523d-5d49-4bc3-b523-7de6725fcaae.acmepaymentscorp"
    ]
  }
}

Request Headers

For general information on request header values, refer to HTTP Request Headers.

Header Description
Accept application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml
Content-Type

Any one of the following media types is valid for the request Content-Type:

application/json or application/xml

application/vnd.soa.v71+json or application/vnd.soa.v71+xml

application/vnd.soa.v72+json or application/vnd.soa.v72+xml

application/vnd.soa.v80+json or application/vnd.soa.v80+xml

application/vnd.soa.v81+json or application/vnd.soa.v81+xml

Cookie AtmoAuthToken_{fedmemberid}={cookie value, which usually starts with TokenID}—The platform cookie. This is the Akana API Platform authorization token, and must be sent with every API request that requires login. For more information and an example, see Session cookies.
X-Csrf-Token_{fedmemberID} The CSRF prevention header; may or may not be required, depending on platform settings. See CSRF Prevention on the Platform. By default, the CSRF header is not required for GET operations and is required for all others, with a few exceptions relating to user login.

Request Parameters

Parameter Parm Type Data Type Required Description
Contract Body Contract Required

Includes the APIVersionID and RuntimeID for the app version requesting the contract.

In this scenario, the RuntimeID is the unique ID defined by the user for the app version, if applicable.

Response

If successful, this operation returns HTTP status code 200, with information about the contract.

Sample Response

The sample response below returns the expanded Contract object with additional values of ContractID, Environment, and State.

Sample response headers

HTTP/1.1 200 OK
Date: Tue, 02 Mar 2021 21:58:57 GMT
Content-Type: application/json

Sample response body: response to sample request #1

API doesn't use licenses and no quota policy is defined. Request is for access to the Sandbox implementation.

{
  "ContractID": "e2b171f2-1896-4e9f-8b1c-66fbf8faca3d.acmepaymentscorp",
  "APIVersionID":"38fcd5ae-08ae-4161-9fd3-65288dffb92e.acmepaymentscorp",
  "RuntimeID":"k2zGu3E93UPvYp0AtwVhHMzY8LVRc4L9pPMikmpX.acmepaymentscorp",
  "Environment": "Sandbox",
  "State": "apicontract.status.approved",
  "ContractScope": {
    "Restricted": false
  },
  "Updated": "2021-03-02T21:58:58Z",
  "UpdatedInMillis": 1614722338000,
  "Status": "com.soa.apicontract.draft"
}

Sample response body: response to sample request #2

API doesn't use licenses but app developer wants a quota policy. Request is for access to the Live implementation.

{
  "ContractID" : "77824aa2-b370-4348-aa4f-0be60d1b710c.acmepaymentscorp",
  "APIVersionID" : "b49ef94a-3a4b-4cc4-b894-ef067d9a0de9.acmepaymentscorp",
  "RuntimeID" : "7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp",
  "Environment" : "Production",
  "State" : "apicontract.status.pending_approval",
  "ContractScope" : {
    "Restricted" : false
  },
  "Updated" : "2014-10-01T19:59:35Z",
  "UpdatedInMillis" : 1412193575000,
  "Status" : "com.soa.apicontract.draft"
}

Sample response body: response to sample request #3

API uses licenses and app developer wants unrestricted access. Request is for access to the Live implementation.

{
  "ContractID" : "fa11ed81-ccde-4104-9d3a-109aa880fdde.acmepaymentscorp",
  "APIVersionID" : "3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID" : "2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp",
  "Environment" : "Production",
  "State" : "apicontract.status.pending_approval",
  "ContractScope" : {
    "Restricted" : false
  },
  "Updated" : "2014-10-01T20:02:48Z",
  "UpdatedInMillis" : 1412193768000,
  "Status" : "com.soa.apicontract.draft"
}

Sample response body: response to sample request #4

API uses licenses and app requests access with one license. Request is for access to the Sandbox implementation.

{
  "ContractID" : "9d38e862-6f34-4681-98b4-c826813e4d5c.acmepaymentscorp",
  "APIVersionID" : "3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID" : "7J0w4Dy2BGN2QPUi6sFGlR6w.acmepaymentscorp",
  "Environment" : "Sandbox",
  "State" : "apicontract.status.activated",
  "ContractScope" : {
    "Restricted" : true,
    "LicenseID" : [ "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp" ]
  },
  "Updated" : "2014-10-01T20:05:03Z",
  "UpdatedInMillis" : 1412193903000,
  "Status" : "com.soa.apicontract.draft"
}

Sample response body: response to sample request #5

API uses licenses and app developer requests access with all licenses. Request is for access to the Live implementation.

{
  "ContractID":"a57f7275-c812-410b-ab70-941c93d8f793.acmepaymentscorp",
  "APIVersionID":"3e07d360-c6b1-4872-90cc-305fc581c2f9.acmepaymentscorp",
  "RuntimeID":"2mWn90b8Y4C2vL7qCxDW8f38.acmepaymentscorp",
  "Environment":"Production",
  "State":"apicontract.status.pending_approval",
  "ContractScope":{
    "Restricted":true,
    "LicenseID":[
      "15d5d812-81e1-4d26-9597-e595b81b102f.acmepaymentscorp",
      "e18cd5b6-93a6-4f30-b089-5ea374d2818d.acmepaymentscorp",
      "104d523d-5d49-4bc3-b523-7de6725fcaae.acmepaymentscorp"
    ]
  },
  "Updated":"2014-10-01T20:11:40Z",
  "UpdatedInMillis":1412194300000,
  "Status":"com.soa.apicontract.draft"
}

Response Headers

For general information on response header values, refer to HTTP Response Headers.

Header Description
Content-Type application/json, application/xml, application/vnd.soa.v71+json, application/vnd.soa.v71+xml, application/vnd.soa.v72+json, application/vnd.soa.v72+xml, application/vnd.soa.v80+json, application/vnd.soa.v80+xml, application/vnd.soa.v81+json, application/vnd.soa.v81+xml

Response Body

Name Type Description
Contract Contract

Includes the following values for the contract:

  • ContractID
  • APIVersionID
  • RuntimeID (App Identity if defined)
  • Environment
  • State

Error Codes/Messages

If the call is unsuccessful an error code/message is returned. One or more examples of possible errors for this operation are shown below.

Item Value
401 Unauthorized. For example, you would get this response if you didn't include the custom X-Csrf-Token_{fedmemberID} header in the request, when it was required by the platform settings; or if you included an invalid or expired value for this header. You would also get this response for any operation that requires login (almost all) if the login cookie was missing.
405 Method Not Allowed. You might get this if there is an error in the URL, or if you used the wrong HTTP verb. You would also get this if you provided incorrect values in the body of the request message.
500 An error occurred processing the call.

More information about Akana API Platform API error messages.