The Service Provider Backend APIs allow you to manage custom data for your users.
The Service Provider Backend APIs are served over HTTPS, and provided as endpoints under:
where <host-name> has the following value depending on the environment:
Authentication is performed using an OAuth2 Access Token in the Authorization request header field.
Authorization header value should have the following form, where the tokens are replaced according to the descriptions below:
|Access token associated with the request. If not present, the access token will be taken from the |
|Base-64 encoded HMAC-SHA256 on the access token associated with the request, where the HMAC is calculated using the service provider client secret as the key (see the Java code sample below).|
This sample Java code generates the <authvalue> and constructs the Authorization header value:
The following types of errors will be returned in case of failure.
For an API call specifying an invalid access token or one that does not belong to the authenticating client ID, the response will be an HTTP 403 Forbidden response:
Applicative failure cases will be reported as as an HTTP 200 OK response, with an
application/json header and a JSON body with the following structure:
|A symbolic error code.|
Each API may indicate other failure responses. All APIs may also return a 500 error in case of an internal server error.