-
Jorge Moratinos authoredJorge Moratinos authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
README.md 4.95 KiB
Common Operations
Register new user
In order to use OpenCAPIF we must add a new user. This new user can onboard/register any Invokers or Providers.
That new user must be created by administrator of Register Service and with the credentials shared by administrator, the new user can get the access_token by requesting it to Register service.
The steps to register a new user at Register Service are:
Admin create User
- Login as Admin to get access_token:
- Send POST to https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/login
- Include basic Auth Header with Admin credentials
- Get access_token and refresh_token from response
- Create User:
- Send POST to https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/createUser
- Include Admin access_token in Authorization Bearer Header
- Body user_registration_body
User Retrieve access token and other information
- Retrieve access_token by User:
- Send GET to https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth
- Include basic Auth Header with User credentials
- Retrieve access_token and the urls needed for next requests from response body user_getauth_response_body_example
Onboard an Invoker
Steps to perform operation
Preconditions: The administrator must have previously registered the User.
- Create public and private key at invoker
- Retrieve access_token by User:
* Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth**
* Include basic Auth Header with Admin user/password
* Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example]- Onboard Invoker:
* Send **POST** to **https://{CAPIF_HOSTNAME}/api-invoker-management/v1/onboardedInvokers**
* Reference Request Body: [invoker onboarding body]
* "onboardingInformation"->"apiInvokerPublicKey": must contain public key generated by Invoker.
* Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})Checks to ensure onboarding
-
Response to Get Auth:
- 200 OK
- access_token returned.
-
Response to Onboard request must accomplish:
- 201 Created
- Response Body must follow APIInvokerEnrolmentDetails data structure with:
- apiInvokerId
- onboardingInformation->apiInvokerCertificate must contain the public key signed.
- Response Header Location must be received with URI to new resource created, following this structure: {apiRoot}/api-invoker-management/{apiVersion}/onboardedInvokers/{onboardingId}
Example Flow
Register a Provider
Steps to Perform operation
- Create public and private key at provider for provider itself and each function (apf, aef and amf)
- Retrieve access_token by User:
* Send **GET** to **https://${CAPIF_REGISTER}:${CAPIF_REGISTER_PORT}/getauth**
* Include basic Auth Header with Admin user/password
* Retrieve **access_token** and the urls needed for next requests from response body [user_getauth_response_body_example]-
Register Provider:
- Send POST https://{CAPIF_HOSTNAME}/api-provider-management/v1/registrations
- body provider request body
- Send in Authorization Header the Bearer access_token obtained previously (Authorization:Bearer ${access_token})
- Store each cert in a file with according name.
Checks to ensure provider registration
-
Response to Register:
- 201 Created
-
Response to Get Auth:
- 200 OK
- access_token returned.
-
Register Provider at Provider Management:
- 201 Created response.
- body returned must accomplish APIProviderEnrolmentDetails data structure.
- For each apiProvFuncs, we must check:
- apiProvFuncId is set
- apiProvCert under regInfo is set properly
- Location Header must contain the new resource URL {apiRoot}/api-provider-management/v1/registrations/{registrationId}
Example Flow