Distribution Channels API Reference

See the API reference

Note about permissions when migrating to distribution channels API V2

In Distribution Channels V1 API you get permissions through the Distribution Channel API. This is no longer supported as the single source of truth for permissions is now the Permission Store. See below for an explanation of how to do this.

How to to authorize access by permission-client or distribution channel

There are two ways to solve this. The preferable way is to use permission-client as following:
  1. Add package dependency permissionClient
  2. Configure permission-client and subscribe to permission "Salgskanal" as shown in documentation for permission-client
  permission:
    permissionCache:
      - {...}
    businessCapabilities:
      - {...}
    responsibilityTypes:
      - Salgskanal.Id, Salgskanal, LES
  1. Authorize endpoint with either PreAuthorize/PostAuthorize or two methods from permission-client
    1. Secure your endpoint with @PreAuthorize(hasPermission(#distributionChannelId, 'Salgskanal#Id', 'LES')
    2. Secure your endpoint with 2 methods from permission-client "checkResponsibilitySetPermission(Object principal, String operationAndType, String objectKey, Access access)" or "getResponsibilitySet(Object principal, String operationAndType, Access access)"

This implementation will now allow users or clients which has permission "salgskanal" and with token orgId listed in organisationAgreements for given distributionChannelId to access this distribution channel data object.

Permission-client setup ref: https://bitbucket.org/enturas/permission-client/src/master/

The alternative way, which is almost as similar to distribution V1 is to add requestQuery "includeOrganisationAgreements" as shown in the next line.

GET /distribution-channels/{id}?includeOrganisationAgreements=true

This implementation will now fetch agreements from permission-store by given distributionChannelId and add it as a field in request body. This should not be used as a permanent solution since it limits our implementation of authorization and neither is it used as intended.

Note: It will not work for GET /distribution-channels since it is an expensive operation to permission-store.

How to see if users or clients have access to certain distributionChannelId via entur-partner

To see if your user's or client's organisation has an agreement to a given distributionChannel, please navigate to Distribution Channels in Entur Partner https://entur-partner.dev.entur.org To see if your user or client has permission "salgskanal", please navigate to Permission Admin in Entur Partner https://entur-partner.dev.entur.org

Note: The owner of distribution channels has implicit access to its own Distribution Channels. For now these at least these will not show up in the returned list of Agreements and for technical reasons Entur gets automatically access to Distribution Channels that have type set to "onBoard".

Headers

It is required that all consumers identify themselves by using the header ET-Client-Name.

Request header:

ET-Client-Name: your-client-id

The structure of ET-Client-Name should be: "company-application".

Examples:

"brakar-journeyplanner" "fosen_utvikling-infoplakat" "nor_way_bussekspress-reiseplanlegger"

Request example:

curl -X GET -H "ET-Client-Name: your_company-your_application" -H "Authorization: Bearer ..." https://api.entur.io/distribution/...

This header is used to identify where the request is coming from and is a required header parameter that should be supplied with each request.