Outils pour utilisateurs

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
Prochaine révision		Révision précédente
en:guide_du_developpeur_service [2025/08/04 18:34] – [1.2 Headers for Your Upcoming Requests] adminen:guide_du_developpeur_service [2025/11/04 11:19] (Version actuelle) – [9.1 Retrieving the Report via API] admin
Ligne 1: Ligne 1:
-~~NOTOC~~ +[[:guide_du_developpeur_service|Français]] | [[:en:guide_du_developpeur_service|English]]
-[[:fr:guide_du_developpeur_service|Français]] | [[:en:guide_du_developpeur_service|English]]+
 ---- ----
 ====== Developer Guide – ID360 Service ====== ====== Developer Guide – ID360 Service ======
Ligne 23: Ligne 22:
   - **API Login**: This call provides a token valid for 15 minutes, which grants access to the various API methods.   - **API Login**: This call provides a token valid for 15 minutes, which grants access to the various API methods.
   - **Creating a user enrollment**: When creating a user enrollment, you will receive an enrollment ID and an API key (api_key), which will be essential for the rest of the process.   - **Creating a user enrollment**: When creating a user enrollment, you will receive an enrollment ID and an API key (api_key), which will be essential for the rest of the process.
-  - **Route selection**: The api_key obtained in the previous step allows you to retrieve the identifier of the “route” to be executed. In your use case, there will be only one route available – the customizable online path by Docaposte.+  - **Route selection**: The api_key obtained in the previous step allows you to retrieve the identifier of the “route” to be executed. In your use case, there will be only one route available – the customizable online process by Docaposte.
   - **Acceptance of Terms & Conditions**: This method allows you to update the fields `accept_cgu` and `accept_biometry` within the enrollment.   - **Acceptance of Terms & Conditions**: This method allows you to update the fields `accept_cgu` and `accept_biometry` within the enrollment.
   - **Data comparison (optional)**: It is also possible to compare expected data with information extracted from the identity document.   - **Data comparison (optional)**: It is also possible to compare expected data with information extracted from the identity document.
Ligne 30: Ligne 29:
   - **Finalizing the enrollment**: Finalizes the user enrollment.   - **Finalizing the enrollment**: Finalizes the user enrollment.
   - **Retrieving the report**: You can retrieve the user enrollment report using the enrollment ID obtained in step two. The report includes the status of the enrollment, technical information, and details of the verification steps.   - **Retrieving the report**: You can retrieve the user enrollment report using the enrollment ID obtained in step two. The report includes the status of the enrollment, technical information, and details of the verification steps.
 +  - **Retrieving the idClaim (optional)**: Only in the case of advanced electronic signature, returns an ASIC-E.
  
 ---- ----
Ligne 37: Ligne 37:
 If you haven't done so yet, we recommend starting with the first section of this guide: **Getting Started with ID360** If you haven't done so yet, we recommend starting with the first section of this guide: **Getting Started with ID360**
  
-===== 1.2 Headers for Your Upcoming Requests =====+====== 1. API Login ======
  
-{{:headers.png|Example of headers}}+==== 1.1 API Login: Authentication ====
  
-The key header to include in your API requests is:+[[https://preprod.id360docaposte.com/static/swagger.html#/user/login|See method in Swagger]]
  
-**''Authorization''** → must contain: +---- 
-  * the **''Token''** prefix+ 
 + 
 +=== 🔧 Requête CURL – Production === 
 +<code javascript> 
 +curl -X POST "https://id360docaposte.com/api/1.0.0/user/login/"
 +  -H "accept: application/json"
 +  -d '{ "username": "string", "password": "string", "token": "string" }' 
 +</code> 
 + 
 +=== 🔧 Requête CURL – Préproduction === 
 +<code javascript> 
 +curl -X POST "https://preprod.id360docaposte.com/api/1.0.0/user/login/"
 +  -H "accept: application/json"
 +  -d '{ "username": "string", "password": "string", "token": "string" }' 
 +</code> 
 +---- 
 + 
 +=== 📥 Required Parameters === 
 + 
 +^ Parameter  ^ Required ^ Details ^ 
 +| ''username''  | Yes      | Login identifier | 
 +| ''password''  | Yes      | Password | 
 +| ''token''     | No (except for admin) | Unnecessary for `application` accounts. Required only for `admin` accounts with two-factor authentication | 
 + 
 +---- 
 + 
 +=== 📤 Expected Result (example) === 
 + 
 +**HTTP Status**: `200 OK` 
 + 
 +**Response Body**: 
 +<code javascript> 
 +
 +  "token": "0123456789abcdef01234567" 
 +
 +</code> 
 + 
 +---- 
 + 
 +=== 💬 Notes === 
 + 
 +  * This call **must be made by your server**, **never** from the user’s browser. 
 +  * The **token is valid for 15 minutes**. This duration **resets on each API call** using the token. 
 +  * If you use an expired token or no token, you’ll get a `401 Unauthorized` error. 
 +  * As long as the token is valid, **do not call `/login/` again**. 
 +  * Use the token in the header of future calls:''Authorization: Token 0123456789abcdef01234567'' 
 +  * The token is made up of 25 characters (fixed length). 
 + 
 +---- 
 + 
 + 
 +==== 1.2 Headers for your API Requests ==== 
 + 
 +{{:headers.png|Headers example}} 
 + 
 +Essential header for your API calls: 
 + 
 +**`Authorization`** → must contain: 
 +  * the prefix **`Token`**
   * a space   * a space
-  * the **token value** obtained during the API login+  * the **token value** from the login call
  
 **Example**: **Example**:
Ligne 57: Ligne 115:
 === Testing via Swagger === === Testing via Swagger ===
  
-To test the API calls in Swagger: +To test calls in Swagger: 
-  - Click on the **''Try it out''** button (top right) +  - Click **"Try it out"** (top right) 
-  - Enter the token using the format: Token 0123456789abcdef01234567 +  - Enter the token in this format: `Token 0123456789abcdef01234567` 
-  - Then click on **''Authorize''**+  - Then click **"Authorize"**
  
-You will then be authenticated to perform API calls directly from Swagger.+You will then be authenticated to run API calls directly from Swagger.
  
 ---- ----
  
-====1.3 ⚠️ Token Lifetime and Renewal – MUST BE IMPLEMENTED ⚠️ =====+==== ⚠️ 1.3 Token lifespan and refresh – MUST BE IMPLEMENTED ⚠️ ====
  
-**The authentication token is valid for 15 minutes.**   +The **login token is valid for 15 minutes**, and its lifespan is **reset with every call using the token** (*except `logIn` itself*).
-This duration is **reset with every API call that uses the token** (*except for the ''logIn'' method*).+
  
-If you're not authenticated or your token has expired, you will receive a **401 Unauthorized** error for any request that requires authentication.+If you are not connected or the token is expired, you will receive a **401 Unauthorized** for any operation requiring authentication.
  
 ---- ----
  
-=== 🔁 Extending the Token Lifetime === +=== 🔁 Extending Token Validity ===
- +
-To extend your token's validity, you can call the following method **every 13 minutes**:+
  
-**''/api/1.0.0/user/whoami''**+To extend token lifespan, you may call this method **every 13 minutes**: 
 +**`/api/1.0.0/user/whoami`**
  
 This method: This method:
   * Requires **no parameters**   * Requires **no parameters**
-  * Requires an **Authorization header** in the following format:+  * Requires an **Authorization header**:
  
 <code> <code>
Ligne 93: Ligne 149:
 === ✅ Validity Check === === ✅ Validity Check ===
  
-  * If this method returns **200 status code**, your token is still valid. +  * If the method returns **200 OK**, your token is still valid. 
-  * Otherwise, you will need to generate a **new token** using the **''logIn''** method.+  * Otherwise, generate a **new token** via the `logInmethod.
  
 **ℹ️ Reminder: integrate this call automatically into your process to avoid repeatedly calling the logIn method, as this may be interpreted by ID360 as abnormal or aggressive behavior.** **ℹ️ Reminder: integrate this call automatically into your process to avoid repeatedly calling the logIn method, as this may be interpreted by ID360 as abnormal or aggressive behavior.**
Ligne 166: Ligne 222:
 === 📝 Field Details === === 📝 Field Details ===
  
-  * **''browser_callback_url''**: required – URL triggered by the user's browser at the end of the journey (used for redirection only).+  * **''browser_callback_url''**: required – URL triggered by the user's browser at the end of the process (used for redirection only).
   * **''client_reference''**: optional – Allows you to associate an internal ID from your system. Useful for reconciliation in case of cancellation or failure.   * **''client_reference''**: optional – Allows you to associate an internal ID from your system. Useful for reconciliation in case of cancellation or failure.
   * **''callback_endpoints''**: required – A callback endpoint allows ID360 to automatically notify your system when an enrollment reaches a certain status (e.g., failure, cancellation, completion), via an HTTP POST request sent to the provided URL. Headers are optional and can be used for identification when receiving callbacks.   * **''callback_endpoints''**: required – A callback endpoint allows ID360 to automatically notify your system when an enrollment reaches a certain status (e.g., failure, cancellation, completion), via an HTTP POST request sent to the provided URL. Headers are optional and can be used for identification when receiving callbacks.
Ligne 219: Ligne 275:
   * Identification through Docaposte’s Customizable Online Process.   * Identification through Docaposte’s Customizable Online Process.
  
-In our specific journey, only the Docaposte Customizable Online Process has been selected, offering a single authentication channel.+In our specific process, only the Docaposte Customizable Online Process has been selected, offering a single authentication channel.
  
 This guide outlines the steps to retrieve the route identifier and select it within this process. This guide outlines the steps to retrieve the route identifier and select it within this process.
Ligne 270: Ligne 326:
 === 💬 Comment === === 💬 Comment ===
  
-  * The **route identifier** to be used for the next step in the journey is found in the `id` field.+  * The **route identifier** to be used for the next step in the process is found in the `id` field.
  
 ===== 3.2 Route Selection ===== ===== 3.2 Route Selection =====
Ligne 449: Ligne 505:
   * **`total_pages`**: indicates the **total number of pages** to be uploaded for the document (e.g., `2` for a front/back ID).   * **`total_pages`**: indicates the **total number of pages** to be uploaded for the document (e.g., `2` for a front/back ID).
   * **`uploaded_page`**: index (starting at `0`) of the page currently being uploaded.   * **`uploaded_page`**: index (starting at `0`) of the page currently being uploaded.
 +  * **Allowed formats**: jpg, jpeg, png, pdf, heic
 +  * **Maximum size** per document: 9.5 MB
  
 ---- ----
Ligne 499: Ligne 557:
   * **`total_pages`**: must be `1` for a selfie.   * **`total_pages`**: must be `1` for a selfie.
   * **`uploaded_page=0`**: remains at `0` since there is only one page.   * **`uploaded_page=0`**: remains at `0` since there is only one page.
 +  * **Allowed formats**: jpg, jpeg, png, pdf, heic
 +  * **Maximum size** per document: 9.5 MB
  
 ---- ----
Ligne 510: Ligne 570:
 === 💬 Notes === === 💬 Notes ===
  
-  * Uploading a selfie is **optional**, but required for journeys involving biometric verification.+  * Uploading a selfie is **optional**, but required for processes involving biometric verification.
   * Make sure the parameter `accepted_biometry=true` was set during the acceptance of Terms & Conditions if a selfie is submitted.   * Make sure the parameter `accepted_biometry=true` was set during the acceptance of Terms & Conditions if a selfie is submitted.
  
Ligne 596: Ligne 656:
  
 **HTTP Status**: ''200 OK''   **HTTP Status**: ''200 OK''  
 +
 **Response format**: JSON **Response format**: JSON
  
Ligne 676: Ligne 737:
 See the dedicated method:   See the dedicated method:  
 [[https://preprod.id360docaposte.com/static/swagger.html#/enrollment/enrollment_proof_slip|Download the PDF report]] [[https://preprod.id360docaposte.com/static/swagger.html#/enrollment/enrollment_proof_slip|Download the PDF report]]
 +
 +====== 10. Retrieving the idClaim ======
 +
 +[[https://preprod.id360docaposte.com/static/swagger.html#/enrollment/enrollment_idclaim|See the method in Swagger]]
 +
 +----
 +
 +=== 🔧 CURL Request – Production ===
 +<code javascript>
 +curl -X GET \
 +  "https://id360docaposte.com/api/1.0.0/enrollment/{id}/idclaim" \
 +  -H "accept: application/json" \
 +  -H "Authorization: Token 0123456789abcdef01234567"
 +</code>
 +
 +----
 +
 +=== 🔧 CURL Request – Preproduction ===
 +<code javascript>
 +curl -X GET \
 +  "https://preprod.id360docaposte.com/api/1.0.0/enrollment/{id}/idclaim" \
 +  -H "accept: application/json" \
 +  -H "Authorization: Token 0123456789abcdef01234567"
 +</code>
 +
 +----
 +
 +=== 🛠 Technical information ===
 +
 +  * **''{id}''** : user file identifier, retrieved when it is created.
 +  * **Parameters** : none expected in this request.
 +
 +----
 +
 +=== ✅ Expected result ===
 +
 +**HTTP Status** : ''200 OK''
 +
 +**Response format** : ASIC-E
 +
 +----
 +
 +=== 💬 Notes ===
 +
 +  * The connection token is **valid for 15 minutes**, renewed with each call made using this token.
 +  * If the token is expired or missing, you will receive a **401 Unauthorized** error.
 +  * As long as your token remains valid, **you must not reuse the ''login'' method**.
 +  * The token must be used in the header of subsequent calls as follows:
 +
 +<code>
 +Authorization: Token token_returned_by_login
 +</code>
  
  

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also, you acknowledge that you have read and understand our Privacy Policy. If you do not agree, please leave the website.

Plus d’informations