Différences

Ci-dessous, les différences entre deux révisions de la page.

--- en:guide_du_developpeur_service [2025/08/06 16:11] – admin
+++ en:guide_du_developpeur_service [2025/11/04 11:19] (Version actuelle) – [9.1 Retrieving the Report via API] admin
@@ Ligne 1: / Ligne 1: @@
-~~NOTOC~~
 [[:guide_du_developpeur_service|Français]] | [[:en:guide_du_developpeur_service|English]]
 ----
@@ Ligne 30: / Ligne 29: @@
   - **Finalizing the enrollment**: Finalizes the user enrollment.
   - **Retrieving the report**: You can retrieve the user enrollment report using the enrollment ID obtained in step two. The report includes the status of the enrollment, technical information, and details of the verification steps.
+  - **Retrieving the idClaim (optional)**: Only in the case of advanced electronic signature, returns an ASIC-E.
 ----
@@ Ligne 37: / Ligne 37: @@
 If you haven't done so yet, we recommend starting with the first section of this guide: **Getting Started with ID360**
-===== 1.2 Headers for Your Upcoming Requests =====
+====== 1. API Login ======
-{{:headers.png|Example of headers}}
+==== 1.1 API Login: Authentication ====
-The key header to include in your API requests is:
+[[https://preprod.id360docaposte.com/static/swagger.html#/user/login|See method in Swagger]]
-**''Authorization''** → must contain:
+----
-  * the **''Token''** prefix
+=== 🔧 Requête CURL – Production ===
+<code javascript>
+curl -X POST "https://id360docaposte.com/api/1.0.0/user/login/" \
+  -H "accept: application/json" \
+  -d '{ "username": "string", "password": "string", "token": "string" }'
+</code>
+=== 🔧 Requête CURL – Préproduction ===
+<code javascript>
+curl -X POST "https://preprod.id360docaposte.com/api/1.0.0/user/login/" \
+  -H "accept: application/json" \
+  -d '{ "username": "string", "password": "string", "token": "string" }'
+</code>
+----
+=== 📥 Required Parameters ===
+^ Parameter  ^ Required ^ Details ^
+| ''username''  | Yes      | Login identifier |
+| ''password''  | Yes      | Password |
+| ''token''     | No (except for admin) | Unnecessary for `application` accounts. Required only for `admin` accounts with two-factor authentication |
+----
+=== 📤 Expected Result (example) ===
+**HTTP Status**: `200 OK`
+**Response Body**:
+<code javascript>
+{
+  "token": "0123456789abcdef01234567"
+}
+</code>
+----
+=== 💬 Notes ===
+  * This call **must be made by your server**, **never** from the user’s browser.
+  * The **token is valid for 15 minutes**. This duration **resets on each API call** using the token.
+  * If you use an expired token or no token, you’ll get a `401 Unauthorized` error.
+  * As long as the token is valid, **do not call `/login/` again**.
+  * Use the token in the header of future calls:''Authorization: Token 0123456789abcdef01234567''
+  * The token is made up of 25 characters (fixed length).
+----
+==== 1.2 Headers for your API Requests ====
+{{:headers.png|Headers example}}
+Essential header for your API calls:
+**`Authorization`** → must contain:
+  * the prefix **`Token`**
   * a space
-  * the **token value** obtained during the API login
+  * the **token value** from the login call
 **Example**:
@@ Ligne 57: / Ligne 115: @@
 === Testing via Swagger ===
-To test the API calls in Swagger:
+To test calls in Swagger:
-  - Click on the **''Try it out''** button (top right)
+  - Click **"Try it out"** (top right)
-  - Enter the token using the format: Token 0123456789abcdef01234567
+  - Enter the token in this format: `Token 0123456789abcdef01234567`
-  - Then click on **''Authorize''**
+  - Then click **"Authorize"**
-You will then be authenticated to perform API calls directly from Swagger.
+You will then be authenticated to run API calls directly from Swagger.
 ----
-===== 1.3 ⚠️ Token Lifetime and Renewal – MUST BE IMPLEMENTED ⚠️ =====
+==== ⚠️ 1.3 Token lifespan and refresh – MUST BE IMPLEMENTED ⚠️ ====
-**The authentication token is valid for 15 minutes.**
+The **login token is valid for 15 minutes**, and its lifespan is **reset with every call using the token** (*except `logIn` itself*).
-This duration is **reset with every API call that uses the token** (*except for the ''logIn'' method*).
-If you're not authenticated or your token has expired, you will receive a **401 Unauthorized** error for any request that requires authentication.
+If you are not connected or the token is expired, you will receive a **401 Unauthorized** for any operation requiring authentication.
 ----
-=== 🔁 Extending the Token Lifetime ===
+=== 🔁 Extending Token Validity ===
-To extend your token's validity, you can call the following method **every 13 minutes**:
-**''/api/1.0.0/user/whoami''**
+To extend token lifespan, you may call this method **every 13 minutes**:
+**`/api/1.0.0/user/whoami`**
 This method:
   * Requires **no parameters**
-  * Requires an **Authorization header** in the following format:
+  * Requires an **Authorization header**:
 <code>
@@ Ligne 93: / Ligne 149: @@
 === ✅ Validity Check ===
-  * If this method returns a **200 status code**, your token is still valid.
+  * If the method returns **200 OK**, your token is still valid.
-  * Otherwise, you will need to generate a **new token** using the **''logIn''** method.
+  * Otherwise, generate a **new token** via the `logIn` method.
 **ℹ️ Reminder: integrate this call automatically into your process to avoid repeatedly calling the logIn method, as this may be interpreted by ID360 as abnormal or aggressive behavior.**
@@ Ligne 449: / Ligne 505: @@
   * **`total_pages`**: indicates the **total number of pages** to be uploaded for the document (e.g., `2` for a front/back ID).
   * **`uploaded_page`**: index (starting at `0`) of the page currently being uploaded.
+  * **Allowed formats**: jpg, jpeg, png, pdf, heic
+  * **Maximum size** per document: 9.5 MB
 ----
@@ Ligne 499: / Ligne 557: @@
   * **`total_pages`**: must be `1` for a selfie.
   * **`uploaded_page=0`**: remains at `0` since there is only one page.
+  * **Allowed formats**: jpg, jpeg, png, pdf, heic
+  * **Maximum size** per document: 9.5 MB
 ----
@@ Ligne 596: / Ligne 656: @@
 **HTTP Status**: ''200 OK''
 **Response format**: JSON
@@ Ligne 676: / Ligne 737: @@
 See the dedicated method:
 [[https://preprod.id360docaposte.com/static/swagger.html#/enrollment/enrollment_proof_slip|Download the PDF report]]
+====== 10. Retrieving the idClaim ======
+[[https://preprod.id360docaposte.com/static/swagger.html#/enrollment/enrollment_idclaim|See the method in Swagger]]
+----
+=== 🔧 CURL Request – Production ===
+<code javascript>
+curl -X GET \
+  "https://id360docaposte.com/api/1.0.0/enrollment/{id}/idclaim" \
+  -H "accept: application/json" \
+  -H "Authorization: Token 0123456789abcdef01234567"
+</code>
+----
+=== 🔧 CURL Request – Preproduction ===
+<code javascript>
+curl -X GET \
+  "https://preprod.id360docaposte.com/api/1.0.0/enrollment/{id}/idclaim" \
+  -H "accept: application/json" \
+  -H "Authorization: Token 0123456789abcdef01234567"
+</code>
+----
+=== 🛠 Technical information ===
+  * **''{id}''** : user file identifier, retrieved when it is created.
+  * **Parameters** : none expected in this request.
+----
+=== ✅ Expected result ===
+**HTTP Status** : ''200 OK''
+**Response format** : ASIC-E
+----
+=== 💬 Notes ===
+  * The connection token is **valid for 15 minutes**, renewed with each call made using this token.
+  * If the token is expired or missing, you will receive a **401 Unauthorized** error.
+  * As long as your token remains valid, **you must not reuse the ''login'' method**.
+  * The token must be used in the header of subsequent calls as follows:
+<code>
+Authorization: Token token_returned_by_login
+</code>