search
All SpecificationsGovStack Website

8 Service APIs

This section provides a reference for APIs that should be implemented by this Building Block.

The GovStack non-functional requirements documentarrow-up-right provides additional information on how 'adaptors' may be used to translate an existing API to the patterns described here. This section also provides guidance on how candidate products are tested and how GovStack validates a product's API against the API specifications defined here.

The tests for the Information Mediator Building Block can be found in this GitHub repositoryarrow-up-right.

The majority of functions provided by the Information Mediator Building Block are either defined in the “service access flow” or configured by the administrator via the web User Interface. There is, however, a “Directory Service” which can provide listings of clients, methods, and available API specifications for services on the Information Mediator. The directory is managed by admins of members. The directory service centralizes and offers knowledge of all enrolled members and their services along with the information necessary to bind a third-party application as a consumer of that service. These services are described here:

and changes to the API definitions can be made by submitting a pull request on this repository. Additional APIs may be implemented by the Building Block, but the listed APIs define a minimal set of functionality that should be provided by any implementation of this Building Block.

The services can be accessed via the following Service APIs:

hashtag
8.1 Service Access

The full API definition of all available services is the set of all available OpenAPI descriptions.

One can take any of the available OpenAPI descriptions and call service according to that description.

This call must be forwarded to IM local Security Server and path part of the called URL must begin with the address of service in the form /r1/{instanceId}/{memberClass}/{member}/{application}/{service}/ followed by the service path with possible query parameters. The address of the service may be already listed in the OpenAPI description or must be added to the path if not provided by OpenAPI.

hashtag
8.2 Directory Services

hashtag
8.2.1 Member Discovery

At development time, to see which organizations are available on GovStack, an administrator of application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/listClients

The response is an array of organizations with descriptions. API MAY implement paging of output.

hashtag
List clients defined in the instance

get

Clients of the security server have the capability to obtain a list of potential service providers within a GovStack instance, including both members and applications. To do so, they should initiate an HTTP GET request to the security server. The specific request URL will be either http://SECURITYSERVER/listClients or https://SECURITYSERVER/listClients, depending on whether HTTPS protocol usage is enabled for interaction.

When submitting this request, the placeholder SECURITYSERVER must be replased with the actual address of the security server. One can also retrieve a list of clients from other federated GovStack instances by adding an additional HTTP parameter:

instanceId - a code of the instance.

For instance, if you wish to fetch the list of clients associated with the instance labeled as ABC, your request URL should take the form of http://SECURITYSERVER/listClients?instanceId=ABC.

Query parameters
instanceIdstringOptional
Responses
chevron-right
200

List of Clients of GovStack

application/json
get
/listClients

hashtag
8.2.2 Service Discovery

At development time, an administrator at application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/INDIA/GOV/MEMBER/APPLICATION/{listMethods || allowedMethods}

The response is an array of services (either all services or services that the requester is authorized to access via “allowedMethods”). API MAY implement paging of output.

hashtag
List REST services and endpoints for a service provider

get

This function provides a list of all REST services and service endpoints offered by a service provider.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceIdstringOptional
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

List of REST services and endpoints for a service provider

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/listMethods

hashtag
List of allowed REST services and endpoints for a service provider

get

This function provides a list of REST services and service endpoints offered by a service provider that the caller has permission to invoke.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceIdstringOptional
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

List of allowed REST services and endpoints for a service provider

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/allowedMethods

At development time, to learn about an available service, an administrator at application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/INDIA/GOV/MEMBER/APPLICATION/getOpenApi?serviceCode=SERVICE

The response is an OpenAPI specification, detailing the endpoints and requirements for that service/API of the requested Service of Application.

hashtag
Returns OpenAPI service description for a REST service

get

This metaservice is designed to retrieve service descriptions for REST services. It provides the OpenAPI service description for a specific REST service. To use this service, the query parameters should include serviceCode=xxx, where xxx corresponds to the service code of the particular REST service for which you desire to obtain the service description.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

OpenAPI description of the specified REST service

Responsestring
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/getOpenAPI

hashtag
8.3 Pub/Sub Service

To broadcast a message to a Room, the service access API must be followed and the service requested must be the service implementing event type.

hashtag
8.3.1 Subscriber API

hashtag
list my subscriptions

get

Return list of my subscriptions in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

List of my subscriptions

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs

hashtag
add subscription

post

Subscribe caller to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
Responses
chevron-right
200

Subscription created

No content
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

hashtag
get subscription details

get

Return details of subscription to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

Subscription details

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}

hashtag
update subscription details

patch

Update details of subscription to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
Responses
patch
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

hashtag
cancel subscription

delete

Unsubscribe

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

hashtag
8.3.2 PULL delivery mode API

hashtag
get next unacknowledged event

get

Return next unacknowledged event of type defined by {eventType} and located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

Event

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pull/v1/{eventType}

hashtag
confirm event

delete

Acknowledge receiving of event from the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id

Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pull/v1/{eventType}/{eventId}
No content

hashtag
8.3.3 Publisher API

hashtag
publish event

post

Publish event in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
eventTypestringRequiredExample: newBirth
eventobjectRequiredExample: {"dateTime":"2023-05-01T11:25:00+02:00","gender":"M","mother":"Jane Doe","place":"City Hospital","details":{"weight":3200,"length":49,"eyesColor":"brown"}}
Responses
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}

hashtag
get published event status

get

Return event status info. Event is located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id of event

Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

Event status

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}/{eventId}

hashtag
delete event publication

delete

Stop processing of the event. Event is located in the room {applicationId}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id of event

Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}/{eventId}
No content

hashtag
8.3.4 Event Type API

hashtag
create event type

post

Create new event type in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
eventTypestringRequiredExample: newBirth
schemaobjectRequiredExample: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "properties": { "dateTime": { "type": "string", "format": "date-time" }, "gender": { "type": "string", "enum": ["M", "F"] }, "mother": { "type": "string" }, "place": { "type": "string" }, "id": { "type": "integer" }, "details": { "type": "object", "properties": { "weight": { "type": "number" }, "length": { "type": "number" }, "eyesColor": { "type": "string" } }, "required": ["weight", "length", "eyesColor"] } }, "required": ["dateTime", "gender", "mother", "place"] }
Responses
chevron-right
200

Event type created

No content
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType
No content

hashtag
get list of event types

get

Return list of event types located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

Event type list

application/json
Responsestring[]
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType

hashtag
get event type details

get

Return event type description. Event type is located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
chevron-right
200

Event type details

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType/{eventType}

hashtag
delete event type

delete

Delete event type in the room {applicationId}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType/{eventType}
No content

hashtag
8.4 Logging Services

To get info from system log, an administrator may send a request to the logging API.

hashtag
8.5 Monitoring Services

At the debugging time, to learn about system performance or retrieve an audit log, an administrator may send a request to the reporting API.

The response is <audit trail>, <metrics>, etc.

hashtag
8.6 Management API

hashtag
8.6.1 Configuration Management

hashtag
List IM configuration

get

Configuration description of IM is returned in form of file

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants read access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Responses
chevron-right
200

List of IM configuration

application/json
get
/api/v1/config

hashtag
Initialize IM instance

post

Create new instance of IM

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants write access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Query parameters
initbooleanOptional

Creates Central Servers if init=true

Default: false
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
post
/api/v1/config

hashtag
Update IM configuration

patch

Update IM configuration. Not described parts are not changed

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants write access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
patch
/api/v1/config

hashtag
Replace IM configuration

put

Replace IM configuration. Not described parts are deleted

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants permission to create IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
put
/api/v1/config

hashtag
Check status

get

Is IM configured. up and running?

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants read access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Responses
chevron-right
200

IM is OK

No content
get
/api/v1/status
No content

hashtag
8.6.2 Management of Access Rights

hashtag
Retrieve configured access permissions (allow list)

get

This API takes provided filters from query parameters and returns a subset of access policies configured on the IM building block, based on the filters.

The result is paged, with page size based on the number of service and allowed application pairs. For example, when pageSize = 10 and the IM BB defines three services: A, B and C, each of which has 8 clients, the result will be split over 3 pages: Page 1: Service A, with all of its 8 allowed applications, Service B with 2 allowed applications. Page 2: Service B, with 6 allowed applications left over, Service C with 4 applications. Page 3: Service C, with 4 applications.

Implementations can define additional query parameters for result display (such as ordering) and how next page tokens are implemented. It is expected that the next page token is not readable by API users and will be provided verbatim when querying the next page of results.

chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants permission to see what services are allowed
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Query parameters
memberClassstringOptional

Filter by member class

memberCodestringOptional

Filter by member code

applicationIdstringOptional

Filter by application ID

serviceIdstringOptional

Filter by service ID

pageSizenumberOptional

Number of access rights returned on one page

Default: 100
nextPageTokenstringOptional

Handle for the next page, if the result spans multiple pages. If not specified, there are no more results.

Responses
chevron-right
200

OK

application/json
get
/api/v1/rights/allow

hashtag
Allow access to services

patch
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants permission to allow/deny IM services
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Bodyobject[]
memberClassstringRequired

Kind of organisation. Namespace for organisation {code}

Example: GOV
memberCodestringRequired

Registration number (or identifier) of the organisation in {memberClass} namespace

Example: 7001
applicationIdstringRequired

Name of application

Example: CitizensRegistry
serviceIdstringRequired

Name of service/API

Example: registration
Responses
chevron-right
200

OK

No content
patch
/api/v1/rights/allow
No content

hashtag
Deny access to services

patch
chevron-right
lockRequired scopes
This endpoint requires the following scopes:
  • : Grants permission to allow/deny IM services
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Bodyobject[]
memberClassstringRequired

Kind of organisation. Namespace for organisation {code}

Example: GOV
memberCodestringRequired

Registration number (or identifier) of the organisation in {memberClass} namespace

Example: 7001
applicationIdstringRequired

Name of application

Example: CitizensRegistry
serviceIdstringRequired

Name of service/API

Example: registration
Responses
chevron-right
200

OK

No content
patch
/api/v1/rights/deny
No content

Was this helpful?