Ctrlk
All SpecificationsGovStack Website
For the complete documentation index, see llms.txt. This page is also available as Markdown.

8 Service APIs

This section provides a reference for APIs that should be implemented by this Building Block.

The GovStack non-functional requirements document provides additional information on how 'adaptors' may be used to translate an existing API to the patterns described here. This section also provides guidance on how candidate products are tested and how GovStack validates a product's API against the API specifications defined here.

The tests for the Information Mediator Building Block can be found in this GitHub repository.

The majority of functions provided by the Information Mediator Building Block are either defined in the “service access flow” or configured by the administrator via the web User Interface. There is, however, a “Directory Service” which can provide listings of clients, methods, and available API specifications for services on the Information Mediator. The directory is managed by admins of members. The directory service centralizes and offers knowledge of all enrolled members and their services along with the information necessary to bind a third-party application as a consumer of that service. These services are described here:

and changes to the API definitions can be made by submitting a pull request on this repository. Additional APIs may be implemented by the Building Block, but the listed APIs define a minimal set of functionality that should be provided by any implementation of this Building Block.

The services can be accessed via the following Service APIs:

8.1 Service Access

The full API definition of all available services is the set of all available OpenAPI descriptions.

One can take any of the available OpenAPI descriptions and call service according to that description.

This call must be forwarded to IM local Security Server and path part of the called URL must begin with the address of service in the form /r1/{instanceId}/{memberClass}/{member}/{application}/{service}/ followed by the service path with possible query parameters. The address of the service may be already listed in the OpenAPI description or must be added to the path if not provided by OpenAPI.

8.2 Directory Services

8.2.1 Member Discovery

At development time, to see which organizations are available on GovStack, an administrator of application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/listClients

The response is an array of organizations with descriptions. API MAY implement paging of output.

List clients defined in the instance

get

Clients of the security server have the capability to obtain a list of potential service providers within a GovStack instance, including both members and applications. To do so, they should initiate an HTTP GET request to the security server. The specific request URL will be either http://SECURITYSERVER/listClients or https://SECURITYSERVER/listClients, depending on whether HTTPS protocol usage is enabled for interaction.

When submitting this request, the placeholder SECURITYSERVER must be replased with the actual address of the security server. One can also retrieve a list of clients from other federated GovStack instances by adding an additional HTTP parameter:

instanceId - a code of the instance.

For instance, if you wish to fetch the list of clients associated with the instance labeled as ABC, your request URL should take the form of http://SECURITYSERVER/listClients?instanceId=ABC.

Query parameters
instanceIdstringOptional
Responses
200

List of Clients of GovStack

application/json
get
/listClients

8.2.2 Service Discovery

At development time, an administrator at application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/INDIA/GOV/MEMBER/APPLICATION/{listMethods || allowedMethods}

The response is an array of services (either all services or services that the requester is authorized to access via “allowedMethods”). API MAY implement paging of output.

List REST services and endpoints for a service provider

get

This function provides a list of all REST services and service endpoints offered by a service provider.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceIdstringOptional
Header parameters
X-GovStack-ClientstringRequired
Responses
200

List of REST services and endpoints for a service provider

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/listMethods

List of allowed REST services and endpoints for a service provider

get

This function provides a list of REST services and service endpoints offered by a service provider that the caller has permission to invoke.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceIdstringOptional
Header parameters
X-GovStack-ClientstringRequired
Responses
200

List of allowed REST services and endpoints for a service provider

application/json
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/allowedMethods

At development time, to learn about an available service, an administrator at application A sends a GET request to the security server: url-of-local-information-mediator-security-server/r1/INDIA/GOV/MEMBER/APPLICATION/getOpenApi?serviceCode=SERVICE

The response is an OpenAPI specification, detailing the endpoints and requirements for that service/API of the requested Service of Application.

Returns OpenAPI service description for a REST service

get

This metaservice is designed to retrieve service descriptions for REST services. It provides the OpenAPI service description for a specific REST service. To use this service, the query parameters should include serviceCode=xxx, where xxx corresponds to the service code of the particular REST service for which you desire to obtain the service description.

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Query parameters
serviceCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

OpenAPI description of the specified REST service

stringOptional
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/getOpenAPI

8.3 Pub/Sub Service

To broadcast a message to a Room, the service access API must be followed and the service requested must be the service implementing event type.

8.3.1 Subscriber API

list my subscriptions

get

Return list of my subscriptions in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

List of my subscriptions

application/json
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs

add subscription

post

Subscribe caller to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
Responses
200

Subscription created

No content
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

get subscription details

get

Return details of subscription to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

Subscription details

application/json
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}

update subscription details

patch

Update details of subscription to {eventType} in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
idstring · uuidOptional
eventTypestringRequiredExample: newBirth
deliverystring · enumOptionalDefault: PUSHPossible values:
Responses
patch
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

cancel subscription

delete

Unsubscribe

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/subs/{eventType}
No content

8.3.2 PULL delivery mode API

get next unacknowledged event

get

Return next unacknowledged event of type defined by {eventType} and located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

Event

application/json
idstring · uuidRequired
sequenceintegerOptionalExample: 42
eventTypestringOptionalExample: newBirth
eventobjectOptionalExample: {"dateTime":"2023-05-01T11:25:00+02:00","gender":"M","mother":"Jane Doe","place":"City Hospital","details":{"weight":3200,"length":49,"eyesColor":"brown"}}
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pull/v1/{eventType}

confirm event

delete

Acknowledge receiving of event from the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id

Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pull/v1/{eventType}/{eventId}
No content

8.3.3 Publisher API

publish event

post

Publish event in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
eventTypestringRequiredExample: newBirth
eventobjectRequiredExample: {"dateTime":"2023-05-01T11:25:00+02:00","gender":"M","mother":"Jane Doe","place":"City Hospital","details":{"weight":3200,"length":49,"eyesColor":"brown"}}
Responses
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}

get published event status

get

Return event status info. Event is located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id of event

Header parameters
X-GovStack-ClientstringRequired
Responses
200

Event status

application/json
idstring · uuidRequired
sequenceintegerOptionalExample: 42
eventTypestringOptionalExample: newBirth
eventobjectOptionalExample: {"dateTime":"2023-05-01T11:25:00+02:00","gender":"M","mother":"Jane Doe","place":"City Hospital","details":{"weight":3200,"length":49,"eyesColor":"brown"}}
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}/{eventId}

delete event publication

delete

Stop processing of the event. Event is located in the room {applicationId}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
eventIdstringRequired

event id of event

Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/pub/v1/{eventType}/{eventId}
No content

8.3.4 Event Type API

create event type

post

Create new event type in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Body
eventTypestringRequiredExample: newBirth
schemaobjectRequiredExample: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "properties": { "dateTime": { "type": "string", "format": "date-time" }, "gender": { "type": "string", "enum": ["M", "F"] }, "mother": { "type": "string" }, "place": { "type": "string" }, "id": { "type": "integer" }, "details": { "type": "object", "properties": { "weight": { "type": "number" }, "length": { "type": "number" }, "eyesColor": { "type": "string" } }, "required": ["weight", "length", "eyesColor"] } }, "required": ["dateTime", "gender", "mother", "place"] }
Responses
200

Event type created

No content
post
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType
No content

get list of event types

get

Return list of event types located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

Event type list

application/json
string[]Optional
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType

get event type details

get

Return event type description. Event type is located in the room {applicationCode}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
200

Event type details

application/json
eventTypestringRequiredExample: newBirth
schemaobjectRequiredExample: { "$schema": "http://json-schema.org/draft-07/schema#", "type": "object", "properties": { "dateTime": { "type": "string", "format": "date-time" }, "gender": { "type": "string", "enum": ["M", "F"] }, "mother": { "type": "string" }, "place": { "type": "string" }, "id": { "type": "integer" }, "details": { "type": "object", "properties": { "weight": { "type": "number" }, "length": { "type": "number" }, "eyesColor": { "type": "string" } }, "required": ["weight", "length", "eyesColor"] } }, "required": ["dateTime", "gender", "mother", "place"] }
get
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType/{eventType}

delete event type

delete

Delete event type in the room {applicationId}

Authorizations
mutualTLS

Certs are exchanged between parties and stored in configuration to have fixed one-to-one connection

Path parameters
instanceIdstringRequired
memberClassstringRequired
memberCodestringRequired
applicationCodestringRequired
eventTypestringRequired
Header parameters
X-GovStack-ClientstringRequired
Responses
delete
/r1/{instanceId}/{memberClass}/{memberCode}/{applicationCode}/api/v1/eventType/{eventType}
No content

8.4 Logging Services

To get info from system log, an administrator may send a request to the logging API.

8.5 Monitoring Services

At the debugging time, to learn about system performance or retrieve an audit log, an administrator may send a request to the reporting API.

The response is <audit trail>, <metrics>, etc.

8.6 Management API

8.6.1 Configuration Management

List IM configuration

get

Configuration description of IM is returned in form of file

Required scopes
This endpoint requires the following scopes:
  • : Grants read access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Responses
200

List of IM configuration

application/json
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
get
/api/v1/config

Initialize IM instance

post

Create new instance of IM

Required scopes
This endpoint requires the following scopes:
  • : Grants write access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Query parameters
initbooleanOptional

Creates Central Servers if init=true

Default: false
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
post
/api/v1/config

Update IM configuration

patch

Update IM configuration. Not described parts are not changed

Required scopes
This endpoint requires the following scopes:
  • : Grants write access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
patch
/api/v1/config

Replace IM configuration

put

Replace IM configuration. Not described parts are deleted

Required scopes
This endpoint requires the following scopes:
  • : Grants permission to create IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Body
domainstringRequired

Subdomain for GovStack instance to run in

Example: sample.sandbox.govstack.global
instancestringRequired

Name of GovStack instance

Example: nowhereland
Responses
put
/api/v1/config

Check status

get

Is IM configured. up and running?

Required scopes
This endpoint requires the following scopes:
  • : Grants read access to IM configuration
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Responses
200

IM is OK

No content
get
/api/v1/status
No content

8.6.2 Management of Access Rights

Retrieve configured access permissions (allow list)

get

This API takes provided filters from query parameters and returns a subset of access policies configured on the IM building block, based on the filters.

The result is paged, with page size based on the number of service and allowed application pairs. For example, when pageSize = 10 and the IM BB defines three services: A, B and C, each of which has 8 clients, the result will be split over 3 pages:

Page 1: Service A, with all of its 8 allowed applications, Service B with 2 allowed applications.
Page 2: Service B, with 6 allowed applications left over, Service C with 4 applications.
Page 3: Service C, with 4 applications.

Implementations can define additional query parameters for result display (such as ordering) and how next page tokens are implemented. It is expected that the next page token is not readable by API users and will be provided verbatim when querying the next page of results.

Required scopes
This endpoint requires the following scopes:
  • : Grants permission to see what services are allowed
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Query parameters
memberClassstringOptional

Filter by member class

memberCodestringOptional

Filter by member code

applicationIdstringOptional

Filter by application ID

serviceIdstringOptional

Filter by service ID

pageSizenumberOptional

Number of access rights returned on one page

Default: 100
nextPageTokenstringOptional

Handle for the next page, if the result spans multiple pages. If not specified, there are no more results.

Responses
200

OK

application/json
nextPageTokenstringOptional
get
/api/v1/rights/allow

Allow access to services

patch
Required scopes
This endpoint requires the following scopes:
  • : Grants permission to allow/deny IM services
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Bodyobject[]
memberClassstringRequired

Kind of organisation. Namespace for organisation {code}

Example: GOV
memberCodestringRequired

Registration number (or identifier) of the organisation in {memberClass} namespace

Example: 7001
applicationIdstringRequired

Name of application

Example: CitizensRegistry
serviceIdstringRequired

Name of service/API

Example: registration
Responses
200

OK

No content
patch
/api/v1/rights/allow
No content

Deny access to services

patch
Required scopes
This endpoint requires the following scopes:
  • : Grants permission to allow/deny IM services
Authorizations
OAuth2authorizationCodeRequired
Authorization URL: Token URL:
Bodyobject[]
memberClassstringRequired

Kind of organisation. Namespace for organisation {code}

Example: GOV
memberCodestringRequired

Registration number (or identifier) of the organisation in {memberClass} namespace

Example: 7001
applicationIdstringRequired

Name of application

Example: CitizensRegistry
serviceIdstringRequired

Name of service/API

Example: registration
Responses
200

OK

No content
patch
/api/v1/rights/deny
No content

Last updated

Was this helpful?