Authentication

Some of the API requests (especially the ones that are read-only GET requests) do not require any authenication. The other ones, that modify data into the database, require broker authentication via API key. Additionally, owner tokens are issued to facilitate multiple actor roles upon object creation.

API keys

API key is username to use with Basic Authenication scheme.

Owner tokens

Getting token

The token is issued when object is created in the database:

POST /api/0.1/assets?opt_pretty=1 HTTP/1.0
Authorization: Basic YnJva2VyOg==
Content-Length: 1516
Content-Type: application/json
Host: lb.api-sandbox.registry.ea.openprocurement.net

{
  "data": {
    "assetType": "basic",
    "classification": {
      "scheme": "CAV",
      "id": "39513200-3",
      "description": "Земельні ділянки"
    },
    "title": "Земля для космодрому",
    "value": {
      "currency": "UAH",
      "amount": 100
    },
    "unit": {
      "code": "39513200-3",
      "name": "item"
    },
    "address": {
      "countryName": "Україна",
      "postalCode": "79000",
      "region": "м. Київ",
      "streetAddress": "вул. Банкова 1",
      "locality": "м. Київ"
    },
    "assetCustodian": {
      "contactPoint": {
        "name": "Державне управління справами",
        "telephone": "0440000000"
      },
      "identifier": {
        "scheme": "UA-EDR",
        "id": "00037256",
        "uri": "http://www.dus.gov.ua/"
      },
      "name": "Державне управління справами",
      "address": {
        "countryName": "Україна",
        "postalCode": "01220",
        "region": "м. Київ",
        "streetAddress": "вул. Банкова, 11, корпус 1",
        "locality": "м. Київ"
      }
    },
    "quantity": 5
  }
}


201 Created
Content-Type: application/json
Location: http://lb.api-sandbox.registry.ea.openprocurement.net/api/0.1/assets/546aba419d944de29c4160d0a1cbf6ea
X-Content-Type-Options: nosniff

{
  "access": {
    "token": "20c787519afb4e18ad0c35bbed34cded"
  },
  "data": {
    "status": "draft",
    "assetType": "basic",
    "classification": {
      "scheme": "CAV",
      "description": "Земельні ділянки",
      "id": "39513200-3"
    },
    "title": "Земля для космодрому",
    "assetID": "UA-2017-08-16-000001",
    "value": {
      "currency": "UAH",
      "amount": 100.0,
      "valueAddedTaxIncluded": true
    },
    "dateModified": "2017-08-16T18:05:56.036043+03:00",
    "owner": "broker",
    "assetCustodian": {
      "contactPoint": {
        "name": "Державне управління справами",
        "telephone": "0440000000"
      },
      "identifier": {
        "scheme": "UA-EDR",
        "id": "00037256",
        "uri": "http://www.dus.gov.ua/"
      },
      "name": "Державне управління справами",
      "address": {
        "postalCode": "01220",
        "countryName": "Україна",
        "streetAddress": "вул. Банкова, 11, корпус 1",
        "region": "м. Київ",
        "locality": "м. Київ"
      }
    },
    "address": {
      "postalCode": "79000",
      "countryName": "Україна",
      "streetAddress": "вул. Банкова 1",
      "region": "м. Київ",
      "locality": "м. Київ"
    },
    "date": "2017-08-16T18:05:56.034096+03:00",
    "id": "546aba419d944de29c4160d0a1cbf6ea",
    "unit": {
      "code": "39513200-3",
      "name": "item"
    },
    "quantity": 5
  }
}

You can see the access with token in response. Its value can be used to modify objects further under “Owner role”.

Using token

You can pass access token in the following ways:

  1. acc_token URL query string parameter
  2. X-Access-Token HTTP request header
  3. access.token in the body of POST/PUT/PATCH request

See the example of the action with token passed as URL query string:

PATCH /api/0.1/assets/f7d85ded1544424d82a3473f9467f80f?acc_token=1803ee39a2164a3dacd9aee5e581aa7d HTTP/1.0
Authorization: Basic YnJva2VyOg==
Content-Length: 347
Content-Type: application/json
Host: lb.api-sandbox.registry.ea.openprocurement.net

{
  "data": {
    "description": "Земельні ділянки із великими покладами благородних металів"
  }
}


200 OK
Content-Type: application/json
X-Content-Type-Options: nosniff

{
  "data": {
    "status": "pending",
    "assetType": "basic",
    "description": "Земельні ділянки із великими покладами благородних металів",
    "classification": {
      "scheme": "CAV",
      "description": "Земельні ділянки",
      "id": "39513200-3"
    },
    "title": "Земля для космодрому",
    "assetID": "UA-2017-08-16-000001",
    "value": {
      "currency": "UAH",
      "amount": 100.0,
      "valueAddedTaxIncluded": true
    },
    "dateModified": "2017-08-16T18:36:14.133838+03:00",
    "owner": "broker",
    "assetCustodian": {
      "contactPoint": {
        "name": "Державне управління справами",
        "telephone": "0440000000"
      },
      "identifier": {
        "scheme": "UA-EDR",
        "id": "00037256",
        "uri": "http://www.dus.gov.ua/"
      },
      "name": "Державне управління справами",
      "address": {
        "postalCode": "01220",
        "countryName": "Україна",
        "streetAddress": "вул. Банкова, 11, корпус 1",
        "region": "м. Київ",
        "locality": "м. Київ"
      }
    },
    "address": {
      "postalCode": "79000",
      "countryName": "Україна",
      "streetAddress": "вул. Банкова 1",
      "region": "м. Київ",
      "locality": "м. Київ"
    },
    "date": "2017-08-16T18:36:13.882146+03:00",
    "id": "f7d85ded1544424d82a3473f9467f80f",
    "unit": {
      "code": "39513200-3",
      "name": "item"
    },
    "quantity": 5
  }
}