Open APIs

 View Only
  • 1.  Order Notification Pattern

    Posted Mar 19, 2019 05:55
    In my API I am trying to use Notification pattern for sending back the status of order. Scenario is like, When a Client create a order request, We receive the request and create a order id and return the order id to the client. Then Client Must Register a Listener using POST /api/hub with following request

    {
    "callback":"https://clientEndpoint.com",
    "query":"OrderID:12345"
    }

    Then in our API we will persist these details to DB and whenever a status change is there then we can retrieve the call back url info and send the notification to the client.

    I am having following questions:
    1)Is the above mentioned one is correct use case of Notification Pattern?
    2)If client is having some security added to the endpoint like basic authentication or Outh2.0(Client credentials) then how we should get those details? 
    Can we use query fields to get the authentication types and password? like 
    {
    "callback":"https://clientEndpoint.com",
    "query":"OrderID:12345,basicauth:12233442, clientcredentials : somekey"
    }

    Regards,
    Ishaque


    ------------------------------
    MOHD Ishaque
    Infosys Ltd.
    ------------------------------


  • 2.  RE: Order Notification Pattern

    Posted Jun 24, 2020 07:53
    Did you get any answer to the question ? 
    We are also trying to  register a listener using /api/hub  and trying to see how to accepts the credentials?
    {
    "callback":"https://clientEndpoint.com",
    "query":"eventType =  <EventType Here >"           --------> we are using eventType in the query but we are trying to find out where to provide  credentials? 
    }

    I see the following in your question:
    {
    "callback":"https://clientEndpoint.com",
    "query":"OrderID:12345,basicauth:12233442, clientcredentials : somekey"      ---------->  is it a way to go? 
    }


    thanks in advance,
    Bala


    ------------------------------
    Bala Maturi
    TO BE VERIFIED
    ------------------------------



  • 3.  RE: Order Notification Pattern

    TM Forum Member
    Posted Jun 24, 2020 21:01
    Hi @MOHD Ishaque,

    1) The notification pattern looks OK to me. 
    2) Regarding the API security, the access management of REST API should be a Gateway function rather than being part of API itself. Getting these credentials can be part of API Onboarding (may be automated or manual).

    ------------------------------
    Abdul Majid Hussain
    Telstra Corporation
    ------------------------------