From 22dac4e642c2cfa76838be9af6e9fb1b8bdbc67d Mon Sep 17 00:00:00 2001 From: George J Padayatti Date: Fri, 22 Sep 2023 12:04:17 +0530 Subject: [PATCH] Upd: audit endpoints Signed-off-by: George J Padayatti --- openapi/v2023.8.2/bundled.yaml | 2977 +++++++++-------- openapi/v2023.8.2/definitions/DPIA.yaml | 14 + .../v2023.8.2/definitions/DataAgreement.yaml | 130 +- .../definitions/DataAgreementRecord.yaml | 59 +- .../v2023.8.2/definitions/DataController.yaml | 20 + openapi/v2023.8.2/definitions/DataPolicy.yaml | 63 + openapi/v2023.8.2/definitions/Individual.yaml | 64 +- openapi/v2023.8.2/definitions/Lifecycle.yaml | 18 + openapi/v2023.8.2/definitions/Log.yaml | 6 +- openapi/v2023.8.2/definitions/Pagination.yaml | 10 +- openapi/v2023.8.2/definitions/Purpose.yaml | 30 + openapi/v2023.8.2/definitions/Revision.yaml | 46 + openapi/v2023.8.2/definitions/Signature.yaml | 87 +- openapi/v2023.8.2/index.html | 2 + openapi/v2023.8.2/index.yaml | 35 +- .../paths/audit/get_consent_record.yaml | 27 + ...getAdminLogs.yaml => list_admin_logs.yaml} | 0 .../paths/audit/list_consent_records.yaml | 28 + .../getAllUsersConsentedToDataAgreement.yaml | 52 - .../getAllUsersConsentedToDataAttribute.yaml | 57 - 20 files changed, 1987 insertions(+), 1738 deletions(-) create mode 100644 openapi/v2023.8.2/definitions/DPIA.yaml create mode 100644 openapi/v2023.8.2/definitions/DataController.yaml create mode 100644 openapi/v2023.8.2/definitions/DataPolicy.yaml create mode 100644 openapi/v2023.8.2/definitions/Lifecycle.yaml create mode 100644 openapi/v2023.8.2/definitions/Purpose.yaml create mode 100644 openapi/v2023.8.2/definitions/Revision.yaml create mode 100644 openapi/v2023.8.2/paths/audit/get_consent_record.yaml rename openapi/v2023.8.2/paths/audit/{getAdminLogs.yaml => list_admin_logs.yaml} (100%) create mode 100644 openapi/v2023.8.2/paths/audit/list_consent_records.yaml delete mode 100644 openapi/v2023.8.2/paths/onboard/getAllUsersConsentedToDataAgreement.yaml delete mode 100644 openapi/v2023.8.2/paths/onboard/getAllUsersConsentedToDataAttribute.yaml diff --git a/openapi/v2023.8.2/bundled.yaml b/openapi/v2023.8.2/bundled.yaml index 760e45c..15420ba 100644 --- a/openapi/v2023.8.2/bundled.yaml +++ b/openapi/v2023.8.2/bundled.yaml @@ -69,6 +69,63 @@ paths: application/json: schema: $ref: '#/components/schemas/Log' + /v1/audit/consentrecords: + get: + tags: + - audit + summary: Get consent record + parameters: + - name: consentRecordId + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + required: + - data_agreement_record + type: object + properties: + data_agreement_record: + $ref: '#/components/schemas/DataAgreementRecord' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + '/v1/audit/consentrecord/{consentRecordId}': + get: + tags: + - audit + summary: List all consent records + responses: + '200': + description: OK + content: + application/json: + schema: + required: + - data_agreement_records + - pagination + type: object + properties: + data_agreement_records: + type: array + items: + $ref: '#/components/schemas/DataAgreementRecord' + pagination: + $ref: '#/components/schemas/Pagination' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' '/v1/users/{userId}/consenthistory': get: tags: @@ -2226,45 +2283,96 @@ paths: x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/config/policy': - get: + '/v1/organisations/{orgId}/idp/open-id': + post: tags: - - config - description: Get global policy configurations + - onboard + summary: Add identity provider parameters: - name: orgId in: path required: true schema: type: string + example: '{{company-id}}' + requestBody: + content: + application/json: + schema: + $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/requestBody/content/application~1json/schema' + required: true responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: - $ref: '#/components/schemas/GlobalDataPolicyConfiguration' + $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/responses/200/content/application~1json/schema' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - post: + put: tags: - - config - description: Update global policy configurations + - onboard + summary: Update identity provider parameters: - name: orgId in: path required: true schema: type: string + example: '{{company-id}}' requestBody: content: application/json: schema: - $ref: '#/components/schemas/GlobalDataPolicyConfiguration' + required: + - authorizationUrl + - tokenUrl + - logoutUrl + - clientId + - clientSecret + - jwksUrl + - validateSignature + - disableuserinfo + - issuer + - defaultscope + type: object + properties: + authorizationUrl: + type: string + tokenUrl: + type: string + logoutUrl: + type: string + clientId: + type: string + clientSecret: + type: string + jwksUrl: + type: string + validateSignature: + type: boolean + disableuserinfo: + type: boolean + issuer: + type: string + defaultscope: + type: string + example: + authorizationUrl: 'https://iam.abc.io/auth' + tokenUrl: 'https://iam.abc.io/token' + logoutUrl: 'https://iam.abc.io/logout' + clientId: idp-client + clientSecret: 0654b48b-41c2-4887-ade5-fdb98d3fd13c + jwksUrl: 'https://iam.abc.io/certs' + validateSignature: true + disableuserinfo: false + issuer: 'https://iam.abc.io' + defaultscope: openid required: true responses: '200': @@ -2272,49 +2380,95 @@ paths: content: application/json: schema: - $ref: '#/components/schemas/GlobalDataPolicyConfiguration' + required: + - authorizationUrl + - tokenUrl + - logoutUrl + - clientAuthMethod + - syncMode + - clientId + - clientSecret + - jwksUrl + - userInfoUrl + - defaultScope + - validateSignature + - backchannelSupported + - disableUserInfo + - hideOnLoginPage + - issuer + - useJwksUrl + type: object + properties: + authorizationUrl: + type: string + tokenUrl: + type: string + logoutUrl: + type: string + clientAuthMethod: + type: string + syncMode: + type: string + clientId: + type: string + clientSecret: + type: string + jwksUrl: + type: string + userInfoUrl: + type: string + defaultScope: + type: string + validateSignature: + type: boolean + backchannelSupported: + type: boolean + disableUserInfo: + type: boolean + hideOnLoginPage: + type: boolean + issuer: + type: string + useJwksUrl: + type: boolean + example: + authorizationUrl: 'https://iam.abc.io/auth' + tokenUrl: 'https://iam.abc.io/token' + logoutUrl: 'https://iam.abc.io/logout' + clientAuthMethod: client_secret_post + syncMode: IMPORT + clientId: idp-client + clientSecret: 0654b48b-41c2-4887-ade5-fdb98d3fd13c + jwksUrl: 'https://iam.abc.io/certs' + userInfoUrl: '' + defaultScope: openid + validateSignature: true + backchannelSupported: true + disableUserInfo: false + hideOnLoginPage: true + issuer: 'https://iam.abc.io' + useJwksUrl: true deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-agreements': - post: + delete: tags: - - config - description: Add data agreement + - onboard + summary: Delete identity provider parameters: - name: orgId in: path required: true schema: type: string - requestBody: - content: - application/json: - schema: - required: - - purposes - type: object - properties: - purposes: - type: array - items: - $ref: '#/components/schemas/DataAgreement' - required: true + example: '{{company-id}}' responses: - '201': - description: Created - content: - application/json: - schema: - required: - - Organization - type: object - properties: - Organization: - $ref: '#/components/schemas/Organisation' + '204': + description: No Content + content: {} deprecated: false security: - BearerAuth: [] @@ -2323,8 +2477,8 @@ paths: label: 'Authorised roles: Organisation admin' get: tags: - - config - description: Get data agreements + - onboard + summary: Get identity provider parameters: - name: orgId in: path @@ -2332,48 +2486,32 @@ paths: schema: type: string responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: - required: - - OrgID - - Purposes - type: object - properties: - OrgID: - type: string - Purposes: - type: array - items: - $ref: '#/components/schemas/DataAgreement' + $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/responses/200/content/application~1json/schema' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/config/data-agreements/{dataAgreementId}': - delete: + '/v1/organisations/{orgId}/subscription/enable': + post: tags: - - config - description: Delete data agreement by id + - onboard + summary: Enable organization for subscription parameters: - name: orgId in: path required: true schema: type: string - - name: dataAgreementId - in: path - required: true - style: simple - schema: - type: string responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: @@ -2383,52 +2521,26 @@ paths: properties: Organization: $ref: '#/components/schemas/Organisation' - '404': - description: Not Found - content: - application/json: - schema: - required: - - Code - - Message - type: object - properties: - Code: - type: integer - format: int32 - Message: - type: string deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - put: + '/v1/organisations/{orgId}/subscription/disable': + post: tags: - - config - description: Update data agreement by id + - onboard + summary: Disable organization for subscription parameters: - name: orgId in: path required: true schema: type: string - - name: dataAgreementId - in: path - required: true - style: simple - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/DataAgreement' - required: true responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: @@ -2444,22 +2556,17 @@ paths: x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' + '/v1/organisations/{orgId}/subscribe-method': get: tags: - - config - description: Get data agreement by id + - onboard + summary: Get subscribe method parameters: - name: orgId in: path required: true schema: type: string - - name: dataAgreementId - in: path - required: true - style: simple - schema: - type: string responses: '200': description: OK @@ -2467,26 +2574,28 @@ paths: application/json: schema: required: - - Purpose - - Templates + - ID + - Method type: object properties: - Purpose: - $ref: '#/components/schemas/DataAgreement' - Templates: + ID: + type: integer + format: int32 + Method: type: string - nullable: true + example: + ID: 1 + Method: Key-Based deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-attributes': post: tags: - - config - description: Add data attributes + - onboard + summary: Set subscribe method parameters: - name: orgId in: path @@ -2498,36 +2607,68 @@ paths: application/json: schema: required: - - data-attributes + - subscribemethodid type: object properties: - data-attributes: - type: array - items: - $ref: '#/components/schemas/DataAttribute' + subscribemethodid: + type: integer + format: int32 + example: + subscribemethodid: 1 required: true responses: - '201': - description: Created + '204': + description: No Content + content: {} + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + /v1/organisations/subscribe-methods: + get: + tags: + - onboard + summary: Get subscribe methods + parameters: [] + responses: + '200': + description: OK content: application/json: schema: required: - - Organization + - Methods type: object properties: - Organization: - $ref: '#/components/schemas/Organisation' + Methods: + type: array + items: + required: + - ID + - Method + type: object + properties: + ID: + type: integer + format: int32 + Method: + type: string + example: + Methods: + - ID: 0 + Method: Undefined + - ID: 1 + Method: Key-Based + - ID: 2 + Method: OpenID-Connect deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' + '/v1/organisations/{orgId}/subscribe-key': get: tags: - - config - description: Get data attributes + - onboard + summary: Get subscribe key parameters: - name: orgId in: path @@ -2535,44 +2676,40 @@ paths: schema: type: string responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: required: - - OrgID - - Templates + - SubscribeKey + - SubscribeMethod type: object properties: - OrgID: + SubscribeKey: type: string - Templates: - type: array - items: - $ref: '#/components/schemas/DataAttribute' + SubscribeMethod: + type: string + example: + SubscribeKey: CORC-SAHT-7ZKC + SubscribeMethod: Key-Based deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/config/data-agreements/{dataAgreementId}/data-attributes': - delete: + '/v1/organisations/{orgId}/subscribe-key/renew': + post: tags: - - config - description: Delete multiple data attributes + - onboard + summary: Renew subscribe key parameters: - name: orgId in: path required: true schema: type: string - - name: dataAgreementId - in: path - required: true - schema: - type: string responses: '200': description: OK @@ -2580,65 +2717,89 @@ paths: application/json: schema: required: - - Organization + - SubscribeKey + - SubscribeMethod type: object properties: - Organization: - $ref: '#/components/schemas/Organisation' + SubscribeKey: + type: string + SubscribeMethod: + type: string + example: + SubscribeKey: LDXM-9BJB-0DAS + SubscribeMethod: Key-Based deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-attributes/{dataAttributeId}': + '/v1/organisations/{orgId}/users/count': get: tags: - - config - description: Get data attribute by ID + - onboard + summary: Get organization users count parameters: - name: orgId in: path required: true schema: type: string - - name: dataAttributeId - in: path - required: true - schema: - type: string responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: required: - - OrgID - - Template + - SubscribeUserCount type: object properties: - OrgID: - type: string - Template: - $ref: '#/components/schemas/DataAttribute' + SubscribeUserCount: + type: integer + format: int32 + example: + SubscribeUserCount: 0 deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - put: + '/v1/organisations/{orgId}/subscription': + get: tags: - - config - description: Update data attribute by id + - onboard + summary: Get organization subscription status (enable/disable) parameters: - name: orgId in: path required: true schema: type: string - - name: dataAttributeId + example: '{{company-id}}' + responses: + '200': + description: OK + content: + application/json: + schema: + required: + - Enabled + type: object + properties: + Enabled: + type: boolean + example: + Enabled: false + deprecated: false + '/v1/organisations/{orgId}/users': + post: + tags: + - onboard + summary: Add user to organization + parameters: + - name: orgId in: path required: true schema: @@ -2648,158 +2809,279 @@ paths: application/json: schema: required: - - Consent - - PurposeIDs + - userid + - subscribekey type: object properties: - Consent: + userid: type: string - PurposeIDs: - type: array - items: - type: string + subscribekey: + type: string + example: + userid: 64ecd1bae2f6a8000142c675 + subscribekey: LDXM-9BJB-0DAS required: true responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: required: - - Organization + - User type: object properties: - Organization: - $ref: '#/components/schemas/Organisation' + User: + $ref: '#/components/schemas/Individual' + '400': + description: Bad Request + content: + application/json: + schema: + required: + - Code + - Message + type: object + properties: + Code: + type: integer + format: int32 + Message: + type: string + example: + Code: 400 + Message: 'Can not subscribe, Invalid subscription token, organization:64ec561de2f6a8000142c671' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + get: + tags: + - onboard + summary: Get organization users + parameters: + - name: limit + in: query + required: true + schema: + type: integer + format: int32 + example: 1024 + - name: orgId + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + required: + - Users + - Links + type: object + properties: + Users: + type: array + items: + required: + - ID + - Name + - Phone + - Email + type: object + properties: + ID: + type: string + Name: + type: string + Phone: + type: string + Email: + type: string + Links: + $ref: '#/components/schemas/Pagination' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' + '/v1/organisations/{orgId}/users/{userId}': delete: tags: - - config - description: Delete data attribute by id + - onboard + summary: Delete user from organization parameters: - name: orgId in: path required: true schema: type: string - - name: dataAttributeId + - name: userId in: path required: true schema: type: string responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: required: - - Organization + - User type: object properties: - Organization: - $ref: '#/components/schemas/Organisation' + User: + $ref: '#/components/schemas/Individual' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/idp/open-id': - post: + /v1/organisations/data-requests: + get: tags: - onboard - summary: Add identity provider + summary: Get available data request statuses + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + required: + - ID + - Str + type: object + properties: + ID: + type: integer + format: int32 + Str: + type: string + example: + ID: 1 + Str: Request initiated + deprecated: false + '/v1/organisations/{orgId}/data-requests': + get: + tags: + - onboard + summary: Get open and close data requests parameters: + - name: status + in: query + required: true + schema: + type: string + example: open - name: orgId in: path required: true schema: type: string - example: '{{company-id}}' - requestBody: - content: - application/json: - schema: - $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/requestBody/content/application~1json/schema' - required: true responses: - '201': - description: Created + '200': + description: OK content: application/json: schema: - $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/responses/200/content/application~1json/schema' + required: + - DataRequests + - IsRequestsOngoing + - IsDataDeleteRequestOngoing + - IsDataDownloadRequestOngoing + - Links + type: object + properties: + DataRequests: + type: array + items: + $ref: '#/components/schemas/DataRequest' + IsRequestsOngoing: + type: boolean + IsDataDeleteRequestOngoing: + type: boolean + IsDataDownloadRequestOngoing: + type: boolean + Links: + $ref: '#/components/schemas/Pagination' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - put: + '/v1/organisations/{orgId}/data-requests/{dataReqId}': + get: tags: - onboard - summary: Update identity provider + summary: Get data request parameters: - name: orgId in: path required: true schema: type: string - example: '{{company-id}}' + - name: dataReqId + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/DataRequest' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + patch: + tags: + - onboard + summary: Update data request + parameters: + - name: orgId + in: path + required: true + schema: + type: string + - name: dataReqId + in: path + required: true + schema: + type: string requestBody: content: application/json: schema: required: - - authorizationUrl - - tokenUrl - - logoutUrl - - clientId - - clientSecret - - jwksUrl - - validateSignature - - disableuserinfo - - issuer - - defaultscope + - state + - comment type: object properties: - authorizationUrl: - type: string - tokenUrl: - type: string - logoutUrl: - type: string - clientId: - type: string - clientSecret: - type: string - jwksUrl: - type: string - validateSignature: - type: boolean - disableuserinfo: - type: boolean - issuer: - type: string - defaultscope: + state: + type: integer + format: int32 + comment: type: string example: - authorizationUrl: 'https://iam.abc.io/auth' - tokenUrl: 'https://iam.abc.io/token' - logoutUrl: 'https://iam.abc.io/logout' - clientId: idp-client - clientSecret: 0654b48b-41c2-4887-ade5-fdb98d3fd13c - jwksUrl: 'https://iam.abc.io/certs' - validateSignature: true - disableuserinfo: false - issuer: 'https://iam.abc.io' - defaultscope: openid + state: 7 + comment: Request processed required: true responses: '200': @@ -2807,162 +3089,173 @@ paths: content: application/json: schema: - required: - - authorizationUrl - - tokenUrl - - logoutUrl - - clientAuthMethod - - syncMode - - clientId - - clientSecret - - jwksUrl - - userInfoUrl - - defaultScope - - validateSignature - - backchannelSupported - - disableUserInfo - - hideOnLoginPage - - issuer - - useJwksUrl - type: object - properties: - authorizationUrl: - type: string - tokenUrl: - type: string - logoutUrl: - type: string - clientAuthMethod: - type: string - syncMode: - type: string - clientId: - type: string - clientSecret: - type: string - jwksUrl: - type: string - userInfoUrl: - type: string - defaultScope: - type: string - validateSignature: - type: boolean - backchannelSupported: - type: boolean - disableUserInfo: - type: boolean - hideOnLoginPage: - type: boolean - issuer: - type: string - useJwksUrl: - type: boolean - example: - authorizationUrl: 'https://iam.abc.io/auth' - tokenUrl: 'https://iam.abc.io/token' - logoutUrl: 'https://iam.abc.io/logout' - clientAuthMethod: client_secret_post - syncMode: IMPORT - clientId: idp-client - clientSecret: 0654b48b-41c2-4887-ade5-fdb98d3fd13c - jwksUrl: 'https://iam.abc.io/certs' - userInfoUrl: '' - defaultScope: openid - validateSignature: true - backchannelSupported: true - disableUserInfo: false - hideOnLoginPage: true - issuer: 'https://iam.abc.io' - useJwksUrl: true + $ref: '#/components/schemas/DataRequest' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - delete: + /v1/organisations/webhooks/event-types: + get: tags: - - onboard - summary: Delete identity provider - parameters: - - name: orgId - in: path - required: true - schema: - type: string - example: '{{company-id}}' + - config + description: Get webhook event types responses: - '204': - description: No Content - content: {} + '200': + description: OK + content: + application/json: + schema: + required: + - EventTypes + type: object + properties: + EventTypes: + type: array + items: + type: string + example: + EventTypes: + - data.update.initiated + - data.update.cancelled + - consent.allowed + - consent.disallowed + - consent.auto_expiry + - org.unsubscribed + - data.delete.initiated + - data.download.initiated + - data.delete.cancelled + - data.download.cancelled + - org.subscribed deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' + /v1/organisations/webhooks/payload/content-types: get: tags: - - onboard - summary: Get identity provider - parameters: - - name: orgId - in: path - required: true - schema: - type: string + - config + description: Get webhook payload content types responses: '200': description: OK content: application/json: schema: - $ref: '#/paths/~1v1~1organisations~1%7BorgId%7D~1idp~1open-id/put/responses/200/content/application~1json/schema' + required: + - ContentTypes + type: object + properties: + ContentTypes: + type: array + items: + type: string + example: + ContentTypes: + - application/json + - application/x-www-form-urlencoded deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/subscription/enable': + '/v1/organisations/{orgId}/webhooks': post: tags: - - onboard - summary: Enable organization for subscription + - config + description: Create webhook parameters: - name: orgId in: path required: true + style: simple schema: type: string + requestBody: + content: + application/json: + schema: + required: + - payloadurl + - subscribedevents + - contenttype + - secretkey + - disabled + - skipsslverification + type: object + properties: + payloadurl: + type: string + subscribedevents: + type: array + items: + type: string + contenttype: + type: string + secretkey: + type: string + disabled: + type: boolean + skipsslverification: + type: boolean + required: true responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: required: - - Organization + - ID + - OrgID + - PayloadURL + - ContentType + - SubscribedEvents + - Disabled + - SecretKey + - SkipSSLVerification + - TimeStamp type: object properties: - Organization: - $ref: '#/components/schemas/Organisation' + ID: + type: string + OrgID: + type: string + PayloadURL: + type: string + ContentType: + type: string + SubscribedEvents: + type: array + items: + type: string + Disabled: + type: boolean + SecretKey: + type: string + SkipSSLVerification: + type: boolean + TimeStamp: + type: string deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/subscription/disable': - post: + get: tags: - - onboard - summary: Disable organization for subscription + - config + description: Get all webhooks for an organisation parameters: - name: orgId in: path required: true + style: simple schema: type: string responses: @@ -2971,27 +3264,48 @@ paths: content: application/json: schema: - required: - - Organization - type: object - properties: - Organization: - $ref: '#/components/schemas/Organisation' + type: array + items: + required: + - ID + - PayloadURL + - Disabled + - TimeStamp + - IsLastDeliverySuccess + type: object + properties: + ID: + type: string + PayloadURL: + type: string + Disabled: + type: boolean + TimeStamp: + type: string + IsLastDeliverySuccess: + type: boolean deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/subscribe-method': + '/v1/organisations/{orgId}/webhooks/{webhookId}': get: tags: - - onboard - summary: Get subscribe method + - config + description: Get a webhook by ID parameters: - name: orgId in: path required: true + style: simple + schema: + type: string + - name: webhookId + in: path + required: true + style: simple schema: type: string responses: @@ -3002,47 +3316,59 @@ paths: schema: required: - ID - - Method - type: object - properties: + - OrgID + - PayloadURL + - ContentType + - SubscribedEvents + - Disabled + - SecretKey + - SkipSSLVerification + - TimeStamp + type: object + properties: ID: - type: integer - format: int32 - Method: type: string - example: - ID: 1 - Method: Key-Based + OrgID: + type: string + PayloadURL: + type: string + ContentType: + type: string + SubscribedEvents: + type: array + items: + type: string + Disabled: + type: boolean + SecretKey: + type: string + SkipSSLVerification: + type: boolean + TimeStamp: + type: string deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - post: + delete: tags: - - onboard - summary: Set subscribe method + - config + description: Delete webhook parameters: - name: orgId in: path required: true + style: simple + schema: + type: string + - name: webhookId + in: path + required: true + style: simple schema: type: string - requestBody: - content: - application/json: - schema: - required: - - subscribemethodid - type: object - properties: - subscribemethodid: - type: integer - format: int32 - example: - subscribemethodid: 1 - required: true responses: '204': description: No Content @@ -3053,55 +3379,51 @@ paths: x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - /v1/organisations/subscribe-methods: - get: - tags: - - onboard - summary: Get subscribe methods - parameters: [] - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - Methods - type: object - properties: - Methods: - type: array - items: - required: - - ID - - Method - type: object - properties: - ID: - type: integer - format: int32 - Method: - type: string - example: - Methods: - - ID: 0 - Method: Undefined - - ID: 1 - Method: Key-Based - - ID: 2 - Method: OpenID-Connect - deprecated: false - '/v1/organisations/{orgId}/subscribe-key': - get: + put: tags: - - onboard - summary: Get subscribe key + - config + description: Update webhook parameters: - name: orgId in: path required: true + style: simple + schema: + type: string + - name: webhookId + in: path + required: true + style: simple schema: type: string + requestBody: + content: + application/json: + schema: + required: + - payloadurl + - subscribedevents + - contenttype + - secretkey + - disabled + - skipsslverification + type: object + properties: + payloadurl: + type: string + subscribedevents: + type: array + items: + type: string + contenttype: + type: string + secretkey: + type: string + disabled: + type: boolean + skipsslverification: + type: boolean + required: true responses: '200': description: OK @@ -3109,67 +3431,59 @@ paths: application/json: schema: required: - - SubscribeKey - - SubscribeMethod + - ID + - OrgID + - PayloadURL + - ContentType + - SubscribedEvents + - Disabled + - SecretKey + - SkipSSLVerification + - TimeStamp type: object properties: - SubscribeKey: + ID: type: string - SubscribeMethod: + OrgID: + type: string + PayloadURL: + type: string + ContentType: + type: string + SubscribedEvents: + type: array + items: + type: string + Disabled: + type: boolean + SecretKey: + type: string + SkipSSLVerification: + type: boolean + TimeStamp: type: string - example: - SubscribeKey: CORC-SAHT-7ZKC - SubscribeMethod: Key-Based deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/subscribe-key/renew': + '/v1/organisations/{orgId}/webhooks/{webhookId}/ping': post: tags: - - onboard - summary: Renew subscribe key + - config + description: Ping webhook parameters: - name: orgId in: path required: true + style: simple schema: type: string - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - SubscribeKey - - SubscribeMethod - type: object - properties: - SubscribeKey: - type: string - SubscribeMethod: - type: string - example: - SubscribeKey: LDXM-9BJB-0DAS - SubscribeMethod: Key-Based - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/users/count': - get: - tags: - - onboard - summary: Get organization users count - parameters: - - name: orgId + - name: webhookId in: path required: true + style: simple schema: type: string responses: @@ -3179,32 +3493,51 @@ paths: application/json: schema: required: - - SubscribeUserCount + - ResponseStatusCode + - ResponseStatusStr + - ExecutionStartTimeStamp + - ExecutionEndTimeStamp + - Status + - StatusDescription type: object properties: - SubscribeUserCount: + ResponseStatusCode: type: integer format: int32 - example: - SubscribeUserCount: 0 + ResponseStatusStr: + type: string + ExecutionStartTimeStamp: + type: string + ExecutionEndTimeStamp: + type: string + Status: + type: string + StatusDescription: + type: string deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/subscription': + '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery': get: tags: - - onboard - summary: Get organization subscription status (enable/disable) + - config + description: Get recent webhook deliveries parameters: - name: orgId in: path required: true + style: simple + schema: + type: string + - name: webhookId + in: path + required: true + style: simple schema: type: string - example: '{{company-id}}' responses: '200': description: OK @@ -3212,123 +3545,37 @@ paths: application/json: schema: required: - - Enabled + - WebhookDeliveries + - Links type: object properties: - Enabled: - type: boolean - example: - Enabled: false - deprecated: false - '/v1/organisations/{orgId}/users': - post: - tags: - - onboard - summary: Add user to organization - parameters: - - name: orgId - in: path - required: true - schema: - type: string - requestBody: - content: - application/json: - schema: - required: - - userid - - subscribekey - type: object - properties: - userid: - type: string - subscribekey: - type: string - example: - userid: 64ecd1bae2f6a8000142c675 - subscribekey: LDXM-9BJB-0DAS - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - User - type: object - properties: - User: - $ref: '#/components/schemas/Individual' - '400': - description: Bad Request - content: - application/json: - schema: - required: - - Code - - Message - type: object - properties: - Code: - type: integer - format: int32 - Message: - type: string - example: - Code: 400 - Message: 'Can not subscribe, Invalid subscription token, organization:64ec561de2f6a8000142c671' - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - get: - tags: - - onboard - summary: Get organization users - parameters: - - name: limit - in: query - required: true - schema: - type: integer - format: int32 - example: 1024 - - name: orgId - in: path - required: true - schema: - type: string - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - Users - - Links - type: object - properties: - Users: + WebhookDeliveries: type: array items: required: - ID - - Name - - Phone - - Email + - WebhookID + - ResponseStatusCode + - ResponseStatusStr + - TimeStamp + - Status + - StatusDescription type: object properties: ID: type: string - Name: + WebhookID: type: string - Phone: + ResponseStatusCode: + type: integer + format: int32 + ResponseStatusStr: type: string - Email: + TimeStamp: + type: string + Status: + type: string + StatusDescription: type: string Links: $ref: '#/components/schemas/Pagination' @@ -3338,59 +3585,28 @@ paths: x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/users/{userId}': - delete: - tags: - - onboard - summary: Delete user from organization - parameters: - - name: orgId - in: path - required: true - schema: - type: string - - name: userId - in: path - required: true - schema: - type: string - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - User - type: object - properties: - User: - $ref: '#/components/schemas/Individual' - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-agreements/{dataAgreementId}/attributes/{attributeID}/consented/users': + '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery/{deliveryId}': get: tags: - - onboard - summary: Get all users consented to data attribute + - config + description: Get recent webhook delivery by ID parameters: - name: orgId in: path required: true + style: simple schema: type: string - - name: dataAgreementId + - name: webhookId in: path required: true + style: simple schema: type: string - - name: attributeID + - name: deliveryId in: path required: true + style: simple schema: type: string responses: @@ -3400,317 +3616,246 @@ paths: application/json: schema: required: - - Users - - Links + - ID + - RequestHeaders + - RequestPayload + - ResponseHeaders + - ResponseBody + - ResponseStatusCode + - ResponseStatusStr + - ExecutionStartTimeStamp + - ExecutionEndTimeStamp + - Status + - StatusDescription type: object properties: - Users: - type: array - items: - required: - - ID - - Name - - Phone - - Email - type: object - properties: - ID: + ID: + type: string + RequestHeaders: + required: + - Accept + - Content-Type + - User-Agent + - X-Igrant-Signature + type: object + properties: + Accept: + type: array + items: + type: string + Content-Type: + type: array + items: + type: string + User-Agent: + type: array + items: + type: string + X-Igrant-Signature: + type: array + items: + type: string + RequestPayload: + required: + - data + - deliveryid + - timestamp + - type + - webhookid + type: object + properties: + data: + required: + - attribute + - consentID + - days + - organisationID + - dataAgreementId + - timestamp + - userID + type: object + properties: + attribute: + type: array + items: + type: string + consentID: + type: string + days: + type: integer + format: int32 + organisationID: + type: string + dataAgreementId: + type: string + timestamp: + type: string + userID: + type: string + deliveryid: + type: string + timestamp: + type: string + type: + type: string + webhookid: + type: string + ResponseHeaders: + required: + - Cache-Control + - Content-Type + - Date + - Server + - Vary + - X-Request-Id + - X-Token-Id + type: object + properties: + Cache-Control: + type: array + items: + type: string + Content-Type: + type: array + items: + type: string + Date: + type: array + items: + type: string + Server: + type: array + items: type: string - Name: + Vary: + type: array + items: type: string - Phone: + X-Request-Id: + type: array + items: type: string - Email: + X-Token-Id: + type: array + items: type: string - Links: - $ref: '#/components/schemas/Pagination' + ResponseBody: + type: string + ResponseStatusCode: + type: integer + format: int32 + ResponseStatusStr: + type: string + ExecutionStartTimeStamp: + type: string + ExecutionEndTimeStamp: + type: string + Status: + type: string + StatusDescription: + type: string deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-agreements/{dataAgreementId}/consented/users': - get: + '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery/{deliveryId}/redeliver': + post: tags: - - onboard - summary: Get all users consented to a data agreement + - config + description: Redeliver a webhook payload by delivery ID parameters: - name: orgId in: path required: true + style: simple schema: type: string - - name: dataAgreementId + - name: webhookId in: path required: true + style: simple schema: type: string - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - Users - - Links - type: object - properties: - Users: - type: array - items: - required: - - ID - - Name - - Phone - - Email - type: object - properties: - ID: - type: string - Name: - type: string - Phone: - type: string - Email: - type: string - Links: - $ref: '#/components/schemas/Pagination' - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - /v1/organisations/data-requests: - get: - tags: - - onboard - summary: Get available data request statuses - responses: - '200': - description: OK - content: - application/json: - schema: - type: array - items: - required: - - ID - - Str - type: object - properties: - ID: - type: integer - format: int32 - Str: - type: string - example: - ID: 1 - Str: Request initiated - deprecated: false - '/v1/organisations/{orgId}/data-requests': - get: - tags: - - onboard - summary: Get open and close data requests - parameters: - - name: status - in: query - required: true - schema: - type: string - example: open - - name: orgId + - name: deliveryId in: path required: true + style: simple schema: type: string responses: '200': description: OK - content: - application/json: - schema: - required: - - DataRequests - - IsRequestsOngoing - - IsDataDeleteRequestOngoing - - IsDataDownloadRequestOngoing - - Links - type: object - properties: - DataRequests: - type: array - items: - $ref: '#/components/schemas/DataRequest' - IsRequestsOngoing: - type: boolean - IsDataDeleteRequestOngoing: - type: boolean - IsDataDownloadRequestOngoing: - type: boolean - Links: - $ref: '#/components/schemas/Pagination' + content: {} deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/data-requests/{dataReqId}': + '/v1/organisations/{orgId}/config/policy': get: tags: - - onboard - summary: Get data request + - config + description: Get global policy configurations parameters: - name: orgId in: path required: true schema: type: string - - name: dataReqId - in: path - required: true - schema: - type: string responses: '200': description: OK content: application/json: schema: - $ref: '#/components/schemas/DataRequest' + $ref: '#/components/schemas/GlobalDataPolicyConfiguration' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - patch: + post: tags: - - onboard - summary: Update data request + - config + description: Update global policy configurations parameters: - name: orgId in: path required: true schema: type: string - - name: dataReqId - in: path - required: true - schema: - type: string requestBody: content: application/json: schema: - required: - - state - - comment - type: object - properties: - state: - type: integer - format: int32 - comment: - type: string - example: - state: 7 - comment: Request processed - required: true - responses: - '200': - description: OK - content: - application/json: - schema: - $ref: '#/components/schemas/DataRequest' - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - /v1/organisations/webhooks/event-types: - get: - tags: - - config - description: Get webhook event types - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - EventTypes - type: object - properties: - EventTypes: - type: array - items: - type: string - example: - EventTypes: - - data.update.initiated - - data.update.cancelled - - consent.allowed - - consent.disallowed - - consent.auto_expiry - - org.unsubscribed - - data.delete.initiated - - data.download.initiated - - data.delete.cancelled - - data.download.cancelled - - org.subscribed - deprecated: false - security: - - BearerAuth: [] - x-badges: - - color: primary-color - label: 'Authorised roles: Organisation admin' - /v1/organisations/webhooks/payload/content-types: - get: - tags: - - config - description: Get webhook payload content types - responses: - '200': - description: OK - content: - application/json: - schema: - required: - - ContentTypes - type: object - properties: - ContentTypes: - type: array - items: - type: string - example: - ContentTypes: - - application/json - - application/x-www-form-urlencoded + $ref: '#/components/schemas/GlobalDataPolicyConfiguration' + required: true + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/GlobalDataPolicyConfiguration' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks': + '/v1/organisations/{orgId}/data-agreements': post: tags: - config - description: Create webhook + description: Add data agreement parameters: - name: orgId in: path required: true - style: simple schema: type: string requestBody: @@ -3718,28 +3863,13 @@ paths: application/json: schema: required: - - payloadurl - - subscribedevents - - contenttype - - secretkey - - disabled - - skipsslverification + - purposes type: object properties: - payloadurl: - type: string - subscribedevents: + purposes: type: array items: - type: string - contenttype: - type: string - secretkey: - type: string - disabled: - type: boolean - skipsslverification: - type: boolean + $ref: '#/components/schemas/DataAgreement' required: true responses: '201': @@ -3748,37 +3878,11 @@ paths: application/json: schema: required: - - ID - - OrgID - - PayloadURL - - ContentType - - SubscribedEvents - - Disabled - - SecretKey - - SkipSSLVerification - - TimeStamp + - Organization type: object properties: - ID: - type: string - OrgID: - type: string - PayloadURL: - type: string - ContentType: - type: string - SubscribedEvents: - type: array - items: - type: string - Disabled: - type: boolean - SecretKey: - type: string - SkipSSLVerification: - type: boolean - TimeStamp: - type: string + Organization: + $ref: '#/components/schemas/Organisation' deprecated: false security: - BearerAuth: [] @@ -3788,101 +3892,79 @@ paths: get: tags: - config - description: Get all webhooks for an organisation + description: Get data agreements parameters: - name: orgId in: path required: true - style: simple schema: type: string responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: - type: array - items: - required: - - ID - - PayloadURL - - Disabled - - TimeStamp - - IsLastDeliverySuccess - type: object - properties: - ID: - type: string - PayloadURL: - type: string - Disabled: - type: boolean - TimeStamp: - type: string - IsLastDeliverySuccess: - type: boolean + required: + - OrgID + - Purposes + type: object + properties: + OrgID: + type: string + Purposes: + type: array + items: + $ref: '#/components/schemas/DataAgreement' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks/{webhookId}': - get: + '/v1/organisations/{orgId}/config/data-agreements/{dataAgreementId}': + delete: tags: - config - description: Get a webhook by ID + description: Delete data agreement by id parameters: - name: orgId in: path required: true - style: simple schema: type: string - - name: webhookId + - name: dataAgreementId in: path required: true style: simple schema: type: string responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: required: - - ID - - OrgID - - PayloadURL - - ContentType - - SubscribedEvents - - Disabled - - SecretKey - - SkipSSLVerification - - TimeStamp + - Organization type: object properties: - ID: - type: string - OrgID: - type: string - PayloadURL: - type: string - ContentType: - type: string - SubscribedEvents: - type: array - items: - type: string - Disabled: - type: boolean - SecretKey: - type: string - SkipSSLVerification: - type: boolean - TimeStamp: + Organization: + $ref: '#/components/schemas/Organisation' + '404': + description: Not Found + content: + application/json: + schema: + required: + - Code + - Message + type: object + properties: + Code: + type: integer + format: int32 + Message: type: string deprecated: false security: @@ -3890,78 +3972,62 @@ paths: x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - delete: + put: tags: - config - description: Delete webhook + description: Update data agreement by id parameters: - name: orgId in: path required: true - style: simple schema: type: string - - name: webhookId + - name: dataAgreementId in: path required: true style: simple schema: type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DataAgreement' + required: true responses: - '204': - description: No Content - content: {} + '201': + description: Created + content: + application/json: + schema: + required: + - Organization + type: object + properties: + Organization: + $ref: '#/components/schemas/Organisation' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - put: + get: tags: - config - description: Update webhook + description: Get data agreement by id parameters: - name: orgId in: path required: true - style: simple schema: type: string - - name: webhookId + - name: dataAgreementId in: path required: true style: simple schema: type: string - requestBody: - content: - application/json: - schema: - required: - - payloadurl - - subscribedevents - - contenttype - - secretkey - - disabled - - skipsslverification - type: object - properties: - payloadurl: - type: string - subscribedevents: - type: array - items: - type: string - contenttype: - type: string - secretkey: - type: string - disabled: - type: boolean - skipsslverification: - type: boolean - required: true responses: '200': description: OK @@ -3969,182 +4035,110 @@ paths: application/json: schema: required: - - ID - - OrgID - - PayloadURL - - ContentType - - SubscribedEvents - - Disabled - - SecretKey - - SkipSSLVerification - - TimeStamp + - Purpose + - Templates type: object properties: - ID: - type: string - OrgID: - type: string - PayloadURL: - type: string - ContentType: - type: string - SubscribedEvents: - type: array - items: - type: string - Disabled: - type: boolean - SecretKey: - type: string - SkipSSLVerification: - type: boolean - TimeStamp: + Purpose: + $ref: '#/components/schemas/DataAgreement' + Templates: type: string + nullable: true deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks/{webhookId}/ping': + '/v1/organisations/{orgId}/data-attributes': post: tags: - config - description: Ping webhook + description: Add data attributes parameters: - name: orgId in: path required: true - style: simple - schema: - type: string - - name: webhookId - in: path - required: true - style: simple schema: type: string + requestBody: + content: + application/json: + schema: + required: + - data-attributes + type: object + properties: + data-attributes: + type: array + items: + $ref: '#/components/schemas/DataAttribute' + required: true responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: required: - - ResponseStatusCode - - ResponseStatusStr - - ExecutionStartTimeStamp - - ExecutionEndTimeStamp - - Status - - StatusDescription + - Organization type: object properties: - ResponseStatusCode: - type: integer - format: int32 - ResponseStatusStr: - type: string - ExecutionStartTimeStamp: - type: string - ExecutionEndTimeStamp: - type: string - Status: - type: string - StatusDescription: - type: string + Organization: + $ref: '#/components/schemas/Organisation' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery': get: tags: - config - description: Get recent webhook deliveries + description: Get data attributes parameters: - name: orgId in: path required: true - style: simple - schema: - type: string - - name: webhookId - in: path - required: true - style: simple schema: type: string responses: - '200': - description: OK + '201': + description: Created content: application/json: schema: required: - - WebhookDeliveries - - Links + - OrgID + - Templates type: object properties: - WebhookDeliveries: + OrgID: + type: string + Templates: type: array items: - required: - - ID - - WebhookID - - ResponseStatusCode - - ResponseStatusStr - - TimeStamp - - Status - - StatusDescription - type: object - properties: - ID: - type: string - WebhookID: - type: string - ResponseStatusCode: - type: integer - format: int32 - ResponseStatusStr: - type: string - TimeStamp: - type: string - Status: - type: string - StatusDescription: - type: string - Links: - $ref: '#/components/schemas/Pagination' + $ref: '#/components/schemas/DataAttribute' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery/{deliveryId}': - get: + '/v1/organisations/{orgId}/config/data-agreements/{dataAgreementId}/data-attributes': + delete: tags: - config - description: Get recent webhook delivery by ID + description: Delete multiple data attributes parameters: - name: orgId in: path required: true - style: simple - schema: - type: string - - name: webhookId - in: path - required: true - style: simple schema: type: string - - name: deliveryId + - name: dataAgreementId in: path required: true - style: simple schema: type: string responses: @@ -4153,179 +4147,131 @@ paths: content: application/json: schema: - required: - - ID - - RequestHeaders - - RequestPayload - - ResponseHeaders - - ResponseBody - - ResponseStatusCode - - ResponseStatusStr - - ExecutionStartTimeStamp - - ExecutionEndTimeStamp - - Status - - StatusDescription - type: object - properties: - ID: - type: string - RequestHeaders: - required: - - Accept - - Content-Type - - User-Agent - - X-Igrant-Signature - type: object - properties: - Accept: - type: array - items: - type: string - Content-Type: - type: array - items: - type: string - User-Agent: - type: array - items: - type: string - X-Igrant-Signature: - type: array - items: - type: string - RequestPayload: - required: - - data - - deliveryid - - timestamp - - type - - webhookid - type: object - properties: - data: - required: - - attribute - - consentID - - days - - organisationID - - dataAgreementId - - timestamp - - userID - type: object - properties: - attribute: - type: array - items: - type: string - consentID: - type: string - days: - type: integer - format: int32 - organisationID: - type: string - dataAgreementId: - type: string - timestamp: - type: string - userID: - type: string - deliveryid: - type: string - timestamp: - type: string - type: - type: string - webhookid: - type: string - ResponseHeaders: - required: - - Cache-Control - - Content-Type - - Date - - Server - - Vary - - X-Request-Id - - X-Token-Id - type: object - properties: - Cache-Control: - type: array - items: - type: string - Content-Type: - type: array - items: - type: string - Date: - type: array - items: - type: string - Server: - type: array - items: - type: string - Vary: - type: array - items: - type: string - X-Request-Id: - type: array - items: - type: string - X-Token-Id: - type: array - items: - type: string - ResponseBody: - type: string - ResponseStatusCode: - type: integer - format: int32 - ResponseStatusStr: - type: string - ExecutionStartTimeStamp: - type: string - ExecutionEndTimeStamp: - type: string - Status: - type: string - StatusDescription: + required: + - Organization + type: object + properties: + Organization: + $ref: '#/components/schemas/Organisation' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + '/v1/organisations/{orgId}/data-attributes/{dataAttributeId}': + get: + tags: + - config + description: Get data attribute by ID + parameters: + - name: orgId + in: path + required: true + schema: + type: string + - name: dataAttributeId + in: path + required: true + schema: + type: string + responses: + '201': + description: Created + content: + application/json: + schema: + required: + - OrgID + - Template + type: object + properties: + OrgID: type: string + Template: + $ref: '#/components/schemas/DataAttribute' deprecated: false security: - BearerAuth: [] x-badges: - color: primary-color label: 'Authorised roles: Organisation admin' - '/v1/organisations/{orgId}/webhooks/{webhookId}/delivery/{deliveryId}/redeliver': - post: + put: tags: - config - description: Redeliver a webhook payload by delivery ID + description: Update data attribute by id parameters: - name: orgId in: path required: true - style: simple schema: type: string - - name: webhookId + - name: dataAttributeId in: path required: true - style: simple schema: type: string - - name: deliveryId + requestBody: + content: + application/json: + schema: + required: + - Consent + - PurposeIDs + type: object + properties: + Consent: + type: string + PurposeIDs: + type: array + items: + type: string + required: true + responses: + '201': + description: Created + content: + application/json: + schema: + required: + - Organization + type: object + properties: + Organization: + $ref: '#/components/schemas/Organisation' + deprecated: false + security: + - BearerAuth: [] + x-badges: + - color: primary-color + label: 'Authorised roles: Organisation admin' + delete: + tags: + - config + description: Delete data attribute by id + parameters: + - name: orgId + in: path + required: true + schema: + type: string + - name: dataAttributeId in: path required: true - style: simple schema: type: string responses: - '200': - description: OK - content: {} + '201': + description: Created + content: + application/json: + schema: + required: + - Organization + type: object + properties: + Organization: + $ref: '#/components/schemas/Organisation' deprecated: false security: - BearerAuth: [] @@ -4336,8 +4282,6 @@ components: schemas: Log: type: object - required: - - message properties: logs: description: 'Log object captures an event occured in the system. For e.g. Organisation admin logs, webhook event logs e.t.c' @@ -4351,10 +4295,10 @@ components: type: type: integer description: Type integer - typeStr: + type_str: type: string description: 'Type string for a log. for .e.g. webhooks, organisation_admin e.t.c' - individualId: + individual_id: type: string description: User ID username: @@ -4373,22 +4317,22 @@ components: description: Pagination type: object properties: - currentPage: + current_page: type: integer description: Current page number - totalItems: + total_items: type: integer description: Total number of items available - totalPages: + total_pages: type: integer description: Total number of pages based on limit limit: type: integer description: Number of items per page - hasPrevious: + has_previous: type: boolean description: Indicates if there's a previous page - hasNext: + has_next: type: boolean description: Indicates if there's a next page Error: @@ -4492,7 +4436,47 @@ components: Consents: type: array items: - $ref: '#/components/schemas/DataAgreementRecord/properties/Consents/items' + required: + - ID + - Description + - Value + - Status + type: object + properties: + ID: + description: Identifier for the consent + type: string + Description: + description: Description of the data attribute + type: string + Value: + description: Name of the data attribute + type: string + Status: + required: + - Consented + - TimeStamp + - Days + - Remaining + type: object + properties: + Consented: + type: string + enum: + - Allow + - Disallow + description: Status of the consent for e.g. Allow/Disallow + TimeStamp: + type: string + description: UTC timestamp of when the consent was recorded + Days: + type: integer + format: int32 + description: No of days the consent should be remembered for. + Remaining: + type: integer + format: int32 + description: No of days the consent will expire in. GetConsentsForAllConsentAgreements: required: - ID @@ -4523,7 +4507,7 @@ components: Consents: type: array items: - $ref: '#/components/schemas/DataAgreementRecord/properties/Consents/items' + $ref: '#/components/schemas/GetConsentsByConsentAgreementId/properties/Consents/properties/Consents/items' GetConsents: required: - ID @@ -4555,7 +4539,7 @@ components: Consents: type: array items: - $ref: '#/components/schemas/DataAgreementRecord/properties/Consents/items' + $ref: '#/components/schemas/GetConsentsByConsentAgreementId/properties/Consents/properties/Consents/items' DataRetention: required: - Expiry @@ -4599,77 +4583,40 @@ components: $ref: '#/components/schemas/DataAgreementRecord' DataAgreementRecord: required: - - Purpose - - Count - - Consents - - DataRetention + - data_agreement + - data_agreement_revision + - individual + - opt_in type: object - description: Data agreement record captures the individual consents for an agreement + description: | + A Consent Record expresses consent (as defined in this building block's specification) to a single Agreement. + There must be a UNIQUE constraint on (agreement_revision, individual) properties: - Purpose: + id: + type: string + format: uuid + example: f47ac10b-58cc-4372-a567-0e02b2c3d479 + description: | + Objects may be passed back by some API endpoints without an id (PK), denoting that they are a \"draft\", + i.e. a ConsentRecord that is not yet stored in the database and only exist in transit. + Draft ConsentRecords do not have a Revision, but if paired up with a Signature, a valid Revision should be generated. + data_agreement: description: Data agreement $ref: '#/components/schemas/DataAgreement' - Count: - description: Count of data attributes for which consent has to be obtained - $ref: '#/components/schemas/GetConsentsByConsentAgreementId/properties/Consents/properties/Count' - Consents: - type: array - description: Count of data attributes for which consent has to be obtained - items: - required: - - ID - - Description - - Value - - Status - type: object - properties: - ID: - description: Identifier for the consent - type: string - Description: - description: Description of the data attribute - type: string - Value: - description: Name of the data attribute - type: string - Status: - required: - - Consented - - TimeStamp - - Days - - Remaining - type: object - properties: - Consented: - type: string - enum: - - Allow - - Disallow - description: Status of the consent for e.g. Allow/Disallow - TimeStamp: - type: string - description: UTC timestamp of when the consent was recorded - Days: - type: integer - format: int32 - description: No of days the consent should be remembered for. - Remaining: - type: integer - format: int32 - description: No of days the consent will expire in. - DataRetention: - required: - - Expiry - type: object - description: Data retention settings - properties: - Expiry: - type: string - description: Data retention expiry in UTC timestamp - DataAgreementRecordRevision: - $ref: '#/components/schemas/DataAgreementRecordRevision' - description: | - A generic revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing. Aside from successor column, a revision should be considered locked. + data_agreement_revision: + description: Data agreement revision + $ref: '#/paths/~1v1~1audit~1consentrecords/get/responses/200/content/application~1json/schema/properties/data_agreement_record/properties/data_agreement_revision/properties/successor' + individual: + description: Individual to whom this data agreement record belongs to + $ref: '#/components/schemas/Individual' + opt_in: + type: boolean + description: 'True: The individual has positively opted in. False: The individual has explicitly said no (or withdrawn a previous consent).' + state: + type: string + description: 'The state field is used to record state changes after-the-fact. It is maintained by the Consent BB itself. Valid states: unsigned/pending more signatures/signed' + signature: + $ref: '#/components/schemas/Signature' DataAgreementRecordRevision: type: object description: | @@ -5077,60 +5024,52 @@ components: Comment: '' Individual: required: - - ID - - Name - - IamID - - Email - - Phone - - ImageID - - ImageURL - - LastVisit - - Client - - Orgs + - id + - iamId + - orgs - APIKey - Roles - IncompleteProfile type: object + description: | + Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). + An Individual instance of this model is not to be mistaken with a unique natural individual. + It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent agreements. properties: - ID: - type: string - Name: - type: string - IamID: + id: type: string - Email: + name: type: string - Phone: + description: Name of the individual + iamId: type: string - ImageID: + description: Consent BB specific IAM ID + external_id: type: string - ImageURL: + format: '' + example: '' + description: 'Reference to another foundational/functional ID, which is likely PII' + external_id_type: type: string - LastVisit: + format: '' + example: '' + description: External id type specifier. A string. For instance "email" or "foundational id". Can be used in later queries. + lastVisit: type: string - Client: - required: - - Token - - Type - type: object - properties: - Token: - type: string - Type: - type: integer - format: int32 - Orgs: + description: Last logged-in time + orgs: type: array items: type: string - APIKey: - type: string - Roles: + description: Organisation ID + roles: type: array items: type: string - IncompleteProfile: + description: Role ID and organisation ID + incompleteProfile: type: boolean + description: Indicates whether the profile is incomplete or not Organisation: required: - ID @@ -5642,78 +5581,181 @@ components: title: Data agreement type: object description: | - The Data Agreement Vocabulary provides terms to describe and represent information related to processing of personal data based on established requirements such as for the EU General Data Protection Regulation (GDPR). + A data agreement contains the specification of a single purpose that can be consented to. + A data greement is universal and can be consented to by *many* individuals through a data agreement record. + required: + - id + - version + - lawful_basis + - dpia properties: - language: + id: type: string - description: Language code for e.g. en-gb + description: Data agreement identifier version: type: string - description: Version number of the data agreement - dataControllerName: - type: string - description: An organisation constituted as a legally defined entity in any jurisdiction. - dataControllerUrl: - type: string - description: Organisation or data controller URL. - dataPolicy: - description: Encapsulate the data policies used in the use of personal data. - $ref: '#/components/schemas/GlobalDataPolicyConfiguration' + description: The version of this specification to which a data agreement conforms + data_controller: + description: Data source organisation details + type: object + required: + - id + - name + - url + properties: + id: + type: string + format: '' + example: '' + description: '' + name: + type: string + description: Name of data controller (may be omitted if no data involved) + url: + type: string + description: URL of data controller (may be omitted if no data involved) + data_policy: + description: Global policy configuration + type: object + required: + - id + - name + - version + - url + properties: + id: + type: string + format: '' + example: '' + description: Policy ID + name: + type: string + format: '' + example: '' + description: Name of the policy + version: + type: string + format: '' + example: '' + description: Version of the policy + url: + type: string + format: '' + example: '' + description: 'Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time.' + jurisdiction: + type: string + format: '' + example: '' + description: 'Indicates a legal jurisdiction, e.g. of some legislation, or where some government service is based.' + industry_sector: + type: string + format: '' + example: '' + description: Indicate or restrict scope for interpretation and application of purpose in a domain. + data_retention_period_days: + type: integer + format: '' + example: '' + description: 'The amount of time that an organization holds onto any personal data, in days.' + geographic_restriction: + type: string + format: '' + example: '' + description: The geographic restrictions required or followed regarding storage of data. + storage_location: + type: string + format: '' + example: '' + description: The geographic location where the personal data is stored purpose: - description: | - Describes the purpose for which a data controller (Data Source or Data Using Service) uses personal data for. This is also the purpose for which the data agreeent is being formulated - type: string - purposeDescription: - description: | - Provides description of the purpose for which the personal data us used, comprehensive to the individual whose data is being used by the data controller. - type: string - lawfulBasis: - description: | - An organization processing personal data to have a valid lawful basis for that personal data processing activity. GDPR, for e.g., consent, legal_obligation, contract, vital_interest, public_task and legitimate_interest. + description: Purpose of an agreement + type: object + required: + - id + - name + - description + properties: + id: + type: string + format: '' + example: '' + description: '' + name: + type: string + format: '' + example: '' + description: Name of purpose + description: + type: string + format: '' + example: '' + description: Description of purpose + hash: + type: string + format: '' + example: '' + description: 'In order to sign an Agreement, this relation needs to have a cryptopgraphic hash to be included in the Signature of the Agreement.' + lawful_basis: type: string - methodOfUse: - description: | - This is used to describe whether controller is using personal data for internal purposes of for data exchange towards an external third party. Data exchange could be for exposing data (as a Data Source) or consuming data as a Data Using Service. + description: Lawful basis of the data agreement + enum: + - consent + - legal_obligation + - contract + - vital_interest + - public_task + - legitimate_interest + method_of_use: type: string - dataAttributes: description: | - Encapsulates the attributes used for the the usage purpose defined. Its an array of personal data attributes. - type: array - items: - $ref: '#/components/schemas/DataAttribute' + Method of use indicates the data exchange mode of data agreement. + When the data controller wishes to expose the data for consumption it should be data-source. + When the data controller wishes to consume the data it should be data-using-service + num: + - null + - data-source + - data-using-service dpia: - description: Encapsulate the organisation performing the Data Protection Impact Assessment + description: Data Protection Impact Assessment + title: Data agreement type: object + required: + - dpia_timestamp + - dpia_summary_url properties: - dpiaDate: - description: The date on which the DPIA report is generated after a DPIA. + dpia_timestamp: type: string - dpiaSummaryUrl: - description: | - The URl providing the DPIA result reports, summary etc that can be verified by any interested parties. + description: UTC timestamp in epoch seconds when the DPIA was performed + dpia_summary_url: type: string + description: URL to the DPIA summary + lifecycle: + type: object + description: 'TBD: Models the valid lifecycle states of an Agreement' required: - - dpiaDate - - dpiaSummaryUrl - isPublished: - description: Is the data agreement published towards individuals or not - type: boolean - proof: + - id + - name + properties: + id: + type: string + description: Data agreement lifecycle ID + name: + type: string + description: Definition / Preparation / Capture / Proof + enum: + - definition + - preparation + - capture + - proof + signature: $ref: '#/components/schemas/Signature' - required: - - language - - version - - dataControllerName - - dataControllerUrl - - dataPolicy - - purpose - - purposeDescription - - lawfulBasis - - methodOfUse - - dpia - - dataSubjectDid - - proof - - isPublished + active: + type: boolean + description: Agreement is active and new ConsentRecords can be created. + forgettable: + type: boolean + description: 'Consent Record may be deleted when consent is withdrawn, as its existence is not necessary for auditability.' GlobalDataPolicyConfiguration: type: object description: Global data policy configuration for the organisation @@ -5757,33 +5799,72 @@ components: - thirdPartyDataSharing Signature: type: object - description: Digital signature to secure the integrity of the data agreement + description: | + A generic signature contains a cryptographic hash of some value, together with a signature created by some private key in another system. + Required signing methods: Revision object or another Signature object. + required: + - id + - payload + - signature + - verification_method + - verification_hash + - verification_signed_by + - timestamp properties: id: type: string - description: Identifier of the proof - type: + format: uuid + description: 'Objects may be passed back by some API endpoints without an id (PK), denoting that they are a "draft", i.e. a Signature that is not yet stored in the database and only exist in transit.' + payload: type: string - description: Type of the proof - created: - description: Creation time in UTC timestamp + format: '' + example: '' + description: 'The payload that is signed, constructed as a serialization of fields verification_method + verification_hash + verification_artifact + verification_signed_by + verification_jws_header. Serialized as a JSON dict.' + signature: type: string - verificationMethod: - description: Method of verification for the proof + format: '' + example: '' + description: 'Signature (of payload), the format of the signature should be specified by either verification_method or verification_jws_header' + verification_method: type: string - proofPurpose: - description: Purpose of the proof + format: '' + example: '' + description: 'A well-known string denoting which method is used. Valid values: . We might expand this with a relation to which verification methods that are supported. There may be a minimal set of supported methods necessary.' + verification_hash: type: string - proofValue: - description: Value of the proof (Signature digest) + format: '' + example: '' + description: Internally generated cryptographic hash of the value to be signed. The hash is (re)produced from the object_type and object_reference - but from the serialized data of those. + verification_artifact: type: string - required: - - id - - type - - created - - verificationMethod - - proofPurpose - - proofValue + format: '' + example: '' + description: 'A verification artifact in the form of a scanned object, image, signature etc.' + verification_signed_by: + type: string + format: '' + example: '' + description: 'Because an identifier''s information may change over time, there is a need to store that information at the time of signing. In case of a cryptographic signature, this field should contain some identifier for looking up or verifying the public key of the signing party. In case of a non-cryptographic signature, this field could contain a natural individual''s names, personal number, email addresses - store a snapshot that binds to the signature at the time of signing. In case of a cryptographic signature, this may be the fingerprint of the individual''s public key or in some cases, a token from the user''s ID session.' + verification_jws_header: + type: string + format: '' + example: '' + description: 'Alternative to the verification_method, verification_hash and verification_signature, give a JWS serialized object (RFC7515)' + timestamp: + type: string + format: '' + example: '' + description: 'Timestamp of signature, currently this field isn''t part of the payload so it''s not tamper-proof.' + object_type: + type: string + format: '' + example: '' + description: 'Name of the schema model that object_reference points to. Values: "signature" or "revision"' + object_reference: + type: string + format: '' + example: '' + description: 'A symmetric relation / back reference to the object_type that was signed. We are currently just modelling signing another signature (a chain) or signing a Revision (which can be a revision of a consent record, an agreement, policy etc)' securitySchemes: BearerAuth: description: Access token passed with Bearer prefix in Authorization header diff --git a/openapi/v2023.8.2/definitions/DPIA.yaml b/openapi/v2023.8.2/definitions/DPIA.yaml new file mode 100644 index 0000000..0861977 --- /dev/null +++ b/openapi/v2023.8.2/definitions/DPIA.yaml @@ -0,0 +1,14 @@ +title: Data agreement +type: object +description: DPIA details +required: + - dpia_timestamp + - dpia_summary_url +properties: + dpia_timestamp: + type: string + description: UTC timestamp in epoch seconds when the DPIA was performed + + dpia_summary_url: + type: string + description: URL to the DPIA summary diff --git a/openapi/v2023.8.2/definitions/DataAgreement.yaml b/openapi/v2023.8.2/definitions/DataAgreement.yaml index 4e58f3a..259d52b 100644 --- a/openapi/v2023.8.2/definitions/DataAgreement.yaml +++ b/openapi/v2023.8.2/definitions/DataAgreement.yaml @@ -1,82 +1,70 @@ title: Data agreement type: object -description: > - The Data Agreement Vocabulary provides terms to describe and represent information related to - processing of personal data based on established requirements such as for the EU General Data - Protection Regulation (GDPR). +description: | + A data agreement contains the specification of a single purpose that can be consented to. + A data greement is universal and can be consented to by *many* individuals through a data agreement record. +required: + - id + - version + - lawful_basis + - dpia properties: - language: + id: type: string - description: Language code for e.g. en-gb + description: "Data agreement identifier" + version: type: string - description: Version number of the data agreement - dataControllerName: - type: string - description: An organisation constituted as a legally defined entity in any jurisdiction. - dataControllerUrl: - type: string - description: Organisation or data controller URL. - dataPolicy: - description: Encapsulate the data policies used in the use of personal data. - $ref: "./GlobalDataPolicyConfiguration.yaml" + description: "The version of this specification to which a data agreement conforms" + + data_controller: + $ref: "./DataController.yaml" + description: "Data source organisation details" + + data_policy: + $ref: "./DataPolicy.yaml" + description: "Global policy configuration" + purpose: - description: > - Describes the purpose for which a data controller (Data Source or Data Using Service) uses personal data for. - This is also the purpose for which the data agreeent is being formulated - type: string - purposeDescription: - description: > - Provides description of the purpose for which the personal data us used, - comprehensive to the individual whose data is being used by the data controller. - type: string - lawfulBasis: - description: > - An organization processing personal data to have a valid lawful basis for that personal data processing activity. GDPR, - for e.g., consent, legal_obligation, contract, vital_interest, public_task and legitimate_interest. + $ref: "./Purpose.yaml" + description: "Purpose of an agreement" + + lawful_basis: type: string - methodOfUse: - description: > - This is used to describe whether controller is using personal data for internal purposes of for data exchange towards an external third party. - Data exchange could be for exposing data (as a Data Source) or consuming data as a Data Using Service. + description: "Lawful basis of the data agreement" + enum: + - consent + - legal_obligation + - contract + - vital_interest + - public_task + - legitimate_interest + + method_of_use: type: string - dataAttributes: - description: > - Encapsulates the attributes used for the the usage purpose defined. - Its an array of personal data attributes. - type: array - items: - $ref: "./DataAttribute.yaml" + description: | + Method of use indicates the data exchange mode of data agreement. + When the data controller wishes to expose the data for consumption it should be data-source. + When the data controller wishes to consume the data it should be data-using-service + num: + - null + - data-source + - data-using-service + dpia: - description: Encapsulate the organisation performing the Data Protection Impact Assessment - type: object - properties: - dpiaDate: - description: The date on which the DPIA report is generated after a DPIA. - type: string - dpiaSummaryUrl: - description: > - The URl providing the DPIA result reports, summary etc that can be verified by any interested parties. - type: string - required: - - dpiaDate - - dpiaSummaryUrl - isPublished: - description: Is the data agreement published towards individuals or not - type: boolean - proof: + description: "Data Protection Impact Assessment" + $ref: "./DPIA.yaml" + + lifecycle: + $ref: "./Lifecycle.yaml" + + signature: $ref: "./Signature.yaml" -required: - - language - - version - - dataControllerName - - dataControllerUrl - - dataPolicy - - purpose - - purposeDescription - - lawfulBasis - - methodOfUse - - dpia - - dataSubjectDid - - proof - - isPublished + + active: + type: boolean + description: "Agreement is active and new ConsentRecords can be created." + + forgettable: + type: boolean + description: "Consent Record may be deleted when consent is withdrawn, as its existence is not necessary for auditability." diff --git a/openapi/v2023.8.2/definitions/DataAgreementRecord.yaml b/openapi/v2023.8.2/definitions/DataAgreementRecord.yaml index 43e7706..7b3d35e 100644 --- a/openapi/v2023.8.2/definitions/DataAgreementRecord.yaml +++ b/openapi/v2023.8.2/definitions/DataAgreementRecord.yaml @@ -1,34 +1,35 @@ required: - - Purpose - - Count - - Consents - - DataRetention + - data_agreement + - data_agreement_revision + - individual + - opt_in type: object -description: Data agreement record captures the individual consents for an agreement +description: | + A Consent Record expresses consent (as defined in this building block's specification) to a single Agreement. + There must be a UNIQUE constraint on (agreement_revision, individual) properties: - Purpose: + id: + type: string + format: uuid + example: "f47ac10b-58cc-4372-a567-0e02b2c3d479" + description: | + Objects may be passed back by some API endpoints without an id (PK), denoting that they are a \"draft\", + i.e. a ConsentRecord that is not yet stored in the database and only exist in transit. + Draft ConsentRecords do not have a Revision, but if paired up with a Signature, a valid Revision should be generated. + data_agreement: description: Data agreement $ref: "./DataAgreement.yaml" - Count: - description: Count of data attributes for which consent has to be obtained - $ref: "./ConsentCount.yaml" - Consents: - type: array - description: Count of data attributes for which consent has to be obtained - items: - $ref: "./Consent.yaml" - DataRetention: - required: - - Expiry - type: object - description: "Data retention settings" - properties: - Expiry: - type: string - description: "Data retention expiry in UTC timestamp" - DataAgreementRecordRevision: - $ref: "./DataAgreementRecordRevision.yaml" - description: > - A generic revision model captures the serialized contents of any shema's single row. - This is then subject to 1) cryptographic signature and 2) auditing. Aside from successor column, a - revision should be considered locked. + data_agreement_revision: + description: Data agreement revision + $ref: "./Revision.yaml" + individual: + description: Individual to whom this data agreement record belongs to + $ref: "./Individual.yaml" + opt_in: + type: boolean + description: "True: The individual has positively opted in. False: The individual has explicitly said no (or withdrawn a previous consent)." + state: + type: string + description: "The state field is used to record state changes after-the-fact. It is maintained by the Consent BB itself. Valid states: unsigned/pending more signatures/signed" + signature: + $ref: "./Signature.yaml" diff --git a/openapi/v2023.8.2/definitions/DataController.yaml b/openapi/v2023.8.2/definitions/DataController.yaml new file mode 100644 index 0000000..ad66118 --- /dev/null +++ b/openapi/v2023.8.2/definitions/DataController.yaml @@ -0,0 +1,20 @@ +type: object +description: "Details of a data controller." +required: + - id + - name + - url +properties: + id: + type: string + format: "" + example: "" + description: "" + + name: + type: string + description: "Name of data controller (may be omitted if no data involved)" + + url: + type: string + description: "URL of data controller (may be omitted if no data involved)" diff --git a/openapi/v2023.8.2/definitions/DataPolicy.yaml b/openapi/v2023.8.2/definitions/DataPolicy.yaml new file mode 100644 index 0000000..bde57a0 --- /dev/null +++ b/openapi/v2023.8.2/definitions/DataPolicy.yaml @@ -0,0 +1,63 @@ +type: object +description: | + A policy governs data and Agreement in the realm of an organisation that is + refered to as "data controller" (GDPR) and owner of referencing Agreements. +required: + - id + - name + - version + - url +properties: + id: + type: string + format: "" + example: "" + description: "Policy ID" + + name: + type: string + format: "" + example: "" + description: "Name of the policy" + + version: + type: string + format: "" + example: "" + description: "Version of the policy" + + url: + type: string + format: "" + example: "" + description: "Permanent URL at which this very version of the Policy can be read, should not be allowed to change over time." + + jurisdiction: + type: string + format: "" + example: "" + description: "Indicates a legal jurisdiction, e.g. of some legislation, or where some government service is based." + + industry_sector: + type: string + format: "" + example: "" + description: "Indicate or restrict scope for interpretation and application of purpose in a domain." + + data_retention_period_days: + type: integer + format: "" + example: "" + description: "The amount of time that an organization holds onto any personal data, in days." + + geographic_restriction: + type: string + format: "" + example: "" + description: "The geographic restrictions required or followed regarding storage of data." + + storage_location: + type: string + format: "" + example: "" + description: "The geographic location where the personal data is stored" diff --git a/openapi/v2023.8.2/definitions/Individual.yaml b/openapi/v2023.8.2/definitions/Individual.yaml index 180efd1..b0b8470 100644 --- a/openapi/v2023.8.2/definitions/Individual.yaml +++ b/openapi/v2023.8.2/definitions/Individual.yaml @@ -1,55 +1,47 @@ required: - - ID - - Name - - IamID - - Email - - Phone - - ImageID - - ImageURL - - LastVisit - - Client - - Orgs + - id + - iamId + - orgs - APIKey - Roles - IncompleteProfile type: object +description: | + Shallowly models an Individual which may reference some instance in an external system (registration system, functional ID, foundational ID etc). + An Individual instance of this model is not to be mistaken with a unique natural individual. + It is up to the system owner to decide if this record permits mapping to a natural individual and/or if a single Individual row can map to several consent agreements. properties: - ID: + id: type: string - Name: + name: type: string - IamID: + description: "Name of the individual" + iamId: type: string - Email: + description: "Consent BB specific IAM ID" + external_id: type: string - Phone: + format: "" + example: "" + description: "Reference to another foundational/functional ID, which is likely PII" + external_id_type: type: string - ImageID: + format: "" + example: "" + description: "External id type specifier. A string. For instance \"email\" or \"foundational id\". Can be used in later queries." + lastVisit: type: string - ImageURL: - type: string - LastVisit: - type: string - Client: - required: - - Token - - Type - type: object - properties: - Token: - type: string - Type: - type: integer - format: int32 - Orgs: + description: "Last logged-in time" + orgs: type: array items: type: string - APIKey: - type: string - Roles: + description: "Organisation ID" + roles: type: array items: type: string - IncompleteProfile: + description: "Role ID and organisation ID" + incompleteProfile: type: boolean + description: "Indicates whether the profile is incomplete or not" diff --git a/openapi/v2023.8.2/definitions/Lifecycle.yaml b/openapi/v2023.8.2/definitions/Lifecycle.yaml new file mode 100644 index 0000000..e26d13f --- /dev/null +++ b/openapi/v2023.8.2/definitions/Lifecycle.yaml @@ -0,0 +1,18 @@ +type: object +description: "TBD: Models the valid lifecycle states of an Agreement" +required: + - id + - name +properties: + id: + type: string + description: "Data agreement lifecycle ID" + + name: + type: string + description: "Definition / Preparation / Capture / Proof" + enum: + - definition + - preparation + - capture + - proof diff --git a/openapi/v2023.8.2/definitions/Log.yaml b/openapi/v2023.8.2/definitions/Log.yaml index f20b987..d83868c 100644 --- a/openapi/v2023.8.2/definitions/Log.yaml +++ b/openapi/v2023.8.2/definitions/Log.yaml @@ -1,6 +1,4 @@ type: object -required: - - message properties: logs: description: Log object captures an event occured in the system. For e.g. Organisation admin logs, webhook event logs e.t.c @@ -14,10 +12,10 @@ properties: type: type: integer description: Type integer - typeStr: + type_str: type: string description: Type string for a log. for .e.g. webhooks, organisation_admin e.t.c - individualId: + individual_id: type: string description: User ID username: diff --git a/openapi/v2023.8.2/definitions/Pagination.yaml b/openapi/v2023.8.2/definitions/Pagination.yaml index 54e4483..f4d4d1b 100644 --- a/openapi/v2023.8.2/definitions/Pagination.yaml +++ b/openapi/v2023.8.2/definitions/Pagination.yaml @@ -1,21 +1,21 @@ description: Pagination type: object properties: - currentPage: + current_page: type: integer description: Current page number - totalItems: + total_items: type: integer description: Total number of items available - totalPages: + total_pages: type: integer description: Total number of pages based on limit limit: type: integer description: Number of items per page - hasPrevious: + has_previous: type: boolean description: Indicates if there's a previous page - hasNext: + has_next: type: boolean description: Indicates if there's a next page diff --git a/openapi/v2023.8.2/definitions/Purpose.yaml b/openapi/v2023.8.2/definitions/Purpose.yaml new file mode 100644 index 0000000..12e824a --- /dev/null +++ b/openapi/v2023.8.2/definitions/Purpose.yaml @@ -0,0 +1,30 @@ +type: object +description: "TBD: Models the purpose of an agreement" +required: + - id + - name + - description +properties: + id: + type: string + format: "" + example: "" + description: "" + + name: + type: string + format: "" + example: "" + description: "Name of purpose" + + description: + type: string + format: "" + example: "" + description: "Description of purpose" + + hash: + type: string + format: "" + example: "" + description: "In order to sign an Agreement, this relation needs to have a cryptopgraphic hash to be included in the Signature of the Agreement." diff --git a/openapi/v2023.8.2/definitions/Revision.yaml b/openapi/v2023.8.2/definitions/Revision.yaml new file mode 100644 index 0000000..79dfb43 --- /dev/null +++ b/openapi/v2023.8.2/definitions/Revision.yaml @@ -0,0 +1,46 @@ +type: object +description: "A *generic* revision model captures the serialized contents of any shema's single row. This is then subject to 1) cryptographic signature and 2) auditing.\n\nAside from \"successor\" column, a revision should be considered locked." +required: + - id + - schemaName + - objectId + - serializedSnapshot + - timestamp +properties: + id: + type: string + description: "Revision ID" + + schemaName: + type: string + description: "" + + objectId: + type: string + description: "" + + serializedSnapshot: + type: string + description: "" + + timestamp: + type: string + description: "UTC timestamp in epoch seconds" + + authorizedByIndividual: + $ref: "./Individual.yaml" + + authorizedByOther: + type: string + description: "Reference to an admin user that has created this revision" + + successor: + $ref: "./Revision.yaml" + + predecessorHash: + type: string + description: "Tamper-resistent artifact from previous record" + + predecessorSignature: + type: string + description: "Tamper-resistent artifact from previous record (we don't know if the previous record was signed or not)" diff --git a/openapi/v2023.8.2/definitions/Signature.yaml b/openapi/v2023.8.2/definitions/Signature.yaml index 875d7e0..9a91b25 100644 --- a/openapi/v2023.8.2/definitions/Signature.yaml +++ b/openapi/v2023.8.2/definitions/Signature.yaml @@ -1,28 +1,77 @@ type: object -description: Digital signature to secure the integrity of the data agreement +description: | + A generic signature contains a cryptographic hash of some value, together with a signature created by some private key in another system. + Required signing methods: Revision object or another Signature object. +required: + - id + - payload + - signature + - verification_method + - verification_hash + - verification_signed_by + - timestamp properties: id: type: string - description: Identifier of the proof - type: + format: uuid + description: 'Objects may be passed back by some API endpoints without an id (PK), denoting that they are a "draft", i.e. a Signature that is not yet stored in the database and only exist in transit.' + + payload: type: string - description: Type of the proof - created: - description: Creation time in UTC timestamp + format: "" + example: "" + description: "The payload that is signed, constructed as a serialization of fields verification_method + verification_hash + verification_artifact + verification_signed_by + verification_jws_header. Serialized as a JSON dict." + + signature: type: string - verificationMethod: - description: Method of verification for the proof + format: "" + example: "" + description: "Signature (of payload), the format of the signature should be specified by either verification_method or verification_jws_header" + + verification_method: type: string - proofPurpose: - description: Purpose of the proof + format: "" + example: "" + description: "A well-known string denoting which method is used. Valid values: . We might expand this with a relation to which verification methods that are supported. There may be a minimal set of supported methods necessary." + + verification_hash: type: string - proofValue: - description: Value of the proof (Signature digest) + format: "" + example: "" + description: "Internally generated cryptographic hash of the value to be signed. The hash is (re)produced from the object_type and object_reference - but from the serialized data of those." + + verification_artifact: type: string -required: - - id - - type - - created - - verificationMethod - - proofPurpose - - proofValue + format: "" + example: "" + description: "A verification artifact in the form of a scanned object, image, signature etc." + + verification_signed_by: + type: string + format: "" + example: "" + description: "Because an identifier's information may change over time, there is a need to store that information at the time of signing. In case of a cryptographic signature, this field should contain some identifier for looking up or verifying the public key of the signing party. In case of a non-cryptographic signature, this field could contain a natural individual's names, personal number, email addresses - store a snapshot that binds to the signature at the time of signing. In case of a cryptographic signature, this may be the fingerprint of the individual's public key or in some cases, a token from the user's ID session." + + verification_jws_header: + type: string + format: "" + example: "" + description: "Alternative to the verification_method, verification_hash and verification_signature, give a JWS serialized object (RFC7515)" + + timestamp: + type: string + format: "" + example: "" + description: "Timestamp of signature, currently this field isn't part of the payload so it's not tamper-proof." + + object_type: + type: string + format: "" + example: "" + description: 'Name of the schema model that object_reference points to. Values: "signature" or "revision"' + + object_reference: + type: string + format: "" + example: "" + description: "A symmetric relation / back reference to the object_type that was signed. We are currently just modelling signing another signature (a chain) or signing a Revision (which can be a revision of a consent record, an agreement, policy etc)" diff --git a/openapi/v2023.8.2/index.html b/openapi/v2023.8.2/index.html index 3bcfd63..7b27c82 100644 --- a/openapi/v2023.8.2/index.html +++ b/openapi/v2023.8.2/index.html @@ -79,6 +79,8 @@ regular-font="Hind" font-size="large" mono-font="Roboto Mono" + schema-expand-level="1" + default-schema-tab="schema" >