Example Requests and Responses

The following example illustrates how a user and the server communicate using requests and responses.

  1. To obtain an access token and a refresh token, a user sends the HTTP POST request to the Orchestrator /api/token path.

In the request body, the user specifies the following parameters:

Request:

POST https://uwin2012r2.n.local:9898/api/token

 

Request Header:

content-type:application/x-www-form-urlencoded

 

Request Body:

grant_type=password&username=vdro\administrator&password=Password1

The server sends a response in the following format.

Response:

200

Response Body:

{

 "access_token": "0G072fREAFX3G2hIOQYiCLxvx-NvSra2GtQMxUHHPFsh9a3RNmI2R6VI6evgdvIopQSLo6nAy_SvZ6YnQagc5vlJOcSzfMjU3LiRxUuE7VdTydd4Br6mpMCmxaGTIrFhnrhiBKqqVbhcXiVppx-lLOjFzO379fsyyXspmnnuhjzHdlTKTa4V5VDKrtpfoOZyiz1Pa8_r9JtPc0D6vldUbQ-bEskoXkZGbyEOb4kYk8XqLm69GGTmn4bO8_da2fPwH4yjj2yP5vxmTZi3Rto47YyPbW98l2-s4ocd3nJXsHYD-csU1U4zCTzfLENKR_JB",

 "token_type": "bearer",

 "expires_in": 899,

 "refresh_token": "Yp5SaGYSR6ChFkr9T5LJ2PcNNGAR+Df9ixOALtAsOD0="

}

  1. [Applies only if a dedicated client account is required]

To create a client account, the user sends the HTTP POST request to the api/v7.1/Clients endpoint.

In the Authorization header, the user specifies the currently valid access token in the Bearer <access_token> format.

Request:

POST https://uwin2012r2.n.local:9898/api/v7.1/Clients

 

Request Header:

Authorization: Bearer 0G072fREAFX3G2hIOQYiCLxvx-NvSra2GtQMxUHHPFsh9a3RNmI2R6VI6evgdvIopQSLo6nAy_SvZ6YnQagc5vlJOcSzfMjU3LiRxUuE7VdTydd4Br6mpMCmxaGTIrFhnrhiBKqqVbhcXiVppx-lLOjFzO379fsyyXspmnnuhjzHdlTKTa4V5VDKrtpfoOZyiz1Pa8_r9JtPc0D6vldUbQ-bEskoXkZGbyEOb4kYk8XqLm69GGTmn4bO8_da2fPwH4yjj2yP5vxmTZi3Rto47YyPbW98l2-s4ocd3nJXsHYD-csU1U4zCTzfLENKR_JB

The server sends a response in the following format.

Response:

200

Response Body:

{

 "client_id": "4a346f40-d4b6-4ed8-913d-d6e1297a75a4",

 "client_secret": "AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAA88p/hgiPqUG5Ianexa8klAQAAAACAAAAAAAQZgAAAAEAACAAAAAKaqFPz0480AeOmARrLL9l76H8x22PD98B7BSTzkIO8gAAAAAOgAAAAAIAACAAAABPK3q/7A6EWS2KVvXTWiz4O7xrdoPNBk2qiY43MOuGVjAAAACPhL6JAEQCTYTItygVLo8i16ZdzdPXZ3l1KM6XBrDKbEyAKLFHmeb4jV5Deo0jKWNAAAAAdi7slKgOZR6JTqseaK3uHAXOxknjagjBStrZ61EPeYp23R28tlzq6FiZ/JW76XJ4yqHj96t2Q8XSijhzKFV5KA=="

}

  1. [Applies only if a dedicated client account is required]

To obtain an access under the client account, the client sends the HTTP POST request to the Orchestrator /api/token path.

In the body of the request, the client specifies the following parameters:

Request:

POST https://uwin2012r2.n.local:9898/api/token

 

Request Header:

content-type: application/x-www-form-urlencoded

 

Request Body:

grant_type=client_credentials&client_id=58b91a67-4aca-490f-aeac-2ea11eadceaa&client_secret=iGuL5owQoVbN/RfaWYPTjh4QHT+1ylQlqiwKR+PS/jA=

The server sends a response in the following format.

Response:

200

Response Body:

{

"access_token": "RknUZHexLF2i_TyAqusCrT0UwTosECThrK-ZDKCrkLlKClG19Wmrr0CCMvas0wvddmbeVy345I404g52Ck26gDGKI1YuAjI6vYQZf78D_cE6MIrdqF6ckQRZkGtpInk8NO_pwAllhcowDfIgEOHZ39mTvUVVgkMovKrA_4az2E50G1-IRctPcdK3ivrJHrsUaG5oIg69YRrh_uPrFMXYk2xIEfoO8ehNsB_Vm1S_ngjMS2I6DICG4cPQboc7efO3L-BBxwnyj4lNYOSvIztkQxDuYAw5f06efHfwbP_ZksGmRZWUZcHvDVVUJZ3YJiQg7977LeyK9cQ847-nKIwlBw2jRR0MTstsgLIe44RLlyY",

 "token_type": "bearer",

 "expires_in": 899,

 "refresh_token": "aUCl0dAA9FNg1FR3f1ShgzoznDTZIxGKjrtSzIabtoo=",

}

  1. To refresh the pair of tokens, the user or client sends the HTTP POST request to the Orchestrator /api/token path.

In the body of the request, the user or client specifies the following parameters:

Request:

POST https://uwin2012r2.n.local:9898/api/token

 

Request Header:

Content-Type: application/x-www-form-urlencoded

 

Request Body:

grant_type=refresh_token&refresh_token=aUCl0dAA9FNg1FR3f1ShgzoznDTZIxGKjrtSzIabtoo%3D

The server sends a response in the following format.

Response:

200

Response Body:

{

 "access_token": "YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw",

 "token_type": "bearer",

 "expires_in": 899,

 "refresh_token": "vbGuPkz7XLS1p5PQ3EARoGGKJKFMdgBbIi6fH79WQac="

}

  1. To get all client IDs related to the user account, the user sends the HTTP GET request to the api/v7.1/Clients endpoint. The client can get only its own ID using this request.

In the Authorization header, the user or client specifies the currently valid access token in the Bearer <access_token> format.

Request:

GET https://uwin2012r2.n.local:9898/api/v7.1/Clients

 

Request Header:

Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

The server sends a response in the following format.

Response:

200

Response Body:

[

 "4a346f40-d4b6-4ed8-913d-d6e1297a75a4",

 "b2845041-53ce-4335-b157-bcf9b08740c8",

 "98e3c3cc-5945-4b30-9e89-6066e5159502",

 "3ace3638-3810-4f0f-92e6-d700ad5df6ba",

 "06af349a-acba-4f42-9f81-721489bcae4c"

]

  1. To delete a client account, the user sends the HTTP DELETE request to the api/v7.1/Clients endpoint. The client can delete only his own client account using this request.

In the Authorization header, the user or client specifies the currently valid access token in the Bearer <access_token> format.

In the clientId parameter, the user specifies an ID of the client to be deleted, the client specifies its own client ID.

Request:

DELETE https://uwin2012r2.n.local:9898/api/v7.1/Clients?clientId=4a346f40-d4b6-4ed8-913d-d6e1297a75a4

 

Request Header:

Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

The server sends a response in the following format.

Response:

204

  1. To log out, the user or client sends the HTTP DELETE request to the api/token endpoint.

In the Authorization header, the user or client specifies currently valid access token in the Bearer <access_token> format.

Request:

DELETE https://uwin2012r2.n.local:9898/api/token

 

Request Header:

Authorization: Bearer YSEoaL6H9EEyJpnrJ9WhLtzbrrBBYWqMQFDBQuLnp13qGQX6MjNfZ_wriPIRHQrbY-8dYtsWcRZQczIHVuSqbnVb00m-yOihPZZHQ48aP1VcgUtgnYTvtAO3WRJ1cJ8VaIXzsVYKIGrLa1Lm41LsjpMiiPZytkqIUUiphhlXn7Vm10xlTzQUe0TU3HmXK-KD2MiB6qBImaISkEjgCmyIsurSN2mHi1Qo8VlZadnhkBd3v6nD5GEb8Gh4Zw7YAv5klmrnM0iBu7xhev2hVMZvKHGXvGshI3gS24-hIWbSsBGarVnRLSiUzor6QExTGShSa7pIeJWsAtJXLF5a3oSUooUv_YMYe8d5iZEouUuirrw

The server sends a response in the following format.

Response:

204