1click-api 中文文档教程
1click-api 
Handlers
Merchant
需要一个有效的商家 ApiKey 需要标头 Authorization: Bearer
Oyst
需要标头 Oyst-Authorization: Oyst
其中 是一个 base64 编码的 stringified object
{
"m": "<MERCHANT_ID>",
"t": "<MERCHANT_TOKEN>" // Generated by `POST` /orders/authorize
}
Sessions
Needs header oyst-session</
code> 如果 header 不存在则返回 403
Routes
Error handling
当调用此 API 除了内部错误,API 应该返回一个 json
{
"success": false,
"error": {
"status": "<API-SHORT-CODE>-<ERROR-CODE>",
"status_text": "<ERROR-MSG-USING-i18n>"
}
}
POST /orders/authorize
处理服务器到服务器的 oneclick 身份验证。 此路由应由商家在 function getOneclickUrl() 期间调用。 返回 iframe url。
Payload:
Joi.object({
product_reference: Joi.string().required(),
variation_reference: Joi.string().optional(),
user: Joi.object().optional(),
quantity: Joi.number().integer().default(1)
})
Handler: merchant
Returns
403on authentication failure- On success
{
"success": true,
"url": "http://url_to_front_application"
}
GET /version
信息在 package.json
Returns
{
"name": "APPLICATION_NAME",
"version": "APPLICATION_VERSION"
}
POST /orders
已知用户时处理订单创建。
它调用:
- payment-api
- user-api
- catalog-api
Payload
Joi.object({
encrypted_card: Joi.string().required()
}).allow(null)
encrypted_card 只应在用户更改他的卡时发送
Handler: Oyst Session
Returns
{
"success": true,
"id": "ORDER_UUID",
"product": {},
"user": {},
"order": {}
}
DELETE /orders/{:id}
删除特定订单并清理相关会话
它调用:
- payment-api
- user-api
- catalog-api
QueryParams
Joi.object({
id: Joi.string().guid().required()
})
Handler: Oyst Session
Returns
{
"success": true
}
GET /users
使用电话号码检查用户是否存在。 如果找到,将发送带有链接的短信
QueryParams
Joi.object({
phone: phoneRule.phone().mobile().required()
})
其中 phoneRule 是 npm 包 joi-phone-validator
Handler: Oyst
Returns
{
"success": true, // When user is found or false otherwhise
"sms": true, // Or false if sms was not send
"channel": "PUSHER_CHANNEL_TO_LISTEN_TO",
"event": "PUSHER_EVENT_TO_LISTEN_TO",
"phone": "+33601020304",
"can_retry": true // false if limit is reached
}
POST /users/card
当找不到用户时调用。 将 encrypted_card 存储在 REDIS 会话中。 然后发送带有显示代码链接的短信。 像 3DS
Payload
Joi.object({
encrypted_card: Joi.string().required()
})
Handler: Oyst
Returns
{
"success": true, // Or false if sms was not send
"channel": "PUSHER_CHANNEL_TO_LISTEN_TO",
"event": "PUSHER_EVENT_TO_LISTEN_TO",
"phone": "+33601020304",
"can_retry": true, // false if limit is reached
"code": true
}
GET /users/phone/mfa
当用户点击 SMS 链接时激活代码
QueryParams
Joi.object({
id: Joi.string().guid().required(),
p: phoneRule.phone().mobile().required()
})
其中 phoneRule 是 npm 包 joi-phone-validator
Returns
重定向到 ${DISPLAY_CODE_URL}?${Querystring .stringify({ id, phone: p })} 其中 DISPLAY_CODE_URL 是 ReactAPP 的 url,用于在手机上显示代码
POST /users/phone/valid
当用户点击 SMS 链接时激活手机。 发送 PUSHER_EVENT 成功。
- Remove phone from
PhoneSession - Remove short-link from the
PhoneChecker
Payload
Joi.object({
id: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required(),
session: Joi.string().guid().required(),
user_id: Joi.string().guid().required()
})
其中 phoneRule 是 npm 包 joi-phone-validator
Returns
重定向到 PHONE_SUCCESS_URL 是成功的静态 url
GET /mfa
- Get the code from
PhoneChecker - Send
PUSHER_EVENTon success with paramscode: true and uuid
QueryParams
Joi.object({
id: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required()
})
Where phoneRule 是 npm 包 joi-phone-validator
Returns
{
"code": "SECRET_CODE",
"success": true
}
POST /mfa/codes
- Get the code from
PhoneChecker - Send
PUSHER_EVENTon success with paramscode: true and uuid
Payload
Joi.object({
code: Joi.string().required(),
uuid: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required()
})
其中 phoneRule 是 npm 包 joi-phone-validator
Returns
{
"success": true,
"can_retry": true // or false when success is false
}
POST /users
- Add card with minimum authorization
- Create the user using user-api
Handler: Oyst Session
Payload
Joi.object({
address: address.required(),
billing_address: address.default(Joi.ref('address')),
email: Joi.string().email().required(),
first_name: Joi.string().required(),
language: Joi.string().length(2).optional(),
last_name: Joi.string().required()
})
其中 address 是
Joi.object({
city: Joi.string().required(),
company_name: allowEmpty,
complementary: allowEmpty,
country: Joi.string().required(),
first_name: Joi.string().required(),
label: Joi.string().required(),
last_name: Joi.string().required(),
postcode: allowEmpty,
region: allowEmpty,
street: Joi.string().required()
})
并且 allowEmpty 是
Joi.string().empty('').optional()
phoneRule 是 npm 包 joi-phone-validator
Returns
{
"success": true,
"user": {}
}
POST /notifications
- Handle payment-api notifications
现在不处理通知这只是有用的为了支付 API 不会崩溃
当 order-api 能够处理支付信息时修复
Payload
Joi.object({
live: Joi.boolean().required(),
notification: Joi.object().keys({
additional_data: Joi.object().optional(),
amount: Joi.object().keys({
currency: Joi.string().required(),
value: Joi.number().required()
}).required(),
event_code: Joi.string().required(),
event_date: Joi.date(),
is_3d: Joi.boolean().required(),
operations: Joi.array().items(Joi.string()).required(),
order_id: Joi.string().required(),
payment_id: Joi.string().guid().required(),
success: Joi.boolean().required(),
}).required()
})
Returns
OK
1click-api
Handlers
Merchant
Needs an valid merchant ApiKey Needs header Authorization: Bearer <APIKEY>
Oyst
Needs header Oyst-Authorization: Oyst <DATA>
Where <DATA> is a base64 encoded stringified object
{
"m": "<MERCHANT_ID>",
"t": "<MERCHANT_TOKEN>" // Generated by `POST` /orders/authorize
}
Sessions
Needs header oyst-session
Returns a 403 if header is not present
Routes
Error handling
When calling this API except for internal errors, the API should return a json
{
"success": false,
"error": {
"status": "<API-SHORT-CODE>-<ERROR-CODE>",
"status_text": "<ERROR-MSG-USING-i18n>"
}
}
POST /orders/authorize
Handle the server to server authentication for the oneclick. This route should be called by the merchant during the function getOneclickUrl(). The iframe url is returned.
Payload:
Joi.object({
product_reference: Joi.string().required(),
variation_reference: Joi.string().optional(),
user: Joi.object().optional(),
quantity: Joi.number().integer().default(1)
})
Handler: merchant
Returns
403on authentication failure- On success
{
"success": true,
"url": "http://url_to_front_application"
}
GET /version
Informations are in package.json
Returns
{
"name": "APPLICATION_NAME",
"version": "APPLICATION_VERSION"
}
POST /orders
Handle the order creation when user is known.
It calls:
- payment-api
- user-api
- catalog-api
Payload
Joi.object({
encrypted_card: Joi.string().required()
}).allow(null)
encrypted_card should be send only when user changes his card
Handler: Oyst Session
Returns
{
"success": true,
"id": "ORDER_UUID",
"product": {},
"user": {},
"order": {}
}
DELETE /orders/{:id}
Delete specific order and clean associated session
It calls:
- payment-api
- user-api
- catalog-api
QueryParams
Joi.object({
id: Joi.string().guid().required()
})
Handler: Oyst Session
Returns
{
"success": true
}
GET /users
Check if user exists using the phone number. If found, sms is send with a link
QueryParams
Joi.object({
phone: phoneRule.phone().mobile().required()
})
Where phoneRule is the npm package joi-phone-validator
Handler: Oyst
Returns
{
"success": true, // When user is found or false otherwhise
"sms": true, // Or false if sms was not send
"channel": "PUSHER_CHANNEL_TO_LISTEN_TO",
"event": "PUSHER_EVENT_TO_LISTEN_TO",
"phone": "+33601020304",
"can_retry": true // false if limit is reached
}
POST /users/card
Called when user is not found. Store the encrypted_card in REDIS Session. Then send a SMS with a link that display a code. Like 3DS
Payload
Joi.object({
encrypted_card: Joi.string().required()
})
Handler: Oyst
Returns
{
"success": true, // Or false if sms was not send
"channel": "PUSHER_CHANNEL_TO_LISTEN_TO",
"event": "PUSHER_EVENT_TO_LISTEN_TO",
"phone": "+33601020304",
"can_retry": true, // false if limit is reached
"code": true
}
GET /users/phone/mfa
Activate the code when user clicked on the SMS link
QueryParams
Joi.object({
id: Joi.string().guid().required(),
p: phoneRule.phone().mobile().required()
})
Where phoneRule is the npm package joi-phone-validator
Returns
Redirects to ${DISPLAY_CODE_URL}?${Querystring.stringify({ id, phone: p })} where DISPLAY_CODE_URL is the url of the ReactAPP to display the code on mobile
POST /users/phone/valid
Activate the phone when user clicked on the SMS link. Send PUSHER_EVENT on success.
- Remove phone from
PhoneSession - Remove short-link from the
PhoneChecker
Payload
Joi.object({
id: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required(),
session: Joi.string().guid().required(),
user_id: Joi.string().guid().required()
})
Where phoneRule is the npm package joi-phone-validator
Returns
Redirects to PHONE_SUCCESS_URL that is the static url of success
GET /mfa
- Get the code from
PhoneChecker - Send
PUSHER_EVENTon success with paramscode: true and uuid
QueryParams
Joi.object({
id: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required()
})
Where phoneRule is the npm package joi-phone-validator
Returns
{
"code": "SECRET_CODE",
"success": true
}
POST /mfa/codes
- Get the code from
PhoneChecker - Send
PUSHER_EVENTon success with paramscode: true and uuid
Payload
Joi.object({
code: Joi.string().required(),
uuid: Joi.string().guid().required(),
phone: phoneRule.phone().mobile().required()
})
Where phoneRule is the npm package joi-phone-validator
Returns
{
"success": true,
"can_retry": true // or false when success is false
}
POST /users
- Add card with minimum authorization
- Create the user using user-api
Handler: Oyst Session
Payload
Joi.object({
address: address.required(),
billing_address: address.default(Joi.ref('address')),
email: Joi.string().email().required(),
first_name: Joi.string().required(),
language: Joi.string().length(2).optional(),
last_name: Joi.string().required()
})
where address is
Joi.object({
city: Joi.string().required(),
company_name: allowEmpty,
complementary: allowEmpty,
country: Joi.string().required(),
first_name: Joi.string().required(),
label: Joi.string().required(),
last_name: Joi.string().required(),
postcode: allowEmpty,
region: allowEmpty,
street: Joi.string().required()
})
and allowEmpty is
Joi.string().empty('').optional()
Where phoneRule is the npm package joi-phone-validator
Returns
{
"success": true,
"user": {}
}
POST /notifications
- Handle payment-api notifications
For now notification are not treated this is only usefull for the payment-api not to crashed
TO FIX when order-api will be able to handle payment informations
Payload
Joi.object({
live: Joi.boolean().required(),
notification: Joi.object().keys({
additional_data: Joi.object().optional(),
amount: Joi.object().keys({
currency: Joi.string().required(),
value: Joi.number().required()
}).required(),
event_code: Joi.string().required(),
event_date: Joi.date(),
is_3d: Joi.boolean().required(),
operations: Joi.array().items(Joi.string()).required(),
order_id: Joi.string().required(),
payment_id: Joi.string().guid().required(),
success: Joi.boolean().required(),
}).required()
})
Returns
OK
