Axa Assurance Maroc - Insurer Innovation Award 2024
SegapRESTAPI1.0 specifications
1. SEGAP REST API 1.0
1. Assumptions
2. Base URL
{segap_host}/segap/{version}
GET
3. Authorization
{base}/authorization/login
POST
{base}/authorization/logout
POST
{base}/authorization/oauth2.0/authorize
GET
{base}/authorization/oauth2.0/token
POST
4. Administration
{base}/users
POST
{base}/users/{user_id}
PUT
DELETE
GET
{base}/games
POST
{base}/games/{game_id}
PUT
DELETE
GET
{base}/games/{game_id}/themes
POST
GET
DELETE
{base}/games/{game_id}/themes/{theme_id}
DELETE
GET
{base}/games/{game_id}/themes/{theme_id}/entities
POST
DELETE
GET
1
7. Token flow:
these parameters are passed in the URL fragment (after the # in the URL):
1. access_token a token which can be used to make calls to the
SEGAP REST API;
2. token_type the type of the token, values: game, supplier,
administrator;
3. user_id the SEGAP user ID of the authorized user.
example:
{redirect_uri}#access_token=jskajsueu12bdj&token_type=game&user_id=y2k
In either flow, if an error occurs, including if the user has chosen not to
authorize the app, the following parameters will be included in the redirect URI:
1. error an error code per Section 4.1.2.1 of the OAuth 2.0 spec;
2. error_description a userfriendly description of the error that
occurred.
description
Provides authorize support as per RFC 6749 OAuth2.0 specifications.
url
{base}/authorization/oauth2.0/token
method
POST
parameters
code (required) The code acquired by directing users to
{base}/oauth2.0/authorize?response_type=code.
grant_type (required) The grant type, which must be authorization_code.
client_id (required) The client unique identifier.
client_secret (required) This is the client secret.
redirect_uri Only used to validate that it matches the original
{base}/oauth2.0/authorize, not used to redirect again.
content
Not required.
http codes
200 OK standard response for successful HTTP requests
404 Not found requested resource could not be found
405 Method not supported request method not supported by that resource
500 Internal server error server error message describing the error
returns
It returns information including an access token (access_token), token type
(token_type), and SEGAPuser ID (user_id). This info is presented in RDF/XML
format.
description
Provides token support as per RFC 6749 OAuth2.0 specifications.
4. Administration
7