Account Delta

API Endpoint

Account service for users of Fotbollskanalen, TV4 and C More.

Usage

A client communicates with BB Services authenticated by a BB Token. The Vimond User Token should only be retrieved by services communicating directly with Vimond on the users behalf.

BB Token

The BB Token is in the form of a JWT and should be applied to Account and other authenticated BB services. It is usually applied through the Authorization header.

A BB Token has an expiry time of one year after its creation.

Example contents of a JWT contents:

{
  "exp": 1473083184,
  "iat": 1473072384,
  "iss": "Account Prod",
  "uid": "123455",
  "session_id": "2f74a72a-0304-4ed3-b4b4-e9a9709f9e82"
}
  • exp Expiry time of the token

  • iat Time of issuing the token

  • iss Issuer of the token

  • uid Id of the user the token was issued to

  • session_id Internal id of the session

Get BB Token

  • Option 1 Login through the login mutation with username and password to get a BB Token. Suitable for most cases, eg. desktop and mobile.

  • Option 2 Login through the Activation code service to get a BB Token. Suitable for clients where keyboard input is hard, eg. televisions and set top boxes with remote control as primary input device.

Use BB Token

  1. Add BB Token to requests that need to be authenticated through the Authorization header.

  2. If Account returns an authentication error the BB Token has expired and the user needs to login to get a new BB Token.

Example of authentication error:

{
  "data": {"me": {"session": null}},
  "errors": [
    {
      "code": 15,
      "locations": [{"column": 0, "line": 3}],
      "message": "Authentication required",
      "path": ["me", "session"],
      "source_errors": ["Authentication required"],
      "type": "invalid_session"
    }
  ]
}

Validate BB Token

Use the me query authorized with the token you want to validate and only request session data. This will check if the session_id in the token is still active and not logged out without making extra requests to Vimond.

API

The endpoint is /api.

Required parameter is client.

See GraphiQL for documentation. (This link points to the stage environment.)

Errors

Resource

POST /
Responses200400400
Headers
Content-Type: application/json
Body
{
  "data": {
    "create": null
  },
  "errors": [
    {
      "code": 2,
      "locations": [
        {
          "column": 0,
          "line": 2
        }
      ],
      "message": "Please enter a valid email",
      "path": [
        "create"
      ],
      "source_errors": [
        "Password length should be minimum 4",
        "User Name length should be minimum 4",
        "Please enter a valid email"
      ],
      "type": "email_invalid"
    }
  ]
}
Headers
Content-Type: application/json
Body
{
  "data": {
    "login": null
  },
  "errors": [
    {
      "code": 10,
      "locations": [
        {
          "column": 0,
          "line": 2
        }
      ],
      "message": "Wrong username or password",
      "path": [
        "login"
      ],
      "source_errors": [
        "Incorrect username or password"
      ],
      "type": "invalid_credentials"
    }
  ]
}
Headers
Content-Type: application/json
Body
{
  "data": {
    "userExists": null
  },
  "errors": [
    {
      "code": 21,
      "locations": [
        {
          "column": 0,
          "line": 2
        }
      ],
      "message": "User not found",
      "path": [
        "userExists"
      ],
      "source_errors": [
        "User not found"
      ],
      "type": "user_not_found"
    }
  ]
}

POST/<account_endpoint>

code type message retry? notes
0 generic “Generic error” no In most cases validation errors. Consult the source_errors field for debugging.
1 email_already_in_use “The email is already in use” no
2 email_invalid “Please enter a valid email” no Validation error
3 password_too_short “Password does not meet the minimum length requirement of 8” no Validation error
4 (Deprecated)
5 client_missing “Missing client parameter” no
6 (Deprecated)
7 zip_code_invalid “Invalid zip code” no Validation error
8 bad_vimond_response “Could not parse Vimond response” yes
9 (Deprecated)
10 invalid_credentials “Wrong username or password” no
11 http_error “HTTP error” yes
12 service_outage “Service outage in underlying system” yes Service outage detected in Vimond.
13 (Deprecated)
14 invalid_bb_session_token “Invalid BB session token” no Invalid token, throw it away and login!
15 invalid_session “Authentication required” no Invalid token, throw it away and login!
16 session_not_found “Session not found” no Invalid token, throw it away and login!
17 user_creation_failed “User creation failed due to validation failure” no
18 username_already_in_use “The username is already in use” no
19 (Deprecated)
20 mismatching_passwords “Mismatching passwords” no Validation error
21 user_not_found “User not found” no
22 client_unauthorized “Client unauthorized” no
23 password_reset_token_already_used “Password reset token has already been used” no Validation error
28 no_entitlements_found “No entitlements found” no Used for Telia users

Generated by aglio on 15 May 2023