BioPocket API documentation version 1
https://biopocket.ch/api
Authentication
Management of authentication tokens.
Creates a new, short-lived (2 weeks) authentication token for a user.
The authenticated user is also included in the response. Frontends may want to use the roles array to know what the user is authorized to do.
post /auth
Creates a new, short-lived (2 weeks) authentication token for a user.
The authenticated user is also included in the response. Frontends may want to use the roles array to know what the user is authorized to do.
Body
Media type: application/json
Type: object
Properties- email: required (string)
The e-mail address associated with the user account.
- password: required (string)
The user account's password.
Example:
POST /api/auth HTTP/1.1
Content-Type: application/json
{
"email": "jdoe@example.com",
"password": "letmein"
}
HTTP status code 201
The authentication token was successfully created.
Body
Media type: application/json
Type: object
Properties- token: (string)
A JWT that can be used to authenticate to other API resources. You should send it as a bearer token in the Authorization header, e.g.
Authorization: Bearer TOKEN
. - user: (object)
- active: (boolean)
If false, the user account cannot authenticate and is not authorized to perform any action. New user accounts start active, but can be deactivated by an administrator.
- createdAt: (datetime)
The time at which the user account was created.
- email: (string)
The e-mail address associated to the user account.
- id: (string)
The unique ID identifying the user account.
- roles: (array of string)
The roles the user is authorized to perform.
- updatedAt: (datetime)
The time at which the user account was last updated.
- active: (boolean)
Example:
HTTP/1.1 201 Created
Content-Type: application/json
{
"token": "eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF",
"user": {
"active": true,
"createdAt": "2000-01-01T16:30:00.123Z",
"email": "jdoe@example.com",
"id": "7c4424de-66a0-4044-b872-c5fc77c4365e",
"roles": [
"admin"
],
"updatedAt": "2000-02-03T17:00:00.123Z"
}
}
HTTP status code 400
The request body is not valid JSON.
Body
Media type: text/html
Type: object
Example:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Error: Unexpected token } in JSON at position 0
HTTP status code 401
The credentials in the request body are invalid.
Body
Media type: application/json
Type: object
Examples:
Invalid user:
No user account exists with the specified e-mail address, or it is inactive.
{
"errors": [
{
"code": "auth.invalidUser",
"message": "This user account does not exist or is inactive."
}
]
}
Invalid credentials:
The specified password is not the correct one.
{
"errors": [
{
"code": "auth.invalidCredentials",
"message": "The password is invalid."
}
]
}
HTTP status code 422
The request body contains invalid data.
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
{
"errors": [
{
"location": "/password",
"message": "is required",
"type": "json",
"validator": "required",
"valueSet": false
},
{
"location": "/email",
"message": "must be a valid e-mail address",
"type": "json",
"validator": "email",
"value": "jdoe",
"valueSet": true
}
]
}
Locations
Management of BioPocket locations of interest.
Create a new location.
List locations.
post /locations
Create a new location.
Headers
- Authorization: required (string)
You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling
POST /api/auth
.Required roles:
admin
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF
Body
Media type: application/json
Type: object
Properties- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties: (object)
User-defined properties of the location.
Example:
POST /api/locations HTTP/1.1
Content-Type: application/json
{
"name": "Somewhere over the rainbow",
"shortName": "Somewhere",
"description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
"phone": "5550001",
"photoUrl": "http://example.com/image.jpg",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"number": 210,
"city": "New York",
"state": "New York",
"zipCode": "10021"
}
}
HTTP status code 201
The location was successfully created.
Body
Media type: application/json
Type: object
Properties- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties: (object)
User-defined properties of the location.
- id: (string)
A unique ID identifying the location.
- createdAt: (datetime)
The time at which the location was created.
- updatedAt: (datetime)
The time at which the location was last updated.
Example:
HTTP/1.1 201 Created
Content-Type: application/json
{
"id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
"name": "Somewhere over the rainbow",
"shortName": "Somewhere",
"description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
"phone": "5550001",
"photoUrl": "http://example.com/image.jpg",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"number": 210,
"city": "New York",
"state": "New York",
"zipCode": "10021"
},
"createdAt": "2000-01-01T16:30:00.123Z",
"updatedAt": "2000-02-03T17:00:00.123Z"
}
HTTP status code 400
The request body is not valid JSON.
Body
Media type: text/html
Type: object
Example:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Error: Unexpected token } in JSON at position 0
HTTP status code 401
Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.
Body
Media type: application/json
Type: object
Examples:
Missing authentication:
You have not sent an Authorization header in the request.
{
"errors": [
{
"code": "auth.missingAuthorization",
"message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
}
]
}
Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.
{
"errors": [
{
"code": "auth.malformedAuthorization",
"message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
}
]
}
Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.
{
"errors": [
{
"code": "auth.invalidAuthorization",
"message": "The Bearer token supplied in the Authorization header is invalid or has expired."
}
]
}
HTTP status code 403
Your user account is not authorized to access this resource. Contact the administrator to request more privileges.
Body
Media type: application/json
Type: object
Example:
{
"errors": [
{
"code": "auth.forbidden",
"message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
}
]
}
HTTP status code 422
The request body contains invalid data.
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
{
"errors": [
{
"message": "is required",
"type": "json",
"location": "/name",
"validator": "required",
"valueSet": false
},
{
"message": "must be a number between -90 and 90",
"type": "json",
"location": "/geometry/coordinates/1",
"validator": "latitude",
"value": 666,
"valueSet": true
}
]
}
get /locations
List locations.
Query Parameters
- bbox: (array of number)
A bounding box within which all the returned locations should be.
The value must be composed of 4 comma-separated numbers:
- The first 2 numbers are the coordinates (longitude & latitude) of the bounding box's south-west corner.
- The last 2 numbers are the coordinates (longitude & latitude) of the bounding box's north-east corner.
Example:
?bbox=10,20,30,40
HTTP status code 200
The locations were successfully listed.
Body
Media type: application/json
Type: array of Location
Items: Location
- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties
- id: (string)
A unique ID identifying the location.
- createdAt: (datetime)
The time at which the location was created.
- updatedAt: (datetime)
The time at which the location was last updated.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
[
{
"id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
"name": "Somewhere over the rainbow",
"shortName": "Somewhere",
"description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
"phone": "5550001",
"photoUrl": "http://example.com/image.jpg",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"number": 210,
"city": "New York",
"state": "New York",
"zipCode": "10021"
},
"createdAt": "2000-01-01T16:30:00.123Z",
"updatedAt": "2000-02-03T17:00:00.123Z"
},
{
"id": "8b11a6fc-a1eb-4397-b585-1282c24268c4",
"name": "Nostrud velit sit commodo ad",
"description": "Laborum dolore laboris est labore commodo quis proident proident laborum laborum dolor adipisicing aliquip nisi.",
"phone": "5550002",
"photoUrl": "http://example.org/image.jpg",
"siteUrl": "http://example.org",
"geometry": {
"type": "Point",
"coordinates": [ -98.765949, 30.751708 ]
},
"address": {
"street": "Shirley Ave",
"city": "Chicago",
"state": "IL",
"zipCode": "60185"
},
"createdAt": "2000-03-01T15:00:00.123Z",
"updatedAt": "2000-04-01T14:00:00.123Z"
}
]
Retrieve a single location.
Update a location.
This is a partial update: you may omit required properties. Only properties sent in the request body will be updated. Optional properties can be removed by setting them to null
.
The geometry
property must be sent in its entirety to be updated, i.e. it must be a full, valid GeoJSON point (for example, it's not possible to only send its coordinates
property).
Delete a location.
get /locations/{id}
Retrieve a single location.
URI Parameters
- id: required (string)
The unique ID of the location.
Query Parameters
- only: (array of string)
Whitelist of properties to include in the response. (Properties also blacklisted with
except
will not be included.)You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?only=id&only=name&only=geometry
- except: (array of string)
Blacklist of properties not to include in the response.
You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?except=address&except=siteUrl
HTTP status code 200
The location was successfully created.
Body
Media type: application/json
Type: object
Properties- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties
- id: (string)
A unique ID identifying the location.
- createdAt: (datetime)
The time at which the location was created.
- updatedAt: (datetime)
The time at which the location was last updated.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
"name": "Somewhere over the rainbow",
"shortName": "Somewhere",
"description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
"phone": "5550001",
"photoUrl": "http://example.com/image.jpg",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"number": 210,
"city": "New York",
"state": "New York",
"zipCode": "10021"
},
"createdAt": "2000-01-01T16:30:00.123Z",
"updatedAt": "2000-02-03T17:00:00.123Z"
}
HTTP status code 404
The requested location does not exist (or you are not authorized to access it).
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 404 Not Found
Content-Type: application/json
{
"errors": [
{
"code": "record.notFound",
"message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
}
]
}
patch /locations/{id}
Update a location.
This is a partial update: you may omit required properties. Only properties sent in the request body will be updated. Optional properties can be removed by setting them to null
.
The geometry
property must be sent in its entirety to be updated, i.e. it must be a full, valid GeoJSON point (for example, it's not possible to only send its coordinates
property).
URI Parameters
- id: required (string)
The unique ID of the location.
Headers
- Authorization: required (string)
You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling
POST /api/auth
.Required roles:
admin
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF
Query Parameters
- only: (array of string)
Whitelist of properties to include in the response. (Properties also blacklisted with
except
will not be included.)You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?only=id&only=name&only=geometry
- except: (array of string)
Blacklist of properties not to include in the response.
You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?except=address&except=siteUrl
Body
Media type: application/json
Type: object
Properties- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties
Example:
PATCH /api/locations/c821bc0f-85b4-44d5-9bbe-a30cf197c30a HTTP/1.1
Content-Type: application/json
{
"name": "Somewhere over the rainbow",
"shortName": null,
"phone": "5550001",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"city": "New York"
}
}
HTTP status code 200
The location was successfully updated.
Body
Media type: application/json
Type: object
Properties- name: required (string - minLength: 1 - maxLength: 150)
The location's name.
- shortName: (string - minLength: 1 - maxLength: 30)
A shorter name for the location, if available.
- description: required (string - minLength: 1 - maxLength: 2000)
A detailed description of the location.
- phone: required (string - minLength: 1 - maxLength: 20)
The location's phone number.
- photoUrl: required (string - maxLength: 500)
A URL of a picture of the location.
- siteUrl: required (string - maxLength: 500)
A URL of the location's website or a related web page.
- geometry: required (object)
The location's geographical coordinates (a GeoJSON point).
- type: required (string)
The type of GeoJSON object.
- coordinates: required (array of number)
The coordinates (longitude & latitude).
- type: required (string)
- address: required (object)
- street: required (string - minLength: 1 - maxLength: 150)
The street name of the location's address.
- number: (string - minLength: 1 - maxLength: 15)
The street number of the location's address.
- zipCode: required (string - minLength: 1 - maxLength: 15)
The zip code of the location's address.
- city: required (string - minLength: 1 - maxLength: 100)
The city of the location's address.
- state: required (string - minLength: 1 - maxLength: 30)
The state of the location's address.
- street: required (string - minLength: 1 - maxLength: 150)
- properties
- id: (string)
A unique ID identifying the location.
- createdAt: (datetime)
The time at which the location was created.
- updatedAt: (datetime)
The time at which the location was last updated.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "c821bc0f-85b4-44d5-9bbe-a30cf197c30a",
"name": "Somewhere over the rainbow",
"description": "Somewhere over the rainbow blue birds fly and the dreams that you dreamed of really do come true.",
"phone": "5550001",
"photoUrl": "http://example.com/image.jpg",
"siteUrl": "http://example.com",
"geometry": {
"type": "Point",
"coordinates": [ -73.957820, 40.772317 ]
},
"address": {
"street": "Riverside Drive",
"number": 210,
"city": "New York",
"state": "New York",
"zipCode": "10021"
},
"createdAt": "2000-01-01T16:30:00.123Z",
"updatedAt": "2000-02-03T17:00:00.123Z"
}
HTTP status code 400
The request body is not valid JSON.
Body
Media type: text/html
Type: object
Example:
HTTP/1.1 400 Bad Request
Content-Type: text/html
Error: Unexpected token } in JSON at position 0
HTTP status code 401
Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.
Body
Media type: application/json
Type: object
Examples:
Missing authentication:
You have not sent an Authorization header in the request.
{
"errors": [
{
"code": "auth.missingAuthorization",
"message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
}
]
}
Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.
{
"errors": [
{
"code": "auth.malformedAuthorization",
"message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
}
]
}
Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.
{
"errors": [
{
"code": "auth.invalidAuthorization",
"message": "The Bearer token supplied in the Authorization header is invalid or has expired."
}
]
}
HTTP status code 403
Your user account is not authorized to access this resource. Contact the administrator to request more privileges.
Body
Media type: application/json
Type: object
Example:
{
"errors": [
{
"code": "auth.forbidden",
"message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
}
]
}
HTTP status code 404
The requested location does not exist (or you are not authorized to access it).
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 404 Not Found
Content-Type: application/json
{
"errors": [
{
"code": "record.notFound",
"message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
}
]
}
HTTP status code 422
The request body contains invalid data.
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json
{
"errors": [
{
"message": "must be of type string",
"type": "json",
"location": "/phone",
"types": [ "string" ],
"validator": "type",
"value": 5550000,
"valueSet": true
},
{
"message": "must be a number between -90 and 90",
"type": "json",
"location": "/geometry/coordinates/1",
"validator": "latitude",
"value": 666,
"valueSet": true
}
]
}
delete /locations/{id}
Delete a location.
URI Parameters
- id: required (string)
The unique ID of the location.
Headers
- Authorization: required (string)
You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling
POST /api/auth
.Required roles:
admin
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF
HTTP status code 204
The location was successfully deleted.
HTTP status code 401
Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.
Body
Media type: application/json
Type: object
Examples:
Missing authentication:
You have not sent an Authorization header in the request.
{
"errors": [
{
"code": "auth.missingAuthorization",
"message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
}
]
}
Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.
{
"errors": [
{
"code": "auth.malformedAuthorization",
"message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
}
]
}
Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.
{
"errors": [
{
"code": "auth.invalidAuthorization",
"message": "The Bearer token supplied in the Authorization header is invalid or has expired."
}
]
}
HTTP status code 403
Your user account is not authorized to access this resource. Contact the administrator to request more privileges.
Body
Media type: application/json
Type: object
Example:
{
"errors": [
{
"code": "auth.forbidden",
"message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
}
]
}
HTTP status code 404
The requested location does not exist (or you are not authorized to access it).
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 404 Not Found
Content-Type: application/json
{
"errors": [
{
"code": "record.notFound",
"message": "No location was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
}
]
}
Account
Management of your user account.
Retrieve your own user account.
get /me
Retrieve your own user account.
Headers
- Authorization: required (string)
You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling
POST /api/auth
.Required roles:
none
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF
Query Parameters
- only: (array of string)
Whitelist of properties to include in the response. (Properties also blacklisted with
except
will not be included.)You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?only=id&only=email
- except: (array of string)
Blacklist of properties not to include in the response.
You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?except=roles&except=updatedAt
HTTP status code 200
Your user account was successfully retrieved.
Body
Media type: application/json
Type: object
Properties- active: (boolean)
If false, the user account cannot authenticate and is not authorized to perform any action. New user accounts start active, but can be deactivated by an administrator.
- createdAt: (datetime)
The time at which the user account was created.
- email: (string)
The e-mail address associated to the user account.
- id: (string)
The unique ID identifying the user account.
- roles: (array of string)
The roles the user is authorized to perform.
- updatedAt: (datetime)
The time at which the user account was last updated.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"active": true,
"createdAt": "2000-01-01T16:30:00.123Z",
"email": "jdoe@example.com",
"id": "10d38b2c-b7ed-41de-986c-bff87031291e",
"roles": [
"admin"
],
"updatedAt": "2000-02-03T17:00:00.123Z"
}
HTTP status code 401
Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.
Body
Media type: application/json
Type: object
Examples:
Missing authentication:
You have not sent an Authorization header in the request.
{
"errors": [
{
"code": "auth.missingAuthorization",
"message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
}
]
}
Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.
{
"errors": [
{
"code": "auth.malformedAuthorization",
"message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
}
]
}
Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.
{
"errors": [
{
"code": "auth.invalidAuthorization",
"message": "The Bearer token supplied in the Authorization header is invalid or has expired."
}
]
}
HTTP status code 403
Your user account is not authorized to access this resource. Contact the administrator to request more privileges.
Body
Media type: application/json
Type: object
Example:
{
"errors": [
{
"code": "auth.forbidden",
"message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
}
]
}
Users
Management of BioPocket user accounts.
Retrieve a user account.
get /users/{id}
Retrieve a user account.
URI Parameters
- id: required (string)
The unique ID of the user account.
Headers
- Authorization: required (string)
You must authenticate by sending a JWT bearer token in this header. You may obtain a token by calling
POST /api/auth
.Required roles:
admin (or you must be the owner of the user account)
Example:
Authorization: Bearer eyJhbGciOiJIUzI1NiI.eyJzdWIiOiJmZDczYjM5OC04Zj.7s76ONko1DF
Query Parameters
- only: (array of string)
Whitelist of properties to include in the response. (Properties also blacklisted with
except
will not be included.)You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?only=id&only=email
- except: (array of string)
Blacklist of properties not to include in the response.
You may use dotted notation in complex objects, e.g.
sub.property
.Example:
?except=roles&except=updatedAt
HTTP status code 200
The user account was successfully retrieved.
Body
Media type: application/json
Type: object
Properties- active: (boolean)
If false, the user account cannot authenticate and is not authorized to perform any action. New user accounts start active, but can be deactivated by an administrator.
- createdAt: (datetime)
The time at which the user account was created.
- email: (string)
The e-mail address associated to the user account.
- id: (string)
The unique ID identifying the user account.
- roles: (array of string)
The roles the user is authorized to perform.
- updatedAt: (datetime)
The time at which the user account was last updated.
Example:
HTTP/1.1 200 OK
Content-Type: application/json
{
"active": true,
"createdAt": "2000-01-01T16:30:00.123Z",
"email": "jdoe@example.com",
"id": "10d38b2c-b7ed-41de-986c-bff87031291e",
"roles": [
"admin"
],
"updatedAt": "2000-02-03T17:00:00.123Z"
}
HTTP status code 401
Authentication is required to access this resource. Either you have not authenticated or your credentials are invalid.
Body
Media type: application/json
Type: object
Examples:
Missing authentication:
You have not sent an Authorization header in the request.
{
"errors": [
{
"code": "auth.missingAuthorization",
"message": "Authentication is required to access this resource. Authenticate by providing a Bearer token in the Authorization header."
}
]
}
Malformed authentication:
The Authorization header of our request is not in the correct format. The required format is `Bearer TOKEN` where `TOKEN` is a valid JWT that you obtained by calling `POST /api/auth`.
{
"errors": [
{
"code": "auth.malformedAuthorization",
"message": "The Authorization header is not in the correct format. It should be \"Authorization: Bearer TOKEN\"."
}
]
}
Invalid authentication:
The JWT bearer token you have sent in the Authorization header is invalid or has expired.
{
"errors": [
{
"code": "auth.invalidAuthorization",
"message": "The Bearer token supplied in the Authorization header is invalid or has expired."
}
]
}
HTTP status code 403
Your user account is not authorized to access this resource. Contact the administrator to request more privileges.
Body
Media type: application/json
Type: object
Example:
{
"errors": [
{
"code": "auth.forbidden",
"message": "You are not authorized to access this resource. Authenticate with a user account that has more privileges."
}
]
}
HTTP status code 404
The requested user does not exist (or you are not authorized to access it).
Body
Media type: application/json
Type: object
Example:
HTTP/1.1 404 Not Found
Content-Type: application/json
{
"errors": [
{
"code": "record.notFound",
"message": "No user was found with ID 7c4424de-66a0-4044-b872-c5fc77c4365."
}
]
}