Implementing the purchase endpoint

Request

The Purchase Service will send a POST request to the isPurchaseAuthorised endpoint:

https://<host>:<port>/{serviceDomain}/v1/product/actions/isPurchaseAuthorised

Headers

• x-correlation-id – identifier for correlating messages across the call flow

• Authorization – authorisation token. This is a Keycloak token that the CRM should validate using the method agreed during integration/deployment.

Mandatory arguments

All of the following arguments are in the body of the request:

• account_id – the ID of the account under which the purchase is being made

• product_id – the ID of the product being purchased

Other arguments

All of the following arguments are in the body of the request:

• device_id – the ID of the device from which the purchase is being made

• device_playout_class – the class of device that the purchased product will be consumed on

• viewing_window_start – the date/time at which the product will be available for consumption (in UNIX epoch time)

• viewing_window_end – the date/time at which the product will no longer be available for consumption (in UNIX epoch time)

If device-specific products are enabled (see (23.12_Q1) Device specific products), the Purchase Service will provide a device ID here. This ensures that the product can only be consumed/used on the device that it was purchased from.

Example

A POST request with this payload requests authorisation from the CRM for the specified product for the specified account:

{
  "account_id": "ACC_123456",
  "device_id": "DEV_123456",
  "device_playout_class": "OPEN",
  "product_id": "PROD_123456",
  "viewing_window_start": 1641579014,
  "viewing_window_end": 1641645414
}

Response

A successful request should return an HTTP 201 status. The body should contain a purchaseAuthRequestReference.

A bad request should return an HTTP 400 status.

An unauthorised request should return an HTTP 401 status.

A forbidden request should return an HTTP 403 status.

The response should include the same x-correlation-id header that it received in the request.

See the (23.12_Q1)Third-party CRM purchase authorisation API documentation OLD for full details of the expected responses.

Example

A success request should return a response that looks like this:

{
  "purchaseAuthRequestReference": "CRM_PARTNER_AUTH_REQUEST_REFERENCE_001"
}

See also

• See (23.12_Q1) Making a purchase for an explanation of how a client app initiates a purchase.

• See (23.12_Q1) Device specific products for an explanation of how to enable or disable device-specific product.

• For full details of this API, see the (23.12_Q1)Third-party CRM purchase authorisation API documentation OLD.