User Guide

Authentication

The Ditto API uses REST (Representational State Transfer). JSON is returned by all API responses including errors and HTTP response status codes are to designate success and failure. To access Ditto Hybrid Platform – API Swagger-UI, open any browser and hit URL http://HOST_SERVER:PORT/ . Authentication and authorization required before calling any resources except Auth controller.

Unauthorized response

{
        "timestamp": "2024-05-11 11:32:21.245",
        "status": "UNAUTHORIZED",
        "message": "Authentication Failed",
        "data": null,
        "errors": "Full authentication is required to access this resource"
}

Get JWT Token

• Make Login Request in Auth Controller and execute

• Successful login will generate code 200 with Access Token in Response body

  GET /auth/signin

  Example request:

  • bash
  • json

  curl -X POST "http://HOST_SERVER:PORT/auth/signin" -H "accept: */*" -H "Content-Type: application/json" -d "{\"username\": \"test@innocop.com\", \"password\": \"password\"}"
  

  {
          "username": "test@innocop.com",
          "password": "password"
  }
  

  Example response:

  • Successful response

  {
          "timestamp": "2024-05-11 11:36:16.139",
          "status": "OK",
          "message": "Login Successful",
          "data": {
                  "accessToken": "<your-access-token>",
                  "tokenType": "Bearer"
                  },
          "errors": null
  }
  

  • Error response

  {
          "timestamp": "2024-05-11 11:35:31.982",
          "status": "UNAUTHORIZED",
          "message": "Username or Password is not valid",
          "data": null,
          "errors": "Bad credentials"
  }
  

• Copy accessToken value to clipboard

Authorization in Swagger-UI

• The Authorization HTTP header can be specified with Bearer <your-access-token> to authenticate as a user and have the same permissions that the user itself.

• Click button to open Authorizations form in Swagger-UI interface

• Insert generated JWT Token, then click Authorize

• Close

License

This Ditto Hybrid Platform – API using License that provided by Innocop. Invalid License status or expiry will limiting usage of this API resources.

• Invalid License

  {
          "timestamp": "2024-05-11 21:37:50.462",
          "status": "FORBIDDEN",
          "message": "Please Check Your Ditto License",
          "data": null,
          "errors": "Invalid License"
  }
  

Please contact our representative to get support with this product.

Resources

• Once Authorized, all endpoint ready to use until token expiration time, and need to login again.

• By default, token will expired in 3.600.000 ms (1 Hour)

• Exception will be thrown if any requests do with invalid token

  • Expired JWT Token response

  {
          "timestamp": "2024-05-11 11:52:27.855",
          "status": "UNAUTHORIZED",
          "message": "Expired JWT token",
          "data": null,
          "errors": "JWT expired 151051840 milliseconds ago at 2024-05-09T10:54:56.000Z. Current time: 2024-05-11T04:52:27.840Z. Allowed clock skew: 0 milliseconds."
  }
  

  • Invalid JWT Token response

  {
          "timestamp": "2024-05-11 11:54:30.201",
          "status": "FORBIDDEN",
          "message": "The JWT signature is invalid",
          "data": null,
          "errors": "JWT signature does not match locally computed signature. JWT validity cannot be asserted and should not be trusted."
  }
  

Agent Service Controller

Note

Requiring user with Administrator authority

GET /api/agent/{serviceName}/status

Query Parameters:

• serviceName (string) – name of Windows Service required

Example request:

• bash

curl -X GET "http://HOST_SERVER:PORT/api/agent/dittoevaluationagents-1/status" -H "accept: */*" -H "Authorization: Bearer <your-access-token>"

Example of Successful response:

{
        "timestamp": "2024-05-11 11:39:35.954",
        "status": "OK",
        "message": "Status retrieved",
        "data": {
                "serviceStatus": "OFF"
                },
        "errors": null
}

List of Service Status

Status	Description
ON	Service is Running
OFF	Service is Stopped
INCONCLUSIVE	No Service with that name installed on machine

Example of Failure response:

• Permissions Error response, if the Authenticated user don’t have required Authority

  {
          "timestamp": "2024-05-11 11:56:32.437",
          "status": "FORBIDDEN",
          "message": "You are not authorized to access this resource",
          "data": null,
          "errors": "Access Denied"
  }
  

Evaluation Controller

Note

Requiring authority which have Evaluation permissions

POST /api/project/{id}/evaluate

Query Parameters:

• id (string) – project id required

Example request:

• bash
• json

curl -X POST "http://HOST_SERVER:PORT/api/project/68/evaluate" -H "accept: */*" -H "Authorization: Bearer <your-access-token>" -H "Content-Type: application/json" -d "{\"degree\": \"bachelor\",\"creditProblem\": \"yes\",\"noOfYears\": \"12\",\"marriedStatus\": \"no\",\"noOfChilds\": \"4\",\"gpa\": \"4\"}"

{
        "degree": "bachelor",
        "creditProblem": "yes",
        "noOfYears": "12",
        "marriedStatus": "no",
        "noOfChilds": "4",
        "gpa": "4"
}

Example of Successful response:

{
        "timestamp": "2024-05-11 11:42:33.691",
        "status": "OK",
        "message": "Evaluation Successful",
        "data": {
                "outputKey": "CLASS",
                "outputValue": "approve",
                "evaluationProbability": 1,
                "evaluationMatchingRule": "noOfYears > 10: approve (745.0)\n",
                "evaluationTime": "2024-05-11 11:42:33.691"
                },
        "errors": null
}

Example of Failure response:

• Permissions Error response, if the Authenticated user don’t have required Authority

  {
          "timestamp": "2024-05-11 11:56:32.437",
          "status": "FORBIDDEN",
          "message": "You are not authorized to access this resource",
          "data": null,
          "errors": "Access Denied"
  }