Guide For Claim History Appendix 1 REST API - Version 3.0 .
Guide for Claim Historybusiness, agricultureand vehicleAppendix 1REST APIVersion 3.0 Draft G
Guide for Claim History, Appendix 1 REST APIDocument informationTitle:Project:Guide for Claim History, Appendix 1 REST APIEDI Office industry coordinated data exchangeBy:Morten Lassen, F&P IT DepartmentDocument contributors:Approved by:Mette Ellermann Jespersen, F&P EDI OfficePerson responsible fordocument:Distribution:Mette Ellermann Jespersen, F&P EDI OfficeEDI Office, F&PDistributed to stakeholders in the data exchangeComment:The document can be requested from F&PChange logVersionDateByChanged pages or sections2.0 Draft B24/09/2018MLAFirst edition2.0 Draft C22/10/2018MLA / ADICorrections after working group meeting on 12 October20182.0 Draft C06/12/2018MLA / ADICorrections after engineers’ meeting on 19 November2018 and that the Web solution will be discontinued.Description of JWT tokens2.0 Draft D June 2019MLA / MEJCorrections after test period2.0 Draft ESeptember2019MLA / MEJCorrections up to implementation2.0 Final31 October2019MLA / MEJCorrections up to implementation3.0 Draft FJanuary 2020 MLA / MEJ3.0 Draft G March 2020MLA / MEJAddition of industry group 002 Private, 003 PleasureCraft and 005 Accident and minor adjustmentsAPI changed from version 1.0 to version 3.0 and minoradjustmentsAbbreviations and definitions:httpsAn encrypted version of http used for data communication viathe InternetWS, Webservice Technology for the exchange of data via the InternetOnline company The company exchanges online via API (integrated)Web companyThe company exchanges via WebEDI (web based)APIApplication Program InterfaceRESTRepresentational State TransferREST APIREST based Program interface using http requests fordata exchange via GET, PUT, POST and DELETETokenA dynamic key/access ticket identifying the senderOAuth2An open standard for providing access to dataJSONJavaScript Object Notation. A text-based data exchange formatJWTJSON Web TokenJWSJSON Web SignatureVersion 3.0 Draft G – March 2020Page 2 of 30
Guide for Claim History, Appendix 1 REST APIReferences:DateTime data types follow the ISO 8601 standardCCYY-MM-DDThh:mm:ss[Z ( -)hh:mm]. For example 2016-12-31T20:00:01.See https://en.wikipedia.org/wiki/ISO 8601Dates without values are indicated with a null valueDescription of REST APIhttps://en.wikipedia.org/wiki/Overview of RESTful API Description LanguagesDescription and recommendation for ClientId and lient-registration/client-id-secretVersion 3.0 Draft G – March 2020Page 3 of 30
Guide for Claim History, Appendix 1 REST APITable of Contents:1.2.3.4.5.6.IntroductionFlow diagramSecurityAuthorizationClaimService APIDEMOProductionOnline OpenMessageHistoryRequestHistoryRequest – Coverage levelsServer checksReturn codes and textCompany APIPreconditionsJWT tokensOperationsStatusHistoryRequestReturn codes and textREST API with Oauth2 templateTestTechnical test reportVersion 3.0 Draft G – March 2930Page 4 of 30
Guide for Claim History, Appendix 1 REST API1. IntroductionThis document describes a REST API for online claim history.REST API security is provided by a standardised OAuth2 architecture which issues an Access Token.This access token grants the company access to the Claim History API.The REST API returns a HTTP status 200/OK if the operation was successful. Return data is sent inthe HTTP body as a JSON string. In case of an error, a standard HTTP status code is returned – seethe section on return codes – page 25.The description of an access token and security in general can be found in chapter 3.2. Flow diagramThe following describes the flow between and F&P s FP server.Before a company can call the Claim History API, it has to retrieve an access token, cf. section 3.This token is issued by F&P authorization server based on a client ID and a client secret unique tothe company.Company A submits a request by calling the HistoryRequest operation on FP server. The servervalidates the requests and rejects it in case of error.selskab til selskabFP-serverSelskab BHistoryRequestHistoryRequestEr data valid?JaEr data valid?JaFind skadehistorikNejNejAfvisSelskab AStatus 0 – OK/HistorikAfvisStatus 1-255 - AfvisningStatus 501 – Ukendt kundeStatus 502 Ukendt objekt/policeStatus 555 - SystemfejlResponseResponseFP server forwards the request to a company’s REST API via theHistoryRequest operation. Theresponding company B must respond immediately and the response from the company is returnedto company A. See section 5.3. SecurityF&P’s Claim History REST API is protected by the following technologies:-HTTPS / SSL / TLS 1.2 - ensuring an encrypted data connectionIP whitelist - preventing unauthorized accessAccess token - identifying the companyVersion 3.0 Draft G – March 2020Page 5 of 30
Guide for Claim History, Appendix 1 REST APIA company is allocated a client ID and a client secret, which is used for attaining an access token see next section. A client secret is confidential.AuthorizationGranting Access Tokens utilize the OAuth2 standard.as illustrated below.Access tokenBefore a company can call an operation from F&P’s REST API, it must request an access token. Thistoken is issued by the EDI authorization server based on a client ID (ClientId) and a client secret(ClientSecret). In addition to the access token, a refresh token is returned, which can be used toretrieve a new access token when the original expires.An access token expires after 20 minutes and must be used for all subsequent calls to the server’sREST API.Access tokens have independent life-cycles, meaning that multiple active tokens may have beengranted to the same company if the company has made multiple simultaneous calls.ClientId and ClientSecretA ClientId is unique to the company and is generated by the FP server. A ClientId is a 32 characterhex string and can be viewed in a companys API administration web page.A ClientSecret is a secret, cryptographically generated string known only to the company and theauthorization server. As the authorization server stores the hash value of this string, it is notpossible to receive information about a ClientSecret after it has been generated. A company is ableto generate a new ClientSecret via API administration. A ClientSecret is valid for 365 days andmust be changed by the company before expiry.A reminder is automatically sent to API Administrators 30 days before expiry.Use the following addresses for token requests:Version 3.0 Draft G – March 2020Page 6 of 30
Guide for Claim History, Appendix 1 REST ngogpension.dk/authserver/oauth/tokenVersion 3.0 Draft G – March 2020Page 7 of 30
Guide for Claim History, Appendix 1 REST APIThe following information is required as POST parameters:“Grant type” must have the value: client credentials“Scope” must have the value: claimhistory“Client id” and “Client secret”Example of an an access token request:POST /authserver/oauth/token HTTP/1.1Host: demoedi.forsikringogpension.dkgrant type client credentials&client id a18344f95c694272b6203b35a1ffe059&client secret NPklLbBdD08yymkCABapH3Af1ue17I2gZEKpjyYXYhs2&scope claimhistoryWhen a valid client ID and client secret are provided, the server returns an access token and arefresh token.Response example:HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-storePragma: no-cache{"access token":Vv7gPtgWE4YQ6JqgweOv5k 1FI7qwn5I4Kh AcVtOnvJYPZFDViMHjUf07R16cLxPe2VPrc njnUsxcbDoG NEj7Ln6ycW7ICrRIUk2FxpiK6woPIt4szcCdic1 nhVYnySzdjBM7wHeRv-2cV4-IIvz 6u4i7od zxjh6o1m1pfGoy9-e-5vtXOQUA","token type": "bearer","expires in": 1200,"refresh token": cpGNggyHA4rIO A9A0On5hwlQ6-qXangZAP6tq 7i60tfcKdYOReW0ZOrnyStmcyHzWC D q33argKWfwxE33Q"}An access token (access token) must be provided as a HTTP header element for all subsequentcalls as follows: Authorization: Bearer token An access token expires after a short period determined by the issuer. In the example above, itexpires (expires in) after 1200 seconds, i.e. 20 minutes.Example of a status operation call:GET /api/v3/claimservice/claimhistory/statusHost: demoedi.forsikringogpension.dkAuthorization: Bearer Vv7gPtgWE4YQ6JqgweOv5k 1FI7qwn5I4Kh AcVtOnvJYPZFDViMHjUf07R16cLxPe2VPrc njnUsxcbDoG NEj7Ln6ycW7ICrRIUk2FxpiK6woPIt4szcCdic1 nhVYnySzdjBM7wHeRv-2cV4-IIvz 6u4i7od zxjh6o1m1pfGoy9-e-5vtXOQUAVersion 3.0 Draft G – March 2020Page 8 of 30
Guide for Claim History, Appendix 1 REST APIExample of a response to a correctly submitted token:HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-storePragma: no-cache{"ResultDate": "2018-09-25T13:44:59.5565937 02:00","ResultCode": 0,"ResultText": "Insurance company for test #1"}Example of a response to an expired or incorrect token:HTTP/1.1 401 UnauthorizedContent-Type: application/jsonCache-Control: no-storePragma: no-cache{"Message": "Authorization has been denied for this request."}Refresh tokenA refresh token expires after 48 hours and is renewed every time a new access token is retrieved.When an access token has expired, the company has to retrieve a new access token by using therefresh token in the request.The following information is required as POST parameters:“Grant type” must be refresh token“Client id” is the same used when requesting an access token“Refresh token” must contain the refresh token string returned from the access token request.Example of a token request:POST /authserver/oauth/token HTTP/1.1Host: demoedi.forsikringogpension.dkgrant type refresh token&client id a18344f95c694272b6203b35a1ffe059&refresh token pGNggyHA4rIO A9A0On5hwlQ6-qXangZAP6tq 7i60tfcKdYOReW0ZOrnyStmcyHzWC D q33argKWfwxE33QWhen a valid client ID and refresh token are provided, the server returns a new access token and anew refresh token.Response example:HTTP/1.1 200 OKContent-Type: application/jsonCache-Control: no-storePragma: no-cacheVersion 3.0 Draft G – March 2020Page 9 of 30
Guide for Claim History, Appendix 1 REST API{"access jU6vGb1J6yylm7QLLdg2kirrO70R6oXK zx77R3x2HaAKc fq1BiBsiAq4koQEctlGQAkpGacRNu0twlhkklNOFE8jf3 RQEA9I525dmeFCfkg -Mz5tirQfn128QHIxNduJu3LjluY9otUA","token type": "bearer","expires in": 1200,"refresh token": "SIHDB5pdaBuofHRLLvyBrNdfnMxDkYq6kBXb 0UikrXW2ol5ejfJ ad2H Bdboxyrd1-yzKKxpQKJK3PFb0N583UQDqyyHpA7CtTJ Y0pYqOUIWgYUl9v1guYQANrXGqOFbNNO4QclQfdws LoHDQyY-vKTXRk0h0BN1U-p4k9td3ElQnnIiOzKA"}If both the access token and the refresh token have expired, a new access token must berequested using the grant type client credentials.Version 3.0 Draft G – March 2020Page 10 of 30
Guide for Claim History, Appendix 1 REST API4. ClaimService APIThe following section describes F&P’s REST API for Claim History.Via this API, a company can submit a claim history request to another company. It is also possibleto retrieve a company list and to open and close access to your own company – see guide for onlineclaim history.All participating companies must make a corresponding REST API which the FP server can call whena request is forwarded to the responding company – see page 26 for a description of a company’sREST API.DEMOAPI Endpoint: mservice/claimhistoryIP address from which the FP server is calling: 81.19.248.248ProductionAPI Endpoint: vice/claimhistoryIP address from which the FP server is calling: 81.19.248.254Online documentationOnline documentation for the ClaimService API is available at the address rsion 3.0 Draft G – March 2020Page 11 of 30
Guide for Claim History, Appendix 1 REST APIThe online documentation exists in 2 versions:-Help, describing all operations and data structuresSwagger, describing all operations and data structures with integrated token basedauthenication and testing of operationsIt is also possible to test authorization,where an access token is retrieved, from Swagger.Version 3.0 Draft G – March 2020Page 12 of 30
Guide for Claim History, Appendix 1 REST APIOperationsThe following describes the operations exposed by the REST API. As previously mentioned, this canalso be found in an online version.Fields that have no value can either be ignored or given a null value.StatusThis operation is used to test authorization and to obtain the status of a company. It returns adate/time, code, text and open/close Length9DescriptionVIR number for the company for whichstatus is required Blank Displays status forown YesYesYesLengthDescriptionDate/timeReturn codeReturn text. company name Returns the company’s open/close status.true open, false tOpenStatus255GET api/v3/claimservice/claimhistory/status?companyId {companyId}Example of response{"ResultDate": "2018-09-25T13:44:59.5565937 02:00","ResultCode": 0,"ResultText": "Insurance company for test #1","OpenStatus": true}Version 3.0 Draft G – March 2020Page 13 of 30
Guide for Claim History, Appendix 1 REST APICompaniesThis operation is used to retrieve a list of companies registered for claim history.The operation returns a date/time, code, text and a list of companies and the industry/productgroups for which the company in question is tionTypeDateTimeIntegerStringList Company rn codeReturn textStringStringStringStringStringStringList String tDateResultCodeResultTextCompanies Company tGroupsVersion 3.0 Draft G – March 2020255Company nameVIR numberAddress 1Address 2Postal codeCityList of industry/productgroups for which thecompany is registered.Possible values 8004/009Page 14 of 30
Guide for Claim History, Appendix 1 REST 06006/007GET api/v3/claimservice/claimhistory/companiesExample of response{"ResultDate": "2018-09-25T13:46:53.4430232 02:00","ResultCode": 0,"ResultText": "OK","Companies": [{"Name": "Company A ","Id": "VIR000001","Address1": "Address 1","Address2": "","PostalCode": "4000","City": "Roskilde","IndustryProductGroups": ["001/001","004/001","006/001"]},{"Name": "Company B ","Id": "VIR000002","Address1": "Address 2","Address2": "","PostalCode": "2900","City": "Hellerup","IndustryProductGroups": ["001/001","004/001","006/001"]}]}Version 3.0 Draft G – March 2020Page 15 of 30
Guide for Claim History, Appendix 1 REST APICloseMessageThis operation is used to notify F&P that the company is closing for ingoing and /timeReturn codeReturn text255GET le of response{"ResultDate": "2018-09-25T13:49:32.220004 02:00","ResultCode": 0,"ResultText": "Company Closed successfully"}OpenMessageThis operation is used to notify F&P that the company is re-opening for ingoing and /timeReturn codeReturn text255GET e of response{"ResultDate": "2018-09-25T13:49:32.220004 02:00","ResultCode": 0,"ResultText": "Company Opened successfully"}Version 3.0 Draft G – March 2020Page 16 of 30
Guide for Claim History, Appendix 1 REST APIHistoryRequestThis operation is used to submit a request to another company for claim history information. Thesender must be registered for the service and the industry/product groups for which requests aremade. An online company must respond to the request promptly.The operation returns a date/time, code, text and response to VIR number for the requestingcompanyVIR number for the companyresponding to the requestIndication of version.Permitted values: null or 3.0The FP server sets the value 3.0before call to the company.Test marking.true testfalse or null productionDate/time of requestRequest serial/reference no.Policyholder/insured identificationtype. Possible values: CPR or CVRPolicyholder/insured CPR or CVRnumber. Format:CVR: nnnnnnnnCPR: ddmmyynnnnPolicyholder/insured nameObject identification type:POL policy number (only industrygroup 001 vehicle, 002 private,003 pleasure craft and 005accident)REG reg no. (only industry group001 vehicle)VIN chassis no. (only industrygroup 001 vehicle)ALL combinedObject identificationOmitted or null in case ofidentification type ALLRequest type:1 Claim history2 Bonus only (onlyindustry/product group 001/001)3 Bonus and claim history(minimum 001/001)Version 3.0 Draft G – March 2020Page 17 of 30
Guide for Claim History, Appendix 1 REST APIConsentFormBooleanYesConfirmation that consent hasbeen given.True YesFalse or null NoConfirmation that consent hasbeen given for arrears.True YesFalse or null NoList of industry/product groupsrequested sList String 0CustomerNamePoliciesStringList Policy YesNo128 Policy olicyEndDateStringNo10ArrearsIntegerYes2559List String tringStringYesYes503ObjectIdStringYes20BonusesList VehicleBonus NoVersion 3.0 Draft G – March 2020DescriptionDate/time of responseReturn code – see page 25Return text – see page 25VIR number for the requestingcompanyVIR number for the companyresponding to the requestRequest reference no.Policyholder/insured identificationtype. Possible value
Version 3.0 Draft G. Guide for Claim History, Appendix 1 REST API Version 3.0 Draft G – March 2020 Page 2 of 30 Document information Title: Guide for Claim History, Appendix 1 REST API Project: EDI Office industry coordinated data exchange By: Morten Lassen, F&P IT Department Document contributors: Approved by: Mette Ellermann Jespersen, F&P EDI Office Person responsible for document: Mette .
Bruksanvisning för bilstereo . Bruksanvisning for bilstereo . Instrukcja obsługi samochodowego odtwarzacza stereo . Operating Instructions for Car Stereo . 610-104 . SV . Bruksanvisning i original
10 tips och tricks för att lyckas med ert sap-projekt 20 SAPSANYTT 2/2015 De flesta projektledare känner säkert till Cobb’s paradox. Martin Cobb verkade som CIO för sekretariatet för Treasury Board of Canada 1995 då han ställde frågan
service i Norge och Finland drivs inom ramen för ett enskilt företag (NRK. 1 och Yleisradio), fin ns det i Sverige tre: Ett för tv (Sveriges Television , SVT ), ett för radio (Sveriges Radio , SR ) och ett för utbildnings program (Sveriges Utbildningsradio, UR, vilket till följd av sin begränsade storlek inte återfinns bland de 25 största
Hotell För hotell anges de tre klasserna A/B, C och D. Det betyder att den "normala" standarden C är acceptabel men att motiven för en högre standard är starka. Ljudklass C motsvarar de tidigare normkraven för hotell, ljudklass A/B motsvarar kraven för moderna hotell med hög standard och ljudklass D kan användas vid
LÄS NOGGRANT FÖLJANDE VILLKOR FÖR APPLE DEVELOPER PROGRAM LICENCE . Apple Developer Program License Agreement Syfte Du vill använda Apple-mjukvara (enligt definitionen nedan) för att utveckla en eller flera Applikationer (enligt definitionen nedan) för Apple-märkta produkter. . Applikationer som utvecklas för iOS-produkter, Apple .
Issue of orders 69 : Publication of misleading information 69 : Attending Committees, etc. 69 : Responsibility 69-71 : APPENDICES : Appendix I : 72-74 Appendix II : 75 Appendix III : 76 Appendix IV-A : 77-78 Appendix IV-B : 79 Appendix VI : 79-80 Appendix VII : 80 Appendix VIII-A : 80-81 Appendix VIII-B : 81-82 Appendix IX : 82-83 Appendix X .
Appendix G Children's Response Log 45 Appendix H Teacher's Journal 46 Appendix I Thought Tree 47 Appendix J Venn Diagram 48 Appendix K Mind Map 49. Appendix L WEB. 50. Appendix M Time Line. 51. Appendix N KWL. 52. Appendix 0 Life Cycle. 53. Appendix P Parent Social Studies Survey (Form B) 54
Academic writing is iterative and incremental. That is, it is written and rewritten numerous times in a number of stages. Pre-writing: approaches for getting the ideas down The first step in writing new material is to get your ideas down without attempting to impose any order on them. This process is often called ‘free-writing’. In “timed writing” (Goldberg 1986) or “free writing .
