search

europace / baufismart-kundenangaben-api

API zum Importieren von Kundenangaben in einen neuen Vorgang in BaufiSmart.
https://developer.europace.de
14 stars 4 forks source link

Some questions about permission, and about betreuung and tippgeber paramters #64

Closed 4yourfinance closed 3 years ago

4yourfinance commented 3 years ago

Hello!)

Could you please answer these questions:

  1. Where we can check permission for certain partnerId?

  2. Scope baufinanzierung:vorgang:schreiben enough to import kundenangaben?

  3. When we sent a request with defined betreuung we get: 

    [type] => https://api.europace.de/kundenangaben/problem/forbidden
[title] => Forbidden
[status] => 403
[detail] => Access is denied
[responseCode] => 403

    It is mean what this partner can't create a process? (we got access token with scope: impersonieren baufinanzierung:echtgeschaeft baufinanzierung:vorgang:schreiben)

  4. If we sent request without betreuung, and with tippgeber, we get:

    [vorgangsnummer] => AG3BKF
[responseCode] => 201

    (with datenkontext = ECHT_GESCHAEFT)

But when we try to view this data in the: https://www.europace2.de/vorgangsmanagement/ we don't see this process. Where we can view this data?

Because if we got the successful result, then it was created somewhere, but where?

  1. The betreuung uses for impersonation, right?

  2. Do we need use betreuung if we use tippgeber (or vise verse)?

  3. The tippgeber or betreuung will make an influence on the place where data will be added?

roamingthings commented 3 years ago

Let me go through your questions one by one:

  1. I'm not sure what kind of permissions you want to check. However you may want to look at the Partner API.
  2. You will also need baufinanzierung:echtgeschaeft to import when using the datenkontext = ECHT_GESCHAEFT which is used if nothing is specified.
  3. Forbidden (403) means that you're missing a required scope. However it seems that you have the required scopes baufinanzierung:echtgeschaeft and baufinanzierung:vorgang:schreiben. If you have a Trace-Id (returned in a header field) we can take a closer look why you are rejected.
  4. If you don't set betreuung you have to use the same partner for importing and querying (viewing). If you used an impersonated token you also have to impersonate the token when you query for the process.
  5. The values given in betreuung are used to explicitly set the Kundenbetreuer and Bearbeiter of the process. The partner identified by the access token (subject) requires the right (Übernahmerecht) to the partner set in betreuung.kundenbetreuer and betreuung.bearbeiter. The same is true for tippgeber. When you don't set betreuung the Kundenbetreuer of the process becomes the partner (subject) of the access token. So as an alternativ to use betreuung you can impersonate the access token. In this case you need the right to impersonate when getting the access token instead of the right Übernahmerecht when creating the process.
  6. betreuung and tippgeber are independend of each other. You have to set both. Otherwise the Kundenbetreuer will set to the partner (subject) of the access token.
  7. betreuung.kundenbetreuer will be the partner that will be able to open/find the process.
4yourfinance commented 3 years ago

Could you please check this Trace-Id: Root=1-602529fe-6e699f4e4ce4571878e14947

We send as ECHT_GESCHAEFT, with tippgeber and betreuung and get:

 [type] => https://api.europace.de/kundenangaben/problem/conflict
 [title] => Conflict
 [status] => 409
 [detail] => importMetadaten.betreuung.kundenbetreuer is not allowed

P.S. When we send without tippgeber we get success result (x-traceid = Root=1-60252813-2f2ca637215c18406f5d3edc).

4yourfinance commented 3 years ago

We have one questions yet: When we are getting an access token and don't set the "Actor" field, then what partnerId will be assigned to us? It looks like partner Id doesn't have permission to use with specified tippgeber, right? If yes, how can we get permission for it?

Below we added some additional pieces of information about the request. Please tell me is this correct?

Structure of request: (access token was gotten without actor or subject, that is as-is, simple with scope: baufinanzierung:echtgeschaeft baufinanzierung:vorgang:schreiben, and grant type:client_credentials)

Array
(
    [kundenangaben] => Array
        (
            [haushalte] => Array
                (
                    ... ... ...
                )
            [finanzierungsobjekt] => Array
                (
                    [immobilie] => Array
                        (
                            [adresse] => Array
                                (
                                    ... ... ...
                                )

                        )
                )
        )
    [importMetadaten] => Array
        (
            [datenkontext] => ECHT_GESCHAEFT
            [tippgeber] => Array
                (
                    [tippgeberPartnerId] => HDY17
                    [tippgeberprovisionswunsch ] => Array
                        (
                            [kundenbetreuer] => HDY17
                        )
                )
            [betreuung] => Array
                (
                    [kundenbetreuer] => HDY17
                    [bearbeiter] => HDY17
                )
        )
)
roamingthings commented 3 years ago

Could you please check this Trace-Id: Root=1-602529fe-6e699f4e4ce4571878e14947

We send as ECHT_GESCHAEFT, with tippgeber and betreuung and get:

[type] => https://api.europace.de/kundenangaben/problem/conflict
[title] => Conflict
[status] => 409
[detail] => importMetadaten.betreuung.kundenbetreuer is not allowed

This means that there is no "Übernahmerecht" for the Partner given in "kundenbetreuer"

roamingthings commented 3 years ago

We have one questions yet: When we are getting an access token and don't set the "Actor" field, then what partnerId will be assigned to us? It looks like partner Id doesn't have permission to use with specified tippgeber, right? If yes, how can we get permission for it?

If no importMetadaten.betreuung.kundenbetreuer is given the partner mentioned in the subject is used as "Kundenbetreuer". The actor is not used.

So in your example the Partner HDY17 is uesd for "tippgeber", "kundenbetreuer" and "bearbeiter". So the partner given in the JWT subject either has to be HDY17 or requires Übernahmerechte für HDY17.

4yourfinance commented 3 years ago

Sehr geehrter Herr Krüger,

danke für die Einrichtung der Credentials für die Partner ID: JHO41.

Wir haben nun zwischenzeitlich die Anbindung an die Europace API "Vorgang anlegen" Schnittstelle vorgenommen. Die Übermittlung von neuen Vorgängen erfolgte über die Partner ID: HDY17

Wir haben hier auch von API eine erfolgreiche Response von 201 bekommen. Der Vorgang wurde also im System angelegt. Über die Europace 2 Plattform können wir diesen nur nicht finden.

Wir glauben es liegt an einer Berechtigung. Können Sie uns bitte mitteilen welche Einschränkungen für die Client ID: 775RCRM6UGPCWCMY

Haben Sie ansonsten einen anderen Ansatz, z. B. die Daten gehen erst einmal in eine Testumgebung.

Viele Grüße

Tilo Hammer

4yourfinance commented 3 years ago

About request data. We get access token with https://api.europace.de/auth/access-token (is it right?). When we were getting the access token we didn't set actor or subject.

We didn't set "betreuung" and specify only "tippgeber.tippgeberPartnerId" and sent a request to https://baufinanzierung.api.europace.de/kundenangaben. We got the 201 response code. A "vorgangsnummer" was assigned as "F189NC". ("x-traceid" = "Root=1-6037cbd3-03fc589b3e763a531df113e7")

When we set "importMetadaten.betreuung.kundenbetreuer" we get 409 response code and in detail what "importMetadaten.betreuung.kundenbetreuer is not allowed" (Root=1-6037d0e8-0b3dbdc65ccfba673bebf9df)

If we are trying to set "actor" or "subject" we are getting "Unauthorized client: Subject not found".

Please tell us, if we are doing something wrong.

MikeKrueger75 commented 3 years ago

Hi, ich habe die letzten Fragen per E-Mail direkt beantwortet.