Create a new subscription.
The URL field provided will receive HTTP POST requests containing effective permissions updates from the consentric platform.
Authentication
The authentication section allows for specification of security details to be used when calling client systems. Three possible authentication flows are available:
Refresh token authentication
To enable this functionality, the 'authType' field must be set to 'token' and a 'refreshToken' and 'refreshUrl' must be provided. Upon receipt of a 401 response when attempting to POST an update to a subscription, the service will attempt to refresh the existing token via a POST to the 'refreshUrl' value provided. The POST request will include parameters following the standard OAuth2 refresh flow, this will only include the optional 'clientId' and 'clientSecret' values if they are stored. For any response to be deemed successful it must include an 'access_token' field following the OAuth2 standard, the value of which will be used to update the 'token' value on the client subscription. That value will then be used until another 401 is received. Currently the 'refreshToken' value on subscriptions may only be updated manually via a PUT or PATCH request.
Persistent/Manual Token Authentication
To enable this functionality the 'authType' field must be set to 'token' and a 'token' value must be provided. The service will send the token on POST updates to the client as standard, non-success responses will be logged as failures. The 'token' value can be manually updated via a PUT or PATCH request but will not be refreshed automatically.
No Authentication (default)
If a subscription is created without any authentication details the 'authType' field defaults to 'none' and no authentication is used when POSTing updates to the subscriptions and no refresh flow is attempted.
Token Configuration
When authenticated requests are required, Consentric will use either a query parameter or a request header to provide the authorisation token. The query parameter type will use "?token=token" while the header value will use the "Authorization" header with value like "Bearer token".
API Key Authentication
When API Key authentication is required, Consentric will use either a query parameter or a request header to provide the authorisation. The end user must provide the name of the key and its value. The query parameter type will be like this: "?x-api-key=myapisecret" whereas the header value will be like this: header "x-api-key" with value "myapisecret".
post https://api.consentric.io/v1/subscriptions