Versions Compared

Old Version 10

changes.mady.by.user CamilleCrespeau

Saved on

compared with

New Version Current

changes.mady.by.user Xavier Delamotte

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
maxLevel2
stylenone

...


1 - Metadata Endpoint 
Status
subtletrue
colourRed
titleRequired

1.1 How does it work?

In order to understand your application and configure webhooks properly, Maestrano expects you to create a special "metadata" endpoint exposing the configuration of your application preferences in terms of Single Sign-On, data sharing subscriptions, webhooks etc.

For more information on the metadata endpoint and how it works see: [Deprecated] How to link my application to maestrano.com

1.2 What to include in the metadata endpoint?

The metadata endpoint should return a JSON document describing your configuration. Note that the call initiated by Maestrano to retrieve your metadata is authenticated via HTTP Basic authentication using your own API credentials (shared secret).

...

Code Block
languageruby
{
  # ===> App Configuration
  #
  # => environment
  # The environment of your application. Common values are: 
  # - "production", for your integration on a platform in a Production environment or UAT environment
  # - "production-sandbox", for the sandbox you use for your tests during the integration on maestrano.com
  # - "test", for the SSO test on the Sandbox
  "environment": "test",

  # => host
  # This is your application host. For UAT and Production environments, it must be a publicly resolvable URL, you cannot use "http://localhost:3000" for instance.
  "app": {
    "host": "http://my-app.com"
  },
 
  # 
  "api": {
    # => id
    # The id of your app. 
    # For maestrano.com integration, it corresponds to the App ID of your Maestrano App Provider API Dashboard.
    # For other platform, we will send it to you with your API key.
    "id": "app-19op",
 
    # => host
    # It corresponds to the platform host.
    # It changes with the tenant and the environment. We will provide you the correct host for the platform you are being connected to.
    "host": "http://api-sandbox.maestrano.io"
  },
 
  # ===> SSO Configuration
  #
  "sso": {
    # => idm
    # By default we consider that the domain managing user identification is the same as your application host (see above config.app.host parameter). 
    # If you have a dedicated domain managing user identification and therefore responsible for the single sign-on handshake (e.g: https://idp.my-app.com) then you can specify it below
    "idm": "https://idp.myapp.com",

    # => init_path
    # This is the path in your application that allows users to initiate the Single Sign-On handshake. 
    # Upon reaching this endpoint users your application will automatically create a SSO request and redirect the user to Maestrano. Maestrano will then authenticate and authorize the user.
    "init_path": "/maestrano/auth/saml/init.php",
    # This value can be changed on a per-tenant basis:
    # "init_path": "/maestrano/auth/saml/init.php?tenant=mytenant"

    # => consume_path
    # This is your application path to the SAML endpoint that allows users to finalize SSO authentication. 
    # During the 'consume' action your application sets users (and associated group) up and/or log them in.
    "consume_path": "/maestrano/auth/saml/consume.php",
    # This value can be changed on a per-tenant basis:
    # "consume_path": "/maestrano/auth/saml/consume.php?tenant=mytenant"
 
	# => idp
    # It corresponds to the platform host.
    # It changes with the tenant and the environment. We will provide you the correct host for the platform you are being connected to.
    "idp": "https://maestrano.com",
 
    # => x509_fingerprint and x509_certificate
    # It changes with the tenant and the environment. We will provide you the correct host for the platform you are being connected to.
    "x509_fingerprint": "8a:1e:2e:76:c4:67:80:68:6c:81:18:f7:d3:29:5d:77:f8:79:54:2f"
    "x509_certificate": "-----BEGIN CERTIFICATE-----MIIDezCCAuSgAwIBAgIJAMzy+weDPp7qMA0GCSqGSIb3DQEBBQUAMIGGMQswCQYDVQQGEwJBVTEMMAoGA1UECBMDTlNXMQ8wDQYDVQQHEwZTeWRuZXkxGjAYBgNVBAoTEU1hZXN0cmFubyBQdHkgTHRkMRYwFAYDVQQDEw1tYWVzdHJhbm8uY29tMSQwIgYJKoZIhvcNAQkBFhVzdXBwb3J0QG1hZXN0cmFuby5jb20wHhcNMTQwMTA0MDUyMzE0WhcNMzMxMjMwMDUyMzE0WjCBhjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRowGAYDVQQKExFNYWVzdHJhbm8gUHR5IEx0ZDEWMBQGA1UEAxMNbWFlc3RyYW5vLmNvbTEkMCIGCSqGSIb3DQEJARYVc3VwcG9ydEBtYWVzdHJhbm8uY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+2uyQeAOc/irohCyT33RkkWfTGeJ8E/mu9F5ORWoCZ/h2J+QDuzuc69Rf1LoO4wZVQ8LBeWOqMBYzotYFUIPlPfIBXDNL/stHkpg28WLDpoJM+46WpTAgp89YKgwdAoYODHiUOcO/uXOO2i9Ekoa+kxbvBzDJf7uuR/io6GERXwIDAQABo4HuMIHrMB0GA1UdDgQWBBTGRDBTie5+fHkB0+SZ5g3WY/D2RTCBuwYDVR0jBIGzMIGwgBTGRDBTie5+fHkB0+SZ5g3WY/D2RaGBjKSBiTCBhjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA05TVzEPMA0GA1UEBxMGU3lkbmV5MRowGAYDVQQKExFNYWVzdHJhbm8gUHR5IEx0ZDEWMBQGA1UEAxMNbWFlc3RyYW5vLmNvbTEkMCIGCSqGSIb3DQEJARYVc3VwcG9ydEBtYWVzdHJhbm8uY29tggkAzPL7B4M+nuowDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQAwRxg3rZrML//xbsS3FFXguzXiiNQAvA4KrMWhGh3jVrtzAlN1/okFNy6zuN8gzdKDYw2n0c/u3cSpUutIVZOkwQuPCMC1hoP7Ilat6icVewNcHayLBxKgRxpBhr5Sc4av3HOW5Bi/eyC7IjeBTbTnpziApEC7uUsBou2rlKmTGw==-----END CERTIFICATE-----"
  },

  # ===> Data Sharing
  # This section describes how to configure the Account and Connec!™ webhooks
  # => connec.host (required)
  # It corresponds to the endpoint used to fetch data from.
  # It changes with the tenant and the environment. We will provide you the correct host for the platform you are being connected to.
  "connec": {
    "host": "https://api-connec.maestrano.com"
  }
  "webhook": {
    #
    # Maestrano will issue a DELETE request to the following paths to notify you
    # of any service cancellation (group deletion) or any user being removed from a group.
    # => groups_path (required)
    # => group_users_path (required)
    "account": {
      "groups_path": "/maestrano/account/groups/:id",
      "group_users_path": "/maestrano/account/groups/:group_id/users/:id"
    },

    # ==> Connec Subscriptions/Webhook
    # The following section is used to configure the Connec!™ webhooks and which entities
    # you should receive via webhook.
    #
    #
    "connec": {

      # => notifications_path (required)
      # This is the path of your application where notifications (created/updated entities) will
      # be POSTed to.
      # You should have a controller matching this path handling the update of your internal entities
      # based on the Connec!™ entities you receive
      #
      "notifications_path": "/maestrano/connec/notifications",

      # => subscriptions (required)
      # This is the list of entities (organizations, people, invoices etc.) for which you want to be
      # notified upon creation/update in Connec!™
      # 
      "subscriptions": {
        "accounts": true,
        "company": true,
        "events": false,
        "event_orders": false,
        "invoices": true,
        "items": true,
        "journals": false,
        "organizations": true,
        "payments": false,
        "pay_items": false,
        "pay_schedules": false,
        "pay_stubs": false,
        "pay_runs": false,
        "people": true,
        "projects": false,
        "tax_codes": true,
        "tax_rates": false,
        "time_activities": false,
        "time_sheets": false,
        "venues": false,
        "work_locations": false
      }
    }
  }
}

...



2 - Single Sign-On 
Status
subtletrue
colourRed
titleRequired

Maestrano provides two different Single Sign-On protocols: SAML 2.0 and OpenID. OpenID has become fairly more popular than SAML and is also more supported by the community. Chances are you will find a library handling OpenID out-of-the-box for your language of choice. A few examples:

...

Our OpenID guide will give you all the details on the best way to integrate our OpenID provider into your application, just check it out here.



...


3 - Account Management API & Webhooks

Our account management API is a REST API allowing you to perform:

  • Membership Management: get details about your Maestrano customers (memberships) and get notified of service cancellation actions via webhooks.
    • Group/Organization
    • User
    • Groups Webhook  
    • Group Users Webhook - Mandatory
  • Billing Management: create/retrieve/cancel bills or recurring bills for your Maestrano customers.
    • Bill (Adhoc)
    • RecurringBill

3.1 - Membership Management

Groups (company/organization) API

> Retrieve your list of customers (= list of companies having selected your application on Maestrano)

...

Code Block
languagebash
# Request
curl -u <my-app-id>:<my-app-secret> \
  -H "Accept: application/json" \
  https://maestrano.com/api/v1/account/groups/cld-4
 
# Response
{  
   "success":true,
   "errors":{},
   "data": {  
      "object":"account_group",
      "id":"cld-4",
      "created_at":"2014-05-21T04:04:53Z",
      "updated_at":"2014-05-21T04:04:53Z",
      "has_credit_card":true,
      "status":"running",
      "name":"Logistics Department - Sales",
      "free_trial_end_at":"2014-06-21T04:04:53Z",
      "email":"cld-4@example.com",
      "currency":"USD",
      "timezone":"America/Los_Angeles",
      "country":"US",
      "city":"Los Angeles"
  }
}

Users API

> Retrieve the list of users with access to your application

...

Code Block
languagebash
# Request
curl -u <my-app-id>:<my-app-secret> \
  -H "Accept: application/json" \
  https://maestrano.com/api/v1/account/users/usr-2
 
# Response
{  
   "success":true,
   "errors":{},
   "data": {  
      "object":"account_user",
      "id":"usr-2",
      "name":"John",
      "surname":"Doe",
      "email":"john.doe@gmail.com",
      "country":"AU",
      "sso_session":"d7kp1b5esnfgtz6xhiv9qwlja34yu8crm2o0",
      "created_at":"2014-05-21T00:37:34Z",
      "updated_at":"2015-03-09T06:37:28Z"
   }
}


Groups Webhook - getting notified a of Group cancelling their subscription to your service 
Status
subtletrue
colourRed
titleRequired

When a business decides to stop using your service Maestrano will issue a DELETE request to the webhook.account.groups_path endpoint on your side (e.g.: /webhooks/maestrano/groups/:id - see the metadata section above). The call is authenticated via HTTP Basic authentication using your own API credentials (shared secret).

...

Code Block
languagebash
curl -u <my-app-id>:<my-app-secret> \
  -X "DELETE" \ 
  -H "Accept: application/json" \
  https://my-cloud-application.com/webhooks/maestrano/groups/cld-4


Group > Users Webhook - getting notified a of user leaving a group 
Status
subtletrue
colourRed
titleRequired

When a user is removed from a group, access should be disabled for that specific user. In such case Maestrano will issue a DELETE request to the webhook.account.group_users_path endpoint on your side (e.g.: /webhooks/maestrano/groups/:group_id/users/:id - see the metadata section above). The call is authenticated via HTTP Basic authentication using your own API credentials (shared secret).

...

Code Block
languagebash
curl -u <my-app-id>:<my-app-secret> \
  -X "DELETE" \ 
  -H "Accept: application/json" \
  https://my-cloud-application.com/webhooks/maestrano/groups/cld-4/users/usr-2


3.2 - Billing Management 
Status
subtletrue
colourRed
titleRequired

Maestrano centralizes all billing functionalities. The goal is to provide to customers a single invoice at the end of the month summarising the expenses related to all the applications and services they have used during the month.

...

  • Bill: one-off charge to be incurred - e.g.: one-off purchase a specific module, template, service within your application
  • RecurringBill: recurring charge - e.g.: weekly/monthly/annual user subscription

Bill - Adhoc charge

The command below shows how to create a $20 adhoc bill.

...

FieldModeTypeRequiredDefaultDescription
idreadonlystring--The id of the bill
group_idread/writestringYes-The id of the group you are charging
price_centsread/writeIntegerYes-The amount in cents to charge to the customer
descriptionread/writeStringYes-A description of the product billed as it should appear on customer invoice
created_atreadonlyTime--When the bill was created. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
updated_atreadonlyTime--When the bill was last updated. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
statusreadonlyString--Status of the bill. Either 'submitted', 'invoiced' or 'cancelled'.
currencyread/writeString-AUDThe currency of the amount charged in ISO 4217 format (3 letter code)
unitsread/writeDecimal(10,2)-1.0How many units are billed for the amount charged
period_started_atread/writeTime--If the bill relates to a specific period then specifies when the period started. Both period_started_at and period_ended_at need to be filled in order to appear on customer invoice. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
period_ended_atread/writeTime--If the bill relates to a specific period then specifies when the period ended. Both period_started_at and period_ended_at need to be filled in order to appear on customer invoice. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
third_partyread/writeBoolean-falseFlag for third-party bills (e.g.: charge for SMS credits). Third party bills are not subject to commissions.

RecurringBill - Recurring subscription fees

The command below shows how to create a $29.90 recurring bill for a user license.

...

FieldModeTypeRequiredDefaultDescription
idreadonlystring--The id of the recurring bill
group_idread/writestringYes-The id of the group you are charging
price_centsread/writeIntegerYes-The amount in cents to charge to the customer
descriptionread/writeStringYes-A description of the product billed as it should appear on customer invoice
periodread/writeString-MonthThe unit of measure for the billing cycle. Must be one of the following: 'Day', 'Week', 'SemiMonth', 'Month', 'Year'
frequencyread/writeInteger-1The number of billing periods that make up one billing cycle. The combination of billing frequency and billing period must be less than or equal to one year. If the billing period is SemiMonth, the billing frequency must be 1.
cyclesread/writeInteger-nilThe number of cycles this bill should be active for. In other words it's the number of times this recurring bill should charge the customer.
start_dateread/writeTime-NowThe date when this recurring bill should start billing the customer. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
created_atreadonlyTime--When the recurring bill was created. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
updated_atreadonlyTime--When the recurring bill was last updated. Uses ISO 8601 format (e.g.: 2015-06-03T05:00:33Z)
currencyread/writeString-AUDThe currency of the amount charged in ISO 4217 format (3 letter code)
statusreadonlyString--Status of the recurring bill. Either 'submitted', 'active', 'expired' or 'cancelled'.
initial_centsread/writeInteger-0Initial non-recurring payment amount - in cents - due immediately upon creating the recurring bill



...


4. Connec!™ Data Sharing 
Status
subtletrue
colourRed
titleRequired

The Connec!™ Data Sharing REST API documentation can be found at the following URL: http://maestrano.github.io/connec/

More high level resources can also be found on this wiki, under the Connec!™ API V2 section: Connec!™ API V2 documentation


groups_path