Api >

Service Portal REST API

GET /api/customers/{customer-id}

Can access full Customer's data
Given I am authenticated as System Integrator S0002
When I send /api/customers/K0002
Then I should receive HTTP/1.1 200 OK
with body: 
{
  "href": "/api/customers/K0002"
}
Customer can access his data
Given I am authenticated as K0002
When I send /api/customers/K0002
Then I should receive HTTP/1.1 200 OK
with body: 
{
  "href": "/api/customers/K0002"
}
Customer cannot access not his data
Given I am authenticated as K0003
And there exists Customer with ID K0002 When I send /api/customers/K0002
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0002]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
System Integrator cannot access data of Customer that does not belong to him
Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Operator cannot access data of Customer that does not belong to him
Given I am authenticated as Operator C0002
When I send /api/customers/K0003
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Results generated by Concordion
in 603 ms on 25-Feb-2026 at 00:39:59 CET