Api >

Service Portal REST API

GET /api/customers/{customer-id}/contracts

GET can read all Customer's Contracts
Given I am authenticated as Customer K0002
and there is a Customer Contract
  • with salesForceId 800D0000003ARnKIAW
  • and name First Contract
  • and subId 2
and there is another Customer Contract
  • with salesForceId 800D0000003ARnKHDY
  • and name Second Contract
  • and subId 4
When I send /api/customers/K0002/contracts
Then I should receive HTTP/1.1 200 OK and following body: 
{
  "href": "/api/customers/K0002/contracts?_offset=0&_pagesize=16",
  "offset": 0,
  "total": 2,
  "size": 2,
  "links": [],
  "items": [{
    "href": "/api/customers/K0002/contracts/800D0000003ARnKIAW",
    "links": [],
    "data": [{
      "name": "name",
      "value": "First Contract"
    }, {
      "name": "salesForceId",
      "value": "800D0000003ARnKIAW"
    }, {
      "name": "subId",
      "value": 2
    }]
  }, {
    "href": "/api/customers/K0002/contracts/800D0000003ARnKHDY",
    "links": [],
    "data": [{
      "name": "name",
      "value": "Second Contract"
    }, {
      "name": "salesForceId",
      "value": "800D0000003ARnKHDY"
    }, {
      "name": "subId",
      "value": 4
    }]
  }]
}
GET can read filtered Customer's Contracts
Given I am authenticated as Customer K0002
and there is a Customer Contract
  • with salesForceId 800D0000003ARnKIAW
  • and name First Contract
  • and subId 2
and there is another Customer Contract
  • with salesForceId 800D0000003ARnKHDY
  • and name Second Contract
  • and subId 4
When I send /api/customers/K0002/contracts?_q=First
Then I should receive HTTP/1.1 200 OK and following body: 
{
  "href": "/api/customers/K0002/contracts?_offset=0&_pagesize=16&_q=First",
  "offset": 0,
  "total": 1,
  "size": 1,
  "links": [],
  "items": [{
    "href": "/api/customers/K0002/contracts/800D0000003ARnKIAW",
    "links": [],
    "data": [{
      "name": "name",
      "value": "First Contract"
    }, {
      "name": "salesForceId",
      "value": "800D0000003ARnKIAW"
    }, {
      "name": "subId",
      "value": 2
    }]
  }]
}
Cannot read data for missing Customer
Given I am authenticated as Admin
When I send /api/customers/K0404/contracts
Then I should receive HTTP/1.1 404 Not Found
with following body: 
{
  "described_by": "http://api.nfon.net/probs/customer-not-found",
  "title": "Customer not found",
  "detail": "Customer with identifier K0404 has not been found"
}
GET returns 403 if Customer tries to read Contracts that belong to another customer
Given I am authenticated as K0002
When I send /api/customers/K0003/contracts
Then I should receive HTTP/1.1 403 Forbidden with following body: 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
System Integrator cannot access Contracts of Customer that does not belong to him
Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003/contracts
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Operator cannot access Contracts of Customer that does not belong to him
Given I am authenticated as Operator C0002
When I send /api/customers/K0003/contracts
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Results generated by Concordion
in 646 ms on 25-Feb-2026 at 00:42:44 CET