Api >

Service Portal REST API

GET /api/customers/{customer-id}/contracts/{salesforce-id}

GET returns requested Customer Contract
Given I am authenticated as Customer K0002
and there is a Customer Contract with salesForceId 800D0000003ARnKIAW and name New Contract and subId 2
When I send /api/customers/K0002/contracts/800D0000003ARnKIAW
Then I should receive HTTP/1.1 200 OK with application/vnd.collection.next+json and following body: 
{
  "href": "/api/customers/K0002/contracts/800D0000003ARnKIAW",
  "data": [{
    "name": "name",
    "value": "New Contract"
  }, {
    "name": "salesForceId",
    "value": "800D0000003ARnKIAW"
  }, {
    "name": "subId",
    "value": 2
  }]
}
GET returns 404 if requested Customer Contract is missing
Given I am authenticated as Customer K0002
and there is no Customer Contract with salesForceId 404
When I send /api/customers/K0002/contracts/404
Then I should receive HTTP/1.1 404 Not Found and following body: 
{
  "title": "Customer contract not found",
  "detail": "Customer contract with salesForceId 404 has not been found for Customer K0002",
  "described_by": "http://api.nfon.net/probs/customer-contract-not-found"
}
Cannot read data for missing Customer
Given I am authenticated as Admin
When I send /api/customers/K0404/contracts/800D0000003ARnKIAW
Then I should receive HTTP/1.1 404 Not Found
with following body: 
{
  "described_by": "http://api.nfon.net/probs/customer-not-found",
  "title": "Customer not found",
  "detail": "Customer with identifier K0404 has not been found"
}
GET returns 403 if Contract belongs to another customer
Given I am authenticated as K0002
and there is a Customer Contract with salesForceId 800D0000003ARnKIAW and name New Contract and subId 2
for Customer K0003
When I send /api/customers/K0003/contracts/800D0000003ARnKIAW
Then I should receive HTTP/1.1 403 Forbidden with following body: 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
System Integrator cannot access Contract of Customer that does not belong to him
Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003/contracts/800D0000003ARnKIAW
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Operator cannot access Contract of Customer that does not belong to him
Given I am authenticated as Operator C0002
When I send /api/customers/K0003/contracts/800D0000003ARnKIAW
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Results generated by Concordion
in 569 ms on 25-Feb-2026 at 00:42:45 CET