Api >

Service Portal REST API

GET /api/customers/{customer_id}/monitoring-levels

GET retrieves available Monitoring Levels
Given I am authenticated as Customer K0002
When I send /api/customers/K0002/monitoring-levels
Then I should receive HTTP/1.1 200 OK
with following body 
{
  "href": "/api/customers/K0002/monitoring-levels",
  "items": [{
    "data": [{
      "name": "monitoringLevel",
      "value": "Off"
    }]
  }, {
    "data": [{
      "name": "monitoringLevel",
      "value": "Minimal"
    }]
  }, {
    "data": [{
      "name": "monitoringLevel",
      "value": "Moderate"
    }]
  }, {
    "data": [{
      "name": "monitoringLevel",
      "value": "Detailed"
    }]
  }]
}
GET retrieves filtered Monitoring Levels
Given I am authenticated as Customer K0002
When I send /api/customers/K0002/monitoring-levels?_q=min
Then I should receive HTTP/1.1 200 OK
with following body 
{
  "href": "/api/customers/K0002/monitoring-levels?_q=min",
  "links": null,
  "items": [{
    "href": null,
    "links": [],
    "data": [{
      "name": "monitoringLevel",
      "value": "Minimal"
    }]
  }]
}
Missing Customer
Given I am authenticated as Admin
When I send /api/customers/K404/monitoring-levels
Then I should receive HTTP/1.1 404 Not Found
And Content-Type header should be application/api-problem+json
with following body: 
{
  "title": "Customer not found",
  "detail": "Customer with identifier K404 has not been found",
  "described_by": "http://api.nfon.net/probs/customer-not-found"
}
Customer should not be able to GET another Customer's Monitoring Levels
Given I am authenticated as Customer K0003
When I send /api/customers/K0002/monitoring-levels
Then I should receive HTTP/1.1 403 Forbidden
And Content-Type header should be application/api-problem+json
with following body: 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0002]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
System Integrator cannot access Monitoring Levels of Customer that does not belong to him
Given I am authenticated as System Integrator S0002
When I send /api/customers/K0003/monitoring-levels
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Operator cannot access Monitoring Levels of Customer that does not belong to him
Given I am authenticated as Operator C0002
When I send /api/customers/K0003/monitoring-levels
Then I should receive HTTP/1.1 403 Forbidden
with following body 
{
  "title": "Access forbidden",
  "detail": "Access denied to [Customer] with id [K0003]",
  "described_by": "http://api.nfon.net/probs/invalid-authorization"
}
Results generated by Concordion
in 655 ms on 25-Feb-2026 at 00:40:26 CET