ConnectZ - Retrieve profile information from a BU System

Home

In scope of GTO Product offering, an anti-corruption layer was built to provide an uniform communication model to multiple Business Units, allowing consumer Systems (Global Applications) to be agnostic to the data source.

As part of the self-service models and in order to ensure access to profile details this API is exposed, providing the required profile information.

How this can help you

Allow access to local business unit profile information, allowing access to profile information in an uniform way independent of the location, if a certain Business Unit data is required, a pre-enablement with GTO Global Solutions will be required.

resources/hla_profile_process_api-6c1c4205-e480-40f2-b607-41a612e009ee.png

How does it work

The Profile Process API based on context information (Business Unit) will route the request to the relevant system on the Business Unit and return a common data model with profile details.

How do I get access

New applications wishing to use the service can request access via the API Exchange. As part of the request, you will be asked for a cost center and to select the service tier you require. Once the API Owner accepts your request you will be issued a Client ID and Secret which you can use to call the API. See Getting Start page for more information.

Getting Started

All our API’s are designed to be easy and fast to consume! You can play with them from day 0 through our built in mocking services (were you can explore our API's before any further engagement), but if you want the real deal go through our Terms and conditions and Pricing pages and get started without exiting this site.

Step 0. First time

If this is your first time using one of our API's we suggest to go through our SharePoint site page were you can find a lot of information, of the basic concepts used through this API page.

Step 1. Request API access

Yes, just click on the "Request Access" button in this page where you will need to:

Select the Environment you want to access (more details on our Environment page)
Select the right tier for your application, you can find more information on Pricing page and move to the next screen
"Select an existing client application" or "Create a new application" that will be allowed to call this api
Read the Terms & Conditions and check the box to accept them
- Terms and conditions vary between API's, it is important take knowledge of this information to prevent any API misusage
- Please read Terms and conditions page to know our global terms and this API specific terms
Access approval & account setup
- All access requests are assessed and approved within 1 working day, during this phase you might be contacted for specific details (e.g. cost centre)

Step 2. Use the API

Once you client application gets approved, and you have your credentials, you can visit our Authentication page to understand which authentication mechanism should be used to interacting with our API.

You can use this API through your preferable wrapper, MuleSoft, Azure API, Java, Python... Just follow our API Run Flow to understand how to use it, or explore our API documentation to see in more detail our API documentation.

Step 3. Monitor your API

Monitorization of your API is also a key aspect to improve you API usage, our API's are actively monitored, please through our Support page to know more on our monitoring solution.

Step 4. Maintain your Application

We are always looking to improve our API's, this means that is also important for you to know how this API can evolve and how we manage it.

The Versioning page details which versioning model is being used, and how this can affect your dependent applications.

Step 5. Provide feedback and get support

Visit your Support page to know how to interact with us, but while you are here, feel free to use our Reviews section

Step 6. Decommissioning

Hope you are not thinking about it :) But if you must, simply delete your Application on "My Applications" page, and you will be unregistered from this API.

Pricing

How am I charged?

To be DEFINED

When am I charged?

Charges will start 30 days after you commence using the API and you can cancel anytime during this period. Thereafter billing will occur monthly to the cost centre that you specify.

Postman

In order to speed up your integration we prepared a curated Zurich Postman collection which you can found on Zurich Postman Enterprise - CC_API_Centre for Enablement.

If you are a Zurich employee / contractor and you don't have access, please visit Zurich Get Postman link, and take the oportunity to visit our C4E Postman Best Practices while your access is being aproved.

Configure your environment variables

As defined on the Postman Best practices, this is a shared Collection, which is already curated for initial use.

When using the provided collection, please ensure you create your own copy into your team workspace and don't update the collection.

Only current values in environment properties can be changed as presented below:

postman_collection_environment

Run your postman collection

Once you have configured the environment variables feel free to invoke the available methods and retrieve the API details.

Any additional question please contact the C4E team

Authentication

Our API is protected by Basic Auth: standard HTTP Authorization header with the authorization type to Basic

The user and password are governed through an Anypoint Platform enforced Client Id/Secret policy.

Client ID/Secret

Complete the pre-requisite steps on the Getting Started page to obtain API client credentials.

The Client Id/Secret is enforced using the Basic Authentication scheme. This requires the client_id and client_secret values are communicated using the standard HTTP Authorization header with the authorization type to Basic.

The format of the Authorization header is as follows:

Basic client_id:client_secret

In accordance with the Basic Authentication specification the client_id:client_secret value must be passed as base64-encoded string as shown below:

Basic Y2xpZW50X2lkOmNsaWVudF9zZWNyZXQ=

The API will return a 401 HTTP Status Code with code authentication_error in case of an invalid value or credential.

Errors

This API uses conventional HTTP response codes to indicate the success or failure of an API request:

Codes in the 2xx range indicate success.
Codes in the 4xx range indicate an error that failed given the information provided (e.g., a required field was omitted).
Codes in the 5xx range indicate an error with the server.

The sections below explain in detail the HTTPS status codes returned by the API and the error response message returned to the user.

Error HTTP Status Code Summary

The table below contains all the possible HTTP status codes that the API returns, however, one should refer to each individual resource and method endpoint definition for specific details on the possible status codes returned.

Status Code	Description
400 Bad Request	The server could not understand the request due to invalid syntax.
401 Unauthorized	Invalid token. The server was unable to authenticate the user.
405 Unaccepted HTTP Method	The method received in the request-line is known by the origin server but not supported by the target resource.
406 Not Acceptable	The service is unable to fulfil the request based on the Accept header provided.
415 Unsupported Media Type	The media format of the requested data is not supported by the server.
500 Internal Server Error	An internal server error was observed.
502 Bad Gateway	The server encountered received an invalid response from an inbound server it accessed while attempting to fulfil the request.
503 Service Unavailable	The server was unable to handle the request due to a temporary overloading or maintenance of the server.

Please refer to each individual resource and method endpoint definition for specific details on the possible status codes returned.

Error Response

Independently of the error scenario a common error structure will be returned, allowing consumers to manage error results through a common structure, below the specific attributes that compose this error message structure can be checked in more details.

Attributes

Field Name	Description
code	Pattern based scheme that identifies a specific and unique error condition. Typically human readable but more suited for machine processing.
message	Human readable description of the error that occurred that is not intended to be machine parsable.
correlationId	Provide ability to rapidly identify and trace distributed request processing.
source	Optional. Describes the source of the error; used to indicate the error originated elsewhere or self-reference when error was generated internally or in direct consequence of downstream events.
source/name	Implementation provider defined name for the API, service or system.
source/layer	Implementation provider defined name for the API, service or system.
causes	Optional. Describes the source of the error; used to indicate the error originated elsewhere or self-reference when error was generated internally or in direct consequence of downstream events.
causes/code	Optional. Pattern based string that identifies a more fine grained error condition, which contributed to the general/parent error code above.
causes/message	Mandatory. More specific information on the failure cause.
causes/field	Optional. A JSON Pointer (RFC6901) that identifies the entity or entity attribute responsible for the more specific error code and message.
causes/source	Optional. See “source” object definition above

Error Response Payload Examples

{
  "code" : "RESOURCE_UPDATE_FAILED",
  "message" : "Cannot update User account groups",
  "correlationId": "3d9445ca-dd6c-4fe2-b93d-c23423f0d612",
  "causes": [
    {
      "code": FAILED_UPDATE_SECURITY_TYPE_DEFAULT,
      "message": "Failed to set security type to 1"
    }
  ]
}

Environments

Exchange Name: gto-p-profiles

Environments available.

This API is provided as Process API with the view that consumers will integrate it either directly into their application or within local experience APIs.

By default we only publish the Mock and Production versions of the API for consumption because the underlying service is the same in all circumstances. Additional environments can be subscribed on special request.

URLs

This API is published to the following environments but may be made available in the following environments:

Environment	URL
Mock	See mocking service
DEV	https://test.capi.zurich.com/z/gto/p/profiles/v1/dev
UAT (Pre-Prod)	https://test.capi.zurich.com/z/gto/p/profiles/v1/uat
Production	https://capi.zurich.com/z/gto/p/profiles/v1

Please refer to the API instances section to view which deployments are available.

Additional environments are provided for development of the API but these should only be used in consultation with the API team.
By default all stateless systems that don't require specific environment data (e.g.: email, SMS) are only available in Production.

Environment	URL
SIT	https://test.capi.zurich.com/z/gto/p/profiles/v1/sit

Versioning

The C4E is committed to continuously improving and expanding the developer experience provided to consumers of this template for Mule API/integration applications. The lifecycle of this template asset is managed using Semantic Versioning.

Where possible, the C4E team will make changes to the API but not change the version number because the changes are not considered to be backward compatible. Such changes can be any of the following:

Addition of new resources
Addition of new non-mandatory request parameters of attributes
Addition of new data fields returned in the response
Change in the order of data fields returned by the API

There might be some instances in which breaking enhancements need to happen. In such circumstances, a new version is released not to break compatibility. Such enhancements include:

Inclusion or removal of mandatory parameters
Restructuring of the API interface

Upon the release of a new version, applications can continue using the old version, allowing the consumer to assess the changes needed. Release notes with all the changes will be provided with every new version, describing all the changes in detail.

Upon upgrading, consumers are required to request access to the new major version of the API. Given the potential breaking changes, consumers are encouraged to perform regression testing against the new version before upgrading to the new API version in production.

Version	Active	Planned decommissioning date	Additional remarks
v1	Yes	Not applicable	-

Please refer to the API instances section to view which minor version is currently in use per environment and Decommissioning Process for more details on the version upgrade process.

Support

Contact the C4E team or your local service desk for more information or support.

If you are already having a specific issue, maybe our Known Issues section may help you:

Known Issues

Nothing to report... Hooray!

Decommissioning

API Minor / Patch / Implementation upgrade

As out Organization evolves, so do our API to keep supporting richer functionalities and keep up with business requirements, leading to API Specification changes that does not impact consumers.

As those changes are made available a specific process will be followed to allow consumers to be aware of the new functionalities but check if no side impact occurs on the consumer side, the process defined is:

Step	Description
Notify API Minor / Patch / Implementation Release	As a new minor/patch version or API implementation change is deployed in Acceptance, all will be notified of the API changes
Execute Application regression tests	Consumer applications can use Acceptance environment to execute regression tests and validate that no impact on current functionality exists due to the new version Note: as minor/patch/implementation updates are executed in order to prevent any consumer impact, this step is not mandatory, although it is highly recommended to prevent Production impact, being of high importance automatic regression tests for this scenarios
Issues detected?	As the regression tests are made on the consumer side check if any issue occur
C4E Issue submission & regression tests	If an issue is detected during this phase, please Contact the API Owner to have the right level of support and prevent production impact
Production Deploy Grace Period - 1 week	As per the defined grace period, Production deployment will be hold during the defined SLA to allow consumers regression tests validation
Notify Production Upgrade	As the SLA for production deployment is reached the new version will be promoted into production

Note: Hot-fixes are by nature an exception process, and will not follow the defined process (e.g.: emergency releases as experience during Log4J2 vulnerabilities). For those scenarios, a specific process will be followed.

API Major release / Decommissioning

A minor/patch upgrade version approach will be the preferable approach, although, in some scenarios that approach cannot be followed due to external factors as for example:

Breaking changes on end systems due to system upgrade
Change of API system provider leading to major data changes not compatible with current version
New functionalities that forces additional data to be provided

As running parallel API versions requires additional Infrastructure and Support activities, older major releases will be decommissioned as per Terms of Service SLA, below is presented the high level process and flow in use to manage the overall decommissioning activities:

Step	Description
Notify API Major Release	As a new version is available and deployed in Acceptance all subscribers will be notified about the new API Major version
Deprecate previous version	As a new version is created, previous version Access Request will be disabled, preventing new access request, but allowing existing consumers to continue to use the previous version
Request access to new version in API Portal	As the new version is made available in Acceptance environment, consumers can request access to the new version on API Portal
Execute new API Version integration & Regression Tests	With the new API Version implementation, consumers will have a grace period to adapt existing applications to the new API version, during this grace period consumers should upgrade and execute regression tests to validate current functionality
Deploy to Production	Even before previous version final decommissioning, both API versions will be running in parallel, so consumers will be able to upgrade to the latest version as per their internal release timelines
API Parallel Run SLA - 6 Months	During the defined SLA time API will co-exist
Notify Production Shutdown	As the SLA for parallel run is reach, a final communication will be sent to inform that previous version will be finally removed

Note: For scenarios that due to external factors API co-existence cannot be met, an exception process will be shared with all API consumers to present the exception process and impact, in order to minize API Consumers impact.

For additional information please Contact the API Owner.

Release Notes

v1.0.0: Unreleased

Description: First release of the Profile Process API

Features:

Implementation of the following base paths:
- GET /profile/{profileId}: allow access to profile details.
- PATCH /profile/{profileId}: to update profile details.

Known service limitations:

No limitation to report