From 79f849b0e11b4f271ebae204b9eec7d218f67000 Mon Sep 17 00:00:00 2001
From: Ed Jannoo
Date: Mon, 16 Jul 2018 11:32:28 +0100
Subject: [PATCH 1/2] APIS-3471, APIS-3472 fixes for minor issues with styles
---
app/assets/css/ad-hoc.scss | 4 +
app/assets/css/components/code.scss | 2 +-
.../views/authorisation.scala.html | 6 +-
.../views/authorisation2SV.scala.html | 4 +-
...orisationAppRestrictedEndpoints.scala.html | 10 +-
...uthorisationOpenAccessEndpoints.scala.html | 2 +-
...risationUserRestrictedEndpoints.scala.html | 95 +++++------
.../views/helpers/Helpers.scala | 2 +-
.../views/include/main.scala.html | 3 +-
.../views/raml/fields.scala.html | 20 +--
.../views/raml/headers.scala.html | 6 +-
.../views/raml/method_params.scala.html | 12 +-
.../views/raml/resource_content.scala.html | 10 +-
.../views/raml/resource_group.scala.html | 4 +-
.../views/reference.scala.html | 148 +++++++++---------
.../apidocumentation/views/testing.scala.html | 2 +-
.../views/testingDataClearDown.scala.html | 8 +-
.../views/testingStatefulBehaviour.scala.html | 8 +-
.../views/tutorials.scala.html | 93 +++++------
19 files changed, 225 insertions(+), 214 deletions(-)
diff --git a/app/assets/css/ad-hoc.scss b/app/assets/css/ad-hoc.scss
index 5e47a4b7..f288c850 100644
--- a/app/assets/css/ad-hoc.scss
+++ b/app/assets/css/ad-hoc.scss
@@ -193,4 +193,8 @@ pre, code {
.side-nav__link {
padding: 12px 15px 8px 15px;
+}
+
+.underline {
+ text-decoration: underline !important;
}
\ No newline at end of file
diff --git a/app/assets/css/components/code.scss b/app/assets/css/components/code.scss
index 38655cfb..e77cc152 100644
--- a/app/assets/css/components/code.scss
+++ b/app/assets/css/components/code.scss
@@ -4,7 +4,7 @@
.code--block,
.code--slim {
font-family: Consolas,Monaco,"Andale Mono","Ubuntu Mono",monospace;
- color: #6f777b;
+ color: #0b0c0c;
font-size: 14px;
}
diff --git a/app/uk/gov/hmrc/apidocumentation/views/authorisation.scala.html b/app/uk/gov/hmrc/apidocumentation/views/authorisation.scala.html
index 6a7567dc..c89650e2 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/authorisation.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/authorisation.scala.html
@@ -56,7 +56,7 @@ on this page
-
+
@@ -89,11 +89,11 @@ Introduction
Application-restricted |
- server_token |
+ server_token |
User-restricted |
- OAuth 2.0 access_token |
+ OAuth 2.0 access_token |
diff --git a/app/uk/gov/hmrc/apidocumentation/views/authorisation2SV.scala.html b/app/uk/gov/hmrc/apidocumentation/views/authorisation2SV.scala.html
index 3942c8b2..ec6806d3 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/authorisation2SV.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/authorisation2SV.scala.html
@@ -56,7 +56,7 @@ on this page
-
+
2-step verification
@@ -70,7 +70,7 @@ 2-step verification
Second and subsequent times through, the user must complete 2SV using their chosen method. Because 2SV is part of the API authorisation process, users do not need to complete it every time they use an API, only when their token expires (after 18 months) or if they are granting access to additional scopes.
The following diagram illustrates the user journey:
-
+
diff --git a/app/uk/gov/hmrc/apidocumentation/views/authorisationAppRestrictedEndpoints.scala.html b/app/uk/gov/hmrc/apidocumentation/views/authorisationAppRestrictedEndpoints.scala.html
index a7ac699b..aa966729 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/authorisationAppRestrictedEndpoints.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/authorisationAppRestrictedEndpoints.scala.html
@@ -56,14 +56,14 @@
on this page
-
+
Application-restricted endpoints
- These endpoints need a server token. This must be passed as an Authorization
- header with type Bearer
.
+ These endpoints need a server token. This must be passed as an Authorization
+ header with type Bearer
.
Example
@@ -72,8 +72,8 @@ Example
-H 'Accept: application/vnd.hmrc.1.0+json' \
@{applicationConfig.apiUrl}hello/application'
- If you’ve already been issued a valid OAuth 2.0 access_token
,
- you can substitute this with a server_token
.
+ If you’ve already been issued a valid OAuth 2.0 access_token
,
+ you can substitute this with a server_token
.
For a working example see the application-restricted endpoint tutorial.
diff --git a/app/uk/gov/hmrc/apidocumentation/views/authorisationOpenAccessEndpoints.scala.html b/app/uk/gov/hmrc/apidocumentation/views/authorisationOpenAccessEndpoints.scala.html
index 87aa6b95..eaaeb57d 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/authorisationOpenAccessEndpoints.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/authorisationOpenAccessEndpoints.scala.html
@@ -55,7 +55,7 @@ on this page
-
+
diff --git a/app/uk/gov/hmrc/apidocumentation/views/authorisationUserRestrictedEndpoints.scala.html b/app/uk/gov/hmrc/apidocumentation/views/authorisationUserRestrictedEndpoints.scala.html
index 01405dc5..6e932aa4 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/authorisationUserRestrictedEndpoints.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/authorisationUserRestrictedEndpoints.scala.html
@@ -55,6 +55,8 @@ on this page
+
+
User-restricted endpoints
@@ -128,23 +130,23 @@ Example
- response_type |
+ response_type |
The OAuth 2.0 response type. Currently the only acceptable value is "code". |
- client_id |
+ client_id |
The Client ID of your application. |
- scope |
+ scope |
A space-delimited list of scopes you would like to have permission to access on behalf of your user. |
- state (optional) |
- An opaque value used to maintain state between the request and callback and to prevent tampering as described in the Oauth 2.0 specification (opens in a new tab). This is passed back to your application via the redirect_uri. |
+ state (optional) |
+ An opaque value used to maintain state between the request and callback and to prevent tampering as described in the Oauth 2.0 specification (opens in a new tab). This is passed back to your application via the redirect_uri. |
- redirect_uri |
+ redirect_uri |
The URI that we use to send users back to your application after successful (or unsuccessful) authorisation.
For more details see our reference guide.
|
@@ -240,25 +242,25 @@ 2. Receive authorisation results
- code |
+ code |
The authorisation code, if authorisation is successful.
This is a single-use token that expires 10 minutes after it's issued. |
- state |
+ state |
The value of the state parameter you provided in the authorisation request, whether or not authorisation is successful. |
- error |
- Always access_denied, if authorisation failed. |
+ error |
+ Always access_denied, if authorisation failed. |
- error_description |
+ error_description |
Human readable description of the error, if authorisation failed, for example, “user denied the authorization”. |
- error_code |
- Error code, if authorisation failed, for example, USER_DENIED_AUTHORIZATION
+ | error_code |
+ Error code, if authorisation failed, for example, USER_DENIED_AUTHORIZATION
The full list of error codes can change over time, so we recommend you do not cater for specific error codes. |
@@ -267,14 +269,12 @@ 2. Receive authorisation results
Here’s an example of a redirect we issue after a successful authorisation:
-GET
-https://www.example.com?code=TBC&state=123e4567-e89b-12d3-a456-426655440000
+GET https://www.example.com?code=TBC&state=123e4567-e89b-12d3-a456-426655440000
Here’s an example of a redirect we issue after an unsuccessful authorisation:
-GET
-https://www.example.com?error=access_denied
+GET https://www.example.com?error=access_denied
&error_description=user+denied+the+authorization
&error_code=USER_DENIED_AUTHORIZATION
&state=123e4567-e89b-12d3-a456-426655440000
@@ -285,10 +285,10 @@ 2. Receive authorisation results
3. Exchange authorisation code for access token
- When you get the authorisation code, your application must exchange this for an access_token within 10 minutes before it expires.
+
When you get the authorisation code, your application must exchange this for an access_token within 10 minutes before it expires.
- Do this via a POST to our token endpoint using grant_type of authorization_code.
+ Do this via a POST to our token endpoint using grant_type of authorization_code.
The response contains the access token used for calling the APIs and a refresh token used to obtain a new access token once the current one expires.
@@ -296,18 +296,19 @@ Example request
curl -X POST --data
-'client_secret=[YOUR-CLIENT-SECRET]&client_id=[YOUR-CLIENT-ID]&grant_type=authorization_code&redirect_uri=[YOUR-REDIRECT-URI]&code=[AUTHORIZATION-CODE]' \ https://test-api.service.hmrc.gov.uk/oauth/token
+'client_secret=[YOUR-CLIENT-SECRET]&client_id=[YOUR-CLIENT-ID]&grant_type=authorization_code&redirect_uri=[YOUR-REDIRECT-URI]&code=[AUTHORIZATION-CODE]' \
+https://test-api.service.hmrc.gov.uk/oauth/token
Example response
{
-"access_token": "QGbWG8KckncuwwD4uYXgWxF4HQvuPmrmUqKgkpQP",
-"token_type": "bearer",
-"expires_in": 14400,
-"refresh_token": "unJkSs5cvs8CS9E4DLvTkNhcRBq9BwUPm23cr3pF",
-"scope": "read:employment"
+ "access_token": "QGbWG8KckncuwwD4uYXgWxF4HQvuPmrmUqKgkpQP",
+ "token_type": "bearer",
+ "expires_in": 14400,
+ "refresh_token": "unJkSs5cvs8CS9E4DLvTkNhcRBq9BwUPm23cr3pF",
+ "scope": "read:employment"
}
@@ -387,13 +388,12 @@ Error codes
4. Call an API
- You can now call an API using the access_token we issued. Do this with an Authorization header containing this access_token as an OAuth 2.0 Bearer Token with the correct API scope.
+ You can now call an API using the access_token we issued. Do this with an Authorization header containing this access_token as an OAuth 2.0 Bearer Token with the correct API scope.
Example request
-curl -X GET \
-https://test-api.service.hmrc.gov.uk/oauth/token \
+curl -X GET https://test-api.service.hmrc.gov.uk/oauth/token \
-H ‘Accept: application/vnd.hmrc.1.0+json’ \
-H ‘Authorization: Bearer [ACCESS-TOKEN]’
@@ -403,31 +403,32 @@ Example request
5. Refreshing an access token
- A user's access_token expires after 4 hours.
+ A user's access_token expires after 4 hours.
- If the user's access_token has expired, when your application calls an API it receives a response with an HTTP status code of 401 (Unauthorized) and an error code of INVALID_CREDENTIALS.
+ If the user's access_token has expired, when your application calls an API it receives a response with an HTTP status code of 401 (Unauthorized) and an error code of INVALID_CREDENTIALS.
- To refresh the access_token, submit the expired token’s corresponding refresh_token to our token endpoint using grant_type of refresh_token.
+ To refresh the access_token, submit the expired token’s corresponding refresh_token to our token endpoint using grant_type of refresh_token.
- You can only use a refresh_token once. When you refresh an access_token, it invalidates the original access_token immediately if it has not already expired.
+ You can only use a refresh_token once. When you refresh an access_token, it invalidates the original access_token immediately if it has not already expired.
Therefore, be careful to avoid creating any race conditions when refreshing access tokens if your application supports concurrent API access.
Example request
-curl --data
-'client_secret=[YOUR-CLIENT-SECRET]&client_id=[YOUR-CLIENT-ID]&grant_type=refresh_token&refresh_token=[REFRESH-TOKEN]' \https://test-api.service.hmrc.gov.uk/oauth/token
+curl -X POST --data
+'client_secret=[YOUR-CLIENT-SECRET]&client_id=[YOUR-CLIENT-ID]&grant_type=refresh_token&refresh_token=[REFRESH-TOKEN]' \
+https://test-api.service.hmrc.gov.uk/oauth/token
Example response
{
-"access_token": "unJkSs5cvs8CS9E4DLvTkNhcRBq9BwUPm23cr3pF",
-"token_type": "bearer",
-"expires_in": 14400,
-"refresh_token": "jPtmQuLtKmLhGURk8CmR2sWPmffBhDhPyFEEF4ay"
+ "access_token": "unJkSs5cvs8CS9E4DLvTkNhcRBq9BwUPm23cr3pF",
+ "token_type": "bearer",
+ "expires_in": 14400,
+ "refresh_token": "jPtmQuLtKmLhGURk8CmR2sWPmffBhDhPyFEEF4ay"
}
Error codes
@@ -495,9 +496,9 @@ Error codes
Requesting a new token
- Unless revoked earlier by the user, or tampered with, the authorisation granted to your application expires after 18 months, and you can no longer refresh the user's access_token.
+ Unless revoked earlier by the user, or tampered with, the authorisation granted to your application expires after 18 months, and you can no longer refresh the user's access_token.
- If the user's refresh_token has expired, when your application calls our token endpoint, it receives a response with an HTTP status code of 400 (Bad Request) and an error code of invalid_request.
+ If the user's refresh_token has expired, when your application calls our token endpoint, it receives a response with an HTTP status code of 400 (Bad Request) and an error code of invalid_request.
When this happens, your application must send the user back through the full process for Getting an OAuth 2.0 access token.
@@ -535,15 +536,15 @@ authorization_code is returned to your application.
+ The Redirect URI determines how the authorization_code is returned to your application.
- Where your application is running on a remote web server, your Redirect URI returns the authorization_code to that server. You can then centrally manage your authorisation tokens.
+ Where your application is running on a remote web server, your Redirect URI returns the authorization_code to that server. You can then centrally manage your authorisation tokens.
In distributed applications, where your application is installed on a user's device and there's no centralised web server, you have the following options for a Redirect URI:
http://localhost:[PORT]
- The authorization_code is returned to a web server running on the client at the specified port.
+ The authorization_code is returned to a web server running on the client at the specified port.
This isn’t suitable in some situations, such as where a firewall stops your client from listening on a HTTP port.
@@ -551,9 +552,9 @@ http://localhost:[PORT]
urn:ietf:wg:oauth:2.0:oob
- The authorization_code is rendered in the title of a HTML page where you can parse the DOM to retrieve the code. You can then programmatically close the window before the user sees the rendered web page.
+ The authorization_code is rendered in the title of a HTML page where you can parse the DOM to retrieve the code. You can then programmatically close the window before the user sees the rendered web page.
- If your application can't parse the DOM or close the window, the HTML page renders the authorization_code along with a message asking the user to copy the code and paste it into your application, before closing the window.
+ If your application can't parse the DOM or close the window, the HTML page renders the authorization_code along with a message asking the user to copy the code and paste it into your application, before closing the window.
urn:ietf:wg:oauth:2.0:oob:auto
@@ -566,9 +567,9 @@ urn:ietf:wg:oauth:2.0:oob:auto
Managing your client secret
- Your client_secret is embedded in the source code of your application, and therefore isn't as secret as it would otherwise be.
+ Your client_secret is embedded in the source code of your application, and therefore isn't as secret as it would otherwise be.
- You should consider a rotation strategy for your client_secret, so that secrets are periodically rolled over to a new value. To support this the sandbox environment lets you simultaneously support multiple client_secret values for a single application.
+ You should consider a rotation strategy for your client_secret, so that secrets are periodically rolled over to a new value. To support this the sandbox environment lets you simultaneously support multiple client_secret values for a single application.
diff --git a/app/uk/gov/hmrc/apidocumentation/views/helpers/Helpers.scala b/app/uk/gov/hmrc/apidocumentation/views/helpers/Helpers.scala
index 58801e59..6daa6108 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/helpers/Helpers.scala
+++ b/app/uk/gov/hmrc/apidocumentation/views/helpers/Helpers.scala
@@ -150,7 +150,7 @@ object Markdown {
.setDecorator(new ExtDecorator()
.addStyleClass("list list-bullet", "ul")
.addStyleClass("list list-number", "ol")
- .addStyleClass("code", "code")
+ .addStyleClass("code--slim", "code")
.addStyleClass("heading-large", "h1")
.addStyleClass("heading-medium", "h2")
.addStyleClass("heading-small", "h3")
diff --git a/app/uk/gov/hmrc/apidocumentation/views/include/main.scala.html b/app/uk/gov/hmrc/apidocumentation/views/include/main.scala.html
index 24868aa3..a192c652 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/include/main.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/include/main.scala.html
@@ -157,7 +157,7 @@
-
@serviceInfo
+ @serviceInfo
@breadcrumbs.map { breadcrumbs =>
-
@if(leftNav.isDefined) { @contentWithLeftNav } else { @content }
diff --git a/app/uk/gov/hmrc/apidocumentation/views/raml/fields.scala.html b/app/uk/gov/hmrc/apidocumentation/views/raml/fields.scala.html
index 77cf0ac9..167b0ac2 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/raml/fields.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/raml/fields.scala.html
@@ -19,15 +19,15 @@
@(fields: Seq[RequestResponseField], caption: String, fieldOptionalityKnown: Boolean)
@if(fields.nonEmpty) {
-
-
+
+
@caption
-
- Name |
+
+ Name |
Description |
@@ -36,7 +36,7 @@
0) {table__row--nested-@{field.depth}}">
-
+ |
@{field.name}
@if(field.isArray) {array} else {@{field.`type`}}
@@ -54,12 +54,12 @@
@if(field.description.nonEmpty) { @{field.description} }
@field.typeId match {
- case "full-date" => { Date in the format YYYY-MM-DD }
- case "tax-year" => { Tax year in the format YYYY-YY }
+ case "full-date" => { Date in the format YYYY-MM-DD }
+ case "tax-year" => { Tax year in the format YYYY-YY }
case _ => {
@if(field.pattern.nonEmpty) {
- Must conform to the regular expression @{field.pattern}
+ Must conform to the regular expression @{field.pattern}
}
}
@@ -72,7 +72,7 @@
@for(enumValue <- field.enumValues) {
- @{enumValue.name}
+ @{enumValue.name}
@if(enumValue.description.isDefined) { - @{enumValue.description} }
}
@@ -80,7 +80,7 @@
} else {
@if(field.example.nonEmpty) {
- For example: @{field.example}
+ For example: @{field.example}
}
}
diff --git a/app/uk/gov/hmrc/apidocumentation/views/raml/headers.scala.html b/app/uk/gov/hmrc/apidocumentation/views/raml/headers.scala.html
index 641ad5db..869b939b 100644
--- a/app/uk/gov/hmrc/apidocumentation/views/raml/headers.scala.html
+++ b/app/uk/gov/hmrc/apidocumentation/views/raml/headers.scala.html
@@ -22,12 +22,12 @@
@if(headers.nonEmpty) {
|
@@ -268,11 +271,11 @@ 404 (Not Found)
No endpoint could be found in the API for the request path |
- MATCHING_RESOURCE_NOT_FOUND |
+ MATCHING_RESOURCE_NOT_FOUND |
No API could be found for the context |
- NOT_FOUND |
+ NOT_FOUND |
@@ -290,7 +293,7 @@
405 (Method Not Allowed)
Request method is not GET, PUT, POST, DELETE or OPTIONS |
- METHOD_NOT_ALLOWED |
+ METHOD_NOT_ALLOWED |
@@ -307,7 +310,7 @@
406 (Not Acceptable)
Missing or invalid Accept header |
- ACCEPT_HEADER_INVALID |
+ ACCEPT_HEADER_INVALID |
@@ -324,7 +327,7 @@
429 (Too Many Requests)
The application has reached its maximum rate limit |
- MESSAGE_THROTTLED_OUT |
+ MESSAGE_THROTTLED_OUT |
@@ -341,7 +344,7 @@
500 (Internal Server Error)
Internal server error |
- INTERNAL_SERVER_ERROR |
+ INTERNAL_SERVER_ERROR |
@@ -358,7 +361,7 @@
501 (Not Implemented)
API not implemented/deployed |
- NOT_IMPLEMENTED |
+ NOT_IMPLEMENTED |
@@ -375,11 +378,11 @@
503 (Service Unavailable)
Service unavailable |
- SERVER_ERROR |
+ SERVER_ERROR |
Scheduled maintenance |
- SCHEDULED_MAINTENANCE |
+ SCHEDULED_MAINTENANCE |
@@ -396,12 +399,13 @@
504 (Gateway Timeout)
Request timed out |
- GATEWAY_TIMEOUT |
+ GATEWAY_TIMEOUT |
+
@@ -418,7 +422,7 @@ Rate limiting
We limit the number of requests each application can make. This protects our service against excessive use and Denial-of-Service attacks, and also encourages you to use our APIs efficiently.
We set limits based on anticipated loads and peaks. Our standard limit is 150 requests per minute per application.
- If you reach this limit you’ll get a 429 Too Many Requests
response code.
+ If you reach this limit you’ll get a 429 Too Many Requests
response code.
If you continually hit this rate limit, contact us to discuss your application design and whether it’s appropriate to raise your rate limit.
@@ -431,7 +435,7 @@
Scopes
This authority is granted in terms of OAuth 2.0 ‘scopes’. Each 'scope' relates to one or more endpoints.
-
When your application requests an OAuth 2.0 Bearer
token, it must specify the scope(s) which the token should be granted for.
+
When your application requests an OAuth 2.0 Bearer
token, it must specify the scope(s) which the token should be granted for.
These are translated to human-readable descriptions that are shown to the user before they grant authority. This makes sure the user understands and gives access to your application.
@@ -447,7 +451,7 @@
Versioning
When an API changes in a way that's backwards-incompatible, the version of the API will be bumped.
-
You can request a specific version of an API by using an Accept
header with a media type of:
+
You can request a specific version of an API by using an Accept
header with a media type of:
application/vnd.hmrc.[version]+[content-type]
@@ -497,11 +501,11 @@
Header Contents
In the header definitions table:
-
Gov-Vendor-*
names identify the third-party software application so we can detect anomalies related to the intermediary.
+
Gov-Vendor-*
names identify the third-party software application so we can detect anomalies related to the intermediary.
-
Gov-Client-*
names identify the physical machine that the user is sitting at so we can attribute the API call to a person.
+
Gov-Client-*
names identify the physical machine that the user is sitting at so we can attribute the API call to a person.
-
Gov-Client-Browser-*
names are only relevant to applications where the client is a web browser.
+
Gov-Client-Browser-*
names are only relevant to applications where the client is a web browser.