Overview
Fire (FImnet REgistry) is the Fimnet database containing information about the users. Fire API is a REST/JSON API with OAuth 2 authentication.
Any REST client will work with this API. If you're using PHP, we provide a class: FireApiClient
Authentication
The API uses OAuth2. In order to use it, you need an Access Token ("Bearer Token" in OAuth2 terminology). The Access Token can be of 2 types:
- "User": You receive a User Access Token when using Fimnet Login. The token only gives access to the user who signed in, and his valid for the duration of the Fimnet session only.
- "App": An Application Access Token gives access to all users managed by the application and is valid for a much longer period of time. It can be used for example in batch scripts to update your users while they are offline. It is provided by us only for the applications that needs it.
Global options
Selecting the fields returned
The default behavior of the API is to return every available fields. Use the fields parameter to limit the fields returned. Multiple fields must be coma separated.
Example: This request will only return id and first name
GET /users?fields=id,first_name
Unless noted otherwise, you can select any field that appears in the default resultset.
Sorting
Use sort parameter to sort the result set by field value.
Example: This request will sort by first name
GET /users?sort=first_name
Default order is ascending To use descending order, prepend a minus before the name of the field.
Example:
GET /users?sort=-first_name
To sort by multiple fields, separate them with coma.
Example:
GET /users?sort=created_at,-first_name
Unless noted otherwise, you can sort by any field that appears in the resultset.
Pagination
By default, the API will limit to 100 results at the time. To navigate from page to page, use page parameter. To control the number of results per page, use per_page.
Example:
GET /users?per_page=25&page=2
Unless noted otherwise, the maximum number of result per page is 200.
Pagination metadata is returned along with the data. For example:
{ "page":1, "per_page":100, "total":61658, "nb_pages":617, "data":[ ... ] }
If needed you can enable/disable metadata with pagination_meta=0 or pagination_meta=1.
API methods for which the number of results is expected to always be under 100 usually have pagination metadata turned off by default (e.g. list of subusers of a user). When the number of expected is expected to always be over 100 pagination metadata is turned on by default (e.g. list of users).
Embedding resources
It is possible to request the API to include sub-resources in the resultset with the embed parameter. For example, let’s say you want to query a list of users and their details. Instead of making multiple API calls, you could do the following:
GET /users/?embed=details
The resultset would look like:
[ { "id":"1",
"fimnet_id":"test-1",
"first_name":"Test",
"last_name":"Test",
"nickname":"",
"company":"",
"language":"fi",
"fimnet_email":"test@fimnet.fi",
"updated_at":"2014-02-13 14:00:58",
"details":{ "job_title":"", "website":"" } },
... ]
HTTP Return Codes
Here are the HTTP Status codes used by the API, and the most common possible causes.
- 200 (Success) - All is good
- 400 (Bad Request) - Your request is malformed and cannot be understood by the server
- 403 (Forbidden) - The Access Token is invalid or doesn't give you access to this method
- 404 (Not Found) - You're requesting a resource that does not exists or your Access Token doesn't give you acess to this particular user
- 422 (Unprocessable Entity) - The data you sent when trying to create or update a ressource are invalid (e.g. required parameter is missing, or as invalid format, etc.). See below "Api Validation Errors".
- 500 (Internal Server Error) - Something went terribly wrong! Please contact us to report the bug.
Api Validation Errors
When creating or updating a resource, the API will validate your data. If the data are not valid, it will returns a HTTP 422 Unprocessable Entity code. The body on the response will be a JSON object like this:
{ "success":false,
"message":"Validation failed. See \"errors\" fields for details",
"errors":{ "first_name":{"max_length":100},
"email":{"required":true} }
}
The errors field contains the list of fields that are not valid. For each field, it returns the list of validators that fails
Default validators
| Key (name of the validator) | Value (value of the validator) | Description |
| required | N/A | A required field is missing. |
| max_length | integer | The field exceed the maximum length given in value. |
| min_length | integer | |
| N/A | The field must be an email | |
| bool | N/A | |
| date | ||
| time | ||
| numeric | ||
| max_value | ||
| min_value | ||
| enum | array | The value must be part of the array of possible values |
| enum_keys | assoc array | The value must be a key of the array of possible values |
Debug endpoints
Get API Version
GET /version
Returns the current version of the API.
Get client information
GET /whoami
Returns information about the token being used.
-
Type can base “user” or “app”
Example
{ "type":"user",
"client":{"client_id":"sll","name":"Suomen Lääkäriliitto"},
"user":{"id":"60346","fimnet_id":"abc-1"}
}
Users
Fields (for reference only, might be incomplete)
| Name | Type | Description |
| id | Int | Fire ID |
| fimnet_id | string | Fimnet ID |
| slug | string | URL Slug |
| first_name | string | First name with other first names (if any) |
| nickname | string | Shorter version of the first name. Should be displayed instead of first name if present. |
| last_name | string | Last name |
| company | string | Company name. Might or might not be empty when account_type is “individual”. |
| full_name | string |
Use for filtering and sorting only. |
| account_type | enum | If account_type is “company”, then company name should be displayed instead of the name |
| fimnet_email | Fimnet-email address (not to be used) | |
| secondary_email | Users email address (Use this address instead of fimnet_email) | |
| language | ‘fi’ or ‘sv’ | |
| phone_number | Phone number |
Searching users
GET /users
Filtering options
The following fields can be used for filtering/search.
| id | |
| fimnet_id | |
| fimnet_email | |
| main_user_id | |
| main_group_code | |
| external_id | = “ulkop_tunniste” - Should be used in combination with main_group_code. |
| doctor_id | Doctor identification number |
| full_name | You can use the “%” wildcard character |
| city | You can use the “%” wildcard character |
| q |
Special parameter to make a search in full_name and city fields at once. For example: GET /users?q=Markku%20Helsinki will search for people whose name or city match “Markku” and name or city match “Helsinki”. Note: “%” are automatically added, you don’t need to do it. You can add “search_mode=extended” parameter to extend the search to fimnet_id, fimnet_email and full address (including street and postcode) |
| visibility | “public” or “private” |
| include_deleted | Use include_deleted=1 to include deleted users in the search. Caution: deleted users cannot be used in other endpoints. |
Embedding
details
address
groups
privacy_settings
email_settings
ftp_settings
Creating a new user
POST /users
Parameters
| Name | Type | Description |
| account_type | enum | Optional. “individual” or “company”. Default is “individual”. |
| first_name | string | Required if account type is “individual”. |
| nickname | string | Optional. If not provided, first_name will be used (if account type is “individual”) |
| last_name | string | Required if account type is “individual”. |
| company | string | Required if account type is “company”. |
| main_group_code | string | Required. The membership code. |
| external_id | int | Optional. The ID number from the union. |
| doctor_id | int | Optional. The doctor identification number. |
| password | string | Optional. The clear text password. If not provided, a random password will be generated and returned. |
| language | enum | Optional. ‘fi’ or ‘sv’. Default is “fi”. |
| secondary_email | string | Optional. |
| phone_number | string | Optional. |
| address | array | Accept the same fields at the /users/<id>/address endpoint (see below). |
| details | array | Accept the same fields at the /users/<id>/details endpoint (see below). |
| accept_tos | bool | Post 0/false to refuse Terms of Service, or 1/true to accept. The date will be recorded. |
| visibility | enum | Optional. “public” or “private”. Default is “public”. |
Updating sub-ressources
It’s possible to update user details and user address at the same time, by including them in the array. For example, using the PHP API:
$client->put(
"/users/$id",
array( 'language' => 'en',
'address' => array( 'street' => 'Test street' ),
'details' => array( 'facebook_url' => 'Test FB Url' )
)
);
Returns
This methods will return a user object with the following fields populated:
-
fimnet_id
-
slug
-
full_name
-
password (only if none has been provided)
Updating a user
PUT /users/<id>
You don’t have to provide the “required” field if they already exists.
| Name | Type | Description |
| account_type | enum | Optional. “individual” or “company”. Default is “individual”. |
| first_name | string | Required if account type is “individual”. |
| nickname | string | Optional, but if you update the first_name you should provide it! |
| last_name | string | Required if account type is “individual”. |
| company | string | Required if account type is “company”. |
| main_group_code | string | Required. The membership code. |
| external_id | int | Optional. The ID number from the union. |
| doctor_id | int | Optional. The doctor identification number. |
| language | enum | |
| secondary_email | string | |
| phone_number | string | |
| accept_tos | bool | Post 0/false to refuse Terms of Service, or 1/true to accept. The date will be recorded. |
| visibility | enum | Optional. “public” or “private”. Default is “public”. |
| address | array | Accept the same fields at the /users/<id>/address endpoint (see below). |
| details | array | Accept the same fields at the /users/<id>/details endpoint (see below). |
Updating sub-ressources
It’s possible to update user details and user address at the same time, by including them in the array, same as the POST endpoint.
Disabling an existing user
DELETE /users/<id>
This method flag the user for future deletion. The user account is not deleted right away. The user will still be able to signin, change his settings and read his emails. However, he will be locked out from certain applications.
After a certain time, disabled user will be deleted.
When a user is disabled, API calls that returns groups will return empty arrays.
Re-enabling a user
POST /users/<id>
This method reenables a user.
User groups
Getting user groups
GET /users/<id>/groups
Returns an array
Return
Array( ‘union’ => Array(...) ‘subservice’ => Array(...) ‘specialty’ => Array(...) )
Note: if the user is disabled, this method will return empty arrays.
Setting user groups
POST /users/<id>/groups
This method will return 400 Bad Request if called for a disabled user. It’s not possible to update groups of a disabled user.
Parameters
For admin API clients:
| Name | Type | Comment |
| union | Array |
A list of groups of type “union”. If empty, all groups of type “union” will be deleted. If not set, groups of type “union” will be left unchanged. |
| subservice | Array | Same for type “subservice”. |
| specialty | Array | Same for type “specialty”. |
For normal (unions) API clients:
| Name | Type | Comment |
| groups | Array |
A list of groups of type “union”. If empty, all groups of type “union” will be deleted. If not set, groups of type “union” will be left unchanged. |
Example with curl:
curl -X POST "http://..." -d "groups[]=X&groups[]=Y"
Returns
This method returns the updated list of groups on success.
Synchronisation trigger
This is a special endpoint that will cause the API to synchronize a particular user with it’s union database.
POST /users/<id>/sync
Returns
{“success”:true, “data”: {USER}}
Workflow 1: when union database has a read API, but not support for trigger
Browser Frontend API Union
| | | |
|-- Update user info ---->| | |
|<--- redirect to union --| | |
| | | |
|------------- Update user info ------------------------->|
|<---------------------------- redirect after post--------|
| | | |
|-- get user info ------->| | |
| |- POST /sync ->| |
| | |--GET data---->|
| | |<--------------|
| |<-return info--| |
|<------------------------| | |
Workflow 2: when union database supports trigger
Browser Frontend API Union
| | | |
|-- Update user info ---->| | |
|<--- redirect to union --| | |
| | | |
|------------- Update user info ------------------------->|
| | |<- POST /sync -|
| | |--GET data---->|
| | |<--------------|
|<---------------------------- redirect after post--------|
| | | |
|-- get user info ------->| | |
|<------------------------| | |
Other endpoints
Groups
GET /groups
Languages translation
GET /languages
The values won’t change very often, so you should cache the result for a very long time. You should not call this method all the time.
Query parameters
| in_language |
Valid values: ‘fi’, ‘en’, ‘sv’ Default: ‘fi’ Select in which language the languages names must be returned. |
Country names translation & country codes
GET /countries
The values won’t change very often, so you should cache the result for a very long time. You should not call this method all the time.
Query parameters
| in_language |
Valid values: ‘fi’, ‘en’, ‘sv’ Default: ‘fi’ Select in which language the country names must be returned. |
Satunnainen terveystarkastaja