RBA-Online API Help Document...1725 Duke Street, Suite 300, Alexandria, VA 22314 | ResponsibleBusiness.org 3.1 Test APIs for My Company Most parameters in API are self-explanatory

1725 Duke Street, Suite 300, Alexandria, VA 22314 | ResponsibleBusiness.org

RBA-Online API Help Document

1 Introduction This document describes how to get data from RBA-Online through the API. RBA members or other service provides can get the data through the list of API calls outlined here. Users can try out the various APIs to understand the output format through the interactive UI module which is described here. The rest of this document focuses on the API calls via the UI. The blackout sections in the sample screenshots were done purposefully to hide the actual data with no loss of meaning to illustrate the function and output.

2 Get API Token Before accessing any API, users need to get a valid API token. Only users with “RBA_API_USER” role can get the API Token. The token has the user information encrypted in along with an expiration date. Administrator can configure how long a token will be valid, which is defaulted to 10 minutes. There are two ways to obtain an API token.

2.1 Get API Token Programmatically API Token can be obtained via the following web service calls, providing the username and password.

• Url: https://www.rba-online.org/rba-ws/authorize/getToken

• Parameter 1: username

• Parameter 2: password

• Method: Post If the service call succeeds, it will return a valid token as below JSON format:

{"success":true,"expiration":"2020-06-16 19:29:43.576 +0800","token":"eyJhbGciOiJIUzUxMiJ9.eyJvcmdhbml6YXRpb25JZCI6IkctQ08tMTAwMDE0MzkiLCJzdWIiOiJhaGlsbGllckBjZWxlc3RpY2EuY29tIiwiY2hhb3MiOiJUaGlzIGlzIGNoYW9zIHN0cmluZyBwYXJhbWV0ZXIsIHlvdSBtYXkgdGhvdWdodCB0aGlzIHRva2VuIGlzIHRvbyBzaG9ydC4iLCJleHAiOjE1OTIzMDY5ODN9.iSnZICWJUna-wTYLPjtKRlqjkDc-pJtjz-NZIYtaXbTz9PgImb9N-ylmrwBZhDgBXv5b95gr9HTwYkcKCS3XzQ"}

If the service call fails due to incorrect credential, it will return a failed response as below:

{"success":false,"token":null} If the service call fails due to the user is not assigned RBA_API_USER role, it will return a failed response as below:

{"success":false,"message":"You do not have the right permission to get API token","token":null}

https://www.rba-online.org/


2.2 Get API Token in the UI Steps:

• Visit https://www.rba-online.org/portal/

• Login as user with RBA_API_USER role.

• Go to “Home”->”API Token”, the token will be displayed there if the user has the right privilege. Otherwise an error message will be shown.

• Click the “Copy” button to copy this token somewhere for later usage.

https://www.rba-online.org/portal/


3 Test APIs using Swagger UI Go to https://www.rba-online.org/swagger-ui/, the swagger UI page will show as follows:

Please note, the following document contains the description of all APIs and the responses in JSON format: https://www.rba-online.com/swagger-ui/swagger.json You can then expand each API, and input the parameters including the API token and try it out.

https://www.rba-online.org/swagger-ui/

https://www.rba-online.com/swagger-ui/swagger.json


3.1 Test APIs for My Company Most parameters in API are self-explanatory. There are some common parameters applies to all or most APIs:

• access_token: this is the API token you obtained in previous step.

• pageNumber: the starting page number. First page is 1. Please note page size is configurable by administrator, and it is default to 10.

• limit: number of items requested. The number of items returned will not exceed this limit. Any time an invalid token is used, i.e. expired token, the following response will be returned:

3.1.1 /api/my/audits/ Description: List my audits. Parameters:


Sample Results:

3.1.2 /api/my/caps Description: List my CAPs. Parameters:

Sample Results:


3.1.3 /api/my/findings Description: List my findings. Parameters:


Sample Results:

3.1.4 /api/org/sites/list Description: List my facilities (sites). Parameters:

Sample Results:


3.1.5 /api/org/trading/list Description: List my trading relationships. Parameters:


Sample Results:


3.1.6 /api/saq/questionnaires/scores Description: List my SAQs and Scores. Parameters:


Please note:

• Parameter “questionnaireType” could be “Facility SAQ”, “Corporate SAQ”, or any survey type. Sample Results:


3.1.7 /api/saq/questionnaires/{questionnaireSiteCode}/answers Description: List the answers of a given SAQ. Parameters:

Please note:

• {questionnaireSiteCode} is returned through API /api/saq/questionnaires/scores. Sample Results:

3.2 Test APIs for My Suppliers

3.2.1 /api/supplier/audits Description: List my suppliers’ audits. Parameters:


Sample Results:

3.2.2 /api/supplier/caps Description: List my suppliers’ CAPs. Parameters:


Sample Results:

3.2.3 /api/supplier/findings Parameters:


Sample Results:

3.2.4 /api/supplier/org/sites/list Description: List my suppliers’ facilities. Parameters:


Sample Results:

3.2.5 /api/supplier/saq/questionnaires/scores Description: List my suppliers’ SAQ scores. Parameters:


Please note:

• Parameter “questionnaireType” could be “Facility SAQ”, “Corporate SAQ”, or any survey type. Sample Results:

3.2.6 /api/supplier/saq/questionnaires/{questionnaireSiteCode}/answers Description: List the answers of a given supplier SAQ. Parameters:


Please note:

• {questionnaireSiteCode} is returned through API /api/supplier/saq/questionnaires/scores. Sample Results:

Documents

RBA-Online API Help Document...1725 Duke Street, Suite 300, Alexandria, VA 22314 | ResponsibleBusiness.org 3.1 Test APIs for My Company Most parameters in API are self-explanatory