how does it work?
prerequisites
Your service has requested the Authentication API and received a valid token for the Orange user.
Your service is not allowed to access the Orange user's data.
The diagram below illustrates the general process:
Each step is described below:
step 1
The Orange user requests your service
step 2
Your service calls the Personal APIs on behalf of the Orange user
step 3
As your service is not granted, it receives a privacy exception response:
|
<?xml version="1.0" encoding="UTF-8"?>
<error>
<code>-3</code>
<detail>PrivacyAccessDeniedException</detail>
<url> [privacy_redirection_url] </url>
</error>
|
where [privacy_redirection_url] is:
http://[privacy_path]?familly=[familly]&serviceId=[your_serviceid]&attributes=[list_of_attributes]
Please note: the URL value provided in the XML response stream will be XML-encoded.
(e.g. http://privacy.orange.fr/urm-gui/interaction.do?family=contact&serviceId=YOURSERVIC1234567890&attributes=,see )
step 4
To allow the Orange users to change their permissions (and hopefully to grant your service), you need to redirect them to the Orange privacy web page using the URL contained in the privacy response enriched with your return URL:
|
http://[privacy_path]?familly=[familly]&serviceId=[your_serviceid]&
attributes=[list_of_attributes]&urlRetour=[your_return_url] |
step 5
During this interaction, the Orange user has the following options:
Grant your service to access their data only for this request.
Grant your service to access their data permanently.
Reject your service from accessing their data.
The diagram below shows an example of this interaction:
step 6
The Orange privacy component stores the user's preferences and redirects them to the return URL you specified previously.
You service is thus notified that the Orange user has updated their permissions.
step 7
Your service calls Personal APIs again.
step 8
If the Orange user has granted your service the appropriate permission, you will receive the data you requested.
(back to top)
