The following is a description of the proposed protocol for communication between the Client Web Server and the Back End DataBase. Optional items are enclosed in []'s, Manditory items are in ()'s, Alternative options are seperated by a |. represents an arbitrary string (i.e. 'Abc Def'), <#> a number (i.e. '1234'), a Date Time (i.e. '2004-01-01 15:33:01'). Characters preceded by a \ are meant as a literal (i.e. \[ is meant as the '[' character). All field items must be less than 256 characters. The only time this notation is abused is for requests that return multiple (variable number) of items, such as the GetPassesOnCard and GetCard functions. When there is more than one item being returned, additional fields will have a [] suffix, where denotes the i'th item, starting at 1 from from the first item using the [] notation. The order in which they are returned is arbitrary but fixed. example: A GetCard is sent, the following might be returned if there are 3 cards associated with the account: Response=success MagStripe=12345678 RFSite=0 RFID=0 Comment=test card LastUsed=2010-01-01 FirstUsed= Issued=2010-01-01 NCard=3 MagStripe[1]=12345679 RFSite[1]=0 RFID[1]=0 Comment[1]=test card LastUsed[1]=2010-01-01 FirstUsed[1]= Issued[1]=2010-01-01 MagStripe[2]=12345679 RFSite[2]=0 RFID[2]=0 Comment[2]=test card LastUsed[2]=2010-01-01 FirstUsed[2]= Issued[2]=2010-01-01 A client wishing to make a transaction must send an initiate request and take the UserToken and ServerToken returned to create a TransactionToken and ServerTransactionToken respectively. The TransactionToken and ServerTransactionToken can only be used once per transaction. '-->' denote messages FROM the (web) client TO the (db) server. '<--' denote messages TO the (web) client FROM the (db) server. Transaction Initiation Request ------------------------------ --> MessageType=initiate <-- ( Response=fail [Reason=] | Response=success [Reason=] UserToken= ServerToken= HashAlgorithm=(md5|sha1) ) Broadly speaking, there are two types of functions, 'user' functions and 'admin' functions, where the latter has a prefix of 'Admin' as can be seen below in the function list. Function List ------------- AddUser GetUser SetUser GetCard GetCards AddCard RemoveCard RemovePass GetPassesOnCard GetPass TransferPass AddPass SendEmailVerification SendEmailPasswordReset PasswordReset Log GetCardPricePoints AdminGetCard AdminGetCards AdminGetPass AdminGetUser AdminGetAdmin AdminGetPassesOnCard AdminGetPendingQueue AdminProcessPendingQueue AdminRemovePendingQueue AdminCreateCardBlock AdminCreateCard AdminSetUser AdminSetAdmin AdminAddPass AdminAddCard AdminAddUser AdminAddAdmin AdminRemovePass AdminRemovePasses AdminRemoveCard AdminRemoveUser AdminRemoveAdmin AdminTransferCard AdminTransferPass AdminGetPassOptions AdminAddCardToUser AdminRemoveCardFromUser AdminGetAdminPermissions AdminAddAdminPermissions AdminRemoveAdminPermissions AdminAddAdminApiPermissions AdminRemoveAdminApiPermissions AdminSetAdminApiPermissions AdminGetCustomCard AdminGetAdmins AdminSearchCards AdminSearchUsers AdminSearchAdmins Transaction Requests ------------------- --> MessageType=request Function=(AddUser|GetUser|SetUser|GetCard|GetCards|AddCard|RemoveCard|RemovePass|GetPassesOnCard|GetPass|TransferPass|AddPass|SendEmailVerification|SendEmailPasswordReset|PasswordReset|Log|GetCardPricePoints) TransactionToken= ServerTransactionToken= <-- Response=(sucess|fail) [Reason=] Comments: A client wishing to make a transaction/request must first send a POST message to the server with the MessageType set to 'initiate'. After receiving the UserToken, ServerToken and HashAlgorithm, the client must send back a ServerToken created from hashing the string produced by concatenating the ServePassword and the ServerToken. i.e. ServerTransactionToken = hash( ServerPassword + ServerToken ). The ServerPassword is the password shared by the two parties at the endpoints of the API. If the function is not one of 'AddUser', 'SendEmailVerification', 'SendEmailPasswordReset', 'PasswordReset' or 'Log', then the TransactionToken must also be provided. The TransactionToken is created from the hash of the user's password as its stored in the database concatenated with the UserToken. i.e. TransactionToken = hash( hash(UserPassword) + UserToken ) if the function is a user function. If the Function is an admin function, then the TransactionToken is created from teh hash of the admin's password as it is stored in the database concatenated with the UserToken. i.e. TransactionToken = hash( hash(AdminPassword) + UserToken ). The Transaction Token and Server Transaction Token will only be valid for 2 minutes after the 'initiate' request. The Transaction Token and Server Transaction Token cannot be re-used after a transaction that has successfully iliicited a response (either 'success' or 'fail'). Any new request must go through another challenge response (request a token through an 'initiate', then provide a valid session token). SHORTHANDS ---------- Here are some commonly used shorthands: CARD_CREDENTIAL= ( CardId=<#> | ( (MagTrack=<#>) MagStripe=<#> | MagToken= ) | ( [RFSite=<#>] RFID=<#> | RFIDToken= ) | ( ( (MagTrack=<#>) MagStripe=<#> | MagToken= ) ( [RFSite=<#>] RFID=<#> | RFIDToken= ) ) ) USER_CREDENTIAL= ( UserId=<#> | UserName= ) ADMIN_CREDENTIAL= ( AdminUserId=<#> | AdminUserName= ) GROUP_CREDENTIAL= ( GroupId=<#> | GroupName= ) For example, the card credential can consist of a CardId or a MagStripe/MagToken, or a RFID/RFIDToken or a combination of MagStripe/MagToken and RFID/RFIDToken. ADMIN_CREDENTIAL and USER_CREDENTIAL are the same but will look up their values in different tables depending on context and are provided for clarity. UserId will lookup the id in the admins table for admin functions whereas UserId will lookup userid in the users table for user functions. ACL --- All functions are under an access control list. All requests are checked for proper access and will be denied execution if the requesting user or admin does not have proper permissions. All subsequent create, read, update or delete (crud) requests will fail if the user or admin does not have access to the appropriate table. ACL tables are currently rlapi_aros, rlapi_acos and rlapi_aros_acos. FUNCTIONS --------- AddUser ------- --> MessageType=request Function=AddUser ServerTransactionToken= UserName= PasswordHash= RegistrationToken= [Firstname=] [Lastname=] [Phone=] [Email=] [Address=] [City=] [State=] [ZIP=] [ShippingFirstname=] [ShippingLastname=] [ShippingAddress=] [ShippingCity=] [ShippingState=] [ShippingZIP=] [Comment=] <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> ) Comments: The request will fail if the UserName already exists. The RegistrationToken must be from a SendEmailVerification request. The RegistrationToken will only be valid for 1 day after the registration request has been initiated. GetUser ------- --> MessageType=request Function=GetUser TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> UserName= FirstName= LastName= Phone= Email= Address= City= State= ZIP= Comment= ) Comments: SetUser ------- --> MessageType=request Function=SetUser TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) [PasswordHash=] [FirstName=] [LastName=] [Phone=] [Email=] [Address=] [City=] [State=] [ZIP=] [ShippingFirstname=] [ShippingLastname=] [ShippingAddress=] [ShippingCity=] [ShippingState=] [ShippingZIP=] [Comment=] <-- Response=(success|fail) [Reason=] Comments: PasswordHash is the sha1 digest of the user specified Password. GetCard ------- --> MessageType=request Function=GetCard TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe= | [RFSite=<#>] RFID=<#> | CardId=<#> ) <-- Response=fail [Reason=] | Response=success [Reason=] MagStripe=(<#>|) RFSite=(<#>|) RFID=(<#>|) CardId=<#> Comment= LastUsed= Issued= FirstUsed= Comments: GetCards ------- --> MessageType=request Function=GetCards TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) [MaxCard=<#>] <-- ( Response=fail [Reason=] | Response=success [Reason=] NCard=<#> [ MagStripe=(<#>|) RFSite=(<#>|) RFID=(<#>|) CardId=<#> Comment= LastUsed= Issued= FirstUsed= ] [( MagStripe\[\]=(<#>|) RFSite\[\]=(<#>|) RFID\[\]=(<#>|) CardId\[\]=<#> Comment\[ LastUsed\[ Issued\[\]= FirstUsed\[\]= ){}] ) Comments: If there is more than one card associated with the supplied user, NCard will be set and there will be NCard-1 extra MagStripe, RFSite, RFID, Comment, LastUsed, Issued and FirstUsed field items, indexed by [], starting at 1. If the MaxCard field is set in the Client to Server request, no more than MaxCard number of Cards will be returned (NCard <= MaxCard). AddCard ------- --> MessageType=request Function=AddCard TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe=(<#>|) | [RFSite=<#>] RFID=<#> | MagStripe=<#> [RFSite=<#>] RFID=<#> | Issue=(fob|rfidsticker|magstripe) ) [Type=] [Comment=] <-- Response=(success|fail) [Reason=] CardId=<#> Comments: The request will fail if the user tries to add a pre-existing card. If RFSite is not specified, a default value will be used. If Issue is set, an 'anonymous' card will be created that does not have magstripe or rfsite/rfid credential information set and must be accessed by its cardid. On the back-end, this will generate a re-issue request whereby a card will be shipped to the users shipping address and the appropriate credential information will be filled in depending on what type of re-issue request (magsripe for a magstripe request, rfsite/rfid for a fob/rfidsticker request) by the person fulfilling the re-issue request. Type can be used as an extra field as an indicator for any special actions or operations that need to be be performed when adding a card to the account. i.e. that the MagStripe is really the student id and one needs to do a fuzzy match to add the card to the students account. RemoveCard ---------- --> MessageType=request Function=RemoveCard TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe=<#> | [RFSite=<#>] RFID=<#> | CardId=<#> ) <-- Response=(success|fail) [Reason=] Comments: The request will fail if the user does not own a card with the specified credentials or if there are any passes on the card. One may only remove a card with no non-expired passes. If RFSite is not specified, a default value will be used. RemovePass ---------- --> MessageType=request Function=RemovePass TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe=<#> | [RFSite=<#>] RFID=<#> | CardId=<#> ) PassId=<#> <-- Response=(success|fail) [Reason=] Comments: Remove a pass assicated with a card. If RFSite is not specified, a default value will be used. GetPassesOnCard --------------- --> MessageType=request Function=GetPassesOnCard TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe=<#> | [RFSite=<#>] RFID=<#> | CardId=<#> ) <-- ( Response=fail [Reason=] | Response=success [Reason=] NPass=<#> [ PassId=<#> Active=<#> Comment= LastUsed= Issued= FirstUsed= Type=(nday|nride|preactive|) QueueOrder=<#> Comment= NRideOrig=(<#>|) NRideRemain=(<#>|) NDayOrig=(<#>|) NDayExpiration=(|) PayType=(cash|credit) ] [( PassId\[\]=<#> Active\[\]=<#> Comment\[\]= LastUsed\[\]= Issued\[\]= FirstUsed\[\]= Type\[\]=(nday|nride|preactive|) QueueOrder\[\]=<#> Comment\[\]= NRideOrig\[\]=(<#>|) NRideRemain\[\]=(<#>|) NDayOrig\[\]=(<#>|) NDayExpiration\[\]=(|) PayType\[\]=(cash|credit) ){}] ) Comments: If there are multiple passes associated with the supplied card, NPass will be set and there will be NPass-1 extra PassId, Comment, LastUsed, Issued, FirstUsed, Type, QueueOrder, Comment, NRideOrig, NrideRemain, NDayOrig and NDayExpiration, indexed by [], starting at 1. If RFSite is not specified, a default value will be used. GetPass ------- --> MessageType=request Function=GetPass TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) PassId=<#> <-- ( Response=fail [Reason=] | Response=success [Reason=] Active=<#> Issued= FirstUsed= LastUsed= Type=(nday|nride|preactive|) QueueOrder=<#> Comment= NRideOrig=(<#>|) NRideRemain=(<#>|) NDayOrig=(<#>|) NDayExpiration=(|) PayType=(cash|credit) ) Comment: The request will fail if the PassId is not associated with the user. TransferPass ------------ --> MessageType=request Function=TransferPass TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) PassId=<#> ( ToMagStripe=<#> | [ToRFSite=<#>] ToRFID=<#> | ToCardId=<#> ) <-- Response=(success|fail) [Reason=] Comments: The request will fail if the To credential is taken or invalid. If ToRFSite is not specified, a default value will be used. Depending on permissions on the Server, the request might fail even if the user provides a valid To credential. AddPass ------- --> MessageType=request Function=AddPass TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) ( MagStripe=<#> | [RFSite=<#>] RFID=<#> | CardId=<#> ) Comment= ( Type= | Type= NRide=<#> | Type= NDay=<#> [Expiration=] ) [Quantity=<#>] [(PaymentType=cash PaymentAmount=<#> | PaymentType=credit AuthorizationCode= PaymentAmount=<#>)] <-- ( Response=fail [Reason=] Response=success | [Reason=] PassId=<#> [(PassId[<#>]=<#>]){}] ) Comment: If RFSite is not specified, a default value will be used. Type must be one of the card types. currently supported types are: : NDAYAC, N-day All County NDAYTC, N-day Gov County NDAYYSS(\d\d), N-day Youth Semester Spring for year 20XX NDAYYSF(\d\d), N-day Youth Semester Fall for year 20XX NDAYSF(\d\d), N-Day Summer Fun for year 20XX : NRIDEACA, N-Ride All County Adult NRIDEACH, N-Ride All County Half NRIDEACY, N-Ride All County Youth NRIDETCA, N-Ride Gov County Adult NRIDETCH, N-Ride Gov County Half NRIDETCY, N-Ride Gov County Youth If type is not nday or nride, it must be a billing domain. If type is set and not 'cash', AuthorizationCode should be the Authorization Code of the transaction. Quantity number of passes will be created. Quantity assumed to be 1 if none specified. The PassId (and PassId[<#>] where appropriate) will contain the pass id's of the newly inserted passes. The PassId and indicies into the PassId array are _for this function only_ and do not reflect what indicies will be returned via a call to any of the other functions (GetPassesOnCard etc.). SendEmailVerification ---------------------- --> MessageType=request Function=SendEmailVerification ServerTransactionToken= RedirectURL= Email= <-- ( Response=fail [Reason=] Response=success | [Reason=] ) Comment: Send an email to specified email address with a link back to the redirect url with the following variables set: action=register registrationtoken= The registration token must be given to the add user for it to successfully complete. The RegistrationToken will only be valid for 1 day after the registration request has been initiated. SendEmailPasswordReset ---------------------- --> MessageType=request Function=SendEmailPasswordReset ServerTransactionToken= UserName= RedirectURL= Email= <-- ( Response=fail [Reason=] Response=success | [Reason=] ) Comment: Send an email with a link back to the RedirectURL. The following variables will appear in the link back to the RedirectURL: action=password_reset username= passwordresettoken= The token must be provided to the PasswordReset for it to successfully complete. The option to reset a password will only be valid for 2 days after the reset request has been sent. A maximum of 3 SendEmailPasswordReset attempts may be made before a successful login or a successful PasswordReset request has completed. PasswordReset ------------- --> MessageType=request Function=PasswordReset ServerTransactionToken= PasswordResetToken= PasswordHash= <-- ( Response=fail [Reason=] Response=success | [Reason=] ) Comment: PasswordResetToken must be the result of a password reset request (SendEmailPasswordReset). The PasswordReset request will fail if the PasswordResetToken is not the most recent active PasswordResetToken. A PasswordResetToken will be inactivated upon a new PasswordResetToken generation for a particular user or if the timeout has expired (2 days in this case). Assuming that the PasswordResetToken is set to the most recent SendEmailPasswordReset request, then the user's password hash will be set to PasswordHash. The user will be the same as the UserName specified in the SendEmailPasswordReset. The option to reset a password will only be valid for 2 days after the reset request has been sent. Log --- --> MessageType=request Function=Log ServerTransactionToken= Log= <-- ( Response=fail [Reason=] Response=success | [Reason=] ) Comment: Put the string of text specified in Log into an internal log. GetCardPricePoints ------------------ --> MessageType=request Function=GetCardPricePoints TransactionToken= ServerTransactionToken= ( UserId=<#> | UserName= ) PasswordHash= [ MagStripe=<#> | [RFSite=<#>] RFID=<#> | CardId=<#> ] Comment= <-- ( Response=fail [Reason=] | Response=success [Reason=] NPricePoint=<#> GroupName= GroupId= ( Price=<#>|<#.#> Param=<#> Name= Rule= Type= Description= NumPriceOption=<#> PriceOption0= PriceOption1= PriceOption2= PriceOption3= [( Price=<#>|<#.#> Param=<#> Name= Rule= Type= Description= NumPriceOption=<#> PriceOption0= PriceOption1= PriceOption2= PriceOption3= ){-1}] ) ) Comment: Returns a list of price points for a given card, restricted to the price points available for that card (e.g. it's group). Price is in dollars Param is the number of rides for an NRide type, the number of days for an NDay type and blank for an other type. Name is an identifier. The current convention is to have the rule without the preceeding groupname if it's an other. If it's an NRide or NDay, the form is: ORG\.(NRIDE|NDAY)\.ZON([12])\.([AHY])\.(\d+) where $1 is 'NRIDE' or 'NDAY' depending on which type it is, $2 is 1 or 2 depending on which zone it is, $3 is A for adult, H for half, Y for youth and $4 is the parameter. Rule is the database rule without group name prefix Type is other, nride or nday Description is a string description of the pass type NumPriceOption is the number of PriceOption[0123] to use PriceOption[0123] are strings meant to help the web site build it's drop down of options. Currently the convention is: NDAY: PriceOption0 is the zone identifier (e.g. 'Zone 1', 'Zone 2') PriceOption1 is the nday identifier (e.g. 'Single', 'Double', 'Month') NRide: PriceOption0 is the zone identifier PriceOption1 is the nride identifier PriceOption2 is the quantity identifier Other: PriceOption0 is the pass description (e.g. 'Semester Spring (k-12, 2012, Zone1)') ADMIN FUNCTIONS --------------- AdminGetCard ------------ --> MessageType=request Function=AdminGetCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] MagStripe=(<#>|) RFSite=(<#>|) RFID=(<#>|) CardId=<#> Comment= LastUsed= Issued= FirstUsed= ) Comments: AdminGetCards ------------- --> MessageType=request Function=AdminGetCards TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] NCard=<#> [ MagStripe=(<#>|) RFSite=(<#>|) RFID=(<#>|) CardId=<#> Comment= LastUsed= Issued= FirstUsed= ] [( MagStripe\[\]=(<#>|) RFSite\[\]=(<#>|) RFID\[\]=(<#>|) CardId\[\]=<#> Comment\[ LastUsed\[ Issued\[\]= FirstUsed\[\]= ){}] ) Comments: If there is more than one card associated with the supplied user, NCard will be set and there will be NCard-1 extra MagStripe, RFSite, RFID, Comment, LastUsed, Issued and FirstUsed field items, indexed by [], starting at 1. If the MaxCard field is set in the Client to Server request, no more than MaxCard number of Cards will be returned (NCard <= MaxCard). AdminGetPass ------------- --> MessageType=request Function=AdminGetPass TransactionToken= ServerTransactionToken= CardId=<#> PassId=<#> [UserId=<#>] [Active=[01]] <-- ( Response=fail [Reason=] | Response=success [Reason=] Type= PassId=<#> CardId=<#> Issued= FirstUsed= LastUsed= Deactivated= Rule= NRideOrig=<#> NRideRemain=<#> NDayOrig=<#> NDayExpiration= QueueOrder=<#> Comment= Active=[01] Expired= PaymentType= Comment= Comments: AdminGetAdmin ------------- --> MessageType=request Function=AdminGetAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: User here is an admin user and will look up the appropriate fields in the admins table, not the users table. AdminGetPassesOnCard ------------- --> MessageType=request Function=AdminGetAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] NPass=<#> [ PassId=<#> Active=<#> Comment= LastUsed= Issued= FirstUsed= Type=(nday|nride|preactive|) QueueOrder=<#> Comment= NRideOrig=(<#>|) NRideRemain=(<#>|) NDayOrig=(<#>|) NDayExpiration=(|) PayType=(cash|credit) ] [( PassId\[\]=<#> Active\[\]=<#> Comment\[\]= LastUsed\[\]= Issued\[\]= FirstUsed\[\]= Type\[\]=(nday|nride|preactive|) QueueOrder\[\]=<#> Comment\[\]= NRideOrig\[\]=(<#>|) NRideRemain\[\]=(<#>|) NDayOrig\[\]=(<#>|) NDayExpiration\[\]=(|) PayType\[\]=(cash|credit) ){}] ) Comments: AdminGetGetPendingQueue ------------- --> MessageType=request Function=AdminGetAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] NCard=<#> [ CardId=<#> Created= IssueType= UserId=<#> [( CardId\[\]=<#> Created\[\]= IssueType\[\]= UserId\[\]=<#> ){}] ] Comments: AdminCreateCard --------------- --> MessageType=request Function=AdminCreateCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL CARD_CREDENTIAL [IssueType=] [LastUsed=} [Issued=} [FirstUsed=} [Deactivated=[01]} [Comment=] <-- Response=fail [Reason=] | Response=success [Reason=] CardId=<#> Comments: Create a new user_card entry with the appropriate fields. The default group is currently set to 'ORG'. If RFSite is not provided (without a MagToken) but a MagStripe is, this will be taken to be the default of the group (taken from the org_default_card_value table). AdminAddCard ------------ --> MessageType=request Function=AdminAddCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL CARD_CREDENTIAL [Type=] [Comment=] <-- Response=(success|fail) [Reason=] CardId=<#> Comments: Associates a pre-existing card to a user. AdminGetAdmin ------------- --> MessageType=request Function=AdminGetAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] GroupId=<#> GroupName= UserId=<#> UserName=<#> Comments: USER_CREDENTIAL refers to the desired admin being looked up AdminProcessPendingQueue ------------- --> MessageType=request Function=AdminProcessPendingQueue TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL QueueId=<#> CARD_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] CardId=<#> Comments: AdminRemovePendingQueue ------------- --> MessageType=request Function=AdminRemovePendingQueue TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL QueueId=<#> <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: AdminCreateCardBlock ------------- --> MessageType=request Function=AdminCreateCardBlock TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL NCard=<#> [PASS_CREDENTIAL] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Will add NCard cards in total starting at CARD_CREDENTIAL and incrementing the appropriate field (RFID or MagStripe) adding a pass, PASS_CREDENTIAL, to each or none if no PASS_CREDENTIAL is specified. A hard limit of 1000 is set and requests for more than 1000 at one time will fail. AdminSetUser ------------- --> MessageType=request Function=AdminSetUser TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL [PasswordHash=] [FirstName=] [LastName=] [Phone=] [Email=] [Address=] [City=] [State=] [ZIP=] [ShippingFirstname=] [ShippingLastname=] [ShippingAddress=] [ShippingCity=] [ShippingState=] [ShippingZIP=] [Comment=] <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> Comments: AdminSetAdmin ------------- --> MessageType=request Function=AdminSetAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL [PasswordHash=] [GroupName=] [GroupId=<#>] <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> Comments: AdminAddPass ------------- --> MessageType=request Function=AdminAddPass TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL [Comment=] ( Type= | Type= NRide=<#> | Type= NDay=<#> [Expiration=] ) [Quantity=<#>] <-- ( Response=fail [Reason=] | Response=success [Reason=] PassId=<#> [( PassId\[\]=<#> ){Quantity-1}] Comments: AdminAddUser ------------- --> MessageType=request Function=AdminAddUser TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= [PasswordHash=] [FirstName=] [LastName=] [Phone=] [Email=] [Address=] [City=] [State=] [ZIP=] [ShippingFirstname=] [ShippingLastname=] [ShippingAddress=] [ShippingCity=] [ShippingState=] [ShippingZIP=] [Comment=] <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> Comments: AdminAddAdmin ------------- --> MessageType=request Function=AdminAddAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= PasswordHash= [GROUP_CREDENTIAL] <-- ( Response=fail [Reason=] | Response=success [Reason=] UserId=<#> Comments: AdminRemovePass ------------- --> MessageType=request Function=AdminRemovePass TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL PassId=<#> <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Expires pass. If the pass was active it deactivates it. If the pass was activae and another unexpired pass exists after it, will activate the next unexpired pass in theq queue. AdminRemovePasses ------------- --> MessageType=request Function=AdminRemovePasses TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL NPass=<#> PassId=<#> [( PassId\[\]=<#> ){Npass-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Same as AdminRemovePass but will deactivate multiple passes at once AdminRemoveCard ------------- --> MessageType=request Function=AdminRemoveCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Deactivates card. AdminRemoveUser ------------- --> MessageType=request Function=AdminRemoveUser TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Deactivates user AdminRemoveAdmin ------------- --> MessageType=request Function=AdminRemoveAdmin TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Deactivates admin identified by USER_CREDENTIAL AdminTransferCard ------------- --> MessageType=request Function=AdminTransferCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL [GROUP_CREDENTIAL] ( ToCardId=<#> | ( (ToMagTrack=<#>) ToMagStripe=<#> | ToMagToken= ) | ( [ToRFSite=<#>] ToRFID=<#> | ToRFIDToken= ) | ) [( ToGroupId=<#> | ToGroupName= )] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Transfers card passes from CARD_CREDENTIAL to To(CardId|MagStripe|RFID) credential. Transfers userid as well, overwriting previous userid with the new one. AdminTransferPass ------------- --> MessageType=request Function=AdminTransferPass TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL PassId=<#> ( ToCardId=<#> | ( (ToMagTrack=<#>) ToMagStripe=<#> | ToMagToken= ) | ( [ToRFSite=<#>] ToRFID=<#> | ToRFIDToken= ) | ) [( ToGroupId=<#> | ToGroupName= )] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Transfers a single pass. Note a new pass is not created and the logical_card_id of the pass is changed to point to the new card. AdminGetPassOptions ------------- --> MessageType=request Function=AdminGetPassOptions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL NGroup=<#> GroupName= [( GroupName\[\]= ){NGroup-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] NPassOption=<#> PassOptionId=<#> GroupId=<#> GroupName= Param= Name= Rule= Type= Description=<#> Start= Expiration= DefaultNRide=<#> DefaultNDay=<#> NumPassOption=<#> Option0= Option1= Option2= Option3= [( PassOptionId\[=<#> GroupId\[\]=<#> GroupName\[\]= Param\[\]= Name\[\]= Rule\[\]= Type\[\]= Description\[\]=<#> Start\[\]= Expiration\[\]= DefaultNRide\[\]=<#> DefaultNDay\[\]=<#> NumPassOption\[\]=<#> Option0\[\]= Option1\[\]= Option2\[\]= Option3\[\]= ){NPassOption-1}] Comments: NPassOption is the number of pass options returned. Param is the number of rides for an NRide type, the number of days for an NDay type and blank for an other type. Name is an identifier. The current convention is to have the rule without the preceeding groupname if it's an other. If it's an NRide or NDay, the form is: ORG\.(NRIDE|NDAY)\.ZON([12])\.([AHY])\.(\d+) where $1 is 'NRIDE' or 'NDAY' depending on which type it is, $2 is 1 or 2 depending on which zone it is, $3 is A for adult, H for half, Y for youth and $4 is the parameter. Rule is the database rule without group name prefix Type is other, nride or nday Description is a string description of the pass type (Start|Expiration) are the start and expiration of the pass, should it have a start and expiration date. DefaultN(Ride|Day) are the default parameters for the passes NumPriceOption is the number of PriceOption[0123] to use PriceOption[0123] are strings meant to help the web site build it's drop down of options. Currently the convention is: NDAY: PriceOption0 is the zone identifier (e.g. 'Zone 1', 'Zone 2') PriceOption1 is the nday identifier (e.g. 'Single', 'Double', 'Month') NRide: PriceOption0 is the zone identifier PriceOption1 is the nride identifier PriceOption2 is the quantity identifier Other: PriceOption0 is the pass description (e.g. 'Semester Spring (k-12, 2012, Zone1)') AdminAddCardToUser ------------- --> MessageType=request Function=AdminAddCardToUser TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Associates card to user AdminRemoveCardFromUser ------------- --> MessageType=request Function=AdminRemoveCardFromUser TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL CARD_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Dissassociates a card from a user (i.e. set userid=NULL for the user_card entry) AdminGetAdminPermissions ------------- --> MessageType=request Function=AdminGetAdminPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL <-- ( Response=fail [Reason=] | Response=success [Reason=] NPermission=<#> PrimaryGroupName= PrimaryGroupId=<#> Table= Permission= GroupName= [( Table= Permission= GroupName= ){NPermission-1}] Comments: Returns a list of tables the admin identified by USER_CREDENTIAL has access to. Permissions are of type 'create', 'read', 'update', 'delete' (crud). i.e. get all aro_aco entries for aro '/admins/' for aco subtree '/org_db/' AdminAddAdminPermissions ------------- --> MessageType=request Function=AdminAddAdminPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL NPermission Table= Permission= GroupName= [( Table= Permission= GroupName= ){NPermission-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: adds aro_aco entry for aro '/admins/' and aco '/org_db//' for admin identified by USER_CREDENTIAL note, admin identified by ADMIN_CREDENTIAL must have 'update' permissions on the table in question AdminRemoveAdminPermissions ------------- --> MessageType=request Function=AdminRemoveAdminPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL USER_CREDENTIAL NPermission Table= Permission= GroupName= [( Table= Permission= GroupName= ){NPermission-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: removes aro_aco entry for aro '/admins/' and aco '/org_db/
/' for admin identified by USER_CREDENTIAL note, admin identified by ADMIN_CREDENTIAL must have 'delete' permissions on the table in question AdminAddAdminApiPermissions ------------- --> MessageType=request Function=AdminAddAdminApiPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= NPermission=<#> ApiFunction= [( ApiFunction\[\]= ){NPermission-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Adds api function access to admin identified by 'UserName'. i.e. adds a new aro_aco entry for aro '/admins/' and aco '/api/'. AdminRemoveAdminApiPermissions ------------- --> MessageType=request Function=AdminRemoveAdminApiPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= NPermission=<#> ApiFunction= [( ApiFunction\[\]= ){NPermission-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Removes api function access to admin identified by 'UserName'. i.e. removes aro_aco entry for aro '/admins/' and aco '/api/'. AdminSetAdminApiPermissions ------------- --> MessageType=request Function=AdminSetAdminApiPermissions TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= NPermission=<#> ApiFunction= [( ApiFunction\[\]= ){NPermission-1}] <-- ( Response=fail [Reason=] | Response=success [Reason=] Comments: Removes all api access functions for admin and adds the ]> in their place. AdminGetCustomCard ------------- --> MessageType=request Function=AdminGetCustomCard TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL ( [MagTrack=<#>] MagStripe=<#> | MagToken=<#> ) <-- ( Response=fail [Reason=] | Response=success [Reason=] MagStripe=(<#>|) RFSite=(<#>|) RFID=(<#>|) CardId=<#> Comment= LastUsed= Issued= FirstUsed= Comments: The provided MagStripe should be the custom card id, without the associated 'card number' (the last two digits as they exist on the magstripe). This will only search custom cards. AdminGetAdmins ------------- --> MessageType=request Function=AdminGetAdmins TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL UserName= <-- ( Response=fail [Reason=] | Response=success [Reason=] NUsers=<#> UserName= [( UserName\[\]= ){NUsers-1}] Comments: Returns a list of admins from the groups that the admin identified by USER_CREDENTIAL has access to. AdminSearchCards ------------- --> MessageType=request Function=AdminSearchCards TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL SearchText= <-- ( Response=fail [Reason=] | Response=success [Reason=] NItem=<#> CardId=<#> MagToken= RFIDToken= Comment= UserId=<#> LastUsed= FirstUsed= GroupId=<#> UserName= GropuName= [( CardId=<#> MagToken= RFIDToken= Comment= UserId=<#> LastUsed= FirstUsed= GroupId=<#> UserName= GropuName= ){NItem-1}] Comments: Returns a list of cards that match SearchText when a wildcard match ( '%%' done on : user_card.mag_token user_card.rfid_token user_card.comment user_card.issued user_card.lastused user_card.firstused user_card.username groups.group_name only active cards are returned. There is a hard limit of 100 results returned. AdminSearchUsers ------------- --> MessageType=request Function=AdminSearchUsers TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL SearchText= <-- ( Response=fail [Reason=] | Response=success [Reason=] Address City Comment Email FirstName LastName NItem Phone ShippingAddress ShippingCity ShippingCountryCode ShippingCountryName ShippingName ShippingState ShippingZIP State UserId UserName ZIP [( Address\[\] City\[\] Comment\[\] Email\[\] FirstName\[\] LastName\[\] NItem\[\] Phone\[\] ShippingAddress\[\] ShippingCity\[\] ShippingCountryCode\[\] ShippingCountryName\[\] ShippingName\[\] ShippingState\[\] ShippingZIP\[\] State\[\] UserId\[\] UserName\[\] ZIP\[\] ){NItem-1}] Comments: Returns a of users that match SearchText when a wildcard match ( '%%' done on : users.userid users.username users.first_name users.last_name users.phone users.email users.address users.city users.state users.zip users.comment users.shipping_name users.shipping_address users.shipping_city users.shipping_state users.shipping_zip users.shipping_country_code users.shipping_country_name groups.group_name only active users are returned. There is a hard limit of 100 results returned. AdminSearchAdmins ------------- --> MessageType=request Function=AdminSearchAdmins TransactionToken= ServerTransactionToken= ADMIN_CREDENTIAL SearchText= <-- ( Response=fail [Reason=] | Response=success [Reason=] NItem=<#> GroupId=<#> GroupName=<#> UserId=<#> UserName=<#> [( GroupId=<#> GroupName=<#> UserId=<#> UserName=<#> ){NItem-1}] Comments: Returns a list of admins that match SearchText when a wildcard match ( '%%' done on : admins.username admins.userid admins.group_id only active admins are returned. There is a hard limit of 100 results returned.