northbriton.net / careme
ai cooking
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

careme / internal / kroger / openapi-auth.json
at master 545 lines 24 kB view raw
Paul Miller okay limited to 250 but still a succes
ac16cdf9
1{ 2 "openapi": "3.0.3", 3 "info": { 4 "title": "Authorization Endpoints", 5 "description": "The authorization endpoints provide a token that will allow your service or application to call Kroger APIs.\n<br><br>\nLearn more about how The Kroger Co uses Oauth2:\n<a href=\"https://developer.kroger.com/documentation/public/security/guides-oauth\">Understanding OAuth2</a>\n", 6 "termsOfService": "https://developer.kroger.com/terms", 7 "contact": { 8 "name": "API Support", 9 "email": "APISupport@kroger.com", 10 "url": "https://developer.kroger.com" 11 }, 12 "version": "1.0.13" 13 }, 14 "servers": [ 15 { 16 "url": "https://api.kroger.com", 17 "description": "Production Environment" 18 }, 19 { 20 "url": "https://api-ce.kroger.com", 21 "description": "Certification Environment" 22 } 23 ], 24 "paths": { 25 "/v1/connect/oauth2/authorize": { 26 "get": { 27 "tags": [ 28 "OAuth2" 29 ], 30 "summary": "Authorization Code", 31 "description": "This endpoint is used when the end user must approve access to a protected resource (such as a cart) before a service can act on the user's behalf. Here's how it works:\n\n* Your service or application calls this endpoint and includes the redirect URL (what the end user should see after this service executes) and scopes (defines the actions your application or service can take on behalf of the user).\n* This endpoint displays a login screen, where the end user enters their email address and password.\n* The end user is then asked to give the application permission to access the resource on their behalf.\n* When the user agrees, this service returns the redirect URL with an authorization `code` as a parameter.\n\nAfter this endpoint returns, your service or application must call the `/token` endpoint with the `authorization_code` grant type and `code` value to get an access token. The access token is then sent to the endpoint being called to prove that your service or application is authorized to act on a user's behalf.\n", 32 "operationId": "authorizationCode", 33 "parameters": [ 34 { 35 "name": "scope", 36 "in": "query", 37 "description": "The level of access your application is requesting.", 38 "required": true, 39 "schema": { 40 "type": "string" 41 } 42 }, 43 { 44 "name": "client_id", 45 "in": "query", 46 "description": "Your application's client ID.", 47 "required": true, 48 "schema": { 49 "type": "string" 50 } 51 }, 52 { 53 "name": "redirect_uri", 54 "in": "query", 55 "description": "Your registered redirect URL. The redirect URL tells this endpoint which URL to display after the user approves access to the protected resource.", 56 "required": true, 57 "schema": { 58 "type": "string" 59 } 60 }, 61 { 62 "name": "response_type", 63 "in": "query", 64 "description": "Is always `code`.", 65 "required": true, 66 "schema": { 67 "type": "string" 68 } 69 }, 70 { 71 "name": "state", 72 "in": "query", 73 "description": "A random string to verify that the response belongs to the initiated request. The server should always return the same state value as the one specified in the request to protect against forgery attacks.", 74 "required": false, 75 "schema": { 76 "type": "string" 77 } 78 }, 79 { 80 "name": "banner", 81 "in": "query", 82 "description": "Sets the chain specific branding displayed on the authorization consent screen presented to the end user for shopper logins. When this parameter is not supplied the default chain branding (Kroger) will be used. Only one option may be used at a time and the available options are the following:\n\n\"bakers\" - Bakers' Plus \n\"citymarket\" - City Market \n\"dillons\" - Dillons \n\"fredmeyer\" - Fred Meyer \n\"frys\" - Fry's Food \n\"gerbes\" - Gerbes \n\"kingsoopers\" - King Soopers \n\"kroger\" - Kroger (default if no banner provided) \n\"metromarket\" - Metro Market \n\"picknsave\" - Pick 'n Save \n\"qfc\" - QFC \n\"ralphs\" - Ralphs \n\"smiths\" - Smiths Food and Drug \n\"food4less\" - Food 4 Less\" \n\"foodsco\" - Foods Co. \n\"harristeeter\" - Harris Teeter \n\"vons\" - Vons \n\"fredmeyerjewelers\" - Fred Meyer \n\"jaycfoods\" - Jay C \n\"marianos\" - Marianos \n\"payless\" - Pay Less \n\"ppsrx\" - Postal Prescription Services (PPSRX) \n\"rulerfoods\" - Ruler Foods \n\"copps\" - Copps \n", 83 "required": false, 84 "schema": { 85 "type": "string" 86 } 87 } 88 ], 89 "responses": { 90 "301": { 91 "description": "Moved Permanently", 92 "content": { 93 "application/json": { 94 "schema": { 95 "$ref": "#/components/schemas/oauth2_code_response" 96 } 97 } 98 } 99 }, 100 "400": { 101 "description": "Bad Request", 102 "content": { 103 "application/json": { 104 "schema": { 105 "oneOf": [ 106 { 107 "$ref": "#/components/schemas/invalid_scope" 108 }, 109 { 110 "$ref": "#/components/schemas/invalid_grant_type" 111 }, 112 { 113 "$ref": "#/components/schemas/invalid_redirect_uri" 114 }, 115 { 116 "$ref": "#/components/schemas/invalid_access" 117 }, 118 { 119 "$ref": "#/components/schemas/invalid_credentials" 120 } 121 ] 122 } 123 } 124 } 125 }, 126 "500": { 127 "description": "Internal Server Error", 128 "content": { 129 "application/json": { 130 "schema": { 131 "$ref": "#/components/schemas/auth_server_error" 132 } 133 } 134 } 135 } 136 }, 137 "x-code-samples": [ 138 { 139 "lang": "html", 140 "source": "https://api.kroger.com/v1/connect/oauth2/authorize?scope={{SCOPES}}&response_type=code&client_id={{CLIENT_ID}}&redirect_uri={{REDIRECT_URI}}" 141 } 142 ] 143 } 144 }, 145 "/v1/connect/oauth2/token": { 146 "post": { 147 "tags": [ 148 "OAuth2" 149 ], 150 "summary": "Access Token", 151 "description": "All Oauth2 applications are issued \"client credentials\" in the form of a unique client_id and client_secret after registration. The credentials are used to authorize the application.\n<br/><br/>\nThere are 3 grant type flows that the token endpoint offers:\n1. `authorization_code` - Uses the `code` returned from the `/authorize` endpoint to get a token, allowing your service or application to make API requests on an end user's behalf, including accessing personal data. The service is only able to perform the actions specified in the approved scopes.\n2. `client_credentials` - Uses the client credentials to provide a token that allows your service or application to call endpoints that do not require user approval.\n3. `refresh_token`\t- Allows the application to \"refresh\" an access token that has expired. Refresh tokens are only granted when using the Authorization Code grant type. Using the refresh token eliminates the need to re-authenticate the customer when the access token expires.\n\nThe `access_token` received from this step is sent to the endpoint being called to prove that your service or application is authorized to call the API. The `token_type` field indicates what type of token it is so that you can correctly pass it to the API.\n", 152 "operationId": "accessToken", 153 "parameters": [ 154 { 155 "name": "Authorization", 156 "in": "header", 157 "description": "Your `client_id:client_secret` base64 encoded.", 158 "required": true, 159 "schema": { 160 "type": "string" 161 } 162 } 163 ], 164 "requestBody": { 165 "content": { 166 "application/x-www-form-urlencoded": { 167 "schema": { 168 "oneOf": [ 169 { 170 "$ref": "#/components/schemas/authorization_code" 171 }, 172 { 173 "$ref": "#/components/schemas/client_credentials" 174 }, 175 { 176 "$ref": "#/components/schemas/refresh_token" 177 } 178 ], 179 "discriminator": { 180 "propertyName": "grant_type" 181 } 182 } 183 } 184 }, 185 "required": false 186 }, 187 "responses": { 188 "200": { 189 "description": "OK", 190 "content": { 191 "application/json": { 192 "schema": { 193 "oneOf": [ 194 { 195 "$ref": "#/components/schemas/authorization_code_response" 196 }, 197 { 198 "$ref": "#/components/schemas/client_credentials_response" 199 }, 200 { 201 "$ref": "#/components/schemas/refresh_token_response" 202 } 203 ] 204 } 205 } 206 } 207 }, 208 "400": { 209 "description": "Bad Request", 210 "content": { 211 "application/json": { 212 "schema": { 213 "oneOf": [ 214 { 215 "$ref": "#/components/schemas/invalid_code" 216 }, 217 { 218 "$ref": "#/components/schemas/invalid_scope" 219 }, 220 { 221 "$ref": "#/components/schemas/invalid_grant_type" 222 }, 223 { 224 "$ref": "#/components/schemas/invalid_refresh_token" 225 }, 226 { 227 "$ref": "#/components/schemas/invalid_credentials" 228 } 229 ] 230 } 231 } 232 } 233 }, 234 "500": { 235 "description": "Internal Server Error", 236 "content": { 237 "application/json": { 238 "schema": { 239 "$ref": "#/components/schemas/auth_server_error" 240 } 241 } 242 } 243 } 244 }, 245 "x-code-samples": [ 246 { 247 "lang": "Shell", 248 "source": "curl -X POST \\\n 'https://api.kroger.com/v1/connect/oauth2/token' \\\n -H 'Content-Type: application/x-www-form-urlencoded' \\\n -H 'Authorization: Basic {{base64(“CLIENT_ID:CLIENT_SECRET”)}}' \\\n -d 'grant_type=client_credentials&scope={{SCOPE}}'\n" 249 }, 250 { 251 "lang": "Go", 252 "source": "package main\n\nimport (\n \"fmt\"\n \"strings\"\n \"net/http\"\n \"io/ioutil\"\n)\n\nfunc main() {\n\n url := \"https://api.kroger.com/v1/connect/oauth2/token\"\n\n payload := strings.NewReader(\"grant_type=client_credentials&scope={{SCOPE}}\")\n\n req, _ := http.NewRequest(\"POST\", url, payload)\n\n req.Header.Add(\"Content-Type\", \"application/x-www-form-urlencoded\")\n req.Header.Add(\"Authorization\", \"Basic {{base64(“CLIENT_ID:CLIENT_SECRET”)}}\")\n\n res, _ := http.DefaultClient.Do(req)\n\n defer res.Body.Close()\n body, _ := ioutil.ReadAll(res.Body)\n\n fmt.Println(res)\n fmt.Println(string(body))\n\n}\n" 253 }, 254 { 255 "lang": "JavaScript", 256 "source": "var settings = {\n \"async\": true,\n \"crossDomain\": true,\n \"url\": \"https://api.kroger.com/v1/connect/oauth2/token\",\n \"method\": \"POST\",\n \"headers\": {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n \"Authorization\": \"Basic {{base64(“CLIENT_ID:CLIENT_SECRET”)}}\"\n },\n \"data\": {\n \"grant_type\": \"client_credentials\",\n \"scope\": \"{{scope}}\"\n }\n}\n\n$.ajax(settings).done(function (response) {\n console.log(response);\n});\n" 257 }, 258 { 259 "lang": "Java", 260 "source": "OkHttpClient client = new OkHttpClient();\n\nMediaType mediaType = MediaType.parse(\"application/x-www-form-urlencoded\");\nRequestBody body = RequestBody.create(mediaType, \"grant_type=client_credentials&scope={{SCOPE}}\");\nRequest request = new Request.Builder()\n .url(\"https://api.kroger.com/v1/connect/oauth2/token\")\n .post(body)\n .addHeader(\"Content-Type\", \"application/x-www-form-urlencoded\")\n .addHeader(\"Authorization\", \"Basic {{base64(“CLIENT_ID:CLIENT_SECRET”)}}\")\n .build();\n\nResponse response = client.newCall(request).execute();\n" 261 } 262 ] 263 } 264 } 265 }, 266 "components": { 267 "schemas": { 268 "auth_server_error": { 269 "type": "object", 270 "properties": { 271 "errors": { 272 "type": "object", 273 "properties": { 274 "reason": { 275 "type": "string", 276 "description": "Description of the reason for the error", 277 "example": "Internal server error" 278 }, 279 "code": { 280 "type": "string", 281 "description": "Unique identifier for the error used for troubleshooting purposes", 282 "example": "Auth-4xxx-xxx" 283 }, 284 "timestamp": { 285 "type": "number", 286 "description": "Timestamp of the resposne", 287 "example": 1564159296910 288 } 289 } 290 } 291 } 292 }, 293 "authorization_code": { 294 "required": [ 295 "code", 296 "grant_type", 297 "redirect_uri" 298 ], 299 "type": "object", 300 "properties": { 301 "grant_type": { 302 "type": "string", 303 "description": "Must be `authorization_code`.", 304 "example": "code" 305 }, 306 "code": { 307 "type": "string", 308 "description": "The value of the `code` parameter returned from the `/authorization` endpoint on the redirect URL.", 309 "example": "zWrT1GkdshSadIowJW0Rm4w2kKhOzv1W" 310 }, 311 "redirect_uri": { 312 "type": "string", 313 "description": "Your registered redirect URL. Must be the same redirect URL that was used for the authorizations code request.", 314 "example": "https://example.com/callback" 315 } 316 } 317 }, 318 "authorization_code_response": { 319 "type": "object", 320 "properties": { 321 "expires_in": { 322 "type": "number", 323 "description": "How long the access token is valid for in seconds.", 324 "example": 1800 325 }, 326 "access_token": { 327 "type": "string", 328 "description": "The access token string", 329 "example": "eyJh5GciOiJSUzI1NiGsImtpZCI6Ilo0RnQzbXNrSUj4OGlydDdMQjVjNmc2PSIsInR5cCI6IkpXVmJ9.eqJzY29wZSI6InByb2T1Y3QuY29tcGFjdCBjb3Vwb24uYmFzaWMiLCJhdXRoQXQiOjE1NjUwOTk0OTUzMzIzOTIxMTIsImF1ZCI6InBlcmsvcm1hbmNlLWFnZW50LXB1YmxpYyIsImV4cCI6MTU2NTEwMTI5NSwiaWF0IjoxNTY1MDk5BDkwLCJpc3MiOiJhcGkua3JvZ2VyLmNvbSIsInN1YiI6IjBmZjdkMGIwLWVkOGItNDJmOS1hNTExLWEzMGQyYTAyZDljNSJ9.ej0mov6SGV4n4HiAvduTdYCceMlSo3T06M4Nfh3MfpIjSKzKaLWgd5S0W1EKDXrWz8IE7NTg8EIrL-WKhwdZPt-TWaS7LLjRXLJ0w5rKc44DStgBdvDiCcnKeMsnimjhBlHOiiKUV5y3GbVqJzaDVZwg0j8lP9qtwZP9EIIQ7k409nkskY1pz7l1lZrGotYRJKmnteN5vVQeZ3R8jywIwOOSEbKSgQALVA3Oj02964P7lI6h1GsZ66V5FLA9KU8QXm4ejrFHf1beAIA2zi_fQI3dmW7yj57pWoCECZIjq7Sfo3nGR5rkjEwfyXEK7aTn8oj4_14YHgKRTY-28L96cw" 330 }, 331 "token_type": { 332 "type": "string", 333 "description": "The type of token.", 334 "example": "bearer" 335 }, 336 "refresh_token": { 337 "type": "string", 338 "description": "A token that can be used to request a new token on behalf of the end user. Refresh tokens have a longer expiration, typically 24 hours.", 339 "example": "FN20LbaF2EWC6MPMWdemBwwnP4ZmX8" 340 } 341 } 342 }, 343 "client_credentials": { 344 "required": [ 345 "grant_type" 346 ], 347 "type": "object", 348 "properties": { 349 "grant_type": { 350 "type": "string", 351 "description": "Must be `client_credentials`.", 352 "example": "client_credentials" 353 }, 354 "scope": { 355 "type": "string", 356 "description": "The level of access your application is requesting. Available options can be found on your app page.", 357 "example": "product.compact" 358 } 359 } 360 }, 361 "client_credentials_response": { 362 "type": "object", 363 "properties": { 364 "expires_in": { 365 "type": "number", 366 "description": "How long the access token is valid for in seconds.", 367 "example": 1800 368 }, 369 "access_token": { 370 "type": "string", 371 "description": "The access token string.", 372 "example": "eyJh5GciOiJSUzI1NiGsImtpZCI6Ilo0RnQzbXNrSUj4OGlydDdMQjVjNmc2PSIsInR5cCI6IkpXVmJ9.eqJzY29wZSI6InByb2T1Y3QuY29tcGFjdCBjb3Vwb24uYmFzaWMiLCJhdXRoQXQiOjE1NjUwOTk0OTUzMzIzOTIxMTIsImF1ZCI6InBlcmsvcm1hbmNlLWFnZW50LXB1YmxpYyIsImV4cCI6MTU2NTEwMTI5NSwiaWF0IjoxNTY1MDk5BDkwLCJpc3MiOiJhcGkua3JvZ2VyLmNvbSIsInN1YiI6IjBmZjdkMGIwLWVkOGItNDJmOS1hNTExLWEzMGQyYTAyZDljNSJ9.ej0mov6SGV4n4HiAvduTdYCceMlSo3T06M4Nfh3MfpIjSKzKaLWgd5S0W1EKDXrWz8IE7NTg8EIrL-WKhwdZPt-TWaS7LLjRXLJ0w5rKc44DStgBdvDiCcnKeMsnimjhBlHOiiKUV5y3GbVqJzaDVZwg0j8lP9qtwZP9EIIQ7k409nkskY1pz7l1lZrGotYRJKmnteN5vVQeZ3R8jywIwOOSEbKSgQALVA3Oj02964P7lI6h1GsZ66V5FLA9KU8QXm4ejrFHf1beAIA2zi_fQI3dmW7yj57pWoCECZIjq7Sfo3nGR5rkjEwfyXEK7aTn8oj4_14YHgKRTY-28L96cw" 373 }, 374 "token_type": { 375 "type": "string", 376 "description": "The type of token.", 377 "example": "bearer" 378 } 379 } 380 }, 381 "invalid_access": { 382 "type": "object", 383 "properties": { 384 "error": { 385 "type": "string", 386 "description": "The error message", 387 "example": "invalid_request" 388 }, 389 "error_description": { 390 "type": "string", 391 "description": "Detailed error description", 392 "example": "The resource owner denied the request" 393 } 394 } 395 }, 396 "invalid_code": { 397 "type": "object", 398 "properties": { 399 "error": { 400 "type": "string", 401 "description": "The error message", 402 "example": "invalid_request" 403 }, 404 "error_description": { 405 "type": "string", 406 "description": "Detailed error description", 407 "example": "invalid code" 408 } 409 } 410 }, 411 "invalid_credentials": { 412 "type": "object", 413 "properties": { 414 "error": { 415 "type": "string", 416 "description": "The error message", 417 "example": "unauthorized" 418 }, 419 "error_description": { 420 "type": "string", 421 "description": "Detailed error description", 422 "example": "invalid credentials" 423 } 424 } 425 }, 426 "invalid_grant_type": { 427 "type": "object", 428 "properties": { 429 "error": { 430 "type": "string", 431 "description": "The error message", 432 "example": "unsupported_grant_type" 433 }, 434 "error_description": { 435 "type": "string", 436 "description": "Detailed error description", 437 "example": "invalid grant_type" 438 } 439 } 440 }, 441 "invalid_redirect_uri": { 442 "type": "object", 443 "properties": { 444 "error": { 445 "type": "string", 446 "description": "The error message", 447 "example": "invalid_request" 448 }, 449 "error_description": { 450 "type": "string", 451 "description": "Detailed error description", 452 "example": "The redirect_uri did not match the registered redirect_uri for this application" 453 } 454 } 455 }, 456 "invalid_refresh_token": { 457 "type": "object", 458 "properties": { 459 "error": { 460 "type": "string", 461 "description": "The error message", 462 "example": "invalid_request" 463 }, 464 "error_description": { 465 "type": "string", 466 "description": "Detailed error description", 467 "example": "invalid refresh_token" 468 } 469 } 470 }, 471 "invalid_scope": { 472 "type": "object", 473 "properties": { 474 "error": { 475 "type": "string", 476 "description": "The error message", 477 "example": "invalid_scope" 478 }, 479 "error_description": { 480 "type": "string", 481 "description": "Detailed error description", 482 "example": "invalid scope" 483 } 484 } 485 }, 486 "oauth2_code_response": { 487 "type": "string", 488 "description": "Your registered redirect with the authorization code appended to the URL.", 489 "example": "https://YourRedirectUri.com/callback?code=zWrT1GkdshSadIowJW0Rm4w2kKhOzv1W" 490 }, 491 "refresh_token": { 492 "required": [ 493 "refresh_token", 494 "grant_type" 495 ], 496 "type": "object", 497 "properties": { 498 "grant_type": { 499 "type": "string", 500 "description": "Must be `refresh_token`.", 501 "example": "refresh_token" 502 }, 503 "refresh_token": { 504 "type": "string", 505 "description": "The refresh token returned from a call to this endpoint with the `authorization_code` or `refresh_token` grant type.", 506 "example": "FN20LbaF2EWC6MPMWdemBwwnP4ZmX8" 507 } 508 } 509 }, 510 "refresh_token_response": { 511 "type": "object", 512 "properties": { 513 "expires_in": { 514 "type": "number", 515 "description": "How long the access token is valid for in seconds.", 516 "example": 1800 517 }, 518 "access_token": { 519 "type": "string", 520 "description": "The access token string.", 521 "example": "eyJh5GciOiJSUzI1NiGsImtpZCI6Ilo0RnQzbXNrSUj4OGlydDdMQjVjNmc2PSIsInR5cCI6IkpXVmJ9.eqJzY29wZSI6InByb2T1Y3QuY29tcGFjdCBjb3Vwb24uYmFzaWMiLCJhdXRoQXQiOjE1NjUwOTk0OTUzMzIzOTIxMTIsImF1ZCI6InBlcmsvcm1hbmNlLWFnZW50LXB1YmxpYyIsImV4cCI6MTU2NTEwMTI5NSwiaWF0IjoxNTY1MDk5BDkwLCJpc3MiOiJhcGkua3JvZ2VyLmNvbSIsInN1YiI6IjBmZjdkMGIwLWVkOGItNDJmOS1hNTExLWEzMGQyYTAyZDljNSJ9.ej0mov6SGV4n4HiAvduTdYCceMlSo3T06M4Nfh3MfpIjSKzKaLWgd5S0W1EKDXrWz8IE7NTg8EIrL-WKhwdZPt-TWaS7LLjRXLJ0w5rKc44DStgBdvDiCcnKeMsnimjhBlHOiiKUV5y3GbVqJzaDVZwg0j8lP9qtwZP9EIIQ7k409nkskY1pz7l1lZrGotYRJKmnteN5vVQeZ3R8jywIwOOSEbKSgQALVA3Oj02964P7lI6h1GsZ66V5FLA9KU8QXm4ejrFHf1beAIA2zi_fQI3dmW7yj57pWoCECZIjq7Sfo3nGR5rkjEwfyXEK7aTn8oj4_14YHgKRTY-28L96cw" 522 }, 523 "token_type": { 524 "type": "string", 525 "description": "The type of token.", 526 "example": "bearer" 527 }, 528 "refresh_token": { 529 "type": "string", 530 "description": "A token that can be used to request a new token on behalf of the end user. Refresh tokens have a longer expiration, typically 24 hours.", 531 "example": "FN20LbaF2EWC6MPMWdemBwwnP4ZmX8" 532 } 533 } 534 } 535 } 536 }, 537 "x-tagGroups": [ 538 { 539 "name": "Authorization Endpoints", 540 "tags": [ 541 "OAuth2" 542 ] 543 } 544 ] 545}