Access to all UBKI services is provided when there is a valid session key.

To obtain the session key, the authorization service is used. The key is valid until 23:59:59 the date it was received. The key can be compromised and blocked for various reasons, the service will return a message "Security error. The lifetime of the session key expired. " In such a situation, you have to log in again.

The session key must be obtained only once per day. It is IMPORTANT not to generate a new session key per each request, as this leads to extra load on the services. The session key request is supported in xml/json formats. Must be specified HTTP headers – Content-Type: application/xml or Content-Type: application/json.

Authorization service

Http Method

POST

Request URL

https://secure.ubki.ua/b2_api_xml/ubki/auth

Test URL

https://test.ubki.ua/b2_api_xml/ubki/auth

Request

JSON

headers:

Content-Type: application/json
Accept: application/json

body:

{
   "doc" : {
      "auth" : { 
      "login" : "Login",
      "pass" : "Password"
      }
   }
}

XML

headers:

Content-Type: application/xml
Accept: application/xml

body:

<!-- xml- request should be coded in base64 --!>

<?xml version="1.0" encoding="utf-8" ?>
    <doc>
       <auth login="Login" pass="Password"/>
    </doc>

Response

JSON

body:

{
  "doc": {
    "auth": {
      "errcode": "Error code (code from the ref.0)",
      "errtext": "Error Text",
      "errtextclient": "Error text for customers",
      "sessid": "session key",
      "datecr": "date and time of session creation",
      "dateed": "date and time of session renewal",
      "userlogin": "login",
      "userid": "User ID",
      "userfname": "surname",
      "userlname": "name",
      "usermname": "patronymic",
      "rolegroupid": "Role group ID",
      "rolegroupname": "Role group name",
      "agrid": "Organization ID",
      "agrname": "Name of company",
      "role": "A technical field, that does not bear any useful information for the partner",
      "mustchngpass": "Recommendation to change the password for the user's account (1 - recommended to change the password, - / 0 - no need to change the password)"
    }
  }
}

XML

body:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<doc>
  <auth errcode="Error code (code from the ref.0)" 
  errtext="Error Text" 
  errtextclient="Error text for customers" 
  sessid="session key" 
  datecr="date and time of session creation" 
  dateed="date and time of session renewal" 
  userlogin="login" 
  userid="User ID" 
  userfname="surname" 
  userlname="name" 
  usermname="patronymic" 
  rolegroupid="Role group ID" 
  rolegroupname="Role group name" 
  agrid="Organization ID" 
  agrname="Name of company" 
  role="A technical field, that does not bear any useful information for the partner" 
  mustchngpass="Recommendation to change the password for the user's account (1 - recommended to change the password, - / 0 - no need to change the password)" />
</doc>

When executing an authorization request, in case of an incorrect request or insufficient user account settings, the API will return an error code. To minimize errors when integrating with the API and to properly configure the response, you must analyze all errors received.

Introduction

Receiving information

Providing information

Service "Monitoring subjects"

Testing environment

References

Change Log