The user-api gives API clients access (create, read and update) to FT.com user’s data like their profile information, product entitlements etc. The supported API endpoints are listed below
| Resource | Description | Target uptime |
Target 95 percentile response time |
|---|---|---|---|
| POST /users/profile |
Create a new user record |
99.9% | <= 400ms |
| PUT /users/{userId}/profile | Update a user profile record | 99.9% | <=400ms |
| HEAD /users?email={emailAddress} | Check if a user record with the given email address exists | 99.9% | <= 300ms |
| GET /users?email={emailAddress} | Retrieve a user’s unique id by email address | 99.9% | <= 300ms |
| GET /users/{userId}/profile/full | Retrieves a user’s full profile | 99.9% | <= 300ms |
| GET /users/{userId}/profile/basic | Retrieves a user’s basic profile | 99.9% | <= 300ms |
| GET /users/{userId}/profile/demographics | Retrieves a user’s demographics profile | 99.9% | <= 300ms |
| GET /users/{userId}/products | Retrieves products a user is entitled access to | 99.9% | <= 300ms |
| POST /users/{userId}/credentials/change-password | Change a user’s password | ? | <= 500ms |
| GET /users/{userId}/subs-status | Retrieves a summary of the user’s subscription status. NB DEPRECATED - TO BE REPLACED SOON | 99% | <=200ms |
Every authenticated ft.com user has a valid Session and the session-api allows API clients the ability to validate them. Both supported API endpoints below encapsulate the same information but they use different crypto keys to sign the cookie. For /sessions/s/ endpoint uses FTSession_s cookie value, which is an HTTPS only cookie as opposed to /sessions/{sessionId} which uses FTSession cookie value that gets passed over non-encrypted HTTP sessions.
| Resource | Description | Target uptime | Target 95 percentile response time (as measured by our edge servers) |
|---|---|---|---|
| GET /sessions/{sessionId} | Validate and get userId from validated session (using FTSession cookie value) | 99.9% | <= 300ms |
| GET /sessions/s/{sessionId} | Validate and get userId from validated secure session (using FTSession_s cookie value) | 99.9% | <=300ms |
Tokens can be redeemed for a seat on an access licence. The publicly supported API endpoints are listed below:
| Resource | Description | Target uptime | Target 95 percentile response time (as measured by our edge servers) |
|---|---|---|---|
| GET /redeemable-tokens/{tokenId} | Retrieves a redeemable token | 99.9% | <= 300ms |
| POST /redeemable-tokens/{tokenId}/redeem | Redeems a redeemable token for a particular user | 99.9% | <=400ms |
Provide user credentials to log that user in:
| Resource | Description | Target uptime | Target 95 percentile response time (as measured by our edge servers) |
|---|---|---|---|
| POST /login | Logs a user in provided their credentials are correct | 99.9% | <=500ms |
SSO is a service to enable users of Identity providers(IdP) registered with FT to login to FT without the need for entering their FT credentials again to access content on FT.
| Resource | Description | Target uptime | Target 95 percentile response time (as measured by our edge servers) |
|---|---|---|---|
| GET /idps/mapping |
Returns the WAYFless URLs for the IDPs that matches the email restriction criteria |
99% | <=800ms |
The access licence service manages digital access entitlements for users to FT digital products. An access licence specifies a user or users that have access to a specific FT product. Access licences may have constraints including start and end dates, maximum number of licence seats, ip restrictions, etc.
| Resource | Description |
|---|---|
| GET /licences |
Find collection of licences by userId, adminUserId or retrieve all |
| GET /licences/{licenceId} | Retrieve an access licence by id |
| GET /licences/{licenceId}/seats | Retrieve the seats on a licence |
| GET /licences/{licenceId}/administrators |
Retrieve the administrators of a licence |
offers a view of seat holders on an Access Licence.
| Resource | Description |
|---|---|
| GET /licence-seat-holders/{licenceId} | Retrieve seat holders for a given licenceId |
| GET /licence-seat-holders/{licenceId}/admins | Retrieve administrators for given licenceId |
The offer api defines offers for digital and print products.
| Resource | Description |
|---|---|
| GET /offers/{offerId} |
Retrieve an offer by its id |
The acquisition context api defines bespoke aspects of the B2B signup journey (eg. tailored barriers, signup pages).
| Resource | Description |
|---|---|
| GET /acquisition-contexts/{acquisitionContextId} |
Retrieve an acquisition context by its id. |
| GET /acquisition-contexts | Find collection of acquisition contexts by access-licence-id or by ip-address. |
Creates access token for articles
| Resource | Description |
|---|---|
| POST /signin |
Creates content access token |
Provides legacy erights and passport id to user ids.
| Resource | Description |
|---|---|
|
Retrieves deprecated ID’s |
Manages and tracks a list of blacklisted domains an d ip address for trial subscriptions.
| Resource | Description |
|---|---|
|
GET /trial-exclusions/?(queryParameters)=(queryParametersValue) |
Tracks a list of blacklisted domains and ip address for trial subscriptions. |
| GET /trial-exclusions/domains | Tracks a list of blacklisted domains for trial subscriptions. |
| GET /trial-exclusions/ip-addresses | Tracks a list of blacklisted ip addresses for trial subscriptions. |
| GET /trial-exclusion/ip-addresses/{ip-address} | Get an ip address from the the black list resource by ip address |
Responsible for providing the fulfilment options available given a country code and postcode
| Resource | Description |
|---|---|
|
GET /newspaper/fulfilment/options?postCode=(postCodeValue)&countryCode=(countryCodeValue) |
Retrives list of fulfilment options by country code and postcode |
Utility functions available for use with the Memberhsip platform
| Utility | Description |
| Session Decoder |
The Session Decoder is a client-side javascript that extracts the userId from the FTSession_s cookie, without making a remote API call to the Session API. This utility method is useful in scenarios where you are interested in obtaining the userId from a session cookie without knowing if the session is still valid. |
Manages access to content.
| Resource | Description |
|---|---|
| HEAD /access/{contentPath} | Retrieves an authorisation decision for a given content resource. |
An API which aggregates REST APIs and makes them queryable.
GraphQL is a query language for APIs, which is particularly suited to exposing data with graph-like relationships.
The memb-graphql-api defines a schema for membership services, and allows data about membership entities to be unified in a single query, when it would normally require querying multiple REST APIs.
The systems memb-graphql-api talks to include user-profile-svc, access-licence-svc, acq-context-svc, redeemable-token-svc, subs-transition-svc, subscription-api etc.
GraphQL uses HTTP POST as a transport mechanism for its query documents rather than individual REST endpoints.
All POST requests go to the /api endpoint, over TLS https. Unencrypted HTTP is not supported.
The service requires an X-Api-Key (contact membership.support@ft.com by email or #membership-support on Slack).
<pre><code>curl -X POST -H "Content-Type: application/graphql" -H "X-Api-Key: xxxxxxxxx" -d 'query { licence(id: "nnnnn") { issueReason product { name code } } }' https://api.ft.com/graphql/v1/api
</code></pre>
A web interface for manually composing queries is also available. Authentication done by S30. https://memb-graphql-api-eu-prod.memb.ft.com/graphiql
See the Github repo README.md for more information on usage and querying; consult with #memb-graphql for wisdom.