EC User Data API - Hello World

Morningstar EC - User Data API

Facilitates user data storage for trusted client applications.

Access

Access to the API should occur through the API gateway.

As all data is stored for a specific user, the API must be called with a user Id which is unique and known to the calling institutional client. The only current scheme for validating a user is through IWT seamless login. The UserData API only looks for the following seamless login parameters:

<SeamlessLogin>
<Status>0</Status>
<LoginId>uniqueUserId</LoginId>
<IsAdvisor>true</IsAdvisor>
<IsAdmin>false</IsAdmin>
    ...

Where IsAdvisor is optional and set if the calling user is an advisor for the institutional client and IsAdmin is optional and set if the calling user is an administrator for the institutional client

In addition to the API specific documented parameters, the calling client must supply the 2 following header parameters:

X-API-SiteSession - the sessionId to use when obtaining seamless login details
Authorization - a Bearer MaaS access token obtained (on server) as described here

MaaS Tokens

To be able to generate a MaaS token, we require the invoking EC international client to be created as a new MaaS client. The procedure to do this is documented under here.

To create a new EC international MaaS client using Seamless login, POST a JSON of the following syntax:

{
    "institution": "The client's site name",
    "instId": "nnnnnnn",
    "iwtSiteId": "xxxxxxx"
}

where:

instId is anything that uniquely identifies the client institution (i.e. 'IWT InstitutionId'-'IWT SiteId')
iwtSiteId is the IWT site's URL Key

It is also possible to call the API directly. This requires the following header:

X-API-AccessId - this is made up of two '.' separated elements 'IWT-site-key'.'encrypted-id'. The 'encrypted-id' is an encrypted data using a key provided by IWT international. It's required to be of the following format '{timestamp}~~{timeout}~~{userId}~~{isAdvisor}~~{isAdmin}'
where: