Enforcement Portal Integration

overview this guide provides technical implementation details for generating secure, unique links that allow your users to access the enforcement portal the portal enables users to view all enforcement actions related to their account or content and submit appeals for decisions they believe were incorrect the integration involves a single server to server api call to generate an encrypted, time sensitive access token process flow the link generation process involves your system making a secure api call to nima's minotaur service, which acts as a gateway to validate your request and generate the final access url data flow your server initiates an http post request to the /portal/generatetoken endpoint with your api key and the user's id minotaur (gateway service) receives the request and validates your api key backend generates a secure, time sensitive, encrypted token minotaur constructs the final user facing url and returns it in the api response your server provides this unique url to your end user api endpoint specification request endpoint post https //\<minotaur api>/portal/generatetoken authentication authentication is handled via an api key passed as a query string parameter true 172,172,172,175 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type example url with api key https //\<minotaur api>/portal/generatetoken?apikey=\<api key> headers true 345,346 left unhandled content type left unhandled content type left unhandled content type left unhandled content type request body the body of the post request must be a json object containing the id of the user for whom the link is being generated true 172,172,172,175 left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type left unhandled content type example body { "reportee id" "unique user identifier 12345" } example request (curl) curl location request post 'https //\<minotaur api>/portal/generatetoken?apikey=\<api key>' \\ \ header 'content type application/json' \\ \ data raw '{ "reportee id" "user 12345abc" }' api responses success response a successful request returns an http 200 ok status code and a json object containing the secure portal url status code 200 ok body { "ok" true, "url" "https //\[frontend url]/portal/reportee/eyjpdii6i \[remainder of encrypted token]" } the url field contains the secure, session based link you should provide to your end user the token embedded in the url is encrypted and contains the necessary user information to display the correct data error responses if a request fails, the api returns an appropriate http error status code and a json body describing the issue invalid api key status code 400 bad request trigger the apikey is missing, malformed, or incorrect body { "message" "provide a valid api key", "error" "bad request", "statuscode" 400 } missing reportee id status code 422 unprocessable entity trigger the reportee id field is missing from the request body body { "ok" false, "response" { "message" "the reportee id field is required " } } internal server error status code 500 internal server error trigger an unexpected error occurred on the server while trying to generate the token body { "ok" false, "response" { "message" "failed to generate token" } } user experience flow after receiving the generated url from the api, your application presents it to the end user the user clicks the link, which navigates them to the secure portal frontend the frontend application uses the encrypted token from the url to securely fetch and display all relevant enforcement actions for that specific user the user can view details for each action and, where applicable, will see an "appeal" button to initiate the appeal submission process the access link is session based for security if the session expires, the user will be denied access and will need a newly generated link security considerations encrypted tokens each token is encrypted and contains user specific information time sensitive tokens are session based and expire after a period of inactivity single use context each link is unique to the user and cannot be reused across different users api key protection keep your api key secure and never expose it in client side code integration checklist before going live with the enforcement portal integration api key received and stored securely endpoint url configured correctly request/response handling implemented error handling for all error codes implemented link delivery mechanism to users established (in app, email, etc ) session expiration handling communicated to users testing completed with sample user ids security review of api key storage and usage for compliance and user facing information about the enforcement portal, see docid\ hadsvd38gpyc7canb4oyi in the compliance section