User Stories
High level diagrams
Manufacturing process
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Entone has a certificate authority (CA).
At the time of manufacture an RSA keypair signed by this CA will be added to the box.
User provisioning
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
The user purchases a STB.
The retail partner provisions a user account by calling the user management API (documentation)
The retail partner links the STB to the user (documentation)
The retail partner only needs to inform Amino of the STB mac address.
User login
| Drawio | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Note:
The Entone API will include the STB public key as one of the claims of the signed JWT token.
Detailed flow
Login STB
Sequence overview
- STB client calls the Entone API to get a signed JWT token
- STB client calls the Move STB Authentication endpoint with the token and the public key
Move API verifies the supplied public key by checking against a stored (trusted) version of the Entone public key
- Move API verifies the JWT with the public key
- Move API matches the supplied STB serial number to the user
- Move API logs in the user
Logout STB
API to handle logout request of STB
Request
| Method | URL | Authorization |
|---|---|---|
POST | https://boox.fi/api/stb/logout | STB (Using JWT), Service (Using service_token) |
POST Body
Please note that M is for Mandatory and O is for Optional.
| Body Fields | M/O | Description | Values | ||
|---|---|---|---|---|---|
service_token | M | Token generated for a service. For example DNA has own service_token. This token is generated from Backend and provided to application developers.
| String of Alpha numeric values. Mostly MD5 or SHA1 string. e.g. 8f9cf3f5789e16124f38936954a98668 |
Headers
Please note that M is for Mandatory and O is for Optional.
| Header | M/O | Description |
|---|---|---|
Authorization: Bearer | M | JWT json web token provided by backend after STB authenticated successfully |
Response
| HTTP Code | Response |
|---|---|
| 200 | none |
| 401 | none |
Link STB to a User
After user bought a STB this API need to be called. This API link or grant ownership of a STB to a user.
Request
| Method | URL | Authorization |
|---|---|---|
POST | https://boox.fi/api/management/stb/link_user | IP, Service (Digest Authentication) |
POST Data Parameters
Please note that M is for Mandatory and O is for Optional.
| Parameters | M/O | Description | Values | ||
|---|---|---|---|---|---|
| service | M | Service to which the user belongs. | String of service username. Shared separately. | ||
serial_no | M | Serial Number of STB. If device does not exists with provided serial no then it will be added. | Alpha numeric string. | ||
email | M | Email address of user who is provisioned for using the STB | Valid email address. e.g. john.doe@example.com | ||
public_keys | M | 8 Public keys which will be used to authenticate the STB.
| key0_base64;key1_base64;...........;key7_base64 (no limit on max length). where each public key is base-64 encoded,semicolon(;) is used between keys as separator. | ||
| chipset_id | O | STB device chipset number/ID. | chipset_id is a random list of characters (max 32 characters). | ||
| mac | O | Ethernet interface MAC address. | mac is a random list of characters (max 18 characters). |
Response
| HTTP Code | Response |
|---|---|
| 200 | { |
| 400 | |
| 401 | none |
Error Codes
| Error Code | Description |
|---|---|
| 1414 | Email does not exist |
| 1426 | Parameter is required |
| 1427 | Invalid length of chipset_id |
| 1428 | Invalid length of mac |
| 1433 | STB exists and linked |
| 1434 | Record already exists for value |
| 1435 | STB is already assigned |
| 1436 | Invalid email address format |
Unlink STB from User
This API remove ownership of a STB from an user. Use cases: when user sells his/her device, when a device got stolen.
Request
| Method | URL | Authorization |
|---|---|---|
POST | https://boox.fi/api/management/stb/unlink_user | IP, Service (Digest Authentication) |
POST Data Parameters
Please note that M is for Mandatory and O is for Optional.
| Parameters | M/O | Description | Values |
|---|---|---|---|
| service | M | Service to which the user belongs. | String of service username. Shared separately. |
serial_no | M | Serial Number of STB | Alpha numeric string. e.g. 615507895162 |
email | M | Email address of user who is provisioned for using the STB | Valid email address. e.g. john.doe@example.com |
Response
| HTTP Code | Response |
|---|---|
| 200 | none |
| 400 | |
| 401 | none |
Error Codes
| Error Code | Description |
|---|---|
| 1414 | Email does not exist |
| 1426 | Parameter is required |
| 1432 | serial_no does not exists |
| 1418 | Invalid STB link |
| 1436 | Invalid email address format |
Add New User Account
| Info |
|---|
| Existing API link: https://dna.booxmedia.com:10086/docs/d5/d8b/user_management.html#add_account |
This API is used to add a new user account. Following rules apply:
- Email address or customer-id should not belong to any customer that is not in DELETED state; otherwise API will return an error.
- If the user with that email exists in DELETED state and his grace period is not expired, his previous registration state is restored.
- A new user is created in UNREGISTERED state.
Design Points (to be considered for future):
- The main problem with making the two pin params as mandatory is that this feature is very specific to DNA requirements, while other frontends don't expect them. Therefore, we need a way so that both parties remain happy by giving a better design
- For that we should make it configurable whether the two params are mandatory. So for DNA we will configure them as mandatory, so that if they are not provided by Visio when creating a new user API will return an error to provide the mandatory input param. While for others e.g. Delta we will configure them as optional so that if they don't provide the params, API will successfully create a user and set the pins in DB as NULL (empty). Also until DNA is not ready for the params to be mandatory we can keep it configured as optional for them
- It is easy to implement from effort point of view and much flexible and reliable
Request
| Method Type | URL | Authorization |
|---|---|---|
| POST | https://boox.fi/api/management/user | Service (Digest Authentication) |
Query Strings
Please note that M is for Mandatory and O for Optional.
| Parameter | M/O | Description | Values | |||||
|---|---|---|---|---|---|---|---|---|
| service | M | Service to which the user belongs. | String of service username. Shared separately. | |||||
| M | Email address of the user. | Email address of the user | ||||||
| cid | M | Customer Identifier. | Numeric ID generated from Visio | |||||
| auth_pin | M | Authentication PIN code.
At the DNA TV Rel 2.9 publish time, the provisioning party (Visio) | Number with the length of 4. e.g. 8798 | |||||
| purchase_pin | M | Purchase PIN code.
At the DNA TV Rel 2.9 publish time, the provisioning party (Visio) | Number with the length of 4. e.g. 8798 | |||||
| dob | O | User Date of birth in YYYY-MM-DD format. | SUSPEND or ACTIVATE keywords are allowed only. |
Error Codes
| Error Code | Description |
|---|---|
| 1403 | email is missing |
| 1405 | cid is missing |
| 1406 | auth_pin is missing |
| 1407 | purchase_pin is missing |
| 1412 | Email already exists |
| 1413 | CID already Exists |
Edit Existing User Account
| Info |
|---|
| Existing API link: https://dna.booxmedia.com:10086/docs/d5/d8b/user_management.html#edit_account |
This API is used to suspend or activate a user account. It can also be used to change the email or customer-id of an existing account. Following rules apply:
- A user in DELETED state is not updated.
- "email" and "cid" parameters should not belong to any existing user, even if the user in in DELETED state
- If a user is suspended, his state is changed to DISABLED
- If a DISABLED user is activated and grace period has not expired, then previous registration state is restored, otherwise his state is changed to UNREGISTERED
- In other cases, if a user is activated, his state changed to REGISTERED.
Request
| Method Type | URL | Authorization |
|---|---|---|
| PUT | https://boox.fi/api/management/user/<email> | Service (Digest Authentication) |
Querystrings
Please note that M is for Mandatory and O for Optional.
| Parameter | M/O | Description | Values | |||||
|---|---|---|---|---|---|---|---|---|
| service | M | Service to which the user belongs. | String of service username. Shared separately. | |||||
| O | New email address of the user. Defaults to no value. | Email address of the user | ||||||
| cid | O | New customer Identifier. Defaults to no value. | Numeric ID generated from Visio | |||||
| auth_pin | O | Authentication PIN code.
| Number with the length of 4. | |||||
| purchase_pin | O | Purchase PIN code.
| Number with the length of 4. e.g. 8798 | |||||
| action | O | SUSPEND or ACTIVATE keywords. Defaults to no value. | SUSPEND or ACTIVATE keywords are allowed only. |
Error Codes
| Error Code | Description |
|---|---|
| 1407 | action value is invalid |
| 100 | User not found in the system |
| 1404 | email is invalid |
| 1406 | cid is invlid |