Onboarding
Steps
- Choose the method of access, websec/sat/cima
- Create client id(s) and secrets if required based on (1)
- Request scopes to be approved for your client ids
- You are ready now to consume the API
GraphQL Endpoints
| Environment |
Endpoint |
| Staging |
https://xcp-sales-gateway-staging.xoe.xfinity.com/graphql |
| Production |
https://xcp-sales-gateway-prod.cws.xfinity.com/graphql |
REST API
| Environment |
Endpoint |
| Staging |
https://xcp-staging.xoe.xfinity.com/graphql |
| Production |
https://xcp-prod.cws.xfinity.com/graphql |
Authentication
For more in depth understanding of these authentication mechanisms please refer Authentication
Scopes
Azure Auth type doesnt have scope validation at this point.
| Auth type |
Operation |
Scope |
| CIMA/SAT/Websec |
Create consent |
xcp:consent:create |
| CIMA/SAT/Websec |
Update consent |
xcp:consent:update |
| CIMA/SAT/Websec |
Query consent |
xcp:consent:read |
| CIMA/SAT/Websec |
Query Archive consent |
xcp:consent:readarchive |
Below headers apply for all the variations of api invocations
| Header |
Description |
Required |
| Authorization |
Bearer Token |
Required |
| x-tracking-id |
UUID tracking id |
Required |
| partnerId |
Partner Id |
Required |
| accountId |
account Id |
Optional / Recommended for better tracking |
| content-type |
application/json |
Required |
| x-api-key |
API Key from XCP |
Required |