Payment Services

POST /user/{userId}/product/{productId}

Requires authentication with server access token.

Grant a user access to a product. NB! While using GET with this endpoint will also provide information about access to subscriptions, POST can only be used to grant access to products, not subscriptions.

Request

POST /api/2/user/{userId}/product/{productId}

userId

required path parameter

The user's uuid or userId (not to be mistaken with the deprecated id).

productId

required path parameter

ID of a product or subscription. Since version 2.9, this may also be a product alias, in which case you should also use the merchant filter.

Example request

cURL
curl https://login.schibsted.com/api/2/user/42/product/1337 \
   -X POST \
   -d "oauth_token=[access token]"
Java
SpidOAuthToken token = spidClient.getServerToken();
String responseJSON = spidClient.
    POST(token, "/user/42/product/1337").
    getResponseBody();

This example is an excerpt, see a full example

PHP
<?php
$client->auth();
echo var_dump($client->api("/user/42/product/1337", "POST"));

This example is an excerpt, see a full example

Clojure
(ns example
  (:require [spid-client-clojure.core :as spid]))

(let [client (spid/create-client "[client-id]" "[secret]")
      token (spid/create-server-token client)]
  (spid/POST client token "/user/42/product/1337"))

Response

This endpoint supports the JSON and JSON-P response formats.

Success: 200 OK

Grant a user access to a product

User product access

productId

integer (as string)

result

boolean

If true, the user has access to the product or subscription

subscriptionId

integer (as string)

Only provided for subscriptions

startDate

datetime

Only provided for subscriptions

expires

datetime

Only provided for subscriptions

autoRenew

integer (as string)

The number of times a subscription will be automatically renewed. Only provided for subscriptions

gracePeriod

string

Only provided for subscriptions

The check mark indicates that the field always contains a valid non-empty value.

Failure cases

Some HTTP response codes are used for multiple error situations. There is no consistent way to tell these apart, but the error object will contain a textual explanation of the reason for the error. For explanation on OAuth related failures and errors see OAuth authentication failures.

  • 401 Unauthorized You don't have administration rights for this client.
  • 401 Unauthorized Your client doesn't have administration rights for this client.
  • 403 Forbidden Client is not authorized to access this API endpoint. Contact SPiD to request access.
  • 403 Forbidden Requesting IP is not whitelisted
  • 403 Forbidden Access token rejected
  • 404 Not Found Unknown client ID
  • 404 Not Found Client ID mismatch. The client making the request is no the owner of this resource, and does not have administrative privileges for it.
  • 420 Request Ratelimit exceeded

Sample response

JSON
{
  "productId": "301694",
  "result": true
}
JSON-P
callback({
  "productId": "301694",
  "result": true
});

Comments/feedback

Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. SPiD reads and responds to every question. Additionally, your experience can help others using SPiD, and it can help us continuously improve our documentation.