Quick start

Prerequisites


There are some prerequisites needed before you can start using our APIs.

You will need:

  • a subscription key

  • setup OAuth to sent a bearer token with the request

  • send the identification of your tenant and organization with the request

Currently, you'll need to contact support@zerofriction.co to setup the required OAuth configuration for you.

Please provide the following details when requesting the required OAuth configuration:

  • a callback URL to which we can redirect after your application has been authorized (only when using the "Authorization code" flow)


You will receive an e-mail back with the OAuth configuration to fetch an access token.

Subscription key

  1. Go to "Products"

  2. Login with your Azure AD B2C account

  3. Choose your preferred product

  4. Enter a name for your subscription and choose "Subscribe"

  5. A request for a subscription requires an approval. You will receive an e-mail once your request has been approved.

  6. Once you received the e-mail that your request has been approved, go to "Your profile"

  7. Here you will see your primary and secondary subscription keys.
    You should use the primary key by default and switch to the secondary subscription key once you want to start rotating your keys.

  8. You will need to pass this subscription key as a HTTP header with the name apim-sub.

OAuth setup

We're currently supporting the OAuth 2 "Authorization code" and "Client Credentials" flow to access our APIs.

Authorization Code

  • Authentication URL: https://0frictionprod.b2clogin.com/0frictionprod.onmicrosoft.com/B2C_1_sign_in_up/oauth2/v2.0/authorize

  • Access token URL: https://0frictionprod.b2clogin.com/0frictionprod.onmicrosoft.com/B2C_1_sign_in_up/oauth2/v2.0/token

  • Client ID: Will be provided in an e-mail delivered by customer service

  • Client Secret: Will be provided in an e-mail delivered by customer service

  • Scopes: https://0frictionprod.onmicrosoft.com/zf-apigw/apigateway openid profile offline_access

Client Credentials

  • Access token URL: https://login.microsoftonline.com/0frictionprod.onmicrosoft.com/oauth2/v2.0/token

  • Client ID: Will be provided in an e-mail delivered by customer service

  • Client Secret: Will be provided in an e-mail delivered by customer service

  • Scopes: https://0frictionprod.onmicrosoft.com/zf-apigw/.default

Identification of your tenant and organization

Along with the previous two requirements, you will also need to sent the following HTTP headers:

  • zf-tuuid: the ID of your tenant

  • zf-ouuid: the ID of your organization

Example

Once you have all required data, we can try the following request to fetch the organization details.
Go to the Configuration API and fetch your organization details with the "Try it" button or use the curl command below:

curl --location 'https://api.zerofriction.co/api/cfg/Organizations/{organizationuuid}?api-version=1.0' \--header 'zf-tuuid: <uuid>' 
\--header 'zf-ouuid: <uuid>' \--header 'Authorization: Bearer <bearer token>' \--header 'apim-sub: <subscription key>'