Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\nexport const BASE_PATH = \"https://api.opistopalvelut.fi/v1/demo/fi\".replace(/\\/+$/, \"\");\n\nexport interface ConfigurationParameters {\n basePath?: string; // override base path\n fetchApi?: FetchAPI; // override for fetch implementation\n middleware?: Middleware[]; // middleware to apply before/after fetch requests\n queryParamsStringify?: (params: HTTPQuery) => string; // stringify function for query strings\n username?: string; // parameter for basic security\n password?: string; // parameter for basic security\n apiKey?: string | Promise | ((name: string) => string | Promise); // parameter for apiKey security\n accessToken?: string | Promise | ((name?: string, scopes?: string[]) => string | Promise); // parameter for oauth2 security\n headers?: HTTPHeaders; //header params we want to use on every request\n credentials?: RequestCredentials; //value for the credentials param we want to use on each request\n}\n\nexport class Configuration {\n constructor(private configuration: ConfigurationParameters = {}) {}\n\n set config(configuration: Configuration) {\n this.configuration = configuration;\n }\n\n get basePath(): string {\n return this.configuration.basePath != null ? this.configuration.basePath : BASE_PATH;\n }\n\n get fetchApi(): FetchAPI | undefined {\n return this.configuration.fetchApi;\n }\n\n get middleware(): Middleware[] {\n return this.configuration.middleware || [];\n }\n\n get queryParamsStringify(): (params: HTTPQuery) => string {\n return this.configuration.queryParamsStringify || querystring;\n }\n\n get username(): string | undefined {\n return this.configuration.username;\n }\n\n get password(): string | undefined {\n return this.configuration.password;\n }\n\n get apiKey(): ((name: string) => string | Promise) | undefined {\n const apiKey = this.configuration.apiKey;\n if (apiKey) {\n return typeof apiKey === 'function' ? apiKey : () => apiKey;\n }\n return undefined;\n }\n\n get accessToken(): ((name?: string, scopes?: string[]) => string | Promise) | undefined {\n const accessToken = this.configuration.accessToken;\n if (accessToken) {\n return typeof accessToken === 'function' ? accessToken : async () => accessToken;\n }\n return undefined;\n }\n\n get headers(): HTTPHeaders | undefined {\n return this.configuration.headers;\n }\n\n get credentials(): RequestCredentials | undefined {\n return this.configuration.credentials;\n }\n}\n\nexport const DefaultConfig = new Configuration();\n\n/**\n * This is the base class for all generated API classes.\n */\nexport class BaseAPI {\n\n private static readonly jsonRegex = new RegExp('^(:?application\\/json|[^;/ \\t]+\\/[^;/ \\t]+[+]json)[ \\t]*(:?;.*)?$', 'i');\n private middleware: Middleware[];\n\n constructor(protected configuration = DefaultConfig) {\n this.middleware = configuration.middleware;\n }\n\n withMiddleware(this: T, ...middlewares: Middleware[]) {\n const next = this.clone();\n next.middleware = next.middleware.concat(...middlewares);\n return next;\n }\n\n withPreMiddleware(this: T, ...preMiddlewares: Array) {\n const middlewares = preMiddlewares.map((pre) => ({ pre }));\n return this.withMiddleware(...middlewares);\n }\n\n withPostMiddleware(this: T, ...postMiddlewares: Array) {\n const middlewares = postMiddlewares.map((post) => ({ post }));\n return this.withMiddleware(...middlewares);\n }\n\n /**\n * Check if the given MIME is a JSON MIME.\n * JSON MIME examples:\n * application/json\n * application/json; charset=UTF8\n * APPLICATION/JSON\n * application/vnd.company+json\n * @param mime - MIME (Multipurpose Internet Mail Extensions)\n * @return True if the given MIME is JSON, false otherwise.\n */\n protected isJsonMime(mime: string | null | undefined): boolean {\n if (!mime) {\n return false;\n }\n return BaseAPI.jsonRegex.test(mime);\n }\n\n protected async request(context: RequestOpts, initOverrides?: RequestInit | InitOverrideFunction): Promise {\n const { url, init } = await this.createFetchParams(context, initOverrides);\n const response = await this.fetchApi(url, init);\n if (response && (response.status >= 200 && response.status < 300)) {\n return response;\n }\n throw new ResponseError(response, 'Response returned an error code');\n }\n\n private async createFetchParams(context: RequestOpts, initOverrides?: RequestInit | InitOverrideFunction) {\n let url = this.configuration.basePath + context.path;\n if (context.query !== undefined && Object.keys(context.query).length !== 0) {\n // only add the querystring to the URL if there are query parameters.\n // this is done to avoid urls ending with a \"?\" character which buggy webservers\n // do not handle correctly sometimes.\n url += '?' + this.configuration.queryParamsStringify(context.query);\n }\n\n const headers = Object.assign({}, this.configuration.headers, context.headers);\n Object.keys(headers).forEach(key => headers[key] === undefined ? delete headers[key] : {});\n\n const initOverrideFn =\n typeof initOverrides === \"function\"\n ? initOverrides\n : async () => initOverrides;\n\n const initParams = {\n method: context.method,\n headers,\n body: context.body,\n credentials: this.configuration.credentials,\n };\n\n const overriddenInit: RequestInit = {\n ...initParams,\n ...(await initOverrideFn({\n init: initParams,\n context,\n }))\n };\n\n let body: any;\n if (isFormData(overriddenInit.body)\n || (overriddenInit.body instanceof URLSearchParams)\n || isBlob(overriddenInit.body)) {\n body = overriddenInit.body;\n } else if (this.isJsonMime(headers['Content-Type'])) {\n body = JSON.stringify(overriddenInit.body);\n } else {\n body = overriddenInit.body;\n }\n\n const init: RequestInit = {\n ...overriddenInit,\n body\n };\n\n return { url, init };\n }\n\n private fetchApi = async (url: string, init: RequestInit) => {\n let fetchParams = { url, init };\n for (const middleware of this.middleware) {\n if (middleware.pre) {\n fetchParams = await middleware.pre({\n fetch: this.fetchApi,\n ...fetchParams,\n }) || fetchParams;\n }\n }\n let response: Response | undefined = undefined;\n try {\n response = await (this.configuration.fetchApi || fetch)(fetchParams.url, fetchParams.init);\n } catch (e) {\n for (const middleware of this.middleware) {\n if (middleware.onError) {\n response = await middleware.onError({\n fetch: this.fetchApi,\n url: fetchParams.url,\n init: fetchParams.init,\n error: e,\n response: response ? response.clone() : undefined,\n }) || response;\n }\n }\n if (response === undefined) {\n if (e instanceof Error) {\n throw new FetchError(e, 'The request failed and the interceptors did not return an alternative response');\n } else {\n throw e;\n }\n }\n }\n for (const middleware of this.middleware) {\n if (middleware.post) {\n response = await middleware.post({\n fetch: this.fetchApi,\n url: fetchParams.url,\n init: fetchParams.init,\n response: response.clone(),\n }) || response;\n }\n }\n return response;\n }\n\n /**\n * Create a shallow clone of `this` by constructing a new instance\n * and then shallow cloning data members.\n */\n private clone(this: T): T {\n const constructor = this.constructor as any;\n const next = new constructor(this.configuration);\n next.middleware = this.middleware.slice();\n return next;\n }\n};\n\nfunction isBlob(value: any): value is Blob {\n return typeof Blob !== 'undefined' && value instanceof Blob;\n}\n\nfunction isFormData(value: any): value is FormData {\n return typeof FormData !== \"undefined\" && value instanceof FormData;\n}\n\nexport class ResponseError extends Error {\n override name: \"ResponseError\" = \"ResponseError\";\n constructor(public response: Response, msg?: string) {\n super(msg);\n }\n}\n\nexport class FetchError extends Error {\n override name: \"FetchError\" = \"FetchError\";\n constructor(public cause: Error, msg?: string) {\n super(msg);\n }\n}\n\nexport class RequiredError extends Error {\n override name: \"RequiredError\" = \"RequiredError\";\n constructor(public field: string, msg?: string) {\n super(msg);\n }\n}\n\nexport const COLLECTION_FORMATS = {\n csv: \",\",\n ssv: \" \",\n tsv: \"\\t\",\n pipes: \"|\",\n};\n\nexport type FetchAPI = WindowOrWorkerGlobalScope['fetch'];\n\nexport type Json = any;\nexport type HTTPMethod = 'GET' | 'POST' | 'PUT' | 'PATCH' | 'DELETE' | 'OPTIONS' | 'HEAD';\nexport type HTTPHeaders = { [key: string]: string };\nexport type HTTPQuery = { [key: string]: string | number | null | boolean | Array | Set | HTTPQuery };\nexport type HTTPBody = Json | FormData | URLSearchParams;\nexport type HTTPRequestInit = { headers?: HTTPHeaders; method: HTTPMethod; credentials?: RequestCredentials; body?: HTTPBody };\nexport type ModelPropertyNaming = 'camelCase' | 'snake_case' | 'PascalCase' | 'original';\n\nexport type InitOverrideFunction = (requestContext: { init: HTTPRequestInit, context: RequestOpts }) => Promise\n\nexport interface FetchParams {\n url: string;\n init: RequestInit;\n}\n\nexport interface RequestOpts {\n path: string;\n method: HTTPMethod;\n headers: HTTPHeaders;\n query?: HTTPQuery;\n body?: HTTPBody;\n}\n\nexport function querystring(params: HTTPQuery, prefix: string = ''): string {\n return Object.keys(params)\n .map(key => querystringSingleKey(key, params[key], prefix))\n .filter(part => part.length > 0)\n .join('&');\n}\n\nfunction querystringSingleKey(key: string, value: string | number | null | undefined | boolean | Array | Set | HTTPQuery, keyPrefix: string = ''): string {\n const fullKey = keyPrefix + (keyPrefix.length ? `[${key}]` : key);\n if (value instanceof Array) {\n const multiValue = value.map(singleValue => encodeURIComponent(String(singleValue)))\n .join(`&${encodeURIComponent(fullKey)}=`);\n return `${encodeURIComponent(fullKey)}=${multiValue}`;\n }\n if (value instanceof Set) {\n const valueAsArray = Array.from(value);\n return querystringSingleKey(key, valueAsArray, keyPrefix);\n }\n if (value instanceof Date) {\n return `${encodeURIComponent(fullKey)}=${encodeURIComponent(value.toISOString())}`;\n }\n if (value instanceof Object) {\n return querystring(value as HTTPQuery, fullKey);\n }\n return `${encodeURIComponent(fullKey)}=${encodeURIComponent(String(value))}`;\n}\n\nexport function mapValues(data: any, fn: (item: any) => any) {\n return Object.keys(data).reduce(\n (acc, key) => ({ ...acc, [key]: fn(data[key]) }),\n {}\n );\n}\n\nexport function canConsumeForm(consumes: Consume[]): boolean {\n for (const consume of consumes) {\n if ('multipart/form-data' === consume.contentType) {\n return true;\n }\n }\n return false;\n}\n\nexport interface Consume {\n contentType: string;\n}\n\nexport interface RequestContext {\n fetch: FetchAPI;\n url: string;\n init: RequestInit;\n}\n\nexport interface ResponseContext {\n fetch: FetchAPI;\n url: string;\n init: RequestInit;\n response: Response;\n}\n\nexport interface ErrorContext {\n fetch: FetchAPI;\n url: string;\n init: RequestInit;\n error: unknown;\n response?: Response;\n}\n\nexport interface Middleware {\n pre?(context: RequestContext): Promise;\n post?(context: ResponseContext): Promise;\n onError?(context: ErrorContext): Promise;\n}\n\nexport interface ApiResponse {\n raw: Response;\n value(): Promise;\n}\n\nexport interface ResponseTransformer {\n (json: any): T;\n}\n\nexport class JSONApiResponse {\n constructor(public raw: Response, private transformer: ResponseTransformer = (jsonValue: any) => jsonValue) {}\n\n async value(): Promise {\n return this.transformer(await this.raw.json());\n }\n}\n\nexport class VoidApiResponse {\n constructor(public raw: Response) {}\n\n async value(): Promise {\n return undefined;\n }\n}\n\nexport class BlobApiResponse {\n constructor(public raw: Response) {}\n\n async value(): Promise {\n return await this.raw.blob();\n };\n}\n\nexport class TextApiResponse {\n constructor(public raw: Response) {}\n\n async value(): Promise {\n return await this.raw.text();\n };\n}\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * Default catalog courses sorting order\n * @export\n */\nexport const CourseSortOrder = {\n Code: 'code',\n Name: 'name',\n Date: 'date',\n Datedesc: 'datedesc'\n} as const;\nexport type CourseSortOrder = typeof CourseSortOrder[keyof typeof CourseSortOrder];\n\n\nexport function CourseSortOrderFromJSON(json: any): CourseSortOrder {\n return CourseSortOrderFromJSONTyped(json, false);\n}\n\nexport function CourseSortOrderFromJSONTyped(json: any, ignoreDiscriminator: boolean): CourseSortOrder {\n return json as CourseSortOrder;\n}\n\nexport function CourseSortOrderToJSON(value?: CourseSortOrder | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface Geopoint\n */\nexport interface Geopoint {\n [key: string]: any | any;\n /**\n * Latitude\n * @type {number}\n * @memberof Geopoint\n */\n lat: number;\n /**\n * Longitude\n * @type {number}\n * @memberof Geopoint\n */\n lon: number;\n}\n\n/**\n * Check if a given object implements the Geopoint interface.\n */\nexport function instanceOfGeopoint(value: object): boolean {\n if (!('lat' in value)) return false;\n if (!('lon' in value)) return false;\n return true;\n}\n\nexport function GeopointFromJSON(json: any): Geopoint {\n return GeopointFromJSONTyped(json, false);\n}\n\nexport function GeopointFromJSONTyped(json: any, ignoreDiscriminator: boolean): Geopoint {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'lat': json['lat'],\n 'lon': json['lon'],\n };\n}\n\nexport function GeopointToJSON(value?: Geopoint | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'lat': value['lat'],\n 'lon': value['lon'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiAgeLimits\n */\nexport interface HellewiAgeLimits {\n [key: string]: any | any;\n /**\n * \n * @type {number}\n * @memberof HellewiAgeLimits\n */\n minAge?: number;\n /**\n * \n * @type {number}\n * @memberof HellewiAgeLimits\n */\n maxAge?: number;\n}\n\n/**\n * Check if a given object implements the HellewiAgeLimits interface.\n */\nexport function instanceOfHellewiAgeLimits(value: object): boolean {\n return true;\n}\n\nexport function HellewiAgeLimitsFromJSON(json: any): HellewiAgeLimits {\n return HellewiAgeLimitsFromJSONTyped(json, false);\n}\n\nexport function HellewiAgeLimitsFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiAgeLimits {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'minAge': json['minAge'] == null ? undefined : json['minAge'],\n 'maxAge': json['maxAge'] == null ? undefined : json['maxAge'],\n };\n}\n\nexport function HellewiAgeLimitsToJSON(value?: HellewiAgeLimits | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'minAge': value['minAge'],\n 'maxAge': value['maxAge'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { Geopoint } from './Geopoint';\nimport {\n GeopointFromJSON,\n GeopointFromJSONTyped,\n GeopointToJSON,\n} from './Geopoint';\n\n/**\n * \n * @export\n * @interface HellewiLocation\n */\nexport interface HellewiLocation {\n [key: string]: any | any;\n /**\n * Address\n * @type {string}\n * @memberof HellewiLocation\n */\n address?: string;\n /**\n * City\n * @type {string}\n * @memberof HellewiLocation\n */\n city?: string;\n /**\n * ID in Hellewi\n * \n * This is in always included [/locations](#tag/Location) response\n * but never in [/courses](#tag/Course)\n * @type {number}\n * @memberof HellewiLocation\n */\n id?: number;\n /**\n * \n * @type {Geopoint}\n * @memberof HellewiLocation\n */\n latlon?: Geopoint;\n /**\n * Name\n * @type {string}\n * @memberof HellewiLocation\n */\n name: string;\n /**\n * Postal code\n * @type {string}\n * @memberof HellewiLocation\n */\n postalcode?: string;\n /**\n * Keywords that can be used to match course filters\n * @type {Array}\n * @memberof HellewiLocation\n */\n keywords?: Array;\n /**\n * Accessibility from the perspective of general mobility\n * @type {string}\n * @memberof HellewiLocation\n */\n accessibility?: string;\n /**\n * External ID\n * \n * Optional ID that can be used to match the location to\n * an external system instead of auto-increment ID\n * @type {string}\n * @memberof HellewiLocation\n */\n externalid?: string;\n}\n\n/**\n * Check if a given object implements the HellewiLocation interface.\n */\nexport function instanceOfHellewiLocation(value: object): boolean {\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiLocationFromJSON(json: any): HellewiLocation {\n return HellewiLocationFromJSONTyped(json, false);\n}\n\nexport function HellewiLocationFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiLocation {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'address': json['address'] == null ? undefined : json['address'],\n 'city': json['city'] == null ? undefined : json['city'],\n 'id': json['id'] == null ? undefined : json['id'],\n 'latlon': json['latlon'] == null ? undefined : GeopointFromJSON(json['latlon']),\n 'name': json['name'],\n 'postalcode': json['postalcode'] == null ? undefined : json['postalcode'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n 'accessibility': json['accessibility'] == null ? undefined : json['accessibility'],\n 'externalid': json['externalid'] == null ? undefined : json['externalid'],\n };\n}\n\nexport function HellewiLocationToJSON(value?: HellewiLocation | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'address': value['address'],\n 'city': value['city'],\n 'id': value['id'],\n 'latlon': GeopointToJSON(value['latlon']),\n 'name': value['name'],\n 'postalcode': value['postalcode'],\n 'keywords': value['keywords'],\n 'accessibility': value['accessibility'],\n 'externalid': value['externalid'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * \n * @export\n */\nexport const HellewiTenantType = {\n CommunityCollege: 'COMMUNITY_COLLEGE',\n SportsAndCulture: 'SPORTS_AND_CULTURE',\n ArtsEducation: 'ARTS_EDUCATION',\n SummerSchool: 'SUMMER_SCHOOL',\n FolkHighSchool: 'FOLK_HIGH_SCHOOL',\n VocationalSchool: 'VOCATIONAL_SCHOOL',\n Company: 'COMPANY',\n Association: 'ASSOCIATION',\n Museum: 'MUSEUM',\n EmploymentServices: 'EMPLOYMENT_SERVICES'\n} as const;\nexport type HellewiTenantType = typeof HellewiTenantType[keyof typeof HellewiTenantType];\n\n\nexport function HellewiTenantTypeFromJSON(json: any): HellewiTenantType {\n return HellewiTenantTypeFromJSONTyped(json, false);\n}\n\nexport function HellewiTenantTypeFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiTenantType {\n return json as HellewiTenantType;\n}\n\nexport function HellewiTenantTypeToJSON(value?: HellewiTenantType | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiLessonParticipantCount\n */\nexport interface HellewiLessonParticipantCount {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiLessonParticipantCount\n */\n id: string;\n /**\n * Course is almost full: less than 10% of places available\n * @type {boolean}\n * @memberof HellewiLessonParticipantCount\n */\n almostfull: boolean;\n /**\n * Course is full\n * \n * You might still be able to register for queueing\n * @type {boolean}\n * @memberof HellewiLessonParticipantCount\n */\n full: boolean;\n /**\n * Maximum number of participants\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n max?: number;\n /**\n * Available places for registration\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n available?: number;\n /**\n * How many times course can be added to cart\n * \n * undefined if there is no limit\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n cartlimit?: number;\n /**\n * Minimum number of participants\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n min?: number;\n /**\n * Actual registrations\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n registrations?: number;\n /**\n * Registration is open\n * @type {boolean}\n * @memberof HellewiLessonParticipantCount\n */\n registrationopen: boolean;\n /**\n * Lesson id\n * @type {number}\n * @memberof HellewiLessonParticipantCount\n */\n lessonId: number;\n}\n\n/**\n * Check if a given object implements the HellewiLessonParticipantCount interface.\n */\nexport function instanceOfHellewiLessonParticipantCount(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('almostfull' in value)) return false;\n if (!('full' in value)) return false;\n if (!('registrationopen' in value)) return false;\n if (!('lessonId' in value)) return false;\n return true;\n}\n\nexport function HellewiLessonParticipantCountFromJSON(json: any): HellewiLessonParticipantCount {\n return HellewiLessonParticipantCountFromJSONTyped(json, false);\n}\n\nexport function HellewiLessonParticipantCountFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiLessonParticipantCount {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'almostfull': json['almostfull'],\n 'full': json['full'],\n 'max': json['max'] == null ? undefined : json['max'],\n 'available': json['available'] == null ? undefined : json['available'],\n 'cartlimit': json['cartlimit'] == null ? undefined : json['cartlimit'],\n 'min': json['min'] == null ? undefined : json['min'],\n 'registrations': json['registrations'] == null ? undefined : json['registrations'],\n 'registrationopen': json['registrationopen'],\n 'lessonId': json['lessonId'],\n };\n}\n\nexport function HellewiLessonParticipantCountToJSON(value?: HellewiLessonParticipantCount | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'almostfull': value['almostfull'],\n 'full': value['full'],\n 'max': value['max'],\n 'available': value['available'],\n 'cartlimit': value['cartlimit'],\n 'min': value['min'],\n 'registrations': value['registrations'],\n 'registrationopen': value['registrationopen'],\n 'lessonId': value['lessonId'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiLessonParticipantCount } from './HellewiLessonParticipantCount';\nimport {\n HellewiLessonParticipantCountFromJSON,\n HellewiLessonParticipantCountFromJSONTyped,\n HellewiLessonParticipantCountToJSON,\n} from './HellewiLessonParticipantCount';\nimport type { HellewiLocation } from './HellewiLocation';\nimport {\n HellewiLocationFromJSON,\n HellewiLocationFromJSONTyped,\n HellewiLocationToJSON,\n} from './HellewiLocation';\n\n/**\n * \n * @export\n * @interface HellewiCourseLesson\n */\nexport interface HellewiCourseLesson {\n [key: string]: any | any;\n /**\n * Lesson ID\n * \n * Used when adding lessons to cart, and registering to them\n * @type {number}\n * @memberof HellewiCourseLesson\n */\n id: number;\n /**\n * Lesson begins at\n * @type {Date}\n * @memberof HellewiCourseLesson\n */\n begins?: Date;\n /**\n * Lesson ends at\n * @type {Date}\n * @memberof HellewiCourseLesson\n */\n ends?: Date;\n /**\n * \n * @type {HellewiLocation}\n * @memberof HellewiCourseLesson\n */\n location?: HellewiLocation;\n /**\n * \n * @type {HellewiLessonParticipantCount}\n * @memberof HellewiCourseLesson\n */\n participantcount?: HellewiLessonParticipantCount;\n}\n\n/**\n * Check if a given object implements the HellewiCourseLesson interface.\n */\nexport function instanceOfHellewiCourseLesson(value: object): boolean {\n if (!('id' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseLessonFromJSON(json: any): HellewiCourseLesson {\n return HellewiCourseLessonFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseLessonFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseLesson {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'begins': json['begins'] == null ? undefined : (new Date(json['begins'])),\n 'ends': json['ends'] == null ? undefined : (new Date(json['ends'])),\n 'location': json['location'] == null ? undefined : HellewiLocationFromJSON(json['location']),\n 'participantcount': json['participantcount'] == null ? undefined : HellewiLessonParticipantCountFromJSON(json['participantcount']),\n };\n}\n\nexport function HellewiCourseLessonToJSON(value?: HellewiCourseLesson | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'begins': value['begins'] == null ? undefined : ((value['begins']).toISOString()),\n 'ends': value['ends'] == null ? undefined : ((value['ends']).toISOString()),\n 'location': HellewiLocationToJSON(value['location']),\n 'participantcount': HellewiLessonParticipantCountToJSON(value['participantcount']),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * \n * @export\n */\nexport const HellewiCatalogItemType = {\n Category: 'category',\n Categorysubject: 'categorysubject',\n Classification: 'classification',\n Coursetype: 'coursetype',\n Department: 'department',\n Educationsector: 'educationsector',\n Educationtype: 'educationtype',\n Language: 'language',\n Levelofstudy: 'levelofstudy',\n Location: 'location',\n Locationgroup: 'locationgroup',\n Period: 'period',\n Subject: 'subject',\n Tag: 'tag',\n Tenant: 'tenant',\n Teachingformat: 'teachingformat',\n Term: 'term',\n Unit: 'unit',\n Weekday: 'weekday',\n Date: 'date',\n Dateinput: 'dateinput',\n Coursesbeginning: 'coursesbeginning',\n Registrationopen: 'registrationopen'\n} as const;\nexport type HellewiCatalogItemType = typeof HellewiCatalogItemType[keyof typeof HellewiCatalogItemType];\n\n\nexport function HellewiCatalogItemTypeFromJSON(json: any): HellewiCatalogItemType {\n return HellewiCatalogItemTypeFromJSONTyped(json, false);\n}\n\nexport function HellewiCatalogItemTypeFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCatalogItemType {\n return json as HellewiCatalogItemType;\n}\n\nexport function HellewiCatalogItemTypeToJSON(value?: HellewiCatalogItemType | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCatalogItemType } from './HellewiCatalogItemType';\nimport {\n HellewiCatalogItemTypeFromJSON,\n HellewiCatalogItemTypeFromJSONTyped,\n HellewiCatalogItemTypeToJSON,\n} from './HellewiCatalogItemType';\n\n/**\n * \n * @export\n * @interface HellewiCatalogItem\n */\nexport interface HellewiCatalogItem {\n [key: string]: any | any;\n /**\n * \n * @type {HellewiCatalogItemType}\n * @memberof HellewiCatalogItem\n */\n type: HellewiCatalogItemType;\n /**\n * Hellewi ID\n * @type {number}\n * @memberof HellewiCatalogItem\n */\n id?: number;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiCatalogItem\n */\n keywords?: Array;\n /**\n * Parent keyword\n * @type {string}\n * @memberof HellewiCatalogItem\n */\n parent?: string;\n /**\n * Color\n * @type {string}\n * @memberof HellewiCatalogItem\n */\n color?: string;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCatalogItem\n */\n name: string;\n /**\n * Sorting order\n * @type {number}\n * @memberof HellewiCatalogItem\n */\n sort?: number;\n /**\n * Course count\n * \n * How many courses have this catalog item with current search parameters.\n * This attribute is present only in [Catalog](#operation/Catalog) endpoint.\n * @type {number}\n * @memberof HellewiCatalogItem\n */\n coursecount?: number;\n /**\n * Translate label\n * \n * Whether the label should be translated in the user interface.\n * @type {boolean}\n * @memberof HellewiCatalogItem\n */\n translatelabel?: boolean;\n}\n\n/**\n * Check if a given object implements the HellewiCatalogItem interface.\n */\nexport function instanceOfHellewiCatalogItem(value: object): boolean {\n if (!('type' in value)) return false;\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiCatalogItemFromJSON(json: any): HellewiCatalogItem {\n return HellewiCatalogItemFromJSONTyped(json, false);\n}\n\nexport function HellewiCatalogItemFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCatalogItem {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'type': HellewiCatalogItemTypeFromJSON(json['type']),\n 'id': json['id'] == null ? undefined : json['id'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n 'parent': json['parent'] == null ? undefined : json['parent'],\n 'color': json['color'] == null ? undefined : json['color'],\n 'name': json['name'],\n 'sort': json['sort'] == null ? undefined : json['sort'],\n 'coursecount': json['coursecount'] == null ? undefined : json['coursecount'],\n 'translatelabel': json['translatelabel'] == null ? undefined : json['translatelabel'],\n };\n}\n\nexport function HellewiCatalogItemToJSON(value?: HellewiCatalogItem | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'type': HellewiCatalogItemTypeToJSON(value['type']),\n 'id': value['id'],\n 'keywords': value['keywords'],\n 'parent': value['parent'],\n 'color': value['color'],\n 'name': value['name'],\n 'sort': value['sort'],\n 'coursecount': value['coursecount'],\n 'translatelabel': value['translatelabel'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * Weekday as a number, 1 = Monday, 7 = Sunday\n * @export\n */\nexport const Weekday = {\n NUMBER_1: 1,\n NUMBER_2: 2,\n NUMBER_3: 3,\n NUMBER_4: 4,\n NUMBER_5: 5,\n NUMBER_6: 6,\n NUMBER_7: 7\n} as const;\nexport type Weekday = typeof Weekday[keyof typeof Weekday];\n\n\nexport function WeekdayFromJSON(json: any): Weekday {\n return WeekdayFromJSONTyped(json, false);\n}\n\nexport function WeekdayFromJSONTyped(json: any, ignoreDiscriminator: boolean): Weekday {\n return json as Weekday;\n}\n\nexport function WeekdayToJSON(value?: Weekday | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { Weekday } from './Weekday';\nimport {\n WeekdayFromJSON,\n WeekdayFromJSONTyped,\n WeekdayToJSON,\n} from './Weekday';\n\n/**\n * \n * @export\n * @interface HellewiCourseDay\n */\nexport interface HellewiCourseDay {\n [key: string]: any | any;\n /**\n * \n * @type {Weekday}\n * @memberof HellewiCourseDay\n */\n weekday?: Weekday;\n /**\n * Time when course begins on this day, as \"HH:MM\"\n * @type {string}\n * @memberof HellewiCourseDay\n */\n begins?: string;\n /**\n * Time when course ends on this day, as \"HH:MM\"\n * @type {string}\n * @memberof HellewiCourseDay\n */\n ends?: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiCourseDay\n */\n keywords?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCourseDay interface.\n */\nexport function instanceOfHellewiCourseDay(value: object): boolean {\n return true;\n}\n\nexport function HellewiCourseDayFromJSON(json: any): HellewiCourseDay {\n return HellewiCourseDayFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseDayFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseDay {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'weekday': json['weekday'] == null ? undefined : WeekdayFromJSON(json['weekday']),\n 'begins': json['begins'] == null ? undefined : json['begins'],\n 'ends': json['ends'] == null ? undefined : json['ends'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n };\n}\n\nexport function HellewiCourseDayToJSON(value?: HellewiCourseDay | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'weekday': WeekdayToJSON(value['weekday']),\n 'begins': value['begins'],\n 'ends': value['ends'],\n 'keywords': value['keywords'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiCourseMinimal\n */\nexport interface HellewiCourseMinimal {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiCourseMinimal\n */\n id: string;\n /**\n * Code / koodi\n * @type {string}\n * @memberof HellewiCourseMinimal\n */\n code?: string;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCourseMinimal\n */\n name?: string;\n /**\n * Tenant\n * @type {string}\n * @memberof HellewiCourseMinimal\n */\n tenant: string;\n}\n\n/**\n * Check if a given object implements the HellewiCourseMinimal interface.\n */\nexport function instanceOfHellewiCourseMinimal(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('tenant' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseMinimalFromJSON(json: any): HellewiCourseMinimal {\n return HellewiCourseMinimalFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseMinimalFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseMinimal {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'code': json['code'] == null ? undefined : json['code'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'tenant': json['tenant'],\n };\n}\n\nexport function HellewiCourseMinimalToJSON(value?: HellewiCourseMinimal | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'code': value['code'],\n 'name': value['name'],\n 'tenant': value['tenant'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiCourseMinimalParent\n */\nexport interface HellewiCourseMinimalParent {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiCourseMinimalParent\n */\n id: string;\n /**\n * Code / koodi\n * @type {string}\n * @memberof HellewiCourseMinimalParent\n */\n code?: string;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCourseMinimalParent\n */\n name?: string;\n /**\n * Tenant\n * @type {string}\n * @memberof HellewiCourseMinimalParent\n */\n tenant: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiCourseMinimalParent\n */\n keywords?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCourseMinimalParent interface.\n */\nexport function instanceOfHellewiCourseMinimalParent(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('tenant' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseMinimalParentFromJSON(json: any): HellewiCourseMinimalParent {\n return HellewiCourseMinimalParentFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseMinimalParentFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseMinimalParent {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'code': json['code'] == null ? undefined : json['code'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'tenant': json['tenant'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n };\n}\n\nexport function HellewiCourseMinimalParentToJSON(value?: HellewiCourseMinimalParent | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'code': value['code'],\n 'name': value['name'],\n 'tenant': value['tenant'],\n 'keywords': value['keywords'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * \n * @export\n */\nexport const HellewiCourseNotificationLabel = {\n Success: 'success',\n Danger: 'danger',\n Warning: 'warning',\n Info: 'info'\n} as const;\nexport type HellewiCourseNotificationLabel = typeof HellewiCourseNotificationLabel[keyof typeof HellewiCourseNotificationLabel];\n\n\nexport function HellewiCourseNotificationLabelFromJSON(json: any): HellewiCourseNotificationLabel {\n return HellewiCourseNotificationLabelFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseNotificationLabelFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseNotificationLabel {\n return json as HellewiCourseNotificationLabel;\n}\n\nexport function HellewiCourseNotificationLabelToJSON(value?: HellewiCourseNotificationLabel | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCourseNotificationLabel } from './HellewiCourseNotificationLabel';\nimport {\n HellewiCourseNotificationLabelFromJSON,\n HellewiCourseNotificationLabelFromJSONTyped,\n HellewiCourseNotificationLabelToJSON,\n} from './HellewiCourseNotificationLabel';\n\n/**\n * \n * @export\n * @interface HellewiCourseNotification\n */\nexport interface HellewiCourseNotification {\n [key: string]: any | any;\n /**\n * \n * @type {HellewiCourseNotificationLabel}\n * @memberof HellewiCourseNotification\n */\n label: HellewiCourseNotificationLabel;\n /**\n * Text\n * @type {string}\n * @memberof HellewiCourseNotification\n */\n text: string;\n}\n\n/**\n * Check if a given object implements the HellewiCourseNotification interface.\n */\nexport function instanceOfHellewiCourseNotification(value: object): boolean {\n if (!('label' in value)) return false;\n if (!('text' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseNotificationFromJSON(json: any): HellewiCourseNotification {\n return HellewiCourseNotificationFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseNotificationFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseNotification {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'label': HellewiCourseNotificationLabelFromJSON(json['label']),\n 'text': json['text'],\n };\n}\n\nexport function HellewiCourseNotificationToJSON(value?: HellewiCourseNotification | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'label': HellewiCourseNotificationLabelToJSON(value['label']),\n 'text': value['text'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCourseLesson } from './HellewiCourseLesson';\nimport {\n HellewiCourseLessonFromJSON,\n HellewiCourseLessonFromJSONTyped,\n HellewiCourseLessonToJSON,\n} from './HellewiCourseLesson';\n\n/**\n * \n * @export\n * @interface HellewiCoursePeriod\n */\nexport interface HellewiCoursePeriod {\n [key: string]: any | any;\n /**\n * Course period begins on date\n * @type {Date}\n * @memberof HellewiCoursePeriod\n */\n begins?: Date;\n /**\n * Course period ends on date\n * @type {Date}\n * @memberof HellewiCoursePeriod\n */\n ends?: Date;\n /**\n * Lesson count / kertoja\n * @type {number}\n * @memberof HellewiCoursePeriod\n */\n lessoncount?: number;\n /**\n * Lessons\n * \n * This is only present in [GetCourse](#operation/GetCourse) endpoint (not in ListCourses)\n * @type {Array}\n * @memberof HellewiCoursePeriod\n */\n lessons?: Array;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCoursePeriod\n */\n name: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiCoursePeriod\n */\n keywords?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCoursePeriod interface.\n */\nexport function instanceOfHellewiCoursePeriod(value: object): boolean {\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiCoursePeriodFromJSON(json: any): HellewiCoursePeriod {\n return HellewiCoursePeriodFromJSONTyped(json, false);\n}\n\nexport function HellewiCoursePeriodFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCoursePeriod {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'begins': json['begins'] == null ? undefined : (new Date(json['begins'])),\n 'ends': json['ends'] == null ? undefined : (new Date(json['ends'])),\n 'lessoncount': json['lessoncount'] == null ? undefined : json['lessoncount'],\n 'lessons': json['lessons'] == null ? undefined : ((json['lessons'] as Array).map(HellewiCourseLessonFromJSON)),\n 'name': json['name'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n };\n}\n\nexport function HellewiCoursePeriodToJSON(value?: HellewiCoursePeriod | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'begins': value['begins'] == null ? undefined : ((value['begins']).toISOString().substring(0,10)),\n 'ends': value['ends'] == null ? undefined : ((value['ends']).toISOString().substring(0,10)),\n 'lessoncount': value['lessoncount'],\n 'lessons': value['lessons'] == null ? undefined : ((value['lessons'] as Array).map(HellewiCourseLessonToJSON)),\n 'name': value['name'],\n 'keywords': value['keywords'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiCoursePriceInstallmentInstallmentsInner\n */\nexport interface HellewiCoursePriceInstallmentInstallmentsInner {\n /**\n * Payment can be done later\n * @type {boolean}\n * @memberof HellewiCoursePriceInstallmentInstallmentsInner\n */\n paymentlater: boolean;\n /**\n * Payment can be done now\n * @type {boolean}\n * @memberof HellewiCoursePriceInstallmentInstallmentsInner\n */\n paymentnow: boolean;\n /**\n * Price amount in euro cents\n * @type {number}\n * @memberof HellewiCoursePriceInstallmentInstallmentsInner\n */\n amount: number;\n /**\n * Installment name\n * @type {string}\n * @memberof HellewiCoursePriceInstallmentInstallmentsInner\n */\n name?: string;\n /**\n * Installment ID\n * @type {number}\n * @memberof HellewiCoursePriceInstallmentInstallmentsInner\n */\n id: number;\n}\n\n/**\n * Check if a given object implements the HellewiCoursePriceInstallmentInstallmentsInner interface.\n */\nexport function instanceOfHellewiCoursePriceInstallmentInstallmentsInner(value: object): boolean {\n if (!('paymentlater' in value)) return false;\n if (!('paymentnow' in value)) return false;\n if (!('amount' in value)) return false;\n if (!('id' in value)) return false;\n return true;\n}\n\nexport function HellewiCoursePriceInstallmentInstallmentsInnerFromJSON(json: any): HellewiCoursePriceInstallmentInstallmentsInner {\n return HellewiCoursePriceInstallmentInstallmentsInnerFromJSONTyped(json, false);\n}\n\nexport function HellewiCoursePriceInstallmentInstallmentsInnerFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCoursePriceInstallmentInstallmentsInner {\n if (json == null) {\n return json;\n }\n return {\n \n 'paymentlater': json['paymentlater'],\n 'paymentnow': json['paymentnow'],\n 'amount': json['amount'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'id': json['id'],\n };\n}\n\nexport function HellewiCoursePriceInstallmentInstallmentsInnerToJSON(value?: HellewiCoursePriceInstallmentInstallmentsInner | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n 'paymentlater': value['paymentlater'],\n 'paymentnow': value['paymentnow'],\n 'amount': value['amount'],\n 'name': value['name'],\n 'id': value['id'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCoursePriceInstallmentInstallmentsInner } from './HellewiCoursePriceInstallmentInstallmentsInner';\nimport {\n HellewiCoursePriceInstallmentInstallmentsInnerFromJSON,\n HellewiCoursePriceInstallmentInstallmentsInnerFromJSONTyped,\n HellewiCoursePriceInstallmentInstallmentsInnerToJSON,\n} from './HellewiCoursePriceInstallmentInstallmentsInner';\n\n/**\n * \n * @export\n * @interface HellewiCoursePriceInstallment\n */\nexport interface HellewiCoursePriceInstallment {\n [key: string]: any | any;\n /**\n * Installment group name\n * @type {string}\n * @memberof HellewiCoursePriceInstallment\n */\n name: string;\n /**\n * \n * @type {Array}\n * @memberof HellewiCoursePriceInstallment\n */\n installments: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCoursePriceInstallment interface.\n */\nexport function instanceOfHellewiCoursePriceInstallment(value: object): boolean {\n if (!('name' in value)) return false;\n if (!('installments' in value)) return false;\n return true;\n}\n\nexport function HellewiCoursePriceInstallmentFromJSON(json: any): HellewiCoursePriceInstallment {\n return HellewiCoursePriceInstallmentFromJSONTyped(json, false);\n}\n\nexport function HellewiCoursePriceInstallmentFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCoursePriceInstallment {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'name': json['name'],\n 'installments': ((json['installments'] as Array).map(HellewiCoursePriceInstallmentInstallmentsInnerFromJSON)),\n };\n}\n\nexport function HellewiCoursePriceInstallmentToJSON(value?: HellewiCoursePriceInstallment | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'name': value['name'],\n 'installments': ((value['installments'] as Array).map(HellewiCoursePriceInstallmentInstallmentsInnerToJSON)),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiCourseProduct\n */\nexport interface HellewiCourseProduct {\n [key: string]: any | any;\n /**\n * \n * @type {number}\n * @memberof HellewiCourseProduct\n */\n courseProductId: number;\n /**\n * \n * @type {number}\n * @memberof HellewiCourseProduct\n */\n productId: number;\n /**\n * \n * @type {number}\n * @memberof HellewiCourseProduct\n */\n price: number;\n /**\n * \n * @type {string}\n * @memberof HellewiCourseProduct\n */\n name: string;\n /**\n * \n * @type {number}\n * @memberof HellewiCourseProduct\n */\n revenueAccountId?: number;\n /**\n * \n * @type {number}\n * @memberof HellewiCourseProduct\n */\n revenueAccountVat?: number;\n}\n\n/**\n * Check if a given object implements the HellewiCourseProduct interface.\n */\nexport function instanceOfHellewiCourseProduct(value: object): boolean {\n if (!('courseProductId' in value)) return false;\n if (!('productId' in value)) return false;\n if (!('price' in value)) return false;\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseProductFromJSON(json: any): HellewiCourseProduct {\n return HellewiCourseProductFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseProductFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseProduct {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'courseProductId': json['courseProductId'],\n 'productId': json['productId'],\n 'price': json['price'],\n 'name': json['name'],\n 'revenueAccountId': json['revenueAccountId'] == null ? undefined : json['revenueAccountId'],\n 'revenueAccountVat': json['revenueAccountVat'] == null ? undefined : json['revenueAccountVat'],\n };\n}\n\nexport function HellewiCourseProductToJSON(value?: HellewiCourseProduct | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'courseProductId': value['courseProductId'],\n 'productId': value['productId'],\n 'price': value['price'],\n 'name': value['name'],\n 'revenueAccountId': value['revenueAccountId'],\n 'revenueAccountVat': value['revenueAccountVat'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCoursePriceInstallment } from './HellewiCoursePriceInstallment';\nimport {\n HellewiCoursePriceInstallmentFromJSON,\n HellewiCoursePriceInstallmentFromJSONTyped,\n HellewiCoursePriceInstallmentToJSON,\n} from './HellewiCoursePriceInstallment';\nimport type { HellewiCourseProduct } from './HellewiCourseProduct';\nimport {\n HellewiCourseProductFromJSON,\n HellewiCourseProductFromJSONTyped,\n HellewiCourseProductToJSON,\n} from './HellewiCourseProduct';\n\n/**\n * \n * @export\n * @interface HellewiCoursePrice\n */\nexport interface HellewiCoursePrice {\n [key: string]: any | any;\n /**\n * Price ID\n * @type {number}\n * @memberof HellewiCoursePrice\n */\n id: number;\n /**\n * Whether this price is the default one\n * \n * There is only one price with default=true per course\n * @type {boolean}\n * @memberof HellewiCoursePrice\n */\n _default?: boolean;\n /**\n * Price category name\n * @type {string}\n * @memberof HellewiCoursePrice\n */\n name?: string;\n /**\n * Price amount in euro cents\n * @type {number}\n * @memberof HellewiCoursePrice\n */\n amount?: number;\n /**\n * Payment can be done now\n * @type {boolean}\n * @memberof HellewiCoursePrice\n */\n paymentnow: boolean;\n /**\n * Payment can be done later\n * @type {boolean}\n * @memberof HellewiCoursePrice\n */\n paymentlater: boolean;\n /**\n * Payment with culture voucher\n * \n * This field is present only if culture vouchers are enabled\n * as payment options\n * @type {boolean}\n * @memberof HellewiCoursePrice\n */\n paymentwithculturevoucher?: boolean;\n /**\n * Payment with sports voucher\n * \n * This field is present only if sports vouchers are enabled\n * as payment options\n * @type {boolean}\n * @memberof HellewiCoursePrice\n */\n paymentwithsportsvoucher?: boolean;\n /**\n * Installment groups\n * \n * Normal course prices can be configured to be paid via installments,\n * lessons cannot.\n * @type {Array}\n * @memberof HellewiCoursePrice\n */\n installmentgroups?: Array;\n /**\n * Course products\n * \n * Products related to course are selectable in registration form\n * @type {Array}\n * @memberof HellewiCoursePrice\n */\n courseProducts?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCoursePrice interface.\n */\nexport function instanceOfHellewiCoursePrice(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('paymentnow' in value)) return false;\n if (!('paymentlater' in value)) return false;\n return true;\n}\n\nexport function HellewiCoursePriceFromJSON(json: any): HellewiCoursePrice {\n return HellewiCoursePriceFromJSONTyped(json, false);\n}\n\nexport function HellewiCoursePriceFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCoursePrice {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n '_default': json['default'] == null ? undefined : json['default'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'amount': json['amount'] == null ? undefined : json['amount'],\n 'paymentnow': json['paymentnow'],\n 'paymentlater': json['paymentlater'],\n 'paymentwithculturevoucher': json['paymentwithculturevoucher'] == null ? undefined : json['paymentwithculturevoucher'],\n 'paymentwithsportsvoucher': json['paymentwithsportsvoucher'] == null ? undefined : json['paymentwithsportsvoucher'],\n 'installmentgroups': json['installmentgroups'] == null ? undefined : ((json['installmentgroups'] as Array).map(HellewiCoursePriceInstallmentFromJSON)),\n 'courseProducts': json['courseProducts'] == null ? undefined : ((json['courseProducts'] as Array).map(HellewiCourseProductFromJSON)),\n };\n}\n\nexport function HellewiCoursePriceToJSON(value?: HellewiCoursePrice | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'default': value['_default'],\n 'name': value['name'],\n 'amount': value['amount'],\n 'paymentnow': value['paymentnow'],\n 'paymentlater': value['paymentlater'],\n 'paymentwithculturevoucher': value['paymentwithculturevoucher'],\n 'paymentwithsportsvoucher': value['paymentwithsportsvoucher'],\n 'installmentgroups': value['installmentgroups'] == null ? undefined : ((value['installmentgroups'] as Array).map(HellewiCoursePriceInstallmentToJSON)),\n 'courseProducts': value['courseProducts'] == null ? undefined : ((value['courseProducts'] as Array).map(HellewiCourseProductToJSON)),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\n/**\n * Course statuses\n * \n * - `NOT_YET_STARTED` Course has not yet started\n * - `IN_PROGRESS` Course is in progress\n * - `ENDED` Course has ended\n * - `CANCELLED` Course has been cancelled (before it started)\n * - `INTERRUPTED` Course has been interrupted (after it started)\n * \n * Currently only one of the statuses can be active at the same time, but\n * it is also possible that none of them are.\n * \n * Statuses can be added in the future, so the field is an array, and\n * implementation cannot make any assumptions that the requested status\n * would be always in index 0.\n * @export\n */\nexport const HellewiCourseStatus = {\n NotYetStarted: 'NOT_YET_STARTED',\n InProgress: 'IN_PROGRESS',\n Ended: 'ENDED',\n Cancelled: 'CANCELLED',\n Interrupted: 'INTERRUPTED',\n RegistrationToLessons: 'REGISTRATION_TO_LESSONS'\n} as const;\nexport type HellewiCourseStatus = typeof HellewiCourseStatus[keyof typeof HellewiCourseStatus];\n\n\nexport function HellewiCourseStatusFromJSON(json: any): HellewiCourseStatus {\n return HellewiCourseStatusFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseStatusFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseStatus {\n return json as HellewiCourseStatus;\n}\n\nexport function HellewiCourseStatusToJSON(value?: HellewiCourseStatus | null): any {\n return value as any;\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiLanguage\n */\nexport interface HellewiLanguage {\n [key: string]: any | any;\n /**\n * Name\n * @type {string}\n * @memberof HellewiLanguage\n */\n name: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiLanguage\n */\n keywords?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiLanguage interface.\n */\nexport function instanceOfHellewiLanguage(value: object): boolean {\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiLanguageFromJSON(json: any): HellewiLanguage {\n return HellewiLanguageFromJSONTyped(json, false);\n}\n\nexport function HellewiLanguageFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiLanguage {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'name': json['name'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n };\n}\n\nexport function HellewiLanguageToJSON(value?: HellewiLanguage | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'name': value['name'],\n 'keywords': value['keywords'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiTag\n */\nexport interface HellewiTag {\n [key: string]: any | any;\n /**\n * Name\n * @type {string}\n * @memberof HellewiTag\n */\n name: string;\n /**\n * Description\n * @type {string}\n * @memberof HellewiTag\n */\n description?: string;\n /**\n * Background color\n * @type {string}\n * @memberof HellewiTag\n */\n color?: string;\n /**\n * Font color\n * @type {string}\n * @memberof HellewiTag\n */\n fontcolor?: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiTag\n */\n keywords?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiTag interface.\n */\nexport function instanceOfHellewiTag(value: object): boolean {\n if (!('name' in value)) return false;\n return true;\n}\n\nexport function HellewiTagFromJSON(json: any): HellewiTag {\n return HellewiTagFromJSONTyped(json, false);\n}\n\nexport function HellewiTagFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiTag {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'name': json['name'],\n 'description': json['description'] == null ? undefined : json['description'],\n 'color': json['color'] == null ? undefined : json['color'],\n 'fontcolor': json['fontcolor'] == null ? undefined : json['fontcolor'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n };\n}\n\nexport function HellewiTagToJSON(value?: HellewiTag | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'name': value['name'],\n 'description': value['description'],\n 'color': value['color'],\n 'fontcolor': value['fontcolor'],\n 'keywords': value['keywords'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiAgeLimits } from './HellewiAgeLimits';\nimport {\n HellewiAgeLimitsFromJSON,\n HellewiAgeLimitsFromJSONTyped,\n HellewiAgeLimitsToJSON,\n} from './HellewiAgeLimits';\nimport type { HellewiCatalogItem } from './HellewiCatalogItem';\nimport {\n HellewiCatalogItemFromJSON,\n HellewiCatalogItemFromJSONTyped,\n HellewiCatalogItemToJSON,\n} from './HellewiCatalogItem';\nimport type { HellewiCourseDay } from './HellewiCourseDay';\nimport {\n HellewiCourseDayFromJSON,\n HellewiCourseDayFromJSONTyped,\n HellewiCourseDayToJSON,\n} from './HellewiCourseDay';\nimport type { HellewiCourseMinimal } from './HellewiCourseMinimal';\nimport {\n HellewiCourseMinimalFromJSON,\n HellewiCourseMinimalFromJSONTyped,\n HellewiCourseMinimalToJSON,\n} from './HellewiCourseMinimal';\nimport type { HellewiCourseMinimalParent } from './HellewiCourseMinimalParent';\nimport {\n HellewiCourseMinimalParentFromJSON,\n HellewiCourseMinimalParentFromJSONTyped,\n HellewiCourseMinimalParentToJSON,\n} from './HellewiCourseMinimalParent';\nimport type { HellewiCourseNotification } from './HellewiCourseNotification';\nimport {\n HellewiCourseNotificationFromJSON,\n HellewiCourseNotificationFromJSONTyped,\n HellewiCourseNotificationToJSON,\n} from './HellewiCourseNotification';\nimport type { HellewiCoursePeriod } from './HellewiCoursePeriod';\nimport {\n HellewiCoursePeriodFromJSON,\n HellewiCoursePeriodFromJSONTyped,\n HellewiCoursePeriodToJSON,\n} from './HellewiCoursePeriod';\nimport type { HellewiCoursePrice } from './HellewiCoursePrice';\nimport {\n HellewiCoursePriceFromJSON,\n HellewiCoursePriceFromJSONTyped,\n HellewiCoursePriceToJSON,\n} from './HellewiCoursePrice';\nimport type { HellewiCourseProduct } from './HellewiCourseProduct';\nimport {\n HellewiCourseProductFromJSON,\n HellewiCourseProductFromJSONTyped,\n HellewiCourseProductToJSON,\n} from './HellewiCourseProduct';\nimport type { HellewiCourseStatus } from './HellewiCourseStatus';\nimport {\n HellewiCourseStatusFromJSON,\n HellewiCourseStatusFromJSONTyped,\n HellewiCourseStatusToJSON,\n} from './HellewiCourseStatus';\nimport type { HellewiLanguage } from './HellewiLanguage';\nimport {\n HellewiLanguageFromJSON,\n HellewiLanguageFromJSONTyped,\n HellewiLanguageToJSON,\n} from './HellewiLanguage';\nimport type { HellewiLocation } from './HellewiLocation';\nimport {\n HellewiLocationFromJSON,\n HellewiLocationFromJSONTyped,\n HellewiLocationToJSON,\n} from './HellewiLocation';\nimport type { HellewiTag } from './HellewiTag';\nimport {\n HellewiTagFromJSON,\n HellewiTagFromJSONTyped,\n HellewiTagToJSON,\n} from './HellewiTag';\n\n/**\n * Course with limited fields\n * @export\n * @interface HellewiCoursePartial\n */\nexport interface HellewiCoursePartial {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiCoursePartial\n */\n id: string;\n /**\n * Code / koodi\n * @type {string}\n * @memberof HellewiCoursePartial\n */\n code?: string;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCoursePartial\n */\n name?: string;\n /**\n * Tenant\n * @type {string}\n * @memberof HellewiCoursePartial\n */\n tenant: string;\n /**\n * Course statuses\n * \n * - `NOT_YET_STARTED` Course has not yet started\n * - `IN_PROGRESS` Course is in progress\n * - `ENDED` Course has ended\n * - `CANCELLED` Course has been cancelled (before it started)\n * - `INTERRUPTED` Course has been interrupted (after it started)\n * \n * Currently only one of the statuses can be active at the same time, but\n * it is also possible that none of them are.\n * \n * Statuses can be added in the future, so the field is an array, and\n * implementation cannot make any assumptions that the requested status\n * would be always in index 0.\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n statuses: Array;\n /**\n * Course begins on date\n * @type {Date}\n * @memberof HellewiCoursePartial\n */\n begins?: Date;\n /**\n * Course ends on date\n * @type {Date}\n * @memberof HellewiCoursePartial\n */\n ends?: Date;\n /**\n * Registration begins on date/time\n * \n * null means that registration is not open\n * @type {Date}\n * @memberof HellewiCoursePartial\n */\n registrationbegins?: Date;\n /**\n * Registration ends on date/time, soft limit\n * \n * If this time is in the past, registrations are still accepted, but\n * user interfaces should show this field as time when registrations close\n * @type {Date}\n * @memberof HellewiCoursePartial\n */\n registrationendssoft?: Date;\n /**\n * Registration ends on date/time, hard limit\n * \n * null means that registration has no ending limit\n * @type {Date}\n * @memberof HellewiCoursePartial\n */\n registrationendshard?: Date;\n /**\n * Whether registration is open at the moment\n * \n * See rules in [Registration](#section/Registration)\n * @type {boolean}\n * @memberof HellewiCoursePartial\n */\n registrationopen?: boolean;\n /**\n * Teacher\n * @type {string}\n * @memberof HellewiCoursePartial\n */\n teacher?: string;\n /**\n * ECTS credits / opintopisteet\n * @type {number}\n * @memberof HellewiCoursePartial\n */\n ectscredits?: number;\n /**\n * Topical / ajankohtainen\n * \n * This course should be emphasized\n * @type {boolean}\n * @memberof HellewiCoursePartial\n */\n topical?: boolean;\n /**\n * Day(s) / kurssipäivät\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n days?: Array;\n /**\n * \n * @type {HellewiLocation}\n * @memberof HellewiCoursePartial\n */\n location?: HellewiLocation;\n /**\n * Notification\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n notifications?: Array;\n /**\n * Periods and terms / lukukaudet ja lukuvuodet\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n periods?: Array;\n /**\n * \n * @type {HellewiLanguage}\n * @memberof HellewiCoursePartial\n */\n language?: HellewiLanguage;\n /**\n * Tags\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n tags?: Array;\n /**\n * Prices\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n prices?: Array;\n /**\n * \n * @type {HellewiCourseMinimalParent}\n * @memberof HellewiCoursePartial\n */\n moduleparent?: HellewiCourseMinimalParent;\n /**\n * Child courses for a module parent course\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n modulechildren?: Array;\n /**\n * Catalog items\n * \n * Different item types are explained under [GetCatalog](#operation/GetCatalog)\n * response\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n catalogitems: Array;\n /**\n * \n * @type {HellewiAgeLimits}\n * @memberof HellewiCoursePartial\n */\n ageLimits?: HellewiAgeLimits;\n /**\n * Course products\n * @type {Array}\n * @memberof HellewiCoursePartial\n */\n courseProducts?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCoursePartial interface.\n */\nexport function instanceOfHellewiCoursePartial(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('tenant' in value)) return false;\n if (!('statuses' in value)) return false;\n if (!('catalogitems' in value)) return false;\n return true;\n}\n\nexport function HellewiCoursePartialFromJSON(json: any): HellewiCoursePartial {\n return HellewiCoursePartialFromJSONTyped(json, false);\n}\n\nexport function HellewiCoursePartialFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCoursePartial {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'code': json['code'] == null ? undefined : json['code'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'tenant': json['tenant'],\n 'statuses': ((json['statuses'] as Array).map(HellewiCourseStatusFromJSON)),\n 'begins': json['begins'] == null ? undefined : (new Date(json['begins'])),\n 'ends': json['ends'] == null ? undefined : (new Date(json['ends'])),\n 'registrationbegins': json['registrationbegins'] == null ? undefined : (new Date(json['registrationbegins'])),\n 'registrationendssoft': json['registrationendssoft'] == null ? undefined : (new Date(json['registrationendssoft'])),\n 'registrationendshard': json['registrationendshard'] == null ? undefined : (new Date(json['registrationendshard'])),\n 'registrationopen': json['registrationopen'] == null ? undefined : json['registrationopen'],\n 'teacher': json['teacher'] == null ? undefined : json['teacher'],\n 'ectscredits': json['ectscredits'] == null ? undefined : json['ectscredits'],\n 'topical': json['topical'] == null ? undefined : json['topical'],\n 'days': json['days'] == null ? undefined : ((json['days'] as Array).map(HellewiCourseDayFromJSON)),\n 'location': json['location'] == null ? undefined : HellewiLocationFromJSON(json['location']),\n 'notifications': json['notifications'] == null ? undefined : ((json['notifications'] as Array).map(HellewiCourseNotificationFromJSON)),\n 'periods': json['periods'] == null ? undefined : ((json['periods'] as Array).map(HellewiCoursePeriodFromJSON)),\n 'language': json['language'] == null ? undefined : HellewiLanguageFromJSON(json['language']),\n 'tags': json['tags'] == null ? undefined : ((json['tags'] as Array).map(HellewiTagFromJSON)),\n 'prices': json['prices'] == null ? undefined : ((json['prices'] as Array).map(HellewiCoursePriceFromJSON)),\n 'moduleparent': json['moduleparent'] == null ? undefined : HellewiCourseMinimalParentFromJSON(json['moduleparent']),\n 'modulechildren': json['modulechildren'] == null ? undefined : ((json['modulechildren'] as Array).map(HellewiCourseMinimalFromJSON)),\n 'catalogitems': ((json['catalogitems'] as Array).map(HellewiCatalogItemFromJSON)),\n 'ageLimits': json['ageLimits'] == null ? undefined : HellewiAgeLimitsFromJSON(json['ageLimits']),\n 'courseProducts': json['courseProducts'] == null ? undefined : ((json['courseProducts'] as Array).map(HellewiCourseProductFromJSON)),\n };\n}\n\nexport function HellewiCoursePartialToJSON(value?: HellewiCoursePartial | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'code': value['code'],\n 'name': value['name'],\n 'tenant': value['tenant'],\n 'statuses': ((value['statuses'] as Array).map(HellewiCourseStatusToJSON)),\n 'begins': value['begins'] == null ? undefined : ((value['begins']).toISOString().substring(0,10)),\n 'ends': value['ends'] == null ? undefined : ((value['ends']).toISOString().substring(0,10)),\n 'registrationbegins': value['registrationbegins'] == null ? undefined : ((value['registrationbegins']).toISOString()),\n 'registrationendssoft': value['registrationendssoft'] == null ? undefined : ((value['registrationendssoft']).toISOString()),\n 'registrationendshard': value['registrationendshard'] == null ? undefined : ((value['registrationendshard']).toISOString()),\n 'registrationopen': value['registrationopen'],\n 'teacher': value['teacher'],\n 'ectscredits': value['ectscredits'],\n 'topical': value['topical'],\n 'days': value['days'] == null ? undefined : ((value['days'] as Array).map(HellewiCourseDayToJSON)),\n 'location': HellewiLocationToJSON(value['location']),\n 'notifications': value['notifications'] == null ? undefined : ((value['notifications'] as Array).map(HellewiCourseNotificationToJSON)),\n 'periods': value['periods'] == null ? undefined : ((value['periods'] as Array).map(HellewiCoursePeriodToJSON)),\n 'language': HellewiLanguageToJSON(value['language']),\n 'tags': value['tags'] == null ? undefined : ((value['tags'] as Array).map(HellewiTagToJSON)),\n 'prices': value['prices'] == null ? undefined : ((value['prices'] as Array).map(HellewiCoursePriceToJSON)),\n 'moduleparent': HellewiCourseMinimalParentToJSON(value['moduleparent']),\n 'modulechildren': value['modulechildren'] == null ? undefined : ((value['modulechildren'] as Array).map(HellewiCourseMinimalToJSON)),\n 'catalogitems': ((value['catalogitems'] as Array).map(HellewiCatalogItemToJSON)),\n 'ageLimits': HellewiAgeLimitsToJSON(value['ageLimits']),\n 'courseProducts': value['courseProducts'] == null ? undefined : ((value['courseProducts'] as Array).map(HellewiCourseProductToJSON)),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiCatalogItem } from './HellewiCatalogItem';\nimport {\n HellewiCatalogItemFromJSON,\n HellewiCatalogItemFromJSONTyped,\n HellewiCatalogItemToJSON,\n} from './HellewiCatalogItem';\n\n/**\n * Catalog with all different CatalogItems grouped and sorted\n * @export\n * @interface HellewiCatalog\n */\nexport interface HellewiCatalog {\n [key: string]: any | any;\n /**\n * Department\n * \n * These are configurable by tenant, and they usually contain for example the\n * city which organizes the courses (e.g. Tampere, Ylöjärvi, Kuru, Viljakkala).\n * \n * Department, Category and Subject form a tree: a category's parent is always\n * a department (or undefined), and subject's parent is always a category\n * (or undefined).\n * @type {Array}\n * @memberof HellewiCatalog\n */\n department: Array;\n /**\n * Category\n * \n * Higher-level course categorisation. These are for example arts, languages,\n * health and such.\n * \n * These are also configurable by tenant, so different tenant's categories\n * are not comparable with each others.\n * \n * Category can have department as parent, and it can have multiple subjects\n * as children.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n category: Array;\n /**\n * Subject\n * \n * Lower-level course categorisation. These are for example English, French,\n * German under languages-category.\n * \n * Subject's parent is a category (if any).\n * @type {Array}\n * @memberof HellewiCatalog\n */\n subject: Array;\n /**\n * Course type\n * @type {Array}\n * @memberof HellewiCatalog\n */\n coursetype: Array;\n /**\n * Classification\n * \n * High level classification of courses. These are based on education sectors.\n * \n * These are static for all the tenants, and can be used when combining data\n * from multiple tenants.\n * \n * Education sectors are classified the following way (itcode and\n * educationsector's name):\n * \n * **1: Sports and wellness / Liikunta ja hyvinvointi / Motion och välmående**\n * \n * - 752 Liikunta ja urheilu\n * - 799 Muu sosiaali-, terveys- ja liikunta-alan koulutus\n * - 751 Terveysala ja hammashuolto\n * - 101 Vapaa-aika- ja nuorisotyö\n * \n * **2: Crafts / Käsityö / Hantverk**\n * \n * - 201 Käsi- ja taideteollisuus ja käden taidot\n * - 508 Tekstiili- ja vaatetusala\n * \n * **3: Languages / Kielet / Språk**\n * \n * - 10201 Kielitiede\n * - 10202 Suomi\n * - 10203 Ruotsi\n * - 10204 Englanti\n * - 10205 Saksa\n * - 10206 Ranska\n * - 10207 Venäjä\n * - 10208 Espanja\n * - 10209 Italia\n * - 10299 Muut kielet\n * \n * **4: Music / Musiikki / Musik**\n * \n * - 205 Musiikki\n * \n * **5: Arts / Kuvataide / Bildkonst och formgivning**\n * \n * - 206 Kuvataide\n * \n * **6: Dance and theater / Tanssi ja teatteri / Dans och teater**\n * \n * - 204 Teatteri ja tanssi\n * \n * **7: Technology and business / Tekniikka ja talous / Teknik och ekonomi**\n * \n * - 40201 Tietokoneen ajokorttikoulutus\n * - 40299 Muu tietotekniikan hyväksikäyttö\n * - 504 Tieto- ja tietoliikennetekniikka\n * - 505 Graafinen ja viestintätekniikka\n * - 202 Viestintä- ja informaatioala\n * - 301 Liiketalous ja kauppa\n * - 351 Yrittäjyys ja yrittäjyyskasvatus\n * - 302 Kansantalous\n * - 304 Tilastointi ja tilastotiede\n * - 401 Matematiikka\n * - 451 Fysiikka ja kemia sekä geo-, avaruus- ja tähtitiet\n * - 452 Biologia ja maantiede\n * - 499 Muu luonnontietteiden alan koulutus\n * - 501 Arkkitehtuuri ja rakentaminen\n * - 502 Kone-, metalli- ja energiatekniikka\n * - 503 Sähkö- ja automaatiotekniikka\n * - 506 Elintarvikeala ja biotekniikka\n * - 507 Prosessi-, kemian ja materiaalitekniikka\n * - 509 Ajoneuvo- ja kuljetusala\n * - 510 Tuotantotalous\n * - 599 Muu tekniikan ja liikenteen alan koulutus\n * \n * **8: Society and humanities / Yhteiskunta ja humanismi / Samhälle och humaniora**\n * \n * - 203 Kirjallisuus\n * - 207 Kulttuurin- ja taiteiden tutkimus\n * - 151 Opetus- ja kasvatustyö ja psykologia\n * - 103 Historia ja arkeologia\n * - 199 Muu humanistisen ja kasvatusalan koulutus\n * - 399 Muu yhteiskunnallisten aineiden, liiketalouden ja\n * - 104 Filosofia\n * - 107 Teologia\n * - 305 Sosiaalitieteet\n * - 306 Politiikka ja politiikkatieteet\n * - 307 Oikeuskäytäntö ja oikeustieteet\n * \n * **9: Nature and environment / Luonto ja ympäristö / natur och miljö**\n * \n * - 602 Puutarhatalous ja puutarhanhoito\n * - 605 Luonto- ja ympäristöala\n * - 651 Maatila- ja metsätalous\n * - 603 Kalatalous ja kalastus\n * - 699 Muu luonnonvara- ja ympäristöalan koulutus\n * \n * **10: Food, drink and travel / Ruoka, juoma ja matkailu / Mat, dryck och resor**\n * \n * - 802 Majoitus- ja ravitsemisala sekä ruoan valmistus\n * - 851 Kotitalous- ja kuluttajapalvelut sekä puhdistus\n * - 801 Matkailuala\n * - 899 Muu matkailu-, ravitsemis- ja talousalan koulutus\n * \n * **99: Others / Muut / Övriga**\n * \n * - 999 Muu koulutus\n * - 99 Muu yleissivistävä koulutus\n * - 2 Perusopetus\n * - 3 Lukiokoulutus\n * - 51 Oppimisvalmiuksien kehittäminen ja motivointi\n * - 299 Muu kulttuurialan koulutus\n * - 30301 Kansalais- ja järjestötoiminta\n * - 30399 Muu hallinnon alan koulutus\n * - 701 Sosiaaliala\n * - 753 Farmasia ja muu lääkehuolto sekä tekniset terveysp\n * - 709 Eläinlääketiede\n * - 710 Kauneudenhoitoala\n * - 901 Sotilas- ja rajavartioala\n * - 902 Palo- ja pelastusala\n * - 951 Poliisi- ja vartiointiala\n * @type {Array}\n * @memberof HellewiCatalog\n */\n classification: Array;\n /**\n * Education sector (koulutusala)\n * \n * Lower level course categorisation. This follows the Statistics Finland's\n * [National Classification of Education](https://www.stat.fi/fi/luokitukset/koulutus),\n * although an older version of it.\n * \n * Education sector's parent is a classification\n * @type {Array}\n * @memberof HellewiCatalog\n */\n educationsector: Array;\n /**\n * Education type\n * @type {Array}\n * @memberof HellewiCatalog\n */\n educationtype: Array;\n /**\n * Level of study\n * \n * These are levels for how courses compare with each others, e.g. beginner,\n * intermediate, advanced. For language courses for example, the level of\n * study can follow CEFR levels A1, A2, B1, etc.\n * \n * These are configurable by the tenant, so different tenant's categories are\n * not comparable with each others.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n levelofstudy: Array;\n /**\n * Teaching format\n * \n * Teaching format of the course.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n teachingformat: Array;\n /**\n * Language\n * \n * Language used in the course.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n language: Array;\n /**\n * Location\n * \n * Where course is held.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n location: Array;\n /**\n * Locationgroup\n * \n * Where course is held.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n locationgroup: Array;\n /**\n * Term (lukuvuosi)\n * \n * Years in education usually start in the autumn and continue until summer.\n * Term is this time period, usually divided into autumn and spring semesters\n * (catalog item period).\n * @type {Array}\n * @memberof HellewiCatalog\n */\n term: Array;\n /**\n * Period (lukukausi)\n * \n * Courses usually have a certain period during which they are held. There are\n * usually two periods during a term: autumn and spring (syys- ja kevätlukukausi).\n * \n * Period's parent is a term.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n period: Array;\n /**\n * Tag\n * \n * Custom tag for a course, these can be defined by the tenant.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n tag: Array;\n /**\n * Tenant\n * \n * Tenant that is organizing the courses. This makes only in multi-tenant context,\n * in single-tenant there will be only one tenant here.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n tenant: Array;\n /**\n * Unit\n * \n * Unit that is organizing the course.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n unit: Array;\n /**\n * Weekday\n * \n * On which day(s) the course is held.\n * @type {Array}\n * @memberof HellewiCatalog\n */\n weekday: Array;\n /**\n * Date\n * \n * Filters for courses dates\n * @type {Array}\n * @memberof HellewiCatalog\n */\n date: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCatalog interface.\n */\nexport function instanceOfHellewiCatalog(value: object): boolean {\n if (!('department' in value)) return false;\n if (!('category' in value)) return false;\n if (!('subject' in value)) return false;\n if (!('coursetype' in value)) return false;\n if (!('classification' in value)) return false;\n if (!('educationsector' in value)) return false;\n if (!('educationtype' in value)) return false;\n if (!('levelofstudy' in value)) return false;\n if (!('teachingformat' in value)) return false;\n if (!('language' in value)) return false;\n if (!('location' in value)) return false;\n if (!('locationgroup' in value)) return false;\n if (!('term' in value)) return false;\n if (!('period' in value)) return false;\n if (!('tag' in value)) return false;\n if (!('tenant' in value)) return false;\n if (!('unit' in value)) return false;\n if (!('weekday' in value)) return false;\n if (!('date' in value)) return false;\n return true;\n}\n\nexport function HellewiCatalogFromJSON(json: any): HellewiCatalog {\n return HellewiCatalogFromJSONTyped(json, false);\n}\n\nexport function HellewiCatalogFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCatalog {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'department': ((json['department'] as Array).map(HellewiCatalogItemFromJSON)),\n 'category': ((json['category'] as Array).map(HellewiCatalogItemFromJSON)),\n 'subject': ((json['subject'] as Array).map(HellewiCatalogItemFromJSON)),\n 'coursetype': ((json['coursetype'] as Array).map(HellewiCatalogItemFromJSON)),\n 'classification': ((json['classification'] as Array).map(HellewiCatalogItemFromJSON)),\n 'educationsector': ((json['educationsector'] as Array).map(HellewiCatalogItemFromJSON)),\n 'educationtype': ((json['educationtype'] as Array).map(HellewiCatalogItemFromJSON)),\n 'levelofstudy': ((json['levelofstudy'] as Array).map(HellewiCatalogItemFromJSON)),\n 'teachingformat': ((json['teachingformat'] as Array).map(HellewiCatalogItemFromJSON)),\n 'language': ((json['language'] as Array).map(HellewiCatalogItemFromJSON)),\n 'location': ((json['location'] as Array).map(HellewiCatalogItemFromJSON)),\n 'locationgroup': ((json['locationgroup'] as Array).map(HellewiCatalogItemFromJSON)),\n 'term': ((json['term'] as Array).map(HellewiCatalogItemFromJSON)),\n 'period': ((json['period'] as Array).map(HellewiCatalogItemFromJSON)),\n 'tag': ((json['tag'] as Array).map(HellewiCatalogItemFromJSON)),\n 'tenant': ((json['tenant'] as Array).map(HellewiCatalogItemFromJSON)),\n 'unit': ((json['unit'] as Array).map(HellewiCatalogItemFromJSON)),\n 'weekday': ((json['weekday'] as Array).map(HellewiCatalogItemFromJSON)),\n 'date': ((json['date'] as Array).map(HellewiCatalogItemFromJSON)),\n };\n}\n\nexport function HellewiCatalogToJSON(value?: HellewiCatalog | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'department': ((value['department'] as Array).map(HellewiCatalogItemToJSON)),\n 'category': ((value['category'] as Array).map(HellewiCatalogItemToJSON)),\n 'subject': ((value['subject'] as Array).map(HellewiCatalogItemToJSON)),\n 'coursetype': ((value['coursetype'] as Array).map(HellewiCatalogItemToJSON)),\n 'classification': ((value['classification'] as Array).map(HellewiCatalogItemToJSON)),\n 'educationsector': ((value['educationsector'] as Array).map(HellewiCatalogItemToJSON)),\n 'educationtype': ((value['educationtype'] as Array).map(HellewiCatalogItemToJSON)),\n 'levelofstudy': ((value['levelofstudy'] as Array).map(HellewiCatalogItemToJSON)),\n 'teachingformat': ((value['teachingformat'] as Array).map(HellewiCatalogItemToJSON)),\n 'language': ((value['language'] as Array).map(HellewiCatalogItemToJSON)),\n 'location': ((value['location'] as Array).map(HellewiCatalogItemToJSON)),\n 'locationgroup': ((value['locationgroup'] as Array).map(HellewiCatalogItemToJSON)),\n 'term': ((value['term'] as Array).map(HellewiCatalogItemToJSON)),\n 'period': ((value['period'] as Array).map(HellewiCatalogItemToJSON)),\n 'tag': ((value['tag'] as Array).map(HellewiCatalogItemToJSON)),\n 'tenant': ((value['tenant'] as Array).map(HellewiCatalogItemToJSON)),\n 'unit': ((value['unit'] as Array).map(HellewiCatalogItemToJSON)),\n 'weekday': ((value['weekday'] as Array).map(HellewiCatalogItemToJSON)),\n 'date': ((value['date'] as Array).map(HellewiCatalogItemToJSON)),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * Settings for showing catalog in user interface\n * @export\n * @interface HellewiCatalogSettingsEnabledCatalogItemTypes\n */\nexport interface HellewiCatalogSettingsEnabledCatalogItemTypes {\n [key: string]: any | any;\n /**\n * Department catalog items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n department: boolean;\n /**\n * Category catalog items should be shown as a single list\n * \n * I.e. select only the category catalog items with parent: null\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n category: boolean;\n /**\n * Category and subject catalog items should be shown as a tree\n * \n * Categories with parent: null and subjects with each respective\n * category as parent.\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n categorysubject: boolean;\n /**\n * Course type\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n coursetype: boolean;\n /**\n * Education type\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n educationtype: boolean;\n /**\n * Category catalog items should be shown as a single list\n * \n * I.e. select only the category catalog items with parent: null\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n subject: boolean;\n /**\n * Location catalog items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n location: boolean;\n /**\n * Locationgroup catalog items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n locationgroup: boolean;\n /**\n * Period catalog items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n period: boolean;\n /**\n * Weekday catalog items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n weekday: boolean;\n /**\n * Custom course tags should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n tag: boolean;\n /**\n * Education sectors should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n educationsector: boolean;\n /**\n * Level of study items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n levelofstudy: boolean;\n /**\n * Teaching format items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n teachingformat: boolean;\n /**\n * Language items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n language: boolean;\n /**\n * Unit items should be shown as a single list\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n unit: boolean;\n /**\n * Date items should be shown as a single list of date inputs\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n date: boolean;\n /**\n * Coursebeginning should be shown as a checkbox\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n coursesbeginning: boolean;\n /**\n * Registrationopen should be shown as a checkbox\n * @type {boolean}\n * @memberof HellewiCatalogSettingsEnabledCatalogItemTypes\n */\n registrationopen: boolean;\n}\n\n/**\n * Check if a given object implements the HellewiCatalogSettingsEnabledCatalogItemTypes interface.\n */\nexport function instanceOfHellewiCatalogSettingsEnabledCatalogItemTypes(value: object): boolean {\n if (!('department' in value)) return false;\n if (!('category' in value)) return false;\n if (!('categorysubject' in value)) return false;\n if (!('coursetype' in value)) return false;\n if (!('educationtype' in value)) return false;\n if (!('subject' in value)) return false;\n if (!('location' in value)) return false;\n if (!('locationgroup' in value)) return false;\n if (!('period' in value)) return false;\n if (!('weekday' in value)) return false;\n if (!('tag' in value)) return false;\n if (!('educationsector' in value)) return false;\n if (!('levelofstudy' in value)) return false;\n if (!('teachingformat' in value)) return false;\n if (!('language' in value)) return false;\n if (!('unit' in value)) return false;\n if (!('date' in value)) return false;\n if (!('coursesbeginning' in value)) return false;\n if (!('registrationopen' in value)) return false;\n return true;\n}\n\nexport function HellewiCatalogSettingsEnabledCatalogItemTypesFromJSON(json: any): HellewiCatalogSettingsEnabledCatalogItemTypes {\n return HellewiCatalogSettingsEnabledCatalogItemTypesFromJSONTyped(json, false);\n}\n\nexport function HellewiCatalogSettingsEnabledCatalogItemTypesFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCatalogSettingsEnabledCatalogItemTypes {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'department': json['department'],\n 'category': json['category'],\n 'categorysubject': json['categorysubject'],\n 'coursetype': json['coursetype'],\n 'educationtype': json['educationtype'],\n 'subject': json['subject'],\n 'location': json['location'],\n 'locationgroup': json['locationgroup'],\n 'period': json['period'],\n 'weekday': json['weekday'],\n 'tag': json['tag'],\n 'educationsector': json['educationsector'],\n 'levelofstudy': json['levelofstudy'],\n 'teachingformat': json['teachingformat'],\n 'language': json['language'],\n 'unit': json['unit'],\n 'date': json['date'],\n 'coursesbeginning': json['coursesbeginning'],\n 'registrationopen': json['registrationopen'],\n };\n}\n\nexport function HellewiCatalogSettingsEnabledCatalogItemTypesToJSON(value?: HellewiCatalogSettingsEnabledCatalogItemTypes | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'department': value['department'],\n 'category': value['category'],\n 'categorysubject': value['categorysubject'],\n 'coursetype': value['coursetype'],\n 'educationtype': value['educationtype'],\n 'subject': value['subject'],\n 'location': value['location'],\n 'locationgroup': value['locationgroup'],\n 'period': value['period'],\n 'weekday': value['weekday'],\n 'tag': value['tag'],\n 'educationsector': value['educationsector'],\n 'levelofstudy': value['levelofstudy'],\n 'teachingformat': value['teachingformat'],\n 'language': value['language'],\n 'unit': value['unit'],\n 'date': value['date'],\n 'coursesbeginning': value['coursesbeginning'],\n 'registrationopen': value['registrationopen'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { CourseSortOrder } from './CourseSortOrder';\nimport {\n CourseSortOrderFromJSON,\n CourseSortOrderFromJSONTyped,\n CourseSortOrderToJSON,\n} from './CourseSortOrder';\nimport type { HellewiCatalogSettingsEnabledCatalogItemTypes } from './HellewiCatalogSettingsEnabledCatalogItemTypes';\nimport {\n HellewiCatalogSettingsEnabledCatalogItemTypesFromJSON,\n HellewiCatalogSettingsEnabledCatalogItemTypesFromJSONTyped,\n HellewiCatalogSettingsEnabledCatalogItemTypesToJSON,\n} from './HellewiCatalogSettingsEnabledCatalogItemTypes';\n\n/**\n * \n * @export\n * @interface HellewiCatalogSettings\n */\nexport interface HellewiCatalogSettings {\n [key: string]: any | any;\n /**\n * \n * @type {HellewiCatalogSettingsEnabledCatalogItemTypes}\n * @memberof HellewiCatalogSettings\n */\n enabledcatalogitemtypes: HellewiCatalogSettingsEnabledCatalogItemTypes;\n /**\n * \n * @type {CourseSortOrder}\n * @memberof HellewiCatalogSettings\n */\n defaultCourseSortOrder?: CourseSortOrder;\n}\n\n/**\n * Check if a given object implements the HellewiCatalogSettings interface.\n */\nexport function instanceOfHellewiCatalogSettings(value: object): boolean {\n if (!('enabledcatalogitemtypes' in value)) return false;\n return true;\n}\n\nexport function HellewiCatalogSettingsFromJSON(json: any): HellewiCatalogSettings {\n return HellewiCatalogSettingsFromJSONTyped(json, false);\n}\n\nexport function HellewiCatalogSettingsFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCatalogSettings {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'enabledcatalogitemtypes': HellewiCatalogSettingsEnabledCatalogItemTypesFromJSON(json['enabledcatalogitemtypes']),\n 'defaultCourseSortOrder': json['defaultCourseSortOrder'] == null ? undefined : CourseSortOrderFromJSON(json['defaultCourseSortOrder']),\n };\n}\n\nexport function HellewiCatalogSettingsToJSON(value?: HellewiCatalogSettings | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'enabledcatalogitemtypes': HellewiCatalogSettingsEnabledCatalogItemTypesToJSON(value['enabledcatalogitemtypes']),\n 'defaultCourseSortOrder': CourseSortOrderToJSON(value['defaultCourseSortOrder']),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiFile\n */\nexport interface HellewiFile {\n [key: string]: any | any;\n /**\n * Url for the file\n * @type {string}\n * @memberof HellewiFile\n */\n url: string;\n /**\n * File type\n * @type {string}\n * @memberof HellewiFile\n */\n contentType: string;\n /**\n * File text\n * @type {string}\n * @memberof HellewiFile\n */\n alt?: string;\n}\n\n/**\n * Check if a given object implements the HellewiFile interface.\n */\nexport function instanceOfHellewiFile(value: object): boolean {\n if (!('url' in value)) return false;\n if (!('contentType' in value)) return false;\n return true;\n}\n\nexport function HellewiFileFromJSON(json: any): HellewiFile {\n return HellewiFileFromJSONTyped(json, false);\n}\n\nexport function HellewiFileFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiFile {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'url': json['url'],\n 'contentType': json['contentType'],\n 'alt': json['alt'] == null ? undefined : json['alt'],\n };\n}\n\nexport function HellewiFileToJSON(value?: HellewiFile | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'url': value['url'],\n 'contentType': value['contentType'],\n 'alt': value['alt'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiImage\n */\nexport interface HellewiImage {\n [key: string]: any | any;\n /**\n * Url for the image\n * @type {string}\n * @memberof HellewiImage\n */\n url: string;\n /**\n * Image type\n * @type {string}\n * @memberof HellewiImage\n */\n contentType: string;\n /**\n * Alt text for the image\n * @type {string}\n * @memberof HellewiImage\n */\n alt?: string;\n}\n\n/**\n * Check if a given object implements the HellewiImage interface.\n */\nexport function instanceOfHellewiImage(value: object): boolean {\n if (!('url' in value)) return false;\n if (!('contentType' in value)) return false;\n return true;\n}\n\nexport function HellewiImageFromJSON(json: any): HellewiImage {\n return HellewiImageFromJSONTyped(json, false);\n}\n\nexport function HellewiImageFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiImage {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'url': json['url'],\n 'contentType': json['contentType'],\n 'alt': json['alt'] == null ? undefined : json['alt'],\n };\n}\n\nexport function HellewiImageToJSON(value?: HellewiImage | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'url': value['url'],\n 'contentType': value['contentType'],\n 'alt': value['alt'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * Participant count in a single course\n * \n * Optional fields will always be there if global parameter\n * registrationsettings.showseatcount is set to true, or if\n * course parameter showplacecount is set to true\n * @export\n * @interface HellewiParticipantCount\n */\nexport interface HellewiParticipantCount {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiParticipantCount\n */\n id: string;\n /**\n * Course is almost full: less than 10% of places available\n * @type {boolean}\n * @memberof HellewiParticipantCount\n */\n almostfull: boolean;\n /**\n * Course is full\n * \n * You might still be able to register for queueing\n * @type {boolean}\n * @memberof HellewiParticipantCount\n */\n full: boolean;\n /**\n * Maximum number of participants\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n max?: number;\n /**\n * Available places for registration\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n available?: number;\n /**\n * How many times course can be added to cart\n * \n * undefined if there is no limit\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n cartlimit?: number;\n /**\n * Minimum number of participants\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n min?: number;\n /**\n * Actual registrations\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n registrations?: number;\n /**\n * Registration is open\n * @type {boolean}\n * @memberof HellewiParticipantCount\n */\n registrationopen: boolean;\n /**\n * Spares are full\n * @type {boolean}\n * @memberof HellewiParticipantCount\n */\n sparefull: boolean;\n /**\n * Participants queuing for available places\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n spare?: number;\n /**\n * Number of places available in queue\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n spareavailable?: number;\n /**\n * Maximum number of participants in queue\n * @type {number}\n * @memberof HellewiParticipantCount\n */\n sparemax?: number;\n}\n\n/**\n * Check if a given object implements the HellewiParticipantCount interface.\n */\nexport function instanceOfHellewiParticipantCount(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('almostfull' in value)) return false;\n if (!('full' in value)) return false;\n if (!('registrationopen' in value)) return false;\n if (!('sparefull' in value)) return false;\n return true;\n}\n\nexport function HellewiParticipantCountFromJSON(json: any): HellewiParticipantCount {\n return HellewiParticipantCountFromJSONTyped(json, false);\n}\n\nexport function HellewiParticipantCountFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiParticipantCount {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'almostfull': json['almostfull'],\n 'full': json['full'],\n 'max': json['max'] == null ? undefined : json['max'],\n 'available': json['available'] == null ? undefined : json['available'],\n 'cartlimit': json['cartlimit'] == null ? undefined : json['cartlimit'],\n 'min': json['min'] == null ? undefined : json['min'],\n 'registrations': json['registrations'] == null ? undefined : json['registrations'],\n 'registrationopen': json['registrationopen'],\n 'sparefull': json['sparefull'],\n 'spare': json['spare'] == null ? undefined : json['spare'],\n 'spareavailable': json['spareavailable'] == null ? undefined : json['spareavailable'],\n 'sparemax': json['sparemax'] == null ? undefined : json['sparemax'],\n };\n}\n\nexport function HellewiParticipantCountToJSON(value?: HellewiParticipantCount | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'almostfull': value['almostfull'],\n 'full': value['full'],\n 'max': value['max'],\n 'available': value['available'],\n 'cartlimit': value['cartlimit'],\n 'min': value['min'],\n 'registrations': value['registrations'],\n 'registrationopen': value['registrationopen'],\n 'sparefull': value['sparefull'],\n 'spare': value['spare'],\n 'spareavailable': value['spareavailable'],\n 'sparemax': value['sparemax'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiAgeLimits } from './HellewiAgeLimits';\nimport {\n HellewiAgeLimitsFromJSON,\n HellewiAgeLimitsFromJSONTyped,\n HellewiAgeLimitsToJSON,\n} from './HellewiAgeLimits';\nimport type { HellewiCatalogItem } from './HellewiCatalogItem';\nimport {\n HellewiCatalogItemFromJSON,\n HellewiCatalogItemFromJSONTyped,\n HellewiCatalogItemToJSON,\n} from './HellewiCatalogItem';\nimport type { HellewiCourseDay } from './HellewiCourseDay';\nimport {\n HellewiCourseDayFromJSON,\n HellewiCourseDayFromJSONTyped,\n HellewiCourseDayToJSON,\n} from './HellewiCourseDay';\nimport type { HellewiCourseLesson } from './HellewiCourseLesson';\nimport {\n HellewiCourseLessonFromJSON,\n HellewiCourseLessonFromJSONTyped,\n HellewiCourseLessonToJSON,\n} from './HellewiCourseLesson';\nimport type { HellewiCourseNotification } from './HellewiCourseNotification';\nimport {\n HellewiCourseNotificationFromJSON,\n HellewiCourseNotificationFromJSONTyped,\n HellewiCourseNotificationToJSON,\n} from './HellewiCourseNotification';\nimport type { HellewiCoursePartial } from './HellewiCoursePartial';\nimport {\n HellewiCoursePartialFromJSON,\n HellewiCoursePartialFromJSONTyped,\n HellewiCoursePartialToJSON,\n} from './HellewiCoursePartial';\nimport type { HellewiCoursePeriod } from './HellewiCoursePeriod';\nimport {\n HellewiCoursePeriodFromJSON,\n HellewiCoursePeriodFromJSONTyped,\n HellewiCoursePeriodToJSON,\n} from './HellewiCoursePeriod';\nimport type { HellewiCoursePrice } from './HellewiCoursePrice';\nimport {\n HellewiCoursePriceFromJSON,\n HellewiCoursePriceFromJSONTyped,\n HellewiCoursePriceToJSON,\n} from './HellewiCoursePrice';\nimport type { HellewiCourseProduct } from './HellewiCourseProduct';\nimport {\n HellewiCourseProductFromJSON,\n HellewiCourseProductFromJSONTyped,\n HellewiCourseProductToJSON,\n} from './HellewiCourseProduct';\nimport type { HellewiCourseStatus } from './HellewiCourseStatus';\nimport {\n HellewiCourseStatusFromJSON,\n HellewiCourseStatusFromJSONTyped,\n HellewiCourseStatusToJSON,\n} from './HellewiCourseStatus';\nimport type { HellewiFile } from './HellewiFile';\nimport {\n HellewiFileFromJSON,\n HellewiFileFromJSONTyped,\n HellewiFileToJSON,\n} from './HellewiFile';\nimport type { HellewiImage } from './HellewiImage';\nimport {\n HellewiImageFromJSON,\n HellewiImageFromJSONTyped,\n HellewiImageToJSON,\n} from './HellewiImage';\nimport type { HellewiLanguage } from './HellewiLanguage';\nimport {\n HellewiLanguageFromJSON,\n HellewiLanguageFromJSONTyped,\n HellewiLanguageToJSON,\n} from './HellewiLanguage';\nimport type { HellewiLocation } from './HellewiLocation';\nimport {\n HellewiLocationFromJSON,\n HellewiLocationFromJSONTyped,\n HellewiLocationToJSON,\n} from './HellewiLocation';\nimport type { HellewiParticipantCount } from './HellewiParticipantCount';\nimport {\n HellewiParticipantCountFromJSON,\n HellewiParticipantCountFromJSONTyped,\n HellewiParticipantCountToJSON,\n} from './HellewiParticipantCount';\nimport type { HellewiTag } from './HellewiTag';\nimport {\n HellewiTagFromJSON,\n HellewiTagFromJSONTyped,\n HellewiTagToJSON,\n} from './HellewiTag';\n\n/**\n * \n * @export\n * @interface HellewiCourse\n */\nexport interface HellewiCourse {\n [key: string]: any | any;\n /**\n * Course ID\n * \n * This is either\n * - a number as string (single-tenant endpoints, e.g. `'3'`)\n * - string with tenant id (in lowercase) and course id number (multi-tenant\n * endpoints, e.g. `'demo.opistopalvelut.fi-3'`)\n * \n * Validation pattern: `^(?:[a-z0-9-.]+-)?[0-9]+$`\n * @type {string}\n * @memberof HellewiCourse\n */\n id: string;\n /**\n * Code / koodi\n * @type {string}\n * @memberof HellewiCourse\n */\n code?: string;\n /**\n * Name\n * @type {string}\n * @memberof HellewiCourse\n */\n name?: string;\n /**\n * Tenant\n * @type {string}\n * @memberof HellewiCourse\n */\n tenant: string;\n /**\n * Course statuses\n * \n * - `NOT_YET_STARTED` Course has not yet started\n * - `IN_PROGRESS` Course is in progress\n * - `ENDED` Course has ended\n * - `CANCELLED` Course has been cancelled (before it started)\n * - `INTERRUPTED` Course has been interrupted (after it started)\n * \n * Currently only one of the statuses can be active at the same time, but\n * it is also possible that none of them are.\n * \n * Statuses can be added in the future, so the field is an array, and\n * implementation cannot make any assumptions that the requested status\n * would be always in index 0.\n * @type {Array}\n * @memberof HellewiCourse\n */\n statuses: Array;\n /**\n * Course begins on date\n * @type {Date}\n * @memberof HellewiCourse\n */\n begins?: Date;\n /**\n * Course ends on date\n * @type {Date}\n * @memberof HellewiCourse\n */\n ends?: Date;\n /**\n * Registration begins on date/time\n * \n * null means that registration is not open\n * @type {Date}\n * @memberof HellewiCourse\n */\n registrationbegins?: Date;\n /**\n * Registration ends on date/time, soft limit\n * \n * If this time is in the past, registrations are still accepted, but\n * user interfaces should show this field as time when registrations close\n * @type {Date}\n * @memberof HellewiCourse\n */\n registrationendssoft?: Date;\n /**\n * Registration ends on date/time, hard limit\n * \n * null means that registration has no ending limit\n * @type {Date}\n * @memberof HellewiCourse\n */\n registrationendshard?: Date;\n /**\n * Whether registration is open at the moment\n * \n * See rules in [Registration](#section/Registration)\n * @type {boolean}\n * @memberof HellewiCourse\n */\n registrationopen?: boolean;\n /**\n * Teacher\n * @type {string}\n * @memberof HellewiCourse\n */\n teacher?: string;\n /**\n * ECTS credits / opintopisteet\n * @type {number}\n * @memberof HellewiCourse\n */\n ectscredits?: number;\n /**\n * Topical / ajankohtainen\n * \n * This course should be emphasized\n * @type {boolean}\n * @memberof HellewiCourse\n */\n topical?: boolean;\n /**\n * Day(s) / kurssipäivät\n * @type {Array}\n * @memberof HellewiCourse\n */\n days?: Array;\n /**\n * \n * @type {HellewiLocation}\n * @memberof HellewiCourse\n */\n location?: HellewiLocation;\n /**\n * Notification\n * @type {Array}\n * @memberof HellewiCourse\n */\n notifications?: Array;\n /**\n * Periods and terms / lukukaudet ja lukuvuodet\n * @type {Array}\n * @memberof HellewiCourse\n */\n periods?: Array;\n /**\n * \n * @type {HellewiLanguage}\n * @memberof HellewiCourse\n */\n language?: HellewiLanguage;\n /**\n * Tags\n * @type {Array}\n * @memberof HellewiCourse\n */\n tags?: Array;\n /**\n * Prices\n * @type {Array}\n * @memberof HellewiCourse\n */\n prices?: Array;\n /**\n * \n * @type {HellewiCoursePartial}\n * @memberof HellewiCourse\n */\n moduleparent?: HellewiCoursePartial;\n /**\n * Child courses for a module parent course\n * @type {Array}\n * @memberof HellewiCourse\n */\n modulechildren?: Array;\n /**\n * Catalog items\n * \n * Different item types are explained under [GetCatalog](#operation/GetCatalog)\n * response\n * @type {Array}\n * @memberof HellewiCourse\n */\n catalogitems: Array;\n /**\n * \n * @type {HellewiAgeLimits}\n * @memberof HellewiCourse\n */\n ageLimits?: HellewiAgeLimits;\n /**\n * Course products\n * @type {Array}\n * @memberof HellewiCourse\n */\n courseProducts?: Array;\n /**\n * \n * @type {HellewiCatalogItem}\n * @memberof HellewiCourse\n */\n department?: HellewiCatalogItem;\n /**\n * \n * @type {HellewiCatalogItem}\n * @memberof HellewiCourse\n */\n category?: HellewiCatalogItem;\n /**\n * \n * @type {HellewiCatalogItem}\n * @memberof HellewiCourse\n */\n subject?: HellewiCatalogItem;\n /**\n * Description\n * @type {string}\n * @memberof HellewiCourse\n */\n description?: string;\n /**\n * Additionalinfo\n * @type {string}\n * @memberof HellewiCourse\n */\n additionalinfo?: string;\n /**\n * Ask about the course / kysy kurssista\n * @type {string}\n * @memberof HellewiCourse\n */\n askabout?: string;\n /**\n * Learningobjectives\n * @type {string}\n * @memberof HellewiCourse\n */\n learningobjectives?: string;\n /**\n * Evaluationcriteria\n * @type {string}\n * @memberof HellewiCourse\n */\n evaluationcriteria?: string;\n /**\n * Keywords that can be used to match filters\n * @type {Array}\n * @memberof HellewiCourse\n */\n keywords?: Array;\n /**\n * Lessons\n * @type {Array}\n * @memberof HellewiCourse\n */\n lessons?: Array;\n /**\n * Metakeywords\n * @type {string}\n * @memberof HellewiCourse\n */\n metakeywords?: string;\n /**\n * \n * @type {HellewiParticipantCount}\n * @memberof HellewiCourse\n */\n participantcount?: HellewiParticipantCount;\n /**\n * Link for course registration\n * \n * This opens Hellewi registration application registration form with this\n * course added to cart.\n * @type {string}\n * @memberof HellewiCourse\n */\n registrationlink?: string;\n /**\n * Files\n * @type {Array}\n * @memberof HellewiCourse\n */\n files?: Array;\n /**\n * Images\n * @type {Array}\n * @memberof HellewiCourse\n */\n images?: Array;\n}\n\n/**\n * Check if a given object implements the HellewiCourse interface.\n */\nexport function instanceOfHellewiCourse(value: object): boolean {\n if (!('id' in value)) return false;\n if (!('tenant' in value)) return false;\n if (!('statuses' in value)) return false;\n if (!('catalogitems' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseFromJSON(json: any): HellewiCourse {\n return HellewiCourseFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourse {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'id': json['id'],\n 'code': json['code'] == null ? undefined : json['code'],\n 'name': json['name'] == null ? undefined : json['name'],\n 'tenant': json['tenant'],\n 'statuses': ((json['statuses'] as Array).map(HellewiCourseStatusFromJSON)),\n 'begins': json['begins'] == null ? undefined : (new Date(json['begins'])),\n 'ends': json['ends'] == null ? undefined : (new Date(json['ends'])),\n 'registrationbegins': json['registrationbegins'] == null ? undefined : (new Date(json['registrationbegins'])),\n 'registrationendssoft': json['registrationendssoft'] == null ? undefined : (new Date(json['registrationendssoft'])),\n 'registrationendshard': json['registrationendshard'] == null ? undefined : (new Date(json['registrationendshard'])),\n 'registrationopen': json['registrationopen'] == null ? undefined : json['registrationopen'],\n 'teacher': json['teacher'] == null ? undefined : json['teacher'],\n 'ectscredits': json['ectscredits'] == null ? undefined : json['ectscredits'],\n 'topical': json['topical'] == null ? undefined : json['topical'],\n 'days': json['days'] == null ? undefined : ((json['days'] as Array).map(HellewiCourseDayFromJSON)),\n 'location': json['location'] == null ? undefined : HellewiLocationFromJSON(json['location']),\n 'notifications': json['notifications'] == null ? undefined : ((json['notifications'] as Array).map(HellewiCourseNotificationFromJSON)),\n 'periods': json['periods'] == null ? undefined : ((json['periods'] as Array).map(HellewiCoursePeriodFromJSON)),\n 'language': json['language'] == null ? undefined : HellewiLanguageFromJSON(json['language']),\n 'tags': json['tags'] == null ? undefined : ((json['tags'] as Array).map(HellewiTagFromJSON)),\n 'prices': json['prices'] == null ? undefined : ((json['prices'] as Array).map(HellewiCoursePriceFromJSON)),\n 'moduleparent': json['moduleparent'] == null ? undefined : HellewiCoursePartialFromJSON(json['moduleparent']),\n 'modulechildren': json['modulechildren'] == null ? undefined : ((json['modulechildren'] as Array).map(HellewiCoursePartialFromJSON)),\n 'catalogitems': ((json['catalogitems'] as Array).map(HellewiCatalogItemFromJSON)),\n 'ageLimits': json['ageLimits'] == null ? undefined : HellewiAgeLimitsFromJSON(json['ageLimits']),\n 'courseProducts': json['courseProducts'] == null ? undefined : ((json['courseProducts'] as Array).map(HellewiCourseProductFromJSON)),\n 'department': json['department'] == null ? undefined : HellewiCatalogItemFromJSON(json['department']),\n 'category': json['category'] == null ? undefined : HellewiCatalogItemFromJSON(json['category']),\n 'subject': json['subject'] == null ? undefined : HellewiCatalogItemFromJSON(json['subject']),\n 'description': json['description'] == null ? undefined : json['description'],\n 'additionalinfo': json['additionalinfo'] == null ? undefined : json['additionalinfo'],\n 'askabout': json['askabout'] == null ? undefined : json['askabout'],\n 'learningobjectives': json['learningobjectives'] == null ? undefined : json['learningobjectives'],\n 'evaluationcriteria': json['evaluationcriteria'] == null ? undefined : json['evaluationcriteria'],\n 'keywords': json['keywords'] == null ? undefined : json['keywords'],\n 'lessons': json['lessons'] == null ? undefined : ((json['lessons'] as Array).map(HellewiCourseLessonFromJSON)),\n 'metakeywords': json['metakeywords'] == null ? undefined : json['metakeywords'],\n 'participantcount': json['participantcount'] == null ? undefined : HellewiParticipantCountFromJSON(json['participantcount']),\n 'registrationlink': json['registrationlink'] == null ? undefined : json['registrationlink'],\n 'files': json['files'] == null ? undefined : ((json['files'] as Array).map(HellewiFileFromJSON)),\n 'images': json['images'] == null ? undefined : ((json['images'] as Array).map(HellewiImageFromJSON)),\n };\n}\n\nexport function HellewiCourseToJSON(value?: HellewiCourse | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'id': value['id'],\n 'code': value['code'],\n 'name': value['name'],\n 'tenant': value['tenant'],\n 'statuses': ((value['statuses'] as Array).map(HellewiCourseStatusToJSON)),\n 'begins': value['begins'] == null ? undefined : ((value['begins']).toISOString().substring(0,10)),\n 'ends': value['ends'] == null ? undefined : ((value['ends']).toISOString().substring(0,10)),\n 'registrationbegins': value['registrationbegins'] == null ? undefined : ((value['registrationbegins']).toISOString()),\n 'registrationendssoft': value['registrationendssoft'] == null ? undefined : ((value['registrationendssoft']).toISOString()),\n 'registrationendshard': value['registrationendshard'] == null ? undefined : ((value['registrationendshard']).toISOString()),\n 'registrationopen': value['registrationopen'],\n 'teacher': value['teacher'],\n 'ectscredits': value['ectscredits'],\n 'topical': value['topical'],\n 'days': value['days'] == null ? undefined : ((value['days'] as Array).map(HellewiCourseDayToJSON)),\n 'location': HellewiLocationToJSON(value['location']),\n 'notifications': value['notifications'] == null ? undefined : ((value['notifications'] as Array).map(HellewiCourseNotificationToJSON)),\n 'periods': value['periods'] == null ? undefined : ((value['periods'] as Array).map(HellewiCoursePeriodToJSON)),\n 'language': HellewiLanguageToJSON(value['language']),\n 'tags': value['tags'] == null ? undefined : ((value['tags'] as Array).map(HellewiTagToJSON)),\n 'prices': value['prices'] == null ? undefined : ((value['prices'] as Array).map(HellewiCoursePriceToJSON)),\n 'moduleparent': HellewiCoursePartialToJSON(value['moduleparent']),\n 'modulechildren': value['modulechildren'] == null ? undefined : ((value['modulechildren'] as Array).map(HellewiCoursePartialToJSON)),\n 'catalogitems': ((value['catalogitems'] as Array).map(HellewiCatalogItemToJSON)),\n 'ageLimits': HellewiAgeLimitsToJSON(value['ageLimits']),\n 'courseProducts': value['courseProducts'] == null ? undefined : ((value['courseProducts'] as Array).map(HellewiCourseProductToJSON)),\n 'department': HellewiCatalogItemToJSON(value['department']),\n 'category': HellewiCatalogItemToJSON(value['category']),\n 'subject': HellewiCatalogItemToJSON(value['subject']),\n 'description': value['description'],\n 'additionalinfo': value['additionalinfo'],\n 'askabout': value['askabout'],\n 'learningobjectives': value['learningobjectives'],\n 'evaluationcriteria': value['evaluationcriteria'],\n 'keywords': value['keywords'],\n 'lessons': value['lessons'] == null ? undefined : ((value['lessons'] as Array).map(HellewiCourseLessonToJSON)),\n 'metakeywords': value['metakeywords'],\n 'participantcount': HellewiParticipantCountToJSON(value['participantcount']),\n 'registrationlink': value['registrationlink'],\n 'files': value['files'] == null ? undefined : ((value['files'] as Array).map(HellewiFileToJSON)),\n 'images': value['images'] == null ? undefined : ((value['images'] as Array).map(HellewiImageToJSON)),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\n/**\n * \n * @export\n * @interface HellewiCourseCount\n */\nexport interface HellewiCourseCount {\n [key: string]: any | any;\n /**\n * Course count\n * @type {number}\n * @memberof HellewiCourseCount\n */\n count: number;\n}\n\n/**\n * Check if a given object implements the HellewiCourseCount interface.\n */\nexport function instanceOfHellewiCourseCount(value: object): boolean {\n if (!('count' in value)) return false;\n return true;\n}\n\nexport function HellewiCourseCountFromJSON(json: any): HellewiCourseCount {\n return HellewiCourseCountFromJSONTyped(json, false);\n}\n\nexport function HellewiCourseCountFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiCourseCount {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'count': json['count'],\n };\n}\n\nexport function HellewiCourseCountToJSON(value?: HellewiCourseCount | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'count': value['count'],\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\nimport { mapValues } from '../runtime';\nimport type { HellewiLocation } from './HellewiLocation';\nimport {\n HellewiLocationFromJSON,\n HellewiLocationFromJSONTyped,\n HellewiLocationToJSON,\n} from './HellewiLocation';\nimport type { HellewiTenantType } from './HellewiTenantType';\nimport {\n HellewiTenantTypeFromJSON,\n HellewiTenantTypeFromJSONTyped,\n HellewiTenantTypeToJSON,\n} from './HellewiTenantType';\n\n/**\n * \n * @export\n * @interface HellewiTenant\n */\nexport interface HellewiTenant {\n [key: string]: any | any;\n /**\n * Tenant identifier\n * @type {string}\n * @memberof HellewiTenant\n */\n tenant: string;\n /**\n * Tenant's name\n * @type {string}\n * @memberof HellewiTenant\n */\n name: string;\n /**\n * URL for tenant's logo\n * @type {string}\n * @memberof HellewiTenant\n */\n logo?: string;\n /**\n * URL to tenant's homepage\n * @type {string}\n * @memberof HellewiTenant\n */\n homepage?: string;\n /**\n * URL to tenant's Twitter account\n * @type {string}\n * @memberof HellewiTenant\n */\n twitter?: string;\n /**\n * URL to tenant's Facebook account\n * @type {string}\n * @memberof HellewiTenant\n */\n facebook?: string;\n /**\n * URL to tenant's Instagram account\n * @type {string}\n * @memberof HellewiTenant\n */\n instagram?: string;\n /**\n * URL to tenant's LinkedIn account\n * @type {string}\n * @memberof HellewiTenant\n */\n linkedin?: string;\n /**\n * \n * @type {HellewiLocation}\n * @memberof HellewiTenant\n */\n location?: HellewiLocation;\n /**\n * Tenant's customer service phone number\n * @type {string}\n * @memberof HellewiTenant\n */\n phone?: string;\n /**\n * E-Mail address\n * @type {string}\n * @memberof HellewiTenant\n */\n email?: string;\n /**\n * Tenant's gtag\n * @type {string}\n * @memberof HellewiTenant\n */\n gtag?: string;\n /**\n * Tenant's cookiebot\n * @type {string}\n * @memberof HellewiTenant\n */\n cookiebot?: string;\n /**\n * Tenant's metapixel\n * @type {string}\n * @memberof HellewiTenant\n */\n metapixel?: string;\n /**\n * Tenant's tradedoubler\n * @type {string}\n * @memberof HellewiTenant\n */\n tradedoubler?: string;\n /**\n * Tenant's custom scripts\n * @type {string}\n * @memberof HellewiTenant\n */\n scripts?: string;\n /**\n * \n * @type {HellewiTenantType}\n * @memberof HellewiTenant\n */\n type: HellewiTenantType;\n}\n\n/**\n * Check if a given object implements the HellewiTenant interface.\n */\nexport function instanceOfHellewiTenant(value: object): boolean {\n if (!('tenant' in value)) return false;\n if (!('name' in value)) return false;\n if (!('type' in value)) return false;\n return true;\n}\n\nexport function HellewiTenantFromJSON(json: any): HellewiTenant {\n return HellewiTenantFromJSONTyped(json, false);\n}\n\nexport function HellewiTenantFromJSONTyped(json: any, ignoreDiscriminator: boolean): HellewiTenant {\n if (json == null) {\n return json;\n }\n return {\n \n ...json,\n 'tenant': json['tenant'],\n 'name': json['name'],\n 'logo': json['logo'] == null ? undefined : json['logo'],\n 'homepage': json['homepage'] == null ? undefined : json['homepage'],\n 'twitter': json['twitter'] == null ? undefined : json['twitter'],\n 'facebook': json['facebook'] == null ? undefined : json['facebook'],\n 'instagram': json['instagram'] == null ? undefined : json['instagram'],\n 'linkedin': json['linkedin'] == null ? undefined : json['linkedin'],\n 'location': json['location'] == null ? undefined : HellewiLocationFromJSON(json['location']),\n 'phone': json['phone'] == null ? undefined : json['phone'],\n 'email': json['email'] == null ? undefined : json['email'],\n 'gtag': json['gtag'] == null ? undefined : json['gtag'],\n 'cookiebot': json['cookiebot'] == null ? undefined : json['cookiebot'],\n 'metapixel': json['metapixel'] == null ? undefined : json['metapixel'],\n 'tradedoubler': json['tradedoubler'] == null ? undefined : json['tradedoubler'],\n 'scripts': json['scripts'] == null ? undefined : json['scripts'],\n 'type': HellewiTenantTypeFromJSON(json['type']),\n };\n}\n\nexport function HellewiTenantToJSON(value?: HellewiTenant | null): any {\n if (value == null) {\n return value;\n }\n return {\n \n ...value,\n 'tenant': value['tenant'],\n 'name': value['name'],\n 'logo': value['logo'],\n 'homepage': value['homepage'],\n 'twitter': value['twitter'],\n 'facebook': value['facebook'],\n 'instagram': value['instagram'],\n 'linkedin': value['linkedin'],\n 'location': HellewiLocationToJSON(value['location']),\n 'phone': value['phone'],\n 'email': value['email'],\n 'gtag': value['gtag'],\n 'cookiebot': value['cookiebot'],\n 'metapixel': value['metapixel'],\n 'tradedoubler': value['tradedoubler'],\n 'scripts': value['scripts'],\n 'type': HellewiTenantTypeToJSON(value['type']),\n };\n}\n\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\nimport * as runtime from '../runtime';\nimport type {\n CatalogItemNotSupportedError,\n ErrorResponse,\n HellewiBrand,\n HellewiCatalogItemText,\n HellewiPromotion,\n HellewiText,\n} from '../models/index';\nimport {\n CatalogItemNotSupportedErrorFromJSON,\n CatalogItemNotSupportedErrorToJSON,\n ErrorResponseFromJSON,\n ErrorResponseToJSON,\n HellewiBrandFromJSON,\n HellewiBrandToJSON,\n HellewiCatalogItemTextFromJSON,\n HellewiCatalogItemTextToJSON,\n HellewiPromotionFromJSON,\n HellewiPromotionToJSON,\n HellewiTextFromJSON,\n HellewiTextToJSON,\n} from '../models/index';\n\nexport interface GetCatalogItemDetailsRequest {\n keyword: string;\n}\n\n/**\n * BrandApi - interface\n * \n * @export\n * @interface BrandApiInterface\n */\nexport interface BrandApiInterface {\n /**\n * Tenant\\'s brand information\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof BrandApiInterface\n */\n getBrandRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Tenant\\'s brand information\n */\n getBrand(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * Get name and description for catalog-item\n * @param {string} keyword \n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof BrandApiInterface\n */\n getCatalogItemDetailsRaw(requestParameters: GetCatalogItemDetailsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Get name and description for catalog-item\n */\n getCatalogItemDetails(requestParameters: GetCatalogItemDetailsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * Tenant\\'s help page text and privacy statement\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof BrandApiInterface\n */\n getHelpRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Tenant\\'s help page text and privacy statement\n */\n getHelp(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * Tenant\\'s brand information to hero element\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof BrandApiInterface\n */\n listPromotionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>>;\n\n /**\n * Tenant\\'s brand information to hero element\n */\n listPromotions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n}\n\n/**\n * \n */\nexport class BrandApi extends runtime.BaseAPI implements BrandApiInterface {\n\n /**\n * Tenant\\'s brand information\n */\n async getBrandRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/brand`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiBrandFromJSON(jsonValue));\n }\n\n /**\n * Tenant\\'s brand information\n */\n async getBrand(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getBrandRaw(initOverrides);\n return await response.value();\n }\n\n /**\n * Get name and description for catalog-item\n */\n async getCatalogItemDetailsRaw(requestParameters: GetCatalogItemDetailsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n if (requestParameters['keyword'] == null) {\n throw new runtime.RequiredError(\n 'keyword',\n 'Required parameter \"keyword\" was null or undefined when calling getCatalogItemDetails().'\n );\n }\n\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/brand/catalog-item/{keyword}`.replace(`{${\"keyword\"}}`, encodeURIComponent(String(requestParameters['keyword']))),\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiCatalogItemTextFromJSON(jsonValue));\n }\n\n /**\n * Get name and description for catalog-item\n */\n async getCatalogItemDetails(requestParameters: GetCatalogItemDetailsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getCatalogItemDetailsRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n /**\n * Tenant\\'s help page text and privacy statement\n */\n async getHelpRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/brand/help`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiTextFromJSON(jsonValue));\n }\n\n /**\n * Tenant\\'s help page text and privacy statement\n */\n async getHelp(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getHelpRaw(initOverrides);\n return await response.value();\n }\n\n /**\n * Tenant\\'s brand information to hero element\n */\n async listPromotionsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>> {\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/brand/promotions`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(HellewiPromotionFromJSON));\n }\n\n /**\n * Tenant\\'s brand information to hero element\n */\n async listPromotions(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const response = await this.listPromotionsRaw(initOverrides);\n return await response.value();\n }\n\n}\n","import {\n computed,\n ComputedRef,\n onBeforeMount,\n ref,\n Ref,\n watch\n} from '@vue/composition-api';\nimport { SnackbarProgrammatic as Snackbar } from 'buefy';\nimport { BNoticeComponent } from 'buefy/types/components';\n\nimport { Configuration } from '../api';\n\nimport { translate } from './misc-utils';\n\nexport enum RequestState {\n Uninitialized = 'UNINITIALIZED',\n Initialized = 'INITIALIZED',\n Loading = 'LOADING',\n Success = 'SUCCESS',\n Error = 'ERROR'\n}\n\nexport type Api = () => {\n api: Ref;\n changeConfiguration: (configuration: Configuration) => void;\n};\n\nexport type ApiEndpoint = () => {\n initial: O;\n state: Ref;\n response: Ref;\n execute: (input: I) => void;\n // hasError and isLoading would fit here, but unfortunately watchers' and\n // computed variables' lifecycle is limited to the component in which they\n // are loaded, so their watchers will be stopped when the component is\n // unmounted.\n //\n // So they have to be created for each component separately like this:\n // const { response: course, execute: getCourse, state } = useGetCourse();\n // const isLoading = stateIsLoading(state);\n};\n\nexport const stateHasError = (state: Ref): ComputedRef =>\n computed(() => state.value === RequestState.Error);\n\nexport const stateIsLoading = (\n state: Ref\n): ComputedRef => computed(() => state.value === RequestState.Loading);\n\nexport const ApiEndpointInitialization = (\n api: Ref,\n state: Ref,\n response: Ref,\n initial: O\n) => {\n const initialize = () => {\n if (api.value) {\n state.value = RequestState.Initialized;\n } else {\n state.value = RequestState.Uninitialized;\n }\n response.value = initial;\n };\n\n onBeforeMount(() => {\n if (state.value === RequestState.Uninitialized) {\n initialize();\n }\n });\n watch(api, initialize); // if API is changed, reset everything\n};\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport const useErrorToast = (ctx: any) => {\n const warnComponents = ref([]);\n const warnToast = (i18nKey: string) =>\n warnComponents.value.push(\n Snackbar.open({\n message: translate(ctx, i18nKey),\n duration: 5000,\n type: 'is-warning',\n position: 'is-top',\n actionText: 'OK',\n indefinite: true,\n queue: true\n })\n );\n\n const clearErrorToasts = () => {\n for (const component of warnComponents.value) {\n component.close();\n }\n warnComponents.value = [];\n };\n\n return { warnToast, clearErrorToasts };\n};\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\nimport * as runtime from '../runtime';\nimport type {\n ErrorResponse,\n HellewiCatalog,\n HellewiCatalogSettings,\n} from '../models/index';\nimport {\n ErrorResponseFromJSON,\n ErrorResponseToJSON,\n HellewiCatalogFromJSON,\n HellewiCatalogToJSON,\n HellewiCatalogSettingsFromJSON,\n HellewiCatalogSettingsToJSON,\n} from '../models/index';\n\nexport interface GetCatalogRequest {\n q?: string;\n}\n\n/**\n * CatalogApi - interface\n * \n * @export\n * @interface CatalogApiInterface\n */\nexport interface CatalogApiInterface {\n /**\n * List of catalog items (e.g. subject) that can be used for filtering courses. Different items are grouped together in the response. ```markup Subject - [ ] Philosophy, 3 courses - [ ] French, 3 courses - [ ] German, 1 course Location - [ ] Ahjola, 2 courses - [ ] Sampola, 4 courses Weekday (*1) - [ ] Monday, 1 course - [ ] Tuesday, 2 courses - [ ] Thursday, 1 course - [ ] Sunday, 3 courses ``` - **1:** A course can have multiple catalog items of some catalog item categories, such as weekdays (e.g. a single course can be held on Mondays and Tuesdays). ### Catalog filtering The response is filtered according to given search query: course count matches the query, and catalog items that don\\'t have any matching courses are omitted. There is one exception to the rule above: if a subject is selected for example, the response subject includes *all* subjects and not just the selected ones. This allows to create the following kind of catalog structure (philosophy is selected, query something like `q=subject:5`): ```markup Subject - [x] Philosophy, 3 courses - [ ] French, 3 courses (*1) - [ ] German, 1 course (*1) Location - [ ] Ahjola, 1 course - [ ] Sampola, 2 courses Weekday - [ ] Tuesday, 2 courses - [ ] Sunday, 1 courses ``` - **1:** Here French and German are included in the results, even though the three courses that match philosophy don\\'t match the languages. If multiple items from different categories are selected, result will be filtered so that for a single catalog item group, all other filters except its own apply to that group (`q:subject:5+location:2`): ```markup Subject - [x] Philosophy, 2 courses (*1) Location - [ ] Ahjola, 1 course (*2) - [x] Sampola, 2 courses Weekday - [ ] Tuesday, 1 course - [ ] Sunday, 1 course ``` - **1:** French and German are omitted because all courses in Sampola are philosophy, and philosophy has only two courses that are in Sampola. - **2:** Ahjola is included because there would be a third philosophy course. ### Tree structure in catalog All the catalog item groups are arrays of depth one, but HellewiCatalogItem objects contain parent information that can be used to create a tree structure of those catalog items. ```markup Department, Category, Subject - [ ] Mäntsälä, 4 courses - [ ] Psychology and pedagogy, 1 course - [ ] Psychology, 1 course - [ ] Languages, 4 courses - [ ] French, 3 courses - [ ] German, 1 course - [ ] Pornainen, 2 courses - [ ] Psychology and pedagogy, 2 courses - [ ] Psychology, 2 courses ``` This can be created so that for each item in departments, search for all items in categories that have that department\\'s keyword as parent. And continue with each of those categories matching parents from subjects. Following parent-child -chains are possible: - Department - Category - Subject - Category - Subject - Term - Period - Classification - Education sector Term - Period and Classification - Education sector are simple so that the relationship is always 1:n, i.e. a period will always have a term as parent, and there cannot be duplicate periods with different parents. Department - Category - Subject is complex. Relationships are n:m, i.e. a category can have different departments as parent (for example language courses are taught both in Mäntsälä and Pornainen). Furthermore, the response includes information so that depth 1 (subject-only), 2 (category-subject) and 3 (department-category-subject) catalog trees can be built. The keywords are also different for these different depth options. For example subject for: - depth 1 will have one id: `subject:34`, - depth 2 will have two ids: `subject:7/34`, this also implies parent `category:7` - depth 3 will have three: `subject:2/7/34`, this also implies parent `category:2/7`, and furthermore category\\'s parent `department:2` (but this is not included in the subject catalog item, only in the parent category) Categories are also different for depth 2 and 3. The simple algorithm for building these is to start from the top and select those items that have parent: null, and then continue with the children that have matching parents. ### Tree structure and filtering The rule that filtering applies to all other catalog item groups except the selected one has some implications when building a tree structured catalog. For example, selecting Mäntsälä - Psycholog and pedagogy - Psychology, `q=subject:1/1/1`: ```markup Department, Category, Subject - [ ] Mäntsälä, 1 course (*1) - [ ] Psychology and pedagogy, 1 course (*3) - [x] Psychology, 1 course - [ ] Languages, 0 courses (*4) - [ ] French, 3 courses (*6) - [ ] German, 1 courses - [ ] Pornainen, 0 courses (*2) - [ ] Psychology and pedagogy, 0 courses (*5) - [ ] Psychology, 2 courses (*7) ``` - **1:** Mäntsälä (`department:1`) is included in the response, as the psychology course matches this department. Course count is 1 as there is one psychology course. - **2:** Pornainen (`department:2`) is *not included* in the response `subject:1/1/1`-courses don\\'t match Pornainen. - **3:** Mäntsälä\\'s Psychology and pedagogy (`category:1/1`) is included in the response with course count 1. - **4:** Mäntsälä\\'s Languages (`category:1/2`) is *not included* in the response. - **5:** Pornainen\\'s Psychology and pedagogy (`category:2/1`) is *not included* in the response. - **6:** Mäntsälä-Languages-French and (`subject:1/2/1`) and German (`subject:1/2/2`) *are included* in the response, as the subject filtering doesn\\'t apply to other subjects. This point can be counter-intuitive when used in tree structure. - **7:** Pornainen-Psychology and pedagogy-Psychology (`subject:2/1/1`) also *is included* in the response. Depending on which kind of user interface is being built, this tree probably cannot be built only from a filtered response, but rather the filtered and unfiltered response have to be combined. For this kind of depth 3 catalog, it would probably be the simplest to add only catalog items with type subject to search query (e.g. selecting Mäntsälä selects all subjects under it and doesn\\'t add the department or its categories). Then also the course counts for deparments and categories could be calculated from response subjects. And the departments and categores would have to be saved from the unfiltered response as the filtered responses don\\'t have the unmatching ones included.\n * @param {string} [q] Search query, see instructions in [Search](#section/Search).\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CatalogApiInterface\n */\n getCatalogRaw(requestParameters: GetCatalogRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * List of catalog items (e.g. subject) that can be used for filtering courses. Different items are grouped together in the response. ```markup Subject - [ ] Philosophy, 3 courses - [ ] French, 3 courses - [ ] German, 1 course Location - [ ] Ahjola, 2 courses - [ ] Sampola, 4 courses Weekday (*1) - [ ] Monday, 1 course - [ ] Tuesday, 2 courses - [ ] Thursday, 1 course - [ ] Sunday, 3 courses ``` - **1:** A course can have multiple catalog items of some catalog item categories, such as weekdays (e.g. a single course can be held on Mondays and Tuesdays). ### Catalog filtering The response is filtered according to given search query: course count matches the query, and catalog items that don\\'t have any matching courses are omitted. There is one exception to the rule above: if a subject is selected for example, the response subject includes *all* subjects and not just the selected ones. This allows to create the following kind of catalog structure (philosophy is selected, query something like `q=subject:5`): ```markup Subject - [x] Philosophy, 3 courses - [ ] French, 3 courses (*1) - [ ] German, 1 course (*1) Location - [ ] Ahjola, 1 course - [ ] Sampola, 2 courses Weekday - [ ] Tuesday, 2 courses - [ ] Sunday, 1 courses ``` - **1:** Here French and German are included in the results, even though the three courses that match philosophy don\\'t match the languages. If multiple items from different categories are selected, result will be filtered so that for a single catalog item group, all other filters except its own apply to that group (`q:subject:5+location:2`): ```markup Subject - [x] Philosophy, 2 courses (*1) Location - [ ] Ahjola, 1 course (*2) - [x] Sampola, 2 courses Weekday - [ ] Tuesday, 1 course - [ ] Sunday, 1 course ``` - **1:** French and German are omitted because all courses in Sampola are philosophy, and philosophy has only two courses that are in Sampola. - **2:** Ahjola is included because there would be a third philosophy course. ### Tree structure in catalog All the catalog item groups are arrays of depth one, but HellewiCatalogItem objects contain parent information that can be used to create a tree structure of those catalog items. ```markup Department, Category, Subject - [ ] Mäntsälä, 4 courses - [ ] Psychology and pedagogy, 1 course - [ ] Psychology, 1 course - [ ] Languages, 4 courses - [ ] French, 3 courses - [ ] German, 1 course - [ ] Pornainen, 2 courses - [ ] Psychology and pedagogy, 2 courses - [ ] Psychology, 2 courses ``` This can be created so that for each item in departments, search for all items in categories that have that department\\'s keyword as parent. And continue with each of those categories matching parents from subjects. Following parent-child -chains are possible: - Department - Category - Subject - Category - Subject - Term - Period - Classification - Education sector Term - Period and Classification - Education sector are simple so that the relationship is always 1:n, i.e. a period will always have a term as parent, and there cannot be duplicate periods with different parents. Department - Category - Subject is complex. Relationships are n:m, i.e. a category can have different departments as parent (for example language courses are taught both in Mäntsälä and Pornainen). Furthermore, the response includes information so that depth 1 (subject-only), 2 (category-subject) and 3 (department-category-subject) catalog trees can be built. The keywords are also different for these different depth options. For example subject for: - depth 1 will have one id: `subject:34`, - depth 2 will have two ids: `subject:7/34`, this also implies parent `category:7` - depth 3 will have three: `subject:2/7/34`, this also implies parent `category:2/7`, and furthermore category\\'s parent `department:2` (but this is not included in the subject catalog item, only in the parent category) Categories are also different for depth 2 and 3. The simple algorithm for building these is to start from the top and select those items that have parent: null, and then continue with the children that have matching parents. ### Tree structure and filtering The rule that filtering applies to all other catalog item groups except the selected one has some implications when building a tree structured catalog. For example, selecting Mäntsälä - Psycholog and pedagogy - Psychology, `q=subject:1/1/1`: ```markup Department, Category, Subject - [ ] Mäntsälä, 1 course (*1) - [ ] Psychology and pedagogy, 1 course (*3) - [x] Psychology, 1 course - [ ] Languages, 0 courses (*4) - [ ] French, 3 courses (*6) - [ ] German, 1 courses - [ ] Pornainen, 0 courses (*2) - [ ] Psychology and pedagogy, 0 courses (*5) - [ ] Psychology, 2 courses (*7) ``` - **1:** Mäntsälä (`department:1`) is included in the response, as the psychology course matches this department. Course count is 1 as there is one psychology course. - **2:** Pornainen (`department:2`) is *not included* in the response `subject:1/1/1`-courses don\\'t match Pornainen. - **3:** Mäntsälä\\'s Psychology and pedagogy (`category:1/1`) is included in the response with course count 1. - **4:** Mäntsälä\\'s Languages (`category:1/2`) is *not included* in the response. - **5:** Pornainen\\'s Psychology and pedagogy (`category:2/1`) is *not included* in the response. - **6:** Mäntsälä-Languages-French and (`subject:1/2/1`) and German (`subject:1/2/2`) *are included* in the response, as the subject filtering doesn\\'t apply to other subjects. This point can be counter-intuitive when used in tree structure. - **7:** Pornainen-Psychology and pedagogy-Psychology (`subject:2/1/1`) also *is included* in the response. Depending on which kind of user interface is being built, this tree probably cannot be built only from a filtered response, but rather the filtered and unfiltered response have to be combined. For this kind of depth 3 catalog, it would probably be the simplest to add only catalog items with type subject to search query (e.g. selecting Mäntsälä selects all subjects under it and doesn\\'t add the department or its categories). Then also the course counts for deparments and categories could be calculated from response subjects. And the departments and categores would have to be saved from the unfiltered response as the filtered responses don\\'t have the unmatching ones included.\n */\n getCatalog(requestParameters: GetCatalogRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * Catalog settings\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CatalogApiInterface\n */\n getCatalogSettingsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Catalog settings\n */\n getCatalogSettings(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n}\n\n/**\n * \n */\nexport class CatalogApi extends runtime.BaseAPI implements CatalogApiInterface {\n\n /**\n * List of catalog items (e.g. subject) that can be used for filtering courses. Different items are grouped together in the response. ```markup Subject - [ ] Philosophy, 3 courses - [ ] French, 3 courses - [ ] German, 1 course Location - [ ] Ahjola, 2 courses - [ ] Sampola, 4 courses Weekday (*1) - [ ] Monday, 1 course - [ ] Tuesday, 2 courses - [ ] Thursday, 1 course - [ ] Sunday, 3 courses ``` - **1:** A course can have multiple catalog items of some catalog item categories, such as weekdays (e.g. a single course can be held on Mondays and Tuesdays). ### Catalog filtering The response is filtered according to given search query: course count matches the query, and catalog items that don\\'t have any matching courses are omitted. There is one exception to the rule above: if a subject is selected for example, the response subject includes *all* subjects and not just the selected ones. This allows to create the following kind of catalog structure (philosophy is selected, query something like `q=subject:5`): ```markup Subject - [x] Philosophy, 3 courses - [ ] French, 3 courses (*1) - [ ] German, 1 course (*1) Location - [ ] Ahjola, 1 course - [ ] Sampola, 2 courses Weekday - [ ] Tuesday, 2 courses - [ ] Sunday, 1 courses ``` - **1:** Here French and German are included in the results, even though the three courses that match philosophy don\\'t match the languages. If multiple items from different categories are selected, result will be filtered so that for a single catalog item group, all other filters except its own apply to that group (`q:subject:5+location:2`): ```markup Subject - [x] Philosophy, 2 courses (*1) Location - [ ] Ahjola, 1 course (*2) - [x] Sampola, 2 courses Weekday - [ ] Tuesday, 1 course - [ ] Sunday, 1 course ``` - **1:** French and German are omitted because all courses in Sampola are philosophy, and philosophy has only two courses that are in Sampola. - **2:** Ahjola is included because there would be a third philosophy course. ### Tree structure in catalog All the catalog item groups are arrays of depth one, but HellewiCatalogItem objects contain parent information that can be used to create a tree structure of those catalog items. ```markup Department, Category, Subject - [ ] Mäntsälä, 4 courses - [ ] Psychology and pedagogy, 1 course - [ ] Psychology, 1 course - [ ] Languages, 4 courses - [ ] French, 3 courses - [ ] German, 1 course - [ ] Pornainen, 2 courses - [ ] Psychology and pedagogy, 2 courses - [ ] Psychology, 2 courses ``` This can be created so that for each item in departments, search for all items in categories that have that department\\'s keyword as parent. And continue with each of those categories matching parents from subjects. Following parent-child -chains are possible: - Department - Category - Subject - Category - Subject - Term - Period - Classification - Education sector Term - Period and Classification - Education sector are simple so that the relationship is always 1:n, i.e. a period will always have a term as parent, and there cannot be duplicate periods with different parents. Department - Category - Subject is complex. Relationships are n:m, i.e. a category can have different departments as parent (for example language courses are taught both in Mäntsälä and Pornainen). Furthermore, the response includes information so that depth 1 (subject-only), 2 (category-subject) and 3 (department-category-subject) catalog trees can be built. The keywords are also different for these different depth options. For example subject for: - depth 1 will have one id: `subject:34`, - depth 2 will have two ids: `subject:7/34`, this also implies parent `category:7` - depth 3 will have three: `subject:2/7/34`, this also implies parent `category:2/7`, and furthermore category\\'s parent `department:2` (but this is not included in the subject catalog item, only in the parent category) Categories are also different for depth 2 and 3. The simple algorithm for building these is to start from the top and select those items that have parent: null, and then continue with the children that have matching parents. ### Tree structure and filtering The rule that filtering applies to all other catalog item groups except the selected one has some implications when building a tree structured catalog. For example, selecting Mäntsälä - Psycholog and pedagogy - Psychology, `q=subject:1/1/1`: ```markup Department, Category, Subject - [ ] Mäntsälä, 1 course (*1) - [ ] Psychology and pedagogy, 1 course (*3) - [x] Psychology, 1 course - [ ] Languages, 0 courses (*4) - [ ] French, 3 courses (*6) - [ ] German, 1 courses - [ ] Pornainen, 0 courses (*2) - [ ] Psychology and pedagogy, 0 courses (*5) - [ ] Psychology, 2 courses (*7) ``` - **1:** Mäntsälä (`department:1`) is included in the response, as the psychology course matches this department. Course count is 1 as there is one psychology course. - **2:** Pornainen (`department:2`) is *not included* in the response `subject:1/1/1`-courses don\\'t match Pornainen. - **3:** Mäntsälä\\'s Psychology and pedagogy (`category:1/1`) is included in the response with course count 1. - **4:** Mäntsälä\\'s Languages (`category:1/2`) is *not included* in the response. - **5:** Pornainen\\'s Psychology and pedagogy (`category:2/1`) is *not included* in the response. - **6:** Mäntsälä-Languages-French and (`subject:1/2/1`) and German (`subject:1/2/2`) *are included* in the response, as the subject filtering doesn\\'t apply to other subjects. This point can be counter-intuitive when used in tree structure. - **7:** Pornainen-Psychology and pedagogy-Psychology (`subject:2/1/1`) also *is included* in the response. Depending on which kind of user interface is being built, this tree probably cannot be built only from a filtered response, but rather the filtered and unfiltered response have to be combined. For this kind of depth 3 catalog, it would probably be the simplest to add only catalog items with type subject to search query (e.g. selecting Mäntsälä selects all subjects under it and doesn\\'t add the department or its categories). Then also the course counts for deparments and categories could be calculated from response subjects. And the departments and categores would have to be saved from the unfiltered response as the filtered responses don\\'t have the unmatching ones included.\n */\n async getCatalogRaw(requestParameters: GetCatalogRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const queryParameters: any = {};\n\n if (requestParameters['q'] != null) {\n queryParameters['q'] = requestParameters['q'];\n }\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/catalog`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiCatalogFromJSON(jsonValue));\n }\n\n /**\n * List of catalog items (e.g. subject) that can be used for filtering courses. Different items are grouped together in the response. ```markup Subject - [ ] Philosophy, 3 courses - [ ] French, 3 courses - [ ] German, 1 course Location - [ ] Ahjola, 2 courses - [ ] Sampola, 4 courses Weekday (*1) - [ ] Monday, 1 course - [ ] Tuesday, 2 courses - [ ] Thursday, 1 course - [ ] Sunday, 3 courses ``` - **1:** A course can have multiple catalog items of some catalog item categories, such as weekdays (e.g. a single course can be held on Mondays and Tuesdays). ### Catalog filtering The response is filtered according to given search query: course count matches the query, and catalog items that don\\'t have any matching courses are omitted. There is one exception to the rule above: if a subject is selected for example, the response subject includes *all* subjects and not just the selected ones. This allows to create the following kind of catalog structure (philosophy is selected, query something like `q=subject:5`): ```markup Subject - [x] Philosophy, 3 courses - [ ] French, 3 courses (*1) - [ ] German, 1 course (*1) Location - [ ] Ahjola, 1 course - [ ] Sampola, 2 courses Weekday - [ ] Tuesday, 2 courses - [ ] Sunday, 1 courses ``` - **1:** Here French and German are included in the results, even though the three courses that match philosophy don\\'t match the languages. If multiple items from different categories are selected, result will be filtered so that for a single catalog item group, all other filters except its own apply to that group (`q:subject:5+location:2`): ```markup Subject - [x] Philosophy, 2 courses (*1) Location - [ ] Ahjola, 1 course (*2) - [x] Sampola, 2 courses Weekday - [ ] Tuesday, 1 course - [ ] Sunday, 1 course ``` - **1:** French and German are omitted because all courses in Sampola are philosophy, and philosophy has only two courses that are in Sampola. - **2:** Ahjola is included because there would be a third philosophy course. ### Tree structure in catalog All the catalog item groups are arrays of depth one, but HellewiCatalogItem objects contain parent information that can be used to create a tree structure of those catalog items. ```markup Department, Category, Subject - [ ] Mäntsälä, 4 courses - [ ] Psychology and pedagogy, 1 course - [ ] Psychology, 1 course - [ ] Languages, 4 courses - [ ] French, 3 courses - [ ] German, 1 course - [ ] Pornainen, 2 courses - [ ] Psychology and pedagogy, 2 courses - [ ] Psychology, 2 courses ``` This can be created so that for each item in departments, search for all items in categories that have that department\\'s keyword as parent. And continue with each of those categories matching parents from subjects. Following parent-child -chains are possible: - Department - Category - Subject - Category - Subject - Term - Period - Classification - Education sector Term - Period and Classification - Education sector are simple so that the relationship is always 1:n, i.e. a period will always have a term as parent, and there cannot be duplicate periods with different parents. Department - Category - Subject is complex. Relationships are n:m, i.e. a category can have different departments as parent (for example language courses are taught both in Mäntsälä and Pornainen). Furthermore, the response includes information so that depth 1 (subject-only), 2 (category-subject) and 3 (department-category-subject) catalog trees can be built. The keywords are also different for these different depth options. For example subject for: - depth 1 will have one id: `subject:34`, - depth 2 will have two ids: `subject:7/34`, this also implies parent `category:7` - depth 3 will have three: `subject:2/7/34`, this also implies parent `category:2/7`, and furthermore category\\'s parent `department:2` (but this is not included in the subject catalog item, only in the parent category) Categories are also different for depth 2 and 3. The simple algorithm for building these is to start from the top and select those items that have parent: null, and then continue with the children that have matching parents. ### Tree structure and filtering The rule that filtering applies to all other catalog item groups except the selected one has some implications when building a tree structured catalog. For example, selecting Mäntsälä - Psycholog and pedagogy - Psychology, `q=subject:1/1/1`: ```markup Department, Category, Subject - [ ] Mäntsälä, 1 course (*1) - [ ] Psychology and pedagogy, 1 course (*3) - [x] Psychology, 1 course - [ ] Languages, 0 courses (*4) - [ ] French, 3 courses (*6) - [ ] German, 1 courses - [ ] Pornainen, 0 courses (*2) - [ ] Psychology and pedagogy, 0 courses (*5) - [ ] Psychology, 2 courses (*7) ``` - **1:** Mäntsälä (`department:1`) is included in the response, as the psychology course matches this department. Course count is 1 as there is one psychology course. - **2:** Pornainen (`department:2`) is *not included* in the response `subject:1/1/1`-courses don\\'t match Pornainen. - **3:** Mäntsälä\\'s Psychology and pedagogy (`category:1/1`) is included in the response with course count 1. - **4:** Mäntsälä\\'s Languages (`category:1/2`) is *not included* in the response. - **5:** Pornainen\\'s Psychology and pedagogy (`category:2/1`) is *not included* in the response. - **6:** Mäntsälä-Languages-French and (`subject:1/2/1`) and German (`subject:1/2/2`) *are included* in the response, as the subject filtering doesn\\'t apply to other subjects. This point can be counter-intuitive when used in tree structure. - **7:** Pornainen-Psychology and pedagogy-Psychology (`subject:2/1/1`) also *is included* in the response. Depending on which kind of user interface is being built, this tree probably cannot be built only from a filtered response, but rather the filtered and unfiltered response have to be combined. For this kind of depth 3 catalog, it would probably be the simplest to add only catalog items with type subject to search query (e.g. selecting Mäntsälä selects all subjects under it and doesn\\'t add the department or its categories). Then also the course counts for deparments and categories could be calculated from response subjects. And the departments and categores would have to be saved from the unfiltered response as the filtered responses don\\'t have the unmatching ones included.\n */\n async getCatalog(requestParameters: GetCatalogRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getCatalogRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n /**\n * Catalog settings\n */\n async getCatalogSettingsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/catalog/settings`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiCatalogSettingsFromJSON(jsonValue));\n }\n\n /**\n * Catalog settings\n */\n async getCatalogSettings(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getCatalogSettingsRaw(initOverrides);\n return await response.value();\n }\n\n}\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\nimport * as runtime from '../runtime';\nimport type {\n CourseSortfield,\n ErrorResponse,\n HellewiCourse,\n HellewiCourseCount,\n HellewiCoursePartial,\n HellewiParticipantCount,\n Sortdir,\n} from '../models/index';\nimport {\n CourseSortfieldFromJSON,\n CourseSortfieldToJSON,\n ErrorResponseFromJSON,\n ErrorResponseToJSON,\n HellewiCourseFromJSON,\n HellewiCourseToJSON,\n HellewiCourseCountFromJSON,\n HellewiCourseCountToJSON,\n HellewiCoursePartialFromJSON,\n HellewiCoursePartialToJSON,\n HellewiParticipantCountFromJSON,\n HellewiParticipantCountToJSON,\n SortdirFromJSON,\n SortdirToJSON,\n} from '../models/index';\n\nexport interface GetCourseRequest {\n id: string;\n unlistedid?: string;\n reqid?: string;\n expiry?: Date;\n hmac?: string;\n preview?: boolean;\n}\n\nexport interface GetCourseCountRequest {\n q?: string;\n}\n\nexport interface ListCourseParticipantCountsRequest {\n ids?: Array;\n}\n\nexport interface ListCoursesRequest {\n q?: string;\n page?: number;\n limit?: number;\n sort?: Array;\n sortdir?: Sortdir;\n}\n\n/**\n * CourseApi - interface\n * \n * @export\n * @interface CourseApiInterface\n */\nexport interface CourseApiInterface {\n /**\n * Course information\n * @param {string} id \n * @param {string} [unlistedid] Course ID, if it is unlisted, i.e. not public. This must be the same number as course ID in path parameters. Request must be signed with HMAC if this is present.\n * @param {string} [reqid] \n * @param {Date} [expiry] \n * @param {string} [hmac] \n * @param {boolean} [preview] \n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CourseApiInterface\n */\n getCourseRaw(requestParameters: GetCourseRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Course information\n */\n getCourse(requestParameters: GetCourseRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * Course count Response includes also `x-total-count` header, which is explained in [Pagination](#section/Search/Pagination) (except that from this endpoint there is no 10000 limit).\n * @param {string} [q] Search query, see instructions in [Search](#section/Search).\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CourseApiInterface\n */\n getCourseCountRaw(requestParameters: GetCourseCountRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Course count Response includes also `x-total-count` header, which is explained in [Pagination](#section/Search/Pagination) (except that from this endpoint there is no 10000 limit).\n */\n getCourseCount(requestParameters: GetCourseCountRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise;\n\n /**\n * List participant counts in courses Optional fields in response will always be there if global parameter registrationsettings.showseatcount is set to true, or if course parameter showplacecount is set to true Note that the maximum length of an URL (recommendation is 2000 characters) can become a limitation here if there are 100 course ids in multi-tenant form. In this case, use multiple requests for fetching the participant counts.\n * @param {Array} [ids] Course ids\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CourseApiInterface\n */\n listCourseParticipantCountsRaw(requestParameters: ListCourseParticipantCountsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>>;\n\n /**\n * List participant counts in courses Optional fields in response will always be there if global parameter registrationsettings.showseatcount is set to true, or if course parameter showplacecount is set to true Note that the maximum length of an URL (recommendation is 2000 characters) can become a limitation here if there are 100 course ids in multi-tenant form. In this case, use multiple requests for fetching the participant counts.\n */\n listCourseParticipantCounts(requestParameters: ListCourseParticipantCountsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n /**\n * Course listing Response includes also `link` and `x-total-count` headers, which are explained in [Pagination](#section/Search/Pagination).\n * @param {string} [q] Search query, see instructions in [Search](#section/Search).\n * @param {number} [page] Pagination: wanted page starting from 1\n * @param {number} [limit] Pagination: how many items there are per page (maximum 100)\n * @param {Array} [sort] Result sorting: sort according to these fields. If sort is not given but there is a keyword-search or distancesoft filter, sort best matching first. Otherwise sort ascending by `code`.\n * @param {Sortdir} [sortdir] Result sorting: sort direction, ascending or descending,\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof CourseApiInterface\n */\n listCoursesRaw(requestParameters: ListCoursesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>>;\n\n /**\n * Course listing Response includes also `link` and `x-total-count` headers, which are explained in [Pagination](#section/Search/Pagination).\n */\n listCourses(requestParameters: ListCoursesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n}\n\n/**\n * \n */\nexport class CourseApi extends runtime.BaseAPI implements CourseApiInterface {\n\n /**\n * Course information\n */\n async getCourseRaw(requestParameters: GetCourseRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n if (requestParameters['id'] == null) {\n throw new runtime.RequiredError(\n 'id',\n 'Required parameter \"id\" was null or undefined when calling getCourse().'\n );\n }\n\n const queryParameters: any = {};\n\n if (requestParameters['unlistedid'] != null) {\n queryParameters['unlistedid'] = requestParameters['unlistedid'];\n }\n\n if (requestParameters['reqid'] != null) {\n queryParameters['reqid'] = requestParameters['reqid'];\n }\n\n if (requestParameters['expiry'] != null) {\n queryParameters['expiry'] = (requestParameters['expiry'] as any).toISOString();\n }\n\n if (requestParameters['hmac'] != null) {\n queryParameters['hmac'] = requestParameters['hmac'];\n }\n\n if (requestParameters['preview'] != null) {\n queryParameters['preview'] = requestParameters['preview'];\n }\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/courses/{id}`.replace(`{${\"id\"}}`, encodeURIComponent(String(requestParameters['id']))),\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiCourseFromJSON(jsonValue));\n }\n\n /**\n * Course information\n */\n async getCourse(requestParameters: GetCourseRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getCourseRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n /**\n * Course count Response includes also `x-total-count` header, which is explained in [Pagination](#section/Search/Pagination) (except that from this endpoint there is no 10000 limit).\n */\n async getCourseCountRaw(requestParameters: GetCourseCountRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const queryParameters: any = {};\n\n if (requestParameters['q'] != null) {\n queryParameters['q'] = requestParameters['q'];\n }\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/course-count`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => HellewiCourseCountFromJSON(jsonValue));\n }\n\n /**\n * Course count Response includes also `x-total-count` header, which is explained in [Pagination](#section/Search/Pagination) (except that from this endpoint there is no 10000 limit).\n */\n async getCourseCount(requestParameters: GetCourseCountRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise {\n const response = await this.getCourseCountRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n /**\n * List participant counts in courses Optional fields in response will always be there if global parameter registrationsettings.showseatcount is set to true, or if course parameter showplacecount is set to true Note that the maximum length of an URL (recommendation is 2000 characters) can become a limitation here if there are 100 course ids in multi-tenant form. In this case, use multiple requests for fetching the participant counts.\n */\n async listCourseParticipantCountsRaw(requestParameters: ListCourseParticipantCountsRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>> {\n const queryParameters: any = {};\n\n if (requestParameters['ids'] != null) {\n queryParameters['ids'] = requestParameters['ids'];\n }\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/course-participants`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(HellewiParticipantCountFromJSON));\n }\n\n /**\n * List participant counts in courses Optional fields in response will always be there if global parameter registrationsettings.showseatcount is set to true, or if course parameter showplacecount is set to true Note that the maximum length of an URL (recommendation is 2000 characters) can become a limitation here if there are 100 course ids in multi-tenant form. In this case, use multiple requests for fetching the participant counts.\n */\n async listCourseParticipantCounts(requestParameters: ListCourseParticipantCountsRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const response = await this.listCourseParticipantCountsRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n /**\n * Course listing Response includes also `link` and `x-total-count` headers, which are explained in [Pagination](#section/Search/Pagination).\n */\n async listCoursesRaw(requestParameters: ListCoursesRequest, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>> {\n const queryParameters: any = {};\n\n if (requestParameters['q'] != null) {\n queryParameters['q'] = requestParameters['q'];\n }\n\n if (requestParameters['page'] != null) {\n queryParameters['page'] = requestParameters['page'];\n }\n\n if (requestParameters['limit'] != null) {\n queryParameters['limit'] = requestParameters['limit'];\n }\n\n if (requestParameters['sort'] != null) {\n queryParameters['sort'] = requestParameters['sort'];\n }\n\n if (requestParameters['sortdir'] != null) {\n queryParameters['sortdir'] = requestParameters['sortdir'];\n }\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/courses`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(HellewiCoursePartialFromJSON));\n }\n\n /**\n * Course listing Response includes also `link` and `x-total-count` headers, which are explained in [Pagination](#section/Search/Pagination).\n */\n async listCourses(requestParameters: ListCoursesRequest = {}, initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const response = await this.listCoursesRaw(requestParameters, initOverrides);\n return await response.value();\n }\n\n}\n","/* tslint:disable */\n/* eslint-disable */\n/**\n * API\n * This document specifies the application programming interface (API) for Hellewi. # URL format `https://api.////` e.g. `https://api.opistopalvelut.fi/v1/demo/fi/courses` - protocol: `https` ssl must be used. - domain: `opistopalvelut.fi` domain should be the same as with tenant\\'s admin and registration domain (i.e. not necessarily opistopalvelut.fi). - version: `v1` marks the API version, only v1 is supported. - tenant: `demo` is the tenant name, should be the same as with admin/registration url - language: `fi` is language selection, options fi/en/sv are supported - endpoint: `courses` api endpoint Tenant must be given also inside [JWT](#section/Authentication/JWT), and it must match the tenant/domain in URL. ## Multi-tenant request `https://api.linnunrata.fi///` e.g. `https://api.linnunrata.fi/v1/fi/courses` This will search for courses from all the tenants that the used api key can access. All endpoints do not support multi-tenancy, those that do are listed under tag [MultiTenant](#tag/MultiTenant). # Testing API - url: `https://api.opistopalvelut.fi/v1/demo/fi/` - api key: `demo` - secret: `salasana` Testing API can access only the demo tenant (\\\"database\\\" or \\\"client\\\"). You can however access multiple tenants with the same API key depending on your license. # Search Search query API follows [GitHub Search](https://developer.github.com/v3/search) closely. Search string is in format `?q=SEARCH_TERM_1+SEARCH_TERM_N+FILTER_1+FILTER_N`, e.g. search terms and filters combined with `+` signs or url-encoded spaces `%20`. Search terms are keywords to be searched. Disallowed characters are: `: + \\\" \\'`. Results are sorted by default based on matching: best matching entries first. ### Filters Filters are in format `field:value`. In this simplest case, the field must be equal to the given value. If there are multiple filters defined, results must match *all* different filters. If there are multiple filter values for the same field, results must match *one* of those. For example: `?q=department:3+subject:1+subject:2` means that all courses with department 3 and subject 1 or 2. ### Filter operators Supported operators in filters: - `:` equality, for example: `subject:1` - `:!` not, for example: `department:!2` - `:<` less than, for example: `distancesoft:<10km` - `:<=` less than or equal, for example: `ends:<=2020-02-01` - `:>` greater than, for example: `begins:>2019-01-01` - `:>=` greater than or equal, for example: `begins:>=2019-01-01` ## Pagination Pagination is handled with response headers. Unfortunately these are not included in swagger.json due to technical restrictions in the spec generation. ### link `link` follows [RFC5988](https://tools.ietf.org/html/rfc5988#section-5) and [GitHub pagination](https://developer.github.com/v3/guides/traversing-with-pagination/): there are at most four links: - `rel=\\\"first\\\"` gives the first page of results with current filters - `rel=\\\"prev\\\"` previous page - `rel=\\\"next\\\"` next page - `rel=\\\"last\\\"` last page For example (linefeeds added): GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 link: ; rel=\\\"first\\\", ; rel=\\\"prev\\\", ; rel=\\\"next\\\", ; rel=\\\"last\\\" If the query is for the first page, first and prev are omitted. Similarly, if the query is for the last page, last and next are omitted. If there are no results, all links are omitted. The link-header should be used for creating pagination functionality. ### x-total-count `x-total-count` is the total number of items in result set. For example: GET https://api.opistopalvelut.fi/v1/demo/fi/courses?page=5&limit=2 x-total-count: 29 The maximum number here is 10000. If you are expecting a bigger number, or are interested only in the total course count and not the results itself, you should be using [GetCourseCount](#operation/GetCourseCount). ## Course search Field explanations by name can be found from [ListCourses](#operation/ListCourses) response schema. ### Search term Search term matches text in following course fields with relative weights in parenthesis: - name (10) - code (7) - teacher (5) - subject (4) - location (3) - category (2) - description (1) Search terms can have multiple words combined with double quotation marks `\\\"`. For example: `?q=jooga` search term \\\"jooga\\\" (probably in course name) `?q=830107+\\\"dynaaminen jooga\\\"` search terms \\\"830107\\\" and \\\"dynaaminen jooga\\\" ### Equality filters by id - category - classification - department - educationsector - language - levelofstudy - location - moduleparent (also null works) - period - subject - tag - tenant - term - weekday Category can be queried with a path \\\"department/category\\\" and subject with \\\"department/category/subject\\\" or \\\"category/subject\\\". Tenant makes sense only in the context of multi-tenant requests. For example: `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `q=weekday:1` courses that have lessons on Monday `q=moduleparent:18` module child courses that have parent course 18 `q=moduleparent:null` all courses that are not module child courses ### Date filters - begins (date-only, YYYY-MM-DD) - ends (date-only, YYYY-MM-DD) - registrationbegins (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendssoft (date-time, YYYY-MM-DDTHH:MM:SSZ) - registrationendshard (date-time, YYYY-MM-DDTHH:MM:SSZ) For example: `?q=begins:>=2019-01-01`: courses that begin after or on 1.1.2019 ### Distance filters - distancefrom (origin coordinates: \\\\,\\\\) - distancehard (distance: \\\\km or \\\\m), if course\\'s location is farther, course will not be included in results - distancesoft (distance: \\\\km or \\\\m), will return all courses ordered by distance, courses farther than this distance will be ranked considerably lower (but if only this filter is used, value can be anything) distancefrom must be given if either filter is used. Only less than operator `:<` is supported for distancehard and distancesoft. For example: `?q=distancefrom:60.169,24.944+distancehard:<50km+distancesoft:<10km`: courses that are closer than 50km from 60.169,24.944, ordered by proximity ### Other filters - registrationopen (boolean, only true supported) registration is currently open. See rules in [Registration](#section/Registration). For example: `?q=registrationopen:true`: courses where registration is open currently ### Distance learning (etäopetus) Distance learning courses have a special location `distancelearning`: `?q=location:distancelearning`: only distance learning courses `?q=location:!distancelearning`: only non-distance learning (lähiopetus) courses ### Additional examples `?q=jooga+category:2`: search term \\\"jooga\\\" in category 2 courses `?q=department:3+subject:1+subject:2` all courses with department 3 *and* subject 1 *or* 2 `?q=jooga+begins:>=2019-01-01` search term \\\"jooga\\\" in courses that begin after or on 1.1.2019 # Registration Deciding whether you can register to a course follows these rules that are compared in order (i.e. when a rule matches, the rest are not evaluated): 1. current time < course.registrationbegins: **registration IS NOT open**
Registration is not yet started. 2. course.ends < current time: **registration IS NOT open**
Course has already ended. If course ending time is not defined, this step is skipped. 3. current time < course.registrationendshard: **registration IS open**
Registration is not yet ended. 4. otherwise: **registration IS NOT open** Admin interface has only one time for registration ending. It also has a global setting for making that ending time either a soft or hard deadline. API registrationendshard takes this global setting into account (it will be null if registrationends is a soft deadline). Also, if registration beginning or ending time is undefined in admin interface, they will be null in API (i.e. registrationbegins null => registration not open, registrationends null => registration is open). ## Registration to lessons Some courses can have registration to single or multiple lessons in addition to registration to the whole course. Registering to lessons can be enabled from admin interface, and is possible if registration to the course is open, and if there is available places in that lesson. Selecting a price means that registration is for the whole course, where selecting lessons means that registration is only for the specified lessons. Both options are not always present, they follow these rules: 1. If course has registration to lessons (\\\"registration practice\\\" / \\\"ilmoittautumistapa: ilmoittautuminen kerroille\\\") and lessons defined, lessons can be selected. 2. If registration to lessons is restricted (\\\"lesson registration limit\\\" / \\\"kuinka monelle seuraavalle kerralle voi ilmoittautua\\\"), prices cannot be selected. 3. If registration to lessons doesn\\'t cost anything (\\\"single lesson fee\\\" / \\\"kertamaksu\\\" 0,00 e) and all course prices are also zero, prices (and lessons) can be selected. 4. If registration to lessons cost something and all course prices are *not* zero, prices (and lessons) can be selected. 5. If course doesn\\'t have any prices and registration to lessons is free, leaving lessons empty is also allowed, which means that the registration is for the whole course. Note that even when prices and lessons are both selectable, user cannot select both at the same time. Registration to lessons\\' spare places is not possible. ## Selecting installments Prices can have one or more installment groups that can be selected as payment option. Installment options can also expire so that for example course has separate installments for fall and spring period, and fall installment is only valid until the change of period. Course can have prices with installments and prices without installments at the same time. If a course price has installments, selecting one is required. ## How price is calculated 1. Lessons selected: price will be the price of combined lessons 2. Spare place: price for a spare place course is always zero 3. Installments selected: price that can or has to be paid after registration will be the price of the first installment, other installments will be billed later 4. Otherwise: price will be the selected price # Rate limit Requests to API are rate limited to 100 requests per 10 seconds. When this rate limit is exceeded, API will respond with HTTP status code 429 too many requests. # JWT authentication Required fields for header are: - `typ` must always be \\'JWT\\' - `alg` JWT signing algorithm, supported algorithms are: \\'HS256\\', \\'HS384\\' and \\'HS512\\' - `kid` API key (*not* secret), \\'demo\\' can be used for testing with demo data Required fields for payload are: - `sub` subject, must be \\'hellewi-api-v1\\' for this API - `iat` issued at (unix timestamp) - `exp` expiration time (unix timestamp). Maximum expiration time is one week in the future. When using key id \\'demo\\', this is not enforced. - `tenant` tenant identifier, this is in format `.`, e.g. for opistopalvelut.fi/demo tenant is demo.opistopalvelut.fi - `jti` JWT id, unique identifier, used for identifying sessions. This must be a random string. More information about JWTs and an excellent tool for generating JWT tokens for testing can be found at [jwt.io](https://jwt.io). JWT formatting can be tested against [JWT status endpoint](#operation/GetStatusJwt) For simple authentication testing, here is a ready-made JWT: Header: ```json { \\\"alg\\\": \\\"HS256\\\", \\\"typ\\\": \\\"JWT\\\", \\\"kid\\\": \\\"demo\\\" } ``` Payload: ```json { \\\"iat\\\": 1516239022, \\\"exp\\\": 2524608000, \\\"sub\\\": \\\"hellewi-api-v1\\\", \\\"tenant\\\": \\\"demo.opistopalvelut.fi\\\", \\\"jti\\\": \\\"ahtu0aiWo4aMooshie9waethae7cuaj0ua2uichieshaevee3j\\\" } ``` Secret: `salasana` Encoded (linefeeds added): ```markup eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1 MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktYXBpLXYxIiwidGVuYW50IjoiZGVtby5vcGl zdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFodHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2 N1YWowdWEydWljaGllc2hhZXZlZTNqIiwiZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7Vm LCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g ``` Shell command: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" https://api.opistopalvelut.fi/v1/demo/fi/status/jwt ``` # HMAC request signing JWT authentication is used on server to server communication, but sometimes there is a need for authenticating requests that originate from user\\'s browser, such as viewing previously done registrations. Note that the signed request links must be generated in a backend service as the signing uses api secret which must not be given to users. Fields used for HMAC calculation, example from [GetStatusHmac](#operation/GetStatusHmac): - all request parameters *except* `hmac`: - `reqid`: random UUIDv4 string, e.g. \\'9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d\\' - `expiry`: expiration time in ISO8601 format, e.g. \\'2023-06-15T06:00:00Z\\' - there probably are also other parameters, depending on the endpoint - two additional parameters that are *not* in the actual request: - `scope`: endpoint HMAC scope, this is show in each endpoint\\'s authorizations-section and start with \\'hmac-\\', e.g. \\'hmac-status-required\\' - `tenant`: same tenant string as is used in JWT authentication, e.g. \\'demo.opistopalvelut.fi\\' All listed parameters are then ordered alphabetically and url-encoded as if they were normal query parameters (linefeed added): ```markup expiry=2023-06-15T06%3A00%3A00Z&reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d& scope=hmac-status-required&tenant=demo.opistopalvelut.fi ``` Then HMAC digest is calculated with SHA-256 using api secret. Above with secret `salasana`: ```markup 88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` This is used as the request `hmac` parameter value. So after all the request is (linefeeds added): ```markup https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a ``` HMAC can be tested against [HMAC status endpoint](#operation/GetStatusHmac). JWT must be used there as well: ```bash curl -v -H \\\"Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXV CIsImtpZCI6ImRlbW8ifQ.eyJpYXQiOjE1MTYyMzkwMjIsInN1YiI6ImhlbGxld2ktY XBpLXYxIiwidGVuYW50IjoiZGVtby5vcGlzdG9wYWx2ZWx1dC5maSIsImp0aSI6ImFo dHUwYWlXbzRhTW9vc2hpZTl3YWV0aGFlN2N1YWowdWEydWljaGllc2hhZXZlZTNqIiw iZXhwIjoyNTI0NjA4MDAwfQ.BhzoUPL7VmLCsrtTaZ2yyPIljYNZEiUyoayqRYchm3g\\\" \\\"https://api.opistopalvelut.fi/v1/demo/fi/status/hmac ?expiry=2023-06-15T06%3A00%3A00Z &reqid=9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d &hmac=88290d424fa7bc11afc22140346ba3f3fa0552bff121fb6fb63c60deec7b796a\\\" ``` ## Node.js implementation Uses `date-fns` and `uuid` external libraries, and node.js `crypto`. ```javascript import { createHmac } from \\'crypto\\'; import { addYears } from \\'date-fns\\'; import { v4 as uuidv4 } from \\'uuid\\'; const HMAC_ALGORITHM = \\'sha256\\'; const API_SECRET = \\'salasana\\'; // use proper secret handling const queryParamsWithoutHmac = { // use shorter expiration expiry: addYears(new Date(), 2).toISOString(), reqid: uuidv4() }; const hmacCalculationParams = { ...queryParamsWithoutHmac, scope: \\'hmac-status-required\\', tenant: \\'demo.opistopalvelut.fi\\' }; const hmacCalculationURLSearchParams = new URLSearchParams( hmacCalculationParams ); hmacCalculationURLSearchParams.sort(); const hmac = createHmac(HMAC_ALGORITHM, API_SECRET) .update(hmacCalculationURLSearchParams.toString()) .digest(\\'hex\\'); const queryParams = { ...queryParamsWithoutHmac, hmac }; const urlSearchParams = new URLSearchParams(queryParams); console.log(queryParams); console.log(urlSearchParams.toString()); ``` Prints out: ```markup { reqid: \\'09d1eb20-1b84-4af6-935b-6de0db0b3e75\\', expiry: \\'2024-01-05T10:32:50.646Z\\', hmac: \\'27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987\\' } reqid=09d1eb20-1b84-4af6-935b-6de0db0b3e75&expiry=2024-01-05T10%3A32%3A50.646Z&hmac=27d7d2d4136f9e4962a6058296864f15985f81086d145ae687075ce60510c987 ``` \n *\n * The version of the OpenAPI document: 0.1.0\n * Contact: perttu.tikka@hellewi.fi\n *\n * NOTE: This class is auto generated by OpenAPI Generator (https://openapi-generator.tech).\n * https://openapi-generator.tech\n * Do not edit the class manually.\n */\n\n\nimport * as runtime from '../runtime';\nimport type {\n HellewiTenant,\n} from '../models/index';\nimport {\n HellewiTenantFromJSON,\n HellewiTenantToJSON,\n} from '../models/index';\n\n/**\n * TenantApi - interface\n * \n * @export\n * @interface TenantApiInterface\n */\nexport interface TenantApiInterface {\n /**\n * Tenant listing Endpoint returns branding information for each tenant. For single-tenant request, this will return only that tenant\\'s information. For multi-tenant it will return all the tenants that used api key has access to.\n * @param {*} [options] Override http request option.\n * @throws {RequiredError}\n * @memberof TenantApiInterface\n */\n listTenantsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>>;\n\n /**\n * Tenant listing Endpoint returns branding information for each tenant. For single-tenant request, this will return only that tenant\\'s information. For multi-tenant it will return all the tenants that used api key has access to.\n */\n listTenants(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>;\n\n}\n\n/**\n * \n */\nexport class TenantApi extends runtime.BaseAPI implements TenantApiInterface {\n\n /**\n * Tenant listing Endpoint returns branding information for each tenant. For single-tenant request, this will return only that tenant\\'s information. For multi-tenant it will return all the tenants that used api key has access to.\n */\n async listTenantsRaw(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise>> {\n const queryParameters: any = {};\n\n const headerParameters: runtime.HTTPHeaders = {};\n\n if (this.configuration && this.configuration.apiKey) {\n headerParameters[\"Authorization\"] = await this.configuration.apiKey(\"Authorization\"); // JWT authentication\n }\n\n const response = await this.request({\n path: `/tenants`,\n method: 'GET',\n headers: headerParameters,\n query: queryParameters,\n }, initOverrides);\n\n return new runtime.JSONApiResponse(response, (jsonValue) => jsonValue.map(HellewiTenantFromJSON));\n }\n\n /**\n * Tenant listing Endpoint returns branding information for each tenant. For single-tenant request, this will return only that tenant\\'s information. For multi-tenant it will return all the tenants that used api key has access to.\n */\n async listTenants(initOverrides?: RequestInit | runtime.InitOverrideFunction): Promise> {\n const response = await this.listTenantsRaw(initOverrides);\n return await response.value();\n }\n\n}\n","export const filterUndefineds = (xs: (T | undefined)[]): T[] =>\n xs.filter((x) => x !== undefined) as T[];\n\n// context too difficult to type correctly here I guess\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\nexport const translate = (context: any, i18nKey: string) => {\n if (context.parent && context.parent.$t) {\n const translation = context.parent.$t(i18nKey);\n\n if (translation) {\n return translation.toString();\n }\n }\n return i18nKey;\n};\n","import { ref } from '@vue/composition-api';\nimport { find, isEmpty, isEqual, map, memoize } from 'lodash/fp';\nimport PCancelable from 'p-cancelable';\n\nimport {\n Configuration,\n CourseApi,\n CourseApiInterface,\n HellewiCourse,\n HellewiCourseCount,\n HellewiCoursePartial,\n HellewiParticipantCount,\n HellewiLocation\n} from '../api';\n\nimport {\n Api,\n ApiEndpoint,\n ApiEndpointInitialization,\n RequestState\n} from '../utils/api-utils';\nimport { filterUndefineds } from '../utils/misc-utils';\n\n/**\n * Use course API\n *\n */\nexport const useCourseApi: Api = memoize(() => {\n const api = ref(undefined);\n\n const changeConfiguration = (configuration: Configuration) => {\n api.value = new CourseApi(configuration);\n };\n\n return {\n api,\n changeConfiguration\n };\n});\n\nexport const useGetCourseCount: ApiEndpoint<\n void,\n HellewiCourseCount | undefined\n> = memoize(() => {\n const initial = undefined;\n const { api } = useCourseApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async () => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n // request already ongoing, don't start a new one\n state.value === RequestState.Loading ||\n // don't load again if this is already successfully loaded\n state.value === RequestState.Success\n ) {\n return;\n }\n\n try {\n state.value = RequestState.Loading;\n response.value = await api.value.getCourseCount({});\n state.value = RequestState.Success;\n } catch {\n response.value = initial;\n state.value = RequestState.Error;\n }\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n});\n\nexport const useGetCourse: ApiEndpoint<\n string,\n HellewiCourse | undefined\n> = memoize(() => {\n const initial = undefined;\n const { api } = useCourseApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async (id: string) => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n // course already loaded successfully, don't load again\n (state.value === RequestState.Success && response.value?.id === id)\n ) {\n return;\n }\n\n try {\n response.value = initial;\n state.value = RequestState.Loading;\n response.value = await api.value.getCourse({ id });\n state.value = RequestState.Success;\n } catch {\n state.value = RequestState.Error;\n }\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n});\n\nexport interface ListCoursesInput {\n q?: string;\n page?: number;\n limit?: number;\n}\n\nexport interface ListCoursesResponseCourse extends HellewiCoursePartial {\n participantcount?: HellewiParticipantCount;\n}\n\nexport interface ListCoursesResponse {\n count: number;\n courses: ListCoursesResponseCourse[];\n locations: HellewiLocation[];\n}\n\nexport const useListCourses: ApiEndpoint<\n ListCoursesInput,\n ListCoursesResponse\n> = memoize(() => {\n const initial: ListCoursesResponse = { count: 0, courses: [], locations: [] };\n const { api } = useCourseApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n const currentParams = ref(undefined);\n const ongoing = ref | undefined>(undefined);\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async (params: ListCoursesInput) => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n // don't load again if this is already successfully loaded\n (state.value === RequestState.Success &&\n isEqual(currentParams.value, params))\n ) {\n return;\n } else if (ongoing.value) {\n // cancel the previous ongoing load\n ongoing.value.cancel();\n }\n\n ongoing.value = new PCancelable(async (resolve, reject, onCancel) => {\n onCancel(() => reject('cancelled'));\n try {\n if (!api.value) {\n return;\n }\n const responseRaw = await api.value.listCoursesRaw(params);\n const partialCourses = await responseRaw.value();\n const ids = partialCourses.map((course) => course.id);\n const participantCounts = isEmpty(ids)\n ? []\n : await api.value.listCourseParticipantCounts({\n ids\n });\n\n const count = Math.min(\n 9996, // Upper limit of the API is currently 10k, limit to full pages\n parseInt(responseRaw.raw.headers.get('x-total-count') as string, 10)\n );\n const locations: HellewiLocation[] = filterUndefineds(\n map((course) => course.location, partialCourses)\n );\n const courses = map(\n (course) => ({\n ...course,\n participantcount: find(\n (pc) => pc.id === course.id,\n participantCounts\n )\n }),\n partialCourses\n );\n\n resolve({ count, courses, locations });\n } catch {\n reject();\n }\n });\n\n try {\n state.value = RequestState.Loading;\n response.value = initial;\n response.value = await ongoing.value;\n currentParams.value = params;\n state.value = RequestState.Success;\n } catch (err) {\n if (err !== 'cancelled') {\n state.value = RequestState.Error;\n }\n // if this request was cancelled, don't touch the request state as the cancelling\n // request will handle the situation\n }\n ongoing.value = undefined;\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n});\n","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-navbar',{staticClass:\"nav-container\"},[_c('template',{slot:\"brand\"},[_c('Logo')],1),_c('template',{slot:\"end\"},[_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{\n path: (\"/\" + _vm.language + \"/search\")\n }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.browse')))]),_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{ path: (\"/\" + _vm.language + \"/service-providers\") }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.serviceProviders'))+\" \")]),_c('LanguageSelection')],1)],2)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-navbar-dropdown',{attrs:{\"right\":\"\",\"collapsible\":\"\"}},[_c('template',{slot:\"label\"},[_c('div',{staticClass:\"language-columns\"},[_c('b-icon',{attrs:{\"icon\":\"earth\"}}),_c('span',{staticClass:\"mobile\"},[_vm._v(_vm._s(_vm.$t('header.languages')))])],1)]),_c('b-navbar-item',{on:{\"click\":function($event){return _vm.changeLanguage('fi')}}},[_vm._v(\" Suomeksi \")]),_c('b-navbar-item',{on:{\"click\":function($event){return _vm.changeLanguage('sv')}}},[_vm._v(\" På svenska \")]),_c('b-navbar-item',{on:{\"click\":function($event){return _vm.changeLanguage('en')}}},[_vm._v(\" In English \")])],2)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./language-selection.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./language-selection.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./language-selection.vue?vue&type=template&id=627ea928&scoped=true\"\nimport script from \"./language-selection.vue?vue&type=script&lang=ts\"\nexport * from \"./language-selection.vue?vue&type=script&lang=ts\"\nimport style0 from \"./language-selection.vue?vue&type=style&index=0&id=627ea928&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"627ea928\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-navbar-item',{staticClass:\"logo-link\",attrs:{\"tag\":\"router-link\",\"to\":{ path: '/' + _vm.language },\"aria-label\":_vm.$t('logo.frontPage')}},[(_vm.serviceName !== 'E-opisto.fi')?_c('img',{staticClass:\"logo-image\",style:('maxWidth: ' + _vm.width),attrs:{\"src\":require(\"../../../frontend-assets/logo.svg\"),\"alt\":\"Linnunrata.fi\"}}):_vm._e(),(_vm.serviceName === 'E-opisto.fi')?_c('img',{staticClass:\"logo-image\",style:('maxWidth: ' + _vm.width + '; maxHeight: 100%'),attrs:{\"src\":require(\"../../../frontend-assets/logo.jpg\"),\"alt\":\"Linnunrata.fi\"}}):_vm._e()])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./logo.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./logo.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./logo.vue?vue&type=template&id=4e8e138e&scoped=true&%3Aclass=%7B%20eopisto%3A%20serviceName%20%3D%3D%3D%20'E-opisto.fi'%20%7D\"\nimport script from \"./logo.vue?vue&type=script&lang=ts\"\nexport * from \"./logo.vue?vue&type=script&lang=ts\"\nimport style0 from \"./logo.vue?vue&type=style&index=0&id=4e8e138e&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"4e8e138e\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./header.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./header.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./header.vue?vue&type=template&id=4311976c&scoped=true\"\nimport script from \"./header.vue?vue&type=script&lang=ts\"\nexport * from \"./header.vue?vue&type=script&lang=ts\"\nimport style0 from \"./header.vue?vue&type=style&index=0&id=4311976c&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"4311976c\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('nav',{staticClass:\"header-mobile\"},[_c('b-button',{staticClass:\"back-button\",attrs:{\"rounded\":\"\"},on:{\"click\":_vm.goBack}},[_c('b-icon',{staticClass:\"side-icon\",attrs:{\"icon\":\"arrow-left\",\"size\":\"is-medium\"}})],1),_c('Logo',{attrs:{\"width\":_vm.logoWidth}}),_c('b-button',{staticClass:\"menu-button\",attrs:{\"rounded\":\"\"},on:{\"click\":function($event){_vm.menuModalActive = true}}},[_c('b-icon',{staticClass:\"side-icon\",attrs:{\"icon\":\"menu\",\"size\":\"is-medium\"}})],1),_c('b-modal',{attrs:{\"width\":640,\"scroll\":\"keep\"},model:{value:(_vm.menuModalActive),callback:function ($$v) {_vm.menuModalActive=$$v},expression:\"menuModalActive\"}},[_c('div',{staticClass:\"content notification\"},[_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{ path: (\"/\" + _vm.language + \"/search\") }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.browse')))]),_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{ path: (\"/\" + _vm.language + \"/service-providers\") }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.serviceProviders'))+\" \")]),_c('LanguageSelection')],1)])],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./header-mobile.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./header-mobile.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./header-mobile.vue?vue&type=template&id=7cbfb93d&scoped=true\"\nimport script from \"./header-mobile.vue?vue&type=script&lang=ts\"\nexport * from \"./header-mobile.vue?vue&type=script&lang=ts\"\nimport style0 from \"./header-mobile.vue?vue&type=style&index=0&id=7cbfb93d&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"7cbfb93d\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('footer',{staticClass:\"footer\"},[_c('div',{staticClass:\"container\"},[_c('div',{staticClass:\"columns is-centered\"},[_c('div',{staticClass:\"column is-two-fifths\"},[_c('div',{staticClass:\"content\"},[_c('h3',{staticClass:\"has-text-weight-light\"},[_vm._v(\" \"+_vm._s(_vm.$tc('footer.amountOfCourses', _vm.totalCourseCount, { n: _vm.totalCourseCount === 0 ? _vm.$t('footer.many') : _vm.totalCourseCount }))+\" \")])])]),_c('div',{staticClass:\"column\"}),_c('div',{staticClass:\"column\"},[_c('nav',{staticClass:\"menu\"},[_c('p',{staticClass:\"menu-label\"},[_vm._v(\" \"+_vm._s(_vm.$t('footer.languages'))+\" \")]),_c('ul',{staticClass:\"menu-list\"},[_c('li',[_c('a',{on:{\"click\":function($event){return _vm.changeLanguage('fi')}}},[_vm._v(\"Suomeksi\")])]),_c('li',[_c('a',{on:{\"click\":function($event){return _vm.changeLanguage('sv')}}},[_vm._v(\"På svenska\")])]),_c('li',[_c('a',{on:{\"click\":function($event){return _vm.changeLanguage('en')}}},[_vm._v(\"In English\")])])])])]),_c('div',{staticClass:\"column\"},[_c('nav',{staticClass:\"menu\"},[_c('p',{staticClass:\"menu-label\"},[_vm._v(_vm._s(_vm.$t('footer.serviceName')))]),_c('ul',{staticClass:\"menu-list\"},[_c('li',[_c('router-link',{attrs:{\"to\":{ path: (\"/\" + _vm.language + \"/search\") }}},[_vm._v(_vm._s(_vm.$t('footer.browse')))])],1),_c('li',[_c('router-link',{attrs:{\"to\":{ path: (\"/\" + _vm.language + \"/service-providers\") }}},[_vm._v(_vm._s(_vm.$t('footer.serviceProviders')))])],1),(false)?_c('li',[_c('router-link',{attrs:{\"to\":{ path: (\"/\" + _vm.language) }}},[_vm._v(_vm._s(_vm.$t('footer.howTo')))])],1):_vm._e()])])])]),_c('div',{staticClass:\"content has-text-centered mt-6\"},[_c('p',[_vm._v(_vm._s(_vm.$t('footer.poweredBy')))])])])])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./footer.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./footer.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./footer.vue?vue&type=template&id=372c9a6f\"\nimport script from \"./footer.vue?vue&type=script&lang=ts\"\nexport * from \"./footer.vue?vue&type=script&lang=ts\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return (_vm.center)?_c('l-map',{attrs:{\"zoom\":14,\"center\":_vm.center,\"options\":_vm.MAP_OPTIONS}},[_c('l-control-zoom'),_c('l-tile-layer',{attrs:{\"url\":_vm.URL}}),_c('l-marker',{attrs:{\"lat-lng\":_vm.center,\"icon\":_vm.markerIcon}},[_c('l-tooltip',[_vm._v(_vm._s(_vm.text))])],1)],1):_vm._e()}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-map.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-map.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./course-map.vue?vue&type=template&id=ae706af8\"\nimport script from \"./course-map.vue?vue&type=script&lang=ts\"\nexport * from \"./course-map.vue?vue&type=script&lang=ts\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[(_vm.price)?_c('span',{staticClass:\"price\"},[_vm._v(\" \"+_vm._s(_vm._f(\"price\")(_vm.price))+\" \")]):_c('span',{staticClass:\"price\"},[_vm._v(_vm._s(_vm.$t('registrationBox.noprice')))]),(_vm.course.begins && _vm.course.ends)?_c('span',[_c('b-icon',{staticClass:\"icon\",attrs:{\"icon\":\"calendar-today\",\"size\":\"is-small\"}}),_vm._v(\" \"+_vm._s(_vm._f(\"dateRange\")(_vm.course.begins,_vm.course.ends))+\" \")],1):_vm._e(),_c('div',{staticClass:\"weekdays\"},[_c('b-icon',{staticClass:\"icon left-margin weekday-icon\",attrs:{\"icon\":\"calendar-clock\",\"size\":\"is-small\"}}),_c('div',_vm._l((_vm.sortBy('weekday', _vm.formattedWeekdays)),function(day){return _c('div',{key:String(day.weekday),staticClass:\"weekday\"},[(day.weekday)?_c('span',{staticClass:\"weekday-short\"},[_vm._v(\" \"+_vm._s(_vm.$d(day.weekday, 'weekdayShort'))+\" \")]):_vm._e(),(day.times.length === 1)?_c('span',[_vm._v(\" \"+_vm._s(day.times[0].begins)+\"–\"+_vm._s(day.times[0].ends)+\" \")]):_vm._e(),(day.times.length > 1)?_c('span',[_c('b-collapse',{attrs:{\"open\":false,\"position\":\"is-bottom\",\"aria-id\":\"weekdays\"},scopedSlots:_vm._u([{key:\"trigger\",fn:function(props){return [_c('a',{staticClass:\"is-primary weekday-times\",attrs:{\"aria-controls\":\"weekdays\"}},[_vm._v(\" \"+_vm._s(props.open ? _vm.$t('registrationBox.hidetimes') : _vm.$t('registrationBox.severaltimes'))+\" \"),_c('b-icon',{staticClass:\"is-primary\",attrs:{\"icon\":props.open ? 'menu-up' : 'menu-down'}})],1)]}}],null,true)},_vm._l((day.times),function(time){return _c('p',{key:time.begins + time.ends},[_vm._v(\" \"+_vm._s(time.begins)+\"–\"+_vm._s(time.ends)+\" \")])}),0)],1):_vm._e()])}),0)],1),_c('b',[_vm._v(\" \"+_vm._s(_vm.$t('registrationBox.availablePlaces'))+\" \")]),_c('div',{staticClass:\"availability-container\"},[_c('div',{staticClass:\"availability\",class:(\"type--\" + _vm.availability)}),(_vm.availability)?_c('span',[_vm._v(\" \"+_vm._s(_vm.$t((\"registrationBox.\" + _vm.availability)))+\" \")]):_vm._e()]),(_vm.course.registrationbegins)?_c('span',{staticClass:\"info-section\"},[_c('b',[_vm._v(_vm._s(_vm.$t('registrationBox.registrationPeriodStarts')))]),_c('br'),_vm._v(\" \"+_vm._s(_vm._f(\"dateTime\")(_vm.course.registrationbegins))+\" \")]):_vm._e(),(_vm.course.registrationendssoft)?_c('span',{staticClass:\"info-section\"},[_c('b',[_vm._v(_vm._s(_vm.$t('registrationBox.registrationPeriodEnds')))]),_c('br'),_vm._v(\" \"+_vm._s(_vm._f(\"midnight\")(_vm.course.registrationendssoft))+\" \")]):_vm._e(),(!_vm.course.registrationbegins && !_vm.course.registrationendssoft)?_c('span',{staticClass:\"info-section\"},[_c('b',[_vm._v(_vm._s(_vm.$t('registrationBox.registrationPeriod')))]),_c('br'),_vm._v(\" \"+_vm._s(_vm.$t('registrationBox.notprovided'))+\" \")]):_vm._e(),_c('b-button',{staticClass:\"is-primary button\",attrs:{\"tag\":\"a\",\"href\":_vm.course.registrationlink,\"target\":\"_blank\",\"disabled\":!_vm.course.participantcount.registrationopen}},[_vm._v(\" \"+_vm._s(_vm.$t('registrationBox.register'))+\" \")])],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { HellewiParticipantCount } from '../api';\n\nexport enum Availability {\n sparesAvailable = 'sparesAvailable',\n full = 'full',\n almostfull = 'almostfull',\n available = 'available',\n registrationClosed = 'registrationClosed'\n}\nexport const getAvailability = (\n pc: HellewiParticipantCount | undefined\n): Availability | undefined => {\n if (!pc) {\n return undefined;\n }\n if (!pc.registrationopen) {\n return Availability.registrationClosed;\n } else if (pc.full && pc.sparefull) {\n return Availability.full;\n } else if (pc.full && !pc.sparefull) {\n return Availability.sparesAvailable;\n } else if (pc.almostfull && !pc.full) {\n return Availability.almostfull;\n } else if (!pc.almostfull && !pc.full) {\n return Availability.available;\n }\n return undefined;\n};\n","import { find } from 'lodash/fp';\n\nimport { HellewiCoursePartial, HellewiCoursePrice } from '../api';\n\nexport const getDefaultPrice = (\n course: Pick | undefined\n): HellewiCoursePrice | undefined => {\n if (!course || !course.prices) {\n return undefined;\n }\n\n return find({ _default: true }, course.prices);\n};\n\nexport const getPriceEuros = (\n price: Pick | undefined\n): number | undefined => {\n if (price != null && price.amount != null) {\n return price.amount / 100;\n } else {\n return undefined;\n }\n};\n","import { setISODay } from 'date-fns';\nimport { groupBy, map, sortBy, values } from 'lodash/fp';\n\nimport { HellewiCourseDay } from '../api';\n\nexport interface FormatedWeekday {\n weekday: Date | undefined;\n times: WeekdayTime[];\n}\n\nexport interface WeekdayTime {\n begins: string | undefined;\n ends: string | undefined;\n}\n\nexport const currentYear = new Date().getFullYear();\nexport const nextYear = currentYear + 1;\nexport const currentMonth = new Date().getMonth() + 1;\n\nexport const WEEKDAY_VALUES = new Map([\n ['1', 'monday'],\n ['2', 'tuesday'],\n ['3', 'wednesday'],\n ['4', 'thursday'],\n ['5', 'friday'],\n ['6', 'saturday'],\n ['7', 'sunday']\n]);\n\n/**\n * Combine an array of HellewiCourseDays with possible multiple times on a same day\n * to an array that has only one entry for each day, and that day's times in a\n * separate array.\n *\n * Weekday is also converted to a javascript date so that it can be formatted\n * with i18n. (date and time are faked with setISODay, so use only the weekday from that)\n *\n * Grouped days are not sorted as it would be difficult to get sunday last.\n * Rely on backed giving the days sorted correctly and groupBy retaining that order.\n *\n * @param days array of HellewiCourseDays to be combined\n * @returns combined weekdays with possibly lots of times on a single weekday\n */\nexport const formatWeekdays = (\n days: HellewiCourseDay[] | undefined\n): FormatedWeekday[] =>\n map(\n (groupedDays) => ({\n weekday: groupedDays[0].weekday\n ? setISODay(new Date(), groupedDays[0].weekday)\n : undefined,\n times: sortBy(\n ({ begins }) => begins,\n map(({ begins, ends }) => ({ begins, ends }), groupedDays)\n )\n }),\n values(groupBy((day) => day.weekday, days))\n );\n","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./registration-box.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./registration-box.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./registration-box.vue?vue&type=template&id=085355a3&scoped=true\"\nimport script from \"./registration-box.vue?vue&type=script&lang=ts\"\nexport * from \"./registration-box.vue?vue&type=script&lang=ts\"\nimport style0 from \"./registration-box.vue?vue&type=style&index=0&id=085355a3&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"085355a3\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-collapse',{staticClass:\"card collapse-card\",attrs:{\"animation\":\"slide\",\"aria-id\":_vm.lessons.name + _vm.lessons.begins,\"open\":false},scopedSlots:_vm._u([{key:\"trigger\",fn:function(props){return _c('div',{staticClass:\"card-header collapse-card-header\",attrs:{\"role\":\"button\",\"aria-controls\":_vm.lessons.name + _vm.lessons.begins}},[_c('span',{staticClass:\"card-header-title collapse-title-container\"},[(_vm.lessons.name)?_c('span',[_vm._v(_vm._s(_vm.lessons.name + ' '))]):_vm._e(),_c('div',{staticClass:\"collapse-title-details\"},[(_vm.lessons.begins && _vm.lessons.ends)?_c('div',{staticClass:\"collapse-title-detail\"},[_c('b-icon',{staticClass:\"icon collapse-title-icon\",attrs:{\"icon\":\"calendar-today\",\"size\":\"is-small\"}}),_c('p',[_vm._v(_vm._s(_vm._f(\"dateRange\")(_vm.lessons.begins,_vm.lessons.ends)))])],1):_vm._e(),(_vm.lessons.lessoncount)?_c('div',{staticClass:\"collapse-title-detail\"},[_c('b-icon',{staticClass:\"icon collapse-title-icon\",attrs:{\"icon\":\"timer-sand\",\"size\":\"is-small\"}}),_c('p',[_vm._v(\" \"+_vm._s(_vm.$tc('lessonsCollapse.lessons', _vm.lessons.lessoncount))+\" \")])],1):_vm._e()])]),_c('a',{staticClass:\"card-header-icon\"},[_c('b-icon',{attrs:{\"icon\":props.open ? 'chevron-up' : 'chevron-down'}})],1)])}}])},[_c('div',{staticClass:\"card-content\"},[_c('div',{staticClass:\"content\"},[(!_vm.lessons.lessons)?_c('span',[_vm._v(\" \"+_vm._s(_vm.$t('lessonsCollapse.lessonsNotprovided'))+\" \")]):_vm._e(),(_vm.lessons.lessons)?_c('div',{staticClass:\"lessons-table\"},[_c('b-table',{attrs:{\"data\":_vm.lessons.lessons,\"mobile-cards\":true}},[_c('b-table-column',{attrs:{\"custom-key\":\"day\"},scopedSlots:_vm._u([{key:\"default\",fn:function(props){return [_c('span',{staticClass:\"weekdayLong\"},[_vm._v(\" \"+_vm._s(_vm.$d(new Date(props.row.begins), 'weekdayLong'))+\" \"+_vm._s(_vm._f(\"dateRange\")(new Date(props.row.begins),new Date(props.row.ends)))+\" \")])]}}],null,false,461554443)}),_c('b-table-column',{attrs:{\"custom-key\":\"time\"},scopedSlots:_vm._u([{key:\"default\",fn:function(props){return [_vm._v(\" \"+_vm._s(_vm._f(\"timeRange\")(new Date(props.row.begins),new Date(props.row.ends)))+\" \")]}}],null,false,1019148718)}),_c('b-table-column',{attrs:{\"custom-key\":\"place\"},scopedSlots:_vm._u([{key:\"default\",fn:function(props){return [(props.row.location)?_c('span',[_vm._v(\" \"+_vm._s([props.row.location.name, props.row.location.address] .filter(Boolean) .join(', '))+\" \")]):_c('span',[_vm._v(\" \"+_vm._s(_vm.$t('lessonsCollapse.placenotprovided'))+\" \")])]}}],null,false,3619176102)})],1)],1):_vm._e()])])])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lessons-collapse.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lessons-collapse.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./lessons-collapse.vue?vue&type=template&id=fe20bad2&scoped=true\"\nimport script from \"./lessons-collapse.vue?vue&type=script&lang=ts\"\nexport * from \"./lessons-collapse.vue?vue&type=script&lang=ts\"\nimport style0 from \"./lessons-collapse.vue?vue&type=style&index=0&id=fe20bad2&prod&lang=scss&scoped=true\"\nimport style1 from \"./lessons-collapse.vue?vue&type=style&index=1&id=fe20bad2&prod&lang=scss\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"fe20bad2\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./course.vue?vue&type=template&id=0a0045fb&scoped=true\"\nimport script from \"./course.vue?vue&type=script&lang=ts\"\nexport * from \"./course.vue?vue&type=script&lang=ts\"\nimport style0 from \"./course.vue?vue&type=style&index=0&id=0a0045fb&prod&lang=scss&scoped=true\"\nimport style1 from \"./course.vue?vue&type=style&index=1&id=0a0045fb&prod&lang=scss\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"0a0045fb\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[_c('Header'),_c('section',{staticClass:\"section content--full-height\"},[_c('h1',{staticClass:\"title has-text-weight-light headline\"},[_vm._v(\" \"+_vm._s(_vm.$t('index.title'))+\" \")]),_c('LanderSearch',{on:{\"locating-error\":_vm.onLocatingError,\"locating-successful\":_vm.onLocatingSuccessful}})],1),_c('section',[_c('Categories',{attrs:{\"classifications\":_vm.popularClassifications}})],1),_c('Footer')],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { ref } from '@vue/composition-api';\nimport { isEqual, memoize } from 'lodash/fp';\nimport PCancelable from 'p-cancelable';\n\nimport {\n Configuration,\n CatalogApi,\n CatalogApiInterface,\n HellewiCatalog\n} from '../api';\n\nimport {\n Api,\n ApiEndpoint,\n ApiEndpointInitialization,\n RequestState\n} from '../utils/api-utils';\n\n/**\n * Use catalog API\n */\nexport const useCatalogApi: Api = memoize(() => {\n const api = ref(undefined);\n\n const changeConfiguration = (configuration: Configuration) => {\n api.value = new CatalogApi(configuration);\n };\n\n return {\n api,\n changeConfiguration\n };\n});\n\nexport const useGetCatalogUnfiltered: ApiEndpoint<\n void,\n HellewiCatalog | undefined\n> = memoize(() => {\n const initial = undefined;\n const { api } = useCatalogApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async () => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n // request already ongoing, don't start a new one\n state.value === RequestState.Loading ||\n // don't load again if this is already successfully loaded\n state.value === RequestState.Success\n ) {\n return;\n }\n\n try {\n state.value = RequestState.Loading;\n response.value = await api.value.getCatalog({});\n state.value = RequestState.Success;\n } catch {\n response.value = initial;\n state.value = RequestState.Error;\n }\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n});\n\nexport const useGetCatalog: ApiEndpoint<\n string | undefined,\n HellewiCatalog | undefined\n> = memoize(() => {\n const initial = undefined;\n const { api } = useCatalogApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n const currentQ = ref(undefined);\n const ongoing = ref | undefined>(\n undefined\n );\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async (q: string | undefined) => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n // don't load again if this is already successfully loaded\n (state.value === RequestState.Success && isEqual(currentQ.value, q))\n ) {\n return;\n } else if (ongoing.value) {\n // cancel the previous ongoing load\n ongoing.value.cancel();\n }\n\n ongoing.value = new PCancelable(async (resolve, reject, onCancel) => {\n onCancel(() => reject('cancelled'));\n try {\n if (!api.value) {\n return;\n }\n const catalog = await api.value.getCatalog({ q });\n resolve(catalog);\n } catch {\n reject();\n }\n });\n\n try {\n state.value = RequestState.Loading;\n response.value = initial;\n response.value = await ongoing.value;\n currentQ.value = q;\n state.value = RequestState.Success;\n } catch (err) {\n if (err !== 'cancelled') {\n state.value = RequestState.Error;\n }\n // if this request was cancelled, don't touch the request state as the cancelling\n // request will handle the situation\n }\n ongoing.value = undefined;\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n});\n","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('section',[_c('div',{staticClass:\"container\"},[_c('b-field',{staticClass:\"lines-container\",attrs:{\"position\":\"is-centered\",\"grouped\":\"\",\"group-multiline\":\"\"}},[_c('b-field',{staticClass:\"field-container\",attrs:{\"label\":_vm.$t('landerSearch.keyword')}},[_c('b-autocomplete',{ref:\"keywordElement\",staticClass:\"word-search\",attrs:{\"placeholder\":_vm.$t('landerSearch.searchForCourse'),\"type\":\"is-primary\",\"icon-right\":\"magnify\",\"clearable\":\"\",\"data\":_vm.searchSuggestions,\"open-on-focus\":true},scopedSlots:_vm._u([{key:\"header\",fn:function(){return [(_vm.searchSuggestions.length > 0)?_c('strong',[_vm._v(_vm._s(_vm.$t('landerSearch.commonSearches')))]):_vm._e()]},proxy:true}]),model:{value:(_vm.keyword),callback:function ($$v) {_vm.keyword=$$v},expression:\"keyword\"}})],1),_c('b-field',{staticClass:\"field-container location-search\"},[_c('template',{slot:\"label\"},[_vm._v(\" \"+_vm._s(_vm.$t('landerSearch.location'))+\" \"),_c('a',{staticClass:\"has-text-weight-medium\",on:{\"click\":_vm.getMyLocation}},[_vm._v(_vm._s(_vm.$t('landerSearch.useMyCurrentLocation')))])]),_c('b-autocomplete',{attrs:{\"placeholder\":_vm.$t('landerSearch.address'),\"type\":\"search\",\"data\":_vm.locationSuggestions,\"icon-right\":\"map-marker-outline\",\"clearable\":\"\"},on:{\"select\":_vm.onLocationAutocompleteSelect},model:{value:(_vm.location),callback:function ($$v) {_vm.location=$$v},expression:\"location\"}})],2),_c('b-field',{staticClass:\"field-container\",attrs:{\"grouped\":\"\"}},[_c('b-field',{attrs:{\"label\":_vm.$t('landerSearch.distance'),\"expanded\":\"\"}},[_c('b-dropdown',{model:{value:(_vm.distance),callback:function ($$v) {_vm.distance=$$v},expression:\"distance\"}},[_c('b-input',{staticClass:\"distance-search\",attrs:{\"slot\":\"trigger\",\"disabled\":_vm.location === undefined || _vm.location === '',\"type\":\"button\",\"icon-right\":\"arrow-expand\",\"value\":_vm.location ? _vm.distance + ' km' : _vm.$t('landerSearch.distance')},slot:\"trigger\"}),_c('b-dropdown-item',{attrs:{\"value\":10,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"10 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":25,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"25 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":50,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"50 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":100,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"100 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":250,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"250 km\")])])],1)],1),_c('b-field',[_c('b-button',{staticClass:\"is-uppercase search-button\",attrs:{\"type\":\"is-primary\"},on:{\"click\":_vm.search}},[_vm._v(_vm._s(_vm.$t('landerSearch.search')))])],1)],1)],1),_c('b-loading',{attrs:{\"is-full-page\":false,\"can-cancel\":true},model:{value:(_vm.locationLoading),callback:function ($$v) {_vm.locationLoading=$$v},expression:\"locationLoading\"}}),_c('p',{staticClass:\"note\"},[_c('b-icon',{attrs:{\"icon\":\"lightbulb-on-outline\"}}),_vm._v(\" \"+_vm._s(_vm.$t('landerSearch.onlineClasses'))+\" \")],1)],1)])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { filter, isEmpty } from 'lodash/fp';\n\nimport { Geopoint } from '../api';\nimport municipalitiesData from '../../frontend-assets/kunnat.json';\n\nconst municipalities = municipalitiesData.map(\n (m) => `${m.Kunta}, ${m.Maakunta}`\n);\n\nconst OPENSTREETMAP_NOMINATIM_BASEURL = 'https://nominatim.openstreetmap.org';\n\nexport const DEFAULT_ZOOM = 5;\nexport const DEFAULT_GEOPOINT: Geopoint = { lat: 65.3, lon: 26.770566 };\nexport const DISTANCE_AND_ZOOM_PAIRS = new Map([\n [undefined, DEFAULT_ZOOM],\n [10, 12],\n [25, 10],\n [50, 9],\n [100, 7.5],\n [250, 6]\n]);\n\nexport interface Address {\n county: string;\n city: string;\n}\n\n/**\n * Get address for coordinates from openstreetmap nominatim service\n *\n * @param geoPoint coordinates to be translated to address\n * @returns\n */\nexport const getAddressByCoordinates = async (\n geoPoint: Geopoint\n): Promise
=> {\n const query = new URLSearchParams({\n lat: String(geoPoint.lat),\n lon: String(geoPoint.lon),\n format: 'json'\n });\n\n const response = await fetch(\n `${OPENSTREETMAP_NOMINATIM_BASEURL}/reverse?${query.toString()}`\n );\n if (!response.ok) {\n return undefined;\n }\n\n const data = await response.json();\n if (\n !data.address.county ||\n isEmpty(data.address.county) ||\n !data.address.city ||\n isEmpty(data.address.city)\n ) {\n return undefined;\n }\n\n return {\n county: data.address.county,\n city: data.address.city\n };\n};\n\n/**\n * Get coordinates for address from openstreetmap nominatim service\n *\n * @param address\n * @returns GeoPoint if coordinates were found, undefined if not\n */\nexport const getCoordinatesByAddress = async (\n address: string\n): Promise => {\n const query = new URLSearchParams({\n q: `${address}, finland`,\n format: 'json'\n });\n\n const response = await fetch(\n `${OPENSTREETMAP_NOMINATIM_BASEURL}/search?${query.toString()}`\n );\n if (!response.ok) {\n return undefined;\n }\n\n // eslint-disable-next-line @typescript-eslint/no-explicit-any\n const data: any[] = await response.json();\n if (isEmpty(data) || data.length < 1) {\n return undefined;\n }\n\n const lat = parseFloat(data[0].lat);\n const lon = parseFloat(data[0].lon);\n\n if (isNaN(lat) || isNaN(lon)) {\n return undefined;\n }\n\n return { lat, lon };\n};\n\n/**\n * Get a list of municipalities that match given input\n *\n * For location autocomplete\n *\n * @param input typed input\n * @returns array of municipality names\n */\nexport const getLocationSuggestions = (input: string | undefined): string[] => {\n if (!input || isEmpty(input)) {\n return [];\n }\n\n return filter(\n (municipality) => municipality.toLowerCase().includes(input.toLowerCase()),\n municipalities\n );\n};\n","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lander-search.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lander-search.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./lander-search.vue?vue&type=template&id=ac9edd0c&scoped=true\"\nimport script from \"./lander-search.vue?vue&type=script&lang=ts\"\nexport * from \"./lander-search.vue?vue&type=script&lang=ts\"\nimport style0 from \"./lander-search.vue?vue&type=style&index=0&id=ac9edd0c&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"ac9edd0c\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('section',{class:{ eopisto: _vm.serviceName === 'E-opisto.fi' }},[_c('div',{staticClass:\"imagecontainer\"},[(_vm.serviceName !== 'E-opisto.fi')?_c('img',{staticClass:\"image\",attrs:{\"src\":require(\"../../frontend-assets/frontpage.svg\"),\"alt\":\"\"}}):_vm._e(),(_vm.serviceName === 'E-opisto.fi')?_c('img',{staticClass:\"image\",attrs:{\"src\":require(\"../../frontend-assets/frontpage.jpg\"),\"alt\":\"\"}}):_vm._e()]),_c('div',{staticClass:\"content\"},[_c('div',{staticClass:\"title has-text-weight-light\"},[_vm._v(\" \"+_vm._s(_vm.$t('landerCategories.popularCategories'))+\" \")]),(_vm.classifications)?_c('b-taglist',{staticClass:\"tags-container\"},_vm._l((_vm.classifications),function(classification){return _c('div',{key:classification.id,staticClass:\"tag rounded is-medium\"},[_c('router-link',{staticClass:\"category-link\",attrs:{\"to\":{\n path: (\"/\" + _vm.language + \"/search?classifications=\" + (classification.id))\n }}},[_vm._v(\" \"+_vm._s(classification.name)+\" \")])],1)}),0):_vm._e()],1)])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lander-categories.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./lander-categories.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./lander-categories.vue?vue&type=template&id=36792a28&scoped=true\"\nimport script from \"./lander-categories.vue?vue&type=script&lang=ts\"\nexport * from \"./lander-categories.vue?vue&type=script&lang=ts\"\nimport style0 from \"./lander-categories.vue?vue&type=style&index=0&id=36792a28&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"36792a28\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./index.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./index.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./index.vue?vue&type=template&id=0f61d96f&scoped=true\"\nimport script from \"./index.vue?vue&type=script&lang=ts\"\nexport * from \"./index.vue?vue&type=script&lang=ts\"\nimport style0 from \"./index.vue?vue&type=style&index=0&id=0f61d96f&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"0f61d96f\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('router-view',{attrs:{\"apiConfiguration\":_vm.apiConfiguration}})}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { ref } from '@vue/composition-api';\nimport { map, memoize } from 'lodash/fp';\n\nimport {\n Configuration,\n HellewiTenant,\n TenantApi,\n TenantApiInterface\n} from '../api';\n\nimport {\n Api,\n ApiEndpoint,\n ApiEndpointInitialization,\n RequestState\n} from '../utils/api-utils';\n\n/**\n * Use tenant API\n *\n * This is a singleton function that will return always the same\n * variable references that are returned on the first call.\n * (accomplished via memoize)\n */\nexport const useTenantApi: Api = memoize(() => {\n const api = ref(undefined);\n\n const changeConfiguration = (configuration: Configuration) => {\n api.value = new TenantApi(configuration);\n };\n\n return {\n api,\n changeConfiguration\n };\n});\n\nconst formatUrl = (url: string | undefined): string | undefined => {\n if (!url) {\n return undefined;\n } else if (url.includes('://')) {\n return url;\n } else {\n return `https://${url}`;\n }\n};\n\nexport const useListTenants: ApiEndpoint = memoize(\n () => {\n const initial: HellewiTenant[] = [];\n const { api } = useTenantApi();\n const state = ref(RequestState.Uninitialized);\n const response = ref(initial);\n\n ApiEndpointInitialization(api, state, response, initial);\n\n const execute = async () => {\n if (\n !api.value ||\n state.value === RequestState.Uninitialized ||\n state.value === RequestState.Loading ||\n // don't load again if this is already successfully loaded\n state.value === RequestState.Success\n ) {\n return;\n }\n\n try {\n state.value = RequestState.Loading;\n response.value = map(\n (tenant) => ({\n ...tenant,\n facebook: formatUrl(tenant.facebook),\n twitter: formatUrl(tenant.twitter),\n instagram: formatUrl(tenant.instagram),\n linkedin: formatUrl(tenant.linkedin),\n homepage: formatUrl(tenant.homepage)\n }),\n await api.value.listTenants()\n );\n state.value = RequestState.Success;\n } catch {\n response.value = initial;\n state.value = RequestState.Error;\n }\n };\n\n return {\n initial,\n state,\n response,\n execute\n };\n }\n);\n","\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./language.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./language.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./language.vue?vue&type=template&id=d479b7ac\"\nimport script from \"./language.vue?vue&type=script&lang=ts\"\nexport * from \"./language.vue?vue&type=script&lang=ts\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[_c('Header'),_c('div',{staticClass:\"notfound-container\"},[_c('div',{staticClass:\"content-container\"},[_c('h1',{staticClass:\"title\"},[_vm._v(_vm._s(_vm.$t('notFound.notFound')))]),_c('p',[_vm._v(_vm._s(_vm.$t('notFound.explanation')))]),_c('router-link',{attrs:{\"to\":{ path: '/' + _vm.language }}},[_vm._v(_vm._s(_vm.$t('notFound.goBack')))])],1),_c('img',{staticClass:\"image\",attrs:{\"src\":require(\"../../frontend-assets/404.png\"),\"alt\":\"Bird with sunglasses\"}})]),_c('Footer',{attrs:{\"apiConfiguration\":_vm.apiConfiguration}})],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./not-found.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./not-found.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./not-found.vue?vue&type=template&id=6daa6884&scoped=true\"\nimport script from \"./not-found.vue?vue&type=script&lang=ts\"\nexport * from \"./not-found.vue?vue&type=script&lang=ts\"\nimport style0 from \"./not-found.vue?vue&type=style&index=0&id=6daa6884&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"6daa6884\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',{class:{ eopisto: _vm.serviceName === 'E-opisto.fi' }},[_c('SearchHeaderDesktop',{staticClass:\"desktop-search\",attrs:{\"keyword\":_vm.keyword,\"location\":_vm.location,\"distance\":_vm.distance || undefined}}),_c('SearchHeaderMobile',{staticClass:\"mobile-search\",attrs:{\"keyword\":_vm.keyword,\"location\":_vm.location,\"distance\":_vm.distance || undefined}}),_c('main',{staticClass:\"columns search-content is-gapless\"},[_c('aside',{staticClass:\"cards-container aside-content\"},[_c('div',{staticClass:\"desktop-search\"},[_c('span',{staticClass:\"is-uppercase is-size-7\"},[_c('span',[_vm._v(\" \"+_vm._s(_vm.$tc(\"search.amountOfSearchResults\", _vm.courseCount, { n: _vm.courseCount > 9990 ? _vm.$t('search.over10000') : _vm.courseCount }))+\" \")]),(_vm.location && _vm.distance)?_c('span',[_vm._v(\" · \"+_vm._s(_vm.$tc('search.area', _vm.distance))+\" \")]):_vm._e()]),(_vm.location)?_c('h1',{staticClass:\"has-text-weight-light mt-0\"},[_vm._v(\" \"+_vm._s(_vm.$t('search.offeringInArea', { location: _vm.location }))+\" \")]):_vm._e()]),_c('SearchFilters',{staticClass:\"filter-container\",attrs:{\"catalog\":_vm.catalog,\"classifications\":_vm.classifications,\"distanceLearning\":_vm.distanceLearning,\"languages\":_vm.languages,\"semester\":_vm.semester,\"serviceProviders\":_vm.serviceProviders,\"weekdays\":_vm.weekdays,\"registrationOpen\":_vm.registrationOpen,\"civicSkills\":_vm.civicSkills,\"creditCourse\":_vm.creditCourse}}),(_vm.serviceProviders)?_c('div',{staticClass:\"tenant-container\"},[_c('TenantDropdown',{staticClass:\"tenant\",attrs:{\"tenant\":_vm.tenant,\"browseLink\":false,\"detailsText\":true}})],1):_vm._e(),_c('span',{staticClass:\"is-uppercase is-size-7 mobile-total\"},[_vm._v(\" \"+_vm._s(_vm.$tc(\"search.amountOfSearchResults\", _vm.courseCount, { n: _vm.courseCount > 9990 ? _vm.$t('search.over10000') : _vm.courseCount }))+\" \")]),_c('b-button',{staticClass:\"show-map-button\",attrs:{\"rounded\":\"\"},on:{\"click\":function($event){_vm.showMap = !_vm.showMap}}},[_c('span',[_vm._v(_vm._s(_vm.$t('search.showMap')))])]),_c('CourseList',{attrs:{\"courses\":_vm.courses,\"isLoading\":_vm.isLoading}}),(_vm.courses.length > 0)?_c('div',{staticClass:\"pagination-container\"},[_c('SearchPagination',{attrs:{\"total\":_vm.courseCount,\"page\":_vm.page}})],1):_vm._e()],1),_c('section',{staticClass:\"column desktop-map\"},[_c('SearchMap',{attrs:{\"coordinates\":_vm.coordinates,\"zoom\":_vm.zoom,\"locations\":_vm.locations,\"courses\":_vm.courses,\"isLoading\":_vm.isLoading}})],1),_c('b-modal',{model:{value:(_vm.showMap),callback:function ($$v) {_vm.showMap=$$v},expression:\"showMap\"}},[_c('SearchMap',{key:_vm.showMap,staticClass:\"mobile-map\",attrs:{\"showMap\":_vm.showMap,\"coordinates\":_vm.coordinates,\"zoom\":_vm.zoom,\"locations\":_vm.locations,\"courses\":_vm.courses,\"isLoading\":_vm.isLoading}})],1)],1),_c('Footer')],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { currentYear, nextYear } from './date-utils';\n\ninterface Params {\n keyword?: string | undefined;\n coords?:\n | {\n lat: number;\n lon: number;\n }\n | undefined;\n distance?: number | undefined;\n weekdays?: string[] | undefined;\n semester?: Semester | undefined;\n categories?: string[] | undefined;\n classifications?: string[] | undefined;\n serviceProviders?: string[] | undefined;\n distanceLearning?: string | undefined;\n registrationOpen?: string | undefined;\n civicSkills?: string | undefined;\n creditCourse?: string | undefined;\n}\n\nexport const generateQuery = (params: Params) => {\n const {\n keyword,\n coords,\n distance,\n weekdays,\n semester,\n classifications,\n serviceProviders,\n distanceLearning,\n registrationOpen,\n civicSkills,\n creditCourse\n } = params;\n\n let query = '';\n if (keyword) {\n query = `${keyword} `;\n }\n if (distance && coords) {\n query += `distancefrom:${coords.lat},${coords.lon} distancesoft:<${distance}km distancehard:<${distance}km `;\n }\n\n if (weekdays) {\n for (const weekday of weekdays) {\n query += `weekday:${weekday} `;\n }\n }\n\n if (serviceProviders) {\n for (const serviceProvider of serviceProviders) {\n query += `tenant:${serviceProvider} `;\n }\n }\n\n if (classifications) {\n for (const classification of classifications) {\n query += `classification:${classification} `;\n }\n }\n\n if (semester) {\n query += `${dateRangeForSemester[semester]} `;\n }\n\n if (registrationOpen === 'true') {\n query += 'registrationopen:true ';\n }\n if (civicSkills === 'true') {\n query += 'tag:civicskills ';\n }\n if (creditCourse === 'true') {\n query += 'tag:creditcourse ';\n }\n\n if (distanceLearning === 'true') {\n query += 'location:distancelearning ';\n } else if (distanceLearning === 'false') {\n query += 'location:!distancelearning ';\n }\n\n query = query.trimEnd();\n\n return query === '' ? undefined : query;\n};\n\nexport enum Semester {\n CurrentYearAutumn = 'currentYearAutumn',\n CurrentYearSpring = 'currentYearSpring',\n CurrentYearSummer = 'currentYearSummer',\n NextYearAutumn = 'nextYearAutumn',\n NextYearSpring = 'nextYearSpring',\n NextYearSummer = 'nextYearSummer'\n}\n\nexport enum DistanceLearning {\n True = 'true',\n False = 'false'\n}\n\n/**\n * Explanation in search-filters.vue where options are defined\n */\nconst dateRangeForSemester: { [key in Semester]: string } = {\n [Semester.CurrentYearAutumn]: `begins:>=${currentYear}-08-01 ends:<=${currentYear}-12-31`,\n [Semester.CurrentYearSpring]: `begins:>=${currentYear}-01-01 ends:<=${currentYear}-07-31`,\n [Semester.CurrentYearSummer]: `begins:>=${currentYear}-06-01 ends:<=${currentYear}-08-31`,\n [Semester.NextYearAutumn]: `begins:>=${nextYear}-08-01 ends:<=${nextYear}-12-31`,\n [Semester.NextYearSpring]: `begins:>=${nextYear}-01-01 ends:<=${nextYear}-07-31`,\n [Semester.NextYearSummer]: `begins:>=${nextYear}-06-01 ends:<=${nextYear}-08-31`\n};\n\nexport function isNumeric(value: string) {\n return /^\\d+$/.test(value);\n}\n","import { SetupContext, ref, watch } from '@vue/composition-api';\nimport { includes } from 'lodash/fp';\n\nimport { Geopoint } from '../api';\nimport { RequestState } from '../utils/api-utils';\nimport {\n DEFAULT_GEOPOINT,\n DEFAULT_ZOOM,\n DISTANCE_AND_ZOOM_PAIRS,\n getCoordinatesByAddress\n} from '../utils/location-utils';\nimport { generateQuery, isNumeric, Semester } from '../utils/query-utils';\n\nconst useSearch = (ctx: SetupContext) => {\n const geocodingState = ref(RequestState.Initialized);\n const coordinates = ref(DEFAULT_GEOPOINT);\n const zoom = ref(DEFAULT_ZOOM);\n const keyword = ref();\n const location = ref();\n const distance = ref();\n const weekdays = ref();\n const semester = ref();\n const classifications = ref();\n const languages = ref();\n const serviceProviders = ref();\n const distanceLearning = ref();\n const registrationOpen = ref();\n const civicSkills = ref();\n const creditCourse = ref();\n\n const page = ref(1);\n const q = ref(undefined);\n\n watch(\n () => ctx.root.$route,\n async (route) => {\n page.value = isNumeric(route.query.page as string)\n ? parseInt(route.query.page as string, 10)\n : 1;\n\n keyword.value = route.query.q ? route.query.q.toString() : '';\n\n weekdays.value = route.query.weekdays\n ? (route.query.weekdays as string).split(',')\n : undefined;\n\n semester.value =\n route.query.semester && includes(route.query.semester, Semester)\n ? (route.query.semester as Semester)\n : undefined;\n\n classifications.value = route.query.classifications\n ? (route.query.classifications as string).split(',')\n : undefined;\n\n languages.value = route.query.languages\n ? (route.query.languages as string).split(',')\n : undefined;\n\n serviceProviders.value = route.query.serviceproviders\n ? (route.query.serviceproviders as string).split(',')\n : undefined;\n\n distanceLearning.value = route.query.distancelearning\n ? (route.query.distancelearning as string)\n : undefined;\n\n registrationOpen.value =\n route.query.registrationopen && route.query.registrationopen === 'true'\n ? 'true'\n : undefined;\n civicSkills.value =\n route.query.civicskills && route.query.civicskills === 'true'\n ? 'true'\n : undefined;\n creditCourse.value =\n route.query.creditcourse && route.query.creditcourse === 'true'\n ? 'true'\n : undefined;\n\n if (route.query.location) {\n geocodingState.value = RequestState.Loading;\n location.value = route.query.location.toString();\n try {\n const coords = await getCoordinatesByAddress(location.value);\n\n if (coords) {\n geocodingState.value = RequestState.Success;\n coordinates.value = { lat: coords.lat, lon: coords.lon };\n\n if (route.query.distance) {\n distance.value = Number(route.query.distance);\n zoom.value = route.query.distance\n ? DISTANCE_AND_ZOOM_PAIRS.get(Number(route.query.distance))\n : DEFAULT_ZOOM;\n }\n } else {\n geocodingState.value = RequestState.Error;\n }\n } catch (e) {\n geocodingState.value = RequestState.Error;\n }\n } else {\n geocodingState.value = RequestState.Initialized;\n location.value = undefined;\n distance.value = undefined;\n coordinates.value = DEFAULT_GEOPOINT;\n zoom.value = DEFAULT_ZOOM;\n }\n\n if (geocodingState.value !== RequestState.Error) {\n q.value = generateQuery({\n keyword: keyword.value,\n coords: location.value\n ? { lat: coordinates.value.lat, lon: coordinates.value.lon }\n : undefined,\n distance: distance.value,\n weekdays: weekdays.value,\n semester: semester.value,\n classifications: classifications.value,\n serviceProviders: serviceProviders.value,\n distanceLearning: distanceLearning.value,\n registrationOpen: registrationOpen.value,\n civicSkills: civicSkills.value,\n creditCourse: creditCourse.value\n });\n }\n },\n { immediate: true }\n );\n\n return {\n classifications,\n civicSkills,\n coordinates,\n creditCourse,\n distance,\n distanceLearning,\n geocodingState,\n keyword,\n languages,\n location,\n page,\n q,\n registrationOpen,\n semester,\n serviceProviders,\n weekdays,\n zoom\n };\n};\n\nexport default useSearch;\n","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[(!_vm.isLoading && !_vm.isEmpty(_vm.courses))?_c('div',{staticClass:\"cards\"},_vm._l((_vm.courses),function(course){return _c('CourseCard',{key:course.id,attrs:{\"course\":course,\"participantCount\":course.participantcount}})}),1):(!_vm.isLoading)?_c('div',{staticClass:\"noresults content\"},[_c('div',[_c('h4',[_vm._v(\" \"+_vm._s(_vm.$t('courseList.noResults'))+\" \")]),_c('p',[_vm._v(\" \"+_vm._s(_vm.$t('courseList.getMoreResults'))+\" \")])])]):_c('div',{staticClass:\"cards\"},[_c('CourseCard',{attrs:{\"isLoading\":\"\"}}),_c('CourseCard',{attrs:{\"isLoading\":\"\"}}),_c('CourseCard',{attrs:{\"isLoading\":\"\"}})],1)])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',{staticClass:\"card\"},[(_vm.course)?_c('div',[_c('router-link',{attrs:{\"to\":{ path: _vm.getCourseLink(_vm.course.id) }}},[(_vm.getPriceEuros(_vm.getDefaultPrice(_vm.course)))?_c('div',{staticClass:\"price\"},[_vm._v(\" \"+_vm._s(_vm._f(\"price\")(_vm.getPriceEuros(_vm.getDefaultPrice(_vm.course))))+\" \")]):_vm._e(),(_vm.distanceLearning)?_c('b-icon',{staticClass:\"distancelearning\",attrs:{\"icon\":\"web\"}}):_vm._e(),_c('div',{staticClass:\"availability\",class:(\"type--\" + _vm.availability)},[_c('b-tooltip',{attrs:{\"type\":\"is-light\",\"label\":_vm.$t((\"courseCard.\" + _vm.availability))}},[_c('div',{staticClass:\"tooltip-placeholder\"})])],1),_c('div',{staticClass:\"card-image\",style:({ background: _vm.color })},[(_vm.serviceName !== 'E-opisto.fi')?_c('img',{staticClass:\"cover-image\",attrs:{\"src\":_vm.imageUrl,\"alt\":\"Cover image\"}}):_vm._e(),(_vm.serviceName === 'E-opisto.fi')?_c('img',{staticClass:\"cover-image\",style:({ objectFit: 'cover' }),attrs:{\"src\":_vm.imageUrl,\"alt\":\"Cover image\"}}):_vm._e()]),_c('div',{staticClass:\"card-content flex-column\"},[_c('p',{staticClass:\"title\"},[_c('v-clamp',{staticClass:\"title-v-clamp\",attrs:{\"expanded\":_vm.expanded,\"max-lines\":2},nativeOn:{\"mouseover\":function($event){_vm.expanded = true},\"mouseleave\":function($event){_vm.expanded = false}}},[_vm._v(_vm._s(_vm.decodedName))])],1),_c('div',{},[(_vm.course.location)?_c('p',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon\",attrs:{\"icon\":\"map-marker\",\"size\":\"is-small\"}}),(_vm.course.location.city)?_c('span',[_vm._v(\" \"+_vm._s(_vm.course.location.city)+\", \")]):_vm._e(),_vm._v(\" \"+_vm._s(_vm.course.location.name)+\" \")],1):_vm._e(),_c('span',{staticClass:\"info\"},[_c('b-tooltip',{attrs:{\"type\":\"is-light\",\"position\":\"is-bottom\",\"label\":_vm.$t('courseCard.courseStartDate')}},[_c('b-icon',{staticClass:\"icon\",attrs:{\"icon\":\"calendar-today\",\"size\":\"is-small\"}}),(_vm.course.begins)?_c('span',[_vm._v(\" \"+_vm._s(_vm._f(\"date\")(_vm.course.begins))+\" \")]):_c('span',[_vm._v(\" \"+_vm._s(((_vm.$t('courseCard.notprovided')) + \" \"))+\" \")])],1)],1),(_vm.formattedWeekdays.length !== 0)?_c('span',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon left-margin\",attrs:{\"icon\":\"calendar-clock\",\"size\":\"is-small\"}}),(_vm.formattedWeekdays.length === 7)?_c('span',[_vm._v(\" \"+_vm._s(_vm.$t('courseCard.monday'))+\"–\"+_vm._s(_vm.$t('courseCard.sunday'))+\" \")]):_vm._e(),(_vm.formattedWeekdays.length < 2)?_c('span',_vm._l((_vm.sortBy('weekday', _vm.formattedWeekdays)),function(day){return _c('span',{key:String(day.weekday) + day.times[0].begins},[(day.weekday)?_c('span',{staticClass:\"weekday\"},[_vm._v(\" \"+_vm._s(_vm.$d(day.weekday, 'weekdayShort') + ' ')+\" \")]):_vm._e(),(day.times.length > 0 && day.times.length < 2)?_c('span',[_vm._v(\" \"+_vm._s(day.times[0].begins)+\"–\"+_vm._s(day.times[0].ends)+\" \")]):_vm._e()])}),0):_vm._e(),(\n _vm.formattedWeekdays.length > 1 && _vm.formattedWeekdays.length < 7\n )?_c('span',_vm._l((_vm.sortBy('weekday', _vm.formattedWeekdays)),function(day){return _c('span',{key:String(day.weekday)},[(day.weekday)?_c('span',{staticClass:\"weekday\"},[_vm._v(\" \"+_vm._s(_vm.$d(day.weekday, 'weekdayShort') + ' ')+\" \")]):_vm._e()])}),0):_vm._e()],1):_vm._e()])])],1)],1):_c('div',[_c('b-skeleton',{attrs:{\"width\":\"100%\",\"height\":\"136px\",\"animated\":true}}),_c('div',{staticClass:\"card-content\"},[_c('b-skeleton',{attrs:{\"width\":\"40%\",\"animated\":true}}),_c('b-skeleton',{attrs:{\"width\":\"60%\",\"animated\":true}}),_c('b-skeleton',{attrs:{\"width\":\"90%\",\"animated\":true}})],1)],1)])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","import { isEmpty } from 'lodash/fp';\n\nimport { router } from '../router';\n\nfunction useRouter() {\n function pushRoute({\n keyword = router.currentRoute.query.q,\n location = router.currentRoute.query.location,\n distance = router.currentRoute.query.distance,\n weekdays = router.currentRoute.query.weekdays,\n semester = router.currentRoute.query.semester,\n languages = router.currentRoute.query.languages,\n classifications = router.currentRoute.query.classifications,\n serviceProviders = router.currentRoute.query.serviceproviders,\n distanceLearning = router.currentRoute.query.distancelearning,\n page = router.currentRoute.query.page,\n registrationopen = router.currentRoute.query.registrationopen,\n creditcourse = router.currentRoute.query.creditcourse,\n civicskills = router.currentRoute.query.civicskills\n }) {\n const p = {\n query: {\n q: isEmpty(keyword) ? undefined : keyword,\n location: isEmpty(location) ? undefined : location,\n distance: isEmpty(distance) ? undefined : distance,\n weekdays: isEmpty(weekdays) ? undefined : weekdays,\n semester: isEmpty(semester) ? undefined : semester,\n languages: isEmpty(languages) ? undefined : languages,\n classifications: isEmpty(classifications) ? undefined : classifications,\n serviceproviders: isEmpty(serviceProviders)\n ? undefined\n : serviceProviders,\n registrationopen: isEmpty(registrationopen)\n ? undefined\n : registrationopen,\n distancelearning: isEmpty(distanceLearning)\n ? undefined\n : distanceLearning,\n creditcourse: isEmpty(creditcourse) ? undefined : creditcourse,\n civicskills: isEmpty(civicskills) ? undefined : civicskills,\n page: page === '1' ? undefined : page\n }\n };\n router.push(p);\n }\n\n function goToFrontPage() {\n const { language } = router.currentRoute.params;\n router.push(`/${language}`);\n }\n\n function goToCourse(id: number) {\n const { language } = router.currentRoute.params;\n router.push(`/${language}/course/${id}`);\n }\n\n function getCourseLink(id: number) {\n const { language } = router.currentRoute.params;\n return `/${language}/course/${id}`;\n }\n\n return { pushRoute, goToFrontPage, goToCourse, getCourseLink };\n}\n\nexport default useRouter;\n","import ajoneuvoImage from '../../../frontend-assets/luokitukset-kuvat/23ajoneuvo-ja_kuljetusala.png';\nimport historiaImage from '../../../frontend-assets/luokitukset-kuvat/13historia_ja_arkeologia.png';\nimport humanistinenImage from '../../../frontend-assets/luokitukset-kuvat/24humanistinen_ja_kasvatusala.png';\nimport kadentaidotImage from '../../../frontend-assets/luokitukset-kuvat/2kaden_taidot.png';\nimport kansalaisImage from '../../../frontend-assets/luokitukset-kuvat/29kansalais-ja_jarjestotoiminta.png';\nimport kieletImage from '../../../frontend-assets/luokitukset-kuvat/4kielet.png';\nimport kirjallisuusImage from '../../../frontend-assets/luokitukset-kuvat/11kirjallisuus.png';\nimport kotitalousImage from '../../../frontend-assets/luokitukset-kuvat/17kotitalous-ja_kuluttajapalvelut.png';\nimport kulttuuriImage from '../../../frontend-assets/luokitukset-kuvat/19muu_kulttuurialan_koulutus.png';\nimport kuvataideImage from '../../../frontend-assets/luokitukset-kuvat/5kuvataide.png';\nimport liiketalousImage from '../../../frontend-assets/luokitukset-kuvat/28liiketalous_ja_kauppa.png';\nimport liikuntaImage from '../../../frontend-assets/luokitukset-kuvat/1liikunta_ja_urheilu.png';\nimport luokittelemattomatImage from '../../../frontend-assets/luokitukset-kuvat/9luokittelemattomat.png';\nimport luontoImage from '../../../frontend-assets/luokitukset-kuvat/22luonto-ja_ymparistoala.png';\nimport musiikkiImage from '../../../frontend-assets/luokitukset-kuvat/3musiikki.png';\nimport opetusImage from '../../../frontend-assets/luokitukset-kuvat/12opetus.png';\nimport perusopetusImage from '../../../frontend-assets/luokitukset-kuvat/20perusopetus.png';\nimport poliisiImage from '../../../frontend-assets/luokitukset-kuvat/26poliisi-ja_vartiointiala.png';\nimport puutarhaImage from '../../../frontend-assets/luokitukset-kuvat/16puutarhatalous_ja_puutarhanhoito.png';\nimport ruokaImage from '../../../frontend-assets/luokitukset-kuvat/8ruoka_ja_juoma.png';\nimport sosiaaliImage from '../../../frontend-assets/luokitukset-kuvat/14sosiaali-terveys-ja_liikunta-ala.png';\nimport tanssiImage from '../../../frontend-assets/luokitukset-kuvat/6tanssi_ja_teatteri.png';\nimport tektiiliImage from '../../../frontend-assets/luokitukset-kuvat/30tekstiili-ja_vaatetusala.png';\nimport terveysImage from '../../../frontend-assets/luokitukset-kuvat/10terveys.png';\nimport tietoImage from '../../../frontend-assets/luokitukset-kuvat/15tieto-ja_tietoliikennetekniikka.png';\nimport tietotekniikkaImage from '../../../frontend-assets/luokitukset-kuvat/7tietotekniikka.png';\nimport vapaaaikaImage from '../../../frontend-assets/luokitukset-kuvat/25vapaa-aika-jaa_nuorisotyo.png';\nimport viestintäImage from '../../../frontend-assets/luokitukset-kuvat/27viestinta-ja_informaatioala.png';\nimport yhteiskunnallinenImage from '../../../frontend-assets/luokitukset-kuvat/21yhteiskunnalliset_aineet.png';\nimport yleissivistäväImage from '../../../frontend-assets/luokitukset-kuvat/18muu_yleissivistava_koulutus.png';\n\nexport const DEFAULT_COLOR = '#6987C9';\nexport const DEFAULT_IMAGE = luokittelemattomatImage;\n\nexport const educationSectorMappings: {\n [key: number]: { imageUrl: string; name: string; color: string };\n} = {\n 752: {\n imageUrl: liikuntaImage,\n name: 'Liikunta ja urheilu',\n color: '#23967F'\n },\n 201: {\n imageUrl: kadentaidotImage,\n name: 'Kaden taidot',\n color: '#402E2A'\n },\n 205: {\n imageUrl: musiikkiImage,\n name: 'Musiikki',\n color: '#6987C9'\n },\n 10201: {\n imageUrl: kieletImage,\n name: 'Kielitiede',\n color: '#FFBF00'\n },\n 10202: {\n imageUrl: kieletImage,\n name: 'Suomi',\n color: '#D14081'\n },\n 10203: {\n imageUrl: kieletImage,\n name: 'Ruotsi',\n color: '#23967F'\n },\n 10204: {\n imageUrl: kieletImage,\n name: 'Englanti',\n color: '#402E2A'\n },\n 10205: {\n imageUrl: kieletImage,\n name: 'Saksa',\n color: '#FFBF00'\n },\n 10206: {\n imageUrl: kieletImage,\n name: 'Ranska',\n color: '#6987C9'\n },\n 10207: {\n imageUrl: kieletImage,\n name: 'Venäjä',\n color: '#402E2A'\n },\n 10208: {\n imageUrl: kieletImage,\n name: 'Espanja',\n color: '#D14081'\n },\n 10209: {\n imageUrl: kieletImage,\n name: 'Italia',\n color: '#23967F'\n },\n 10299: {\n imageUrl: kieletImage,\n name: 'Muut kielet',\n color: '#402E2A'\n },\n 206: {\n imageUrl: kuvataideImage,\n name: 'Kuvataide',\n color: '#FFBF00'\n },\n 505: {\n imageUrl: kuvataideImage,\n name: 'Graafinen ja viestintätekniikka',\n color: '#D14081'\n },\n 204: {\n imageUrl: tanssiImage,\n name: 'Tanssi ja teatteri',\n color: '#23967F'\n },\n 40201: {\n imageUrl: tietotekniikkaImage,\n name: 'Tietokoneen ajokorttikoulutu',\n color: '#402E2A'\n },\n 40299: {\n imageUrl: tietotekniikkaImage,\n name: 'Muu tietotekniikan hyväksikäyttö',\n color: '#6987C9'\n },\n 801: {\n imageUrl: ruokaImage,\n name: 'Matkailuala',\n color: '#FFBF00'\n },\n 802: {\n imageUrl: ruokaImage,\n name: 'Majoitus- ja ravitsemisala sekä ruoan valmistus',\n color: '#D14081'\n },\n 899: {\n imageUrl: ruokaImage,\n name: 'Muu matkailu-, ravitsemis- ja talousalan koulutus',\n color: '#23967F'\n },\n 304: {\n imageUrl: luokittelemattomatImage,\n name: 'Tilastointi ja tilastotiede',\n color: '#402E2A'\n },\n 401: {\n imageUrl: luokittelemattomatImage,\n name: 'Matematiikka',\n color: '#6987C9'\n },\n 451: {\n imageUrl: luokittelemattomatImage,\n name: 'Fysiikka ja kemia sekä geo-, avaruus- ja tähtitiet',\n color: '#FFBF00'\n },\n 499: {\n imageUrl: luokittelemattomatImage,\n name: 'Muu luonnontietteiden alan koulutus',\n color: '#D14081'\n },\n 501: {\n imageUrl: luokittelemattomatImage,\n name: 'Arkkitehtuuri ja rakentaminen',\n color: '#23967F'\n },\n 502: {\n imageUrl: luokittelemattomatImage,\n name: 'Kone-, metalli- ja energiatekniikka',\n color: '#6987C9'\n },\n 506: {\n imageUrl: luokittelemattomatImage,\n name: 'Elintarvikeala ja biotekniikka',\n color: '#402E2A'\n },\n 507: {\n imageUrl: luokittelemattomatImage,\n name: 'Prosessi-, kemian ja materiaalitekniikka',\n color: '#FFBF00'\n },\n 599: {\n imageUrl: luokittelemattomatImage,\n name: 'Muu tekniikan ja liikenteen alan koulutus',\n color: '#23967F'\n },\n 710: {\n imageUrl: luokittelemattomatImage,\n name: 'Kauneudenhoitoala',\n color: '#D14081'\n },\n 999: {\n imageUrl: luokittelemattomatImage,\n name: 'Muu koulutus',\n color: '#402E2A'\n },\n 751: {\n imageUrl: terveysImage,\n name: 'Terveysala ja hammashuolto',\n color: '#FFBF00'\n },\n 753: {\n imageUrl: terveysImage,\n name: 'Farmasia ja muu lääkehuolto sekä tekniset terveysp',\n color: '#6987C9'\n },\n 709: {\n imageUrl: terveysImage,\n name: 'eläinlääketiede',\n color: '#D14081'\n },\n 203: {\n imageUrl: kirjallisuusImage,\n name: 'Kirjallisuus',\n color: '#402E2A'\n },\n 3: {\n imageUrl: opetusImage,\n name: 'Lukiokoulutus',\n color: '#23967F'\n },\n 51: {\n imageUrl: opetusImage,\n name: 'Oppimisvalmiuksien kehittäminen ja motivointi',\n color: '#6987C9'\n },\n 103: {\n imageUrl: historiaImage,\n name: 'Historia ja arkeologia',\n color: '#FFBF00'\n },\n 305: {\n imageUrl: sosiaaliImage,\n name: 'Sosiaalitieteet',\n color: '#D14081'\n },\n 701: {\n imageUrl: sosiaaliImage,\n name: 'Sosiaaliala',\n color: '#23967F'\n },\n 799: {\n imageUrl: sosiaaliImage,\n name: 'Muu sosiaali-, terveys- ja liikunta-alan koulutus',\n color: '#402E2A'\n },\n 503: {\n imageUrl: tietoImage,\n name: 'Sähkö- ja automaatiotekniikka',\n color: '#FFBF00'\n },\n 504: {\n imageUrl: tietoImage,\n name: 'Tieto- ja tietoliikennetekniikka',\n color: '#6987C9'\n },\n 602: {\n imageUrl: puutarhaImage,\n name: 'Puutarhatalous ja puutarhanhoito',\n color: '#23967F'\n },\n 851: {\n imageUrl: kotitalousImage,\n name: 'Kotitalous- ja kuluttajapalvelut',\n color: '#D14081'\n },\n 99: {\n imageUrl: yleissivistäväImage,\n name: 'Muu yleissivistävä koulutus',\n color: '#402E2A'\n },\n 207: {\n imageUrl: kulttuuriImage,\n name: 'Kulttuurin- ja taiteiden tutkimus',\n color: '#6987C9'\n },\n 299: {\n imageUrl: kulttuuriImage,\n name: 'Muu kulttuurialan koulutus',\n color: '#FFBF00'\n },\n 2: {\n imageUrl: perusopetusImage,\n name: 'Perusopetus',\n color: '#23967F'\n },\n 104: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Filosofia',\n color: '#D14081'\n },\n 107: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Teologia',\n color: '#402E2A'\n },\n 30399: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Muu hallinnon alan koulutus',\n color: '#6987C9'\n },\n 306: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Politiikka ja politiikkatieteet',\n color: '#23967F'\n },\n 307: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Oikeuskäytäntö ja oikeustieteet',\n color: '#FFBF00'\n },\n 399: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Muu yhteiskunnallisten aineiden, liiketalouden ja',\n color: '#D14081'\n },\n 302: {\n imageUrl: yhteiskunnallinenImage,\n name: 'Kansantalous',\n color: '#23967F'\n },\n 452: {\n imageUrl: luontoImage,\n name: 'Biologia ja maantiede',\n color: '#402E2A'\n },\n 651: {\n imageUrl: luontoImage,\n name: 'Maatila- ja metsätalous',\n color: '#23967F'\n },\n 603: {\n imageUrl: luontoImage,\n name: 'Kalatalous ja kalastus',\n color: '#6987C9'\n },\n 605: {\n imageUrl: luontoImage,\n name: 'Luonto- ja ympäristöala',\n color: '#FFBF00'\n },\n 699: {\n imageUrl: luontoImage,\n name: 'Muu luonnonvara- ja ympäristöalan koulutus',\n color: '#D14081'\n },\n 509: {\n imageUrl: ajoneuvoImage,\n name: 'Ajoneuvo- ja kuljetusala',\n color: '#402E2A'\n },\n 151: {\n imageUrl: humanistinenImage,\n name: 'Opetus- ja kasvatustyö ja psykologia',\n color: '#D14081'\n },\n 199: {\n imageUrl: humanistinenImage,\n name: 'Muu humanistisen ja kasvatusalan koulutus',\n color: '#FFBF00'\n },\n 101: {\n imageUrl: vapaaaikaImage,\n name: 'Vapaa-aika- ja nuorisotyö',\n color: '#6987C9'\n },\n 951: {\n imageUrl: poliisiImage,\n name: 'Poliisi- ja vartiointiala',\n color: '#6987C9'\n },\n 901: {\n imageUrl: poliisiImage,\n name: 'Sotilas- ja rajavartioala',\n color: '#23967F'\n },\n 902: {\n imageUrl: poliisiImage,\n name: 'Palo- ja pelastusala',\n color: '#D14081'\n },\n 202: {\n imageUrl: viestintäImage,\n name: 'Viestintä- ja informaatioala',\n color: '#402E2A'\n },\n 301: {\n imageUrl: liiketalousImage,\n name: 'Liiketalous ja kauppa',\n color: '#6987C9'\n },\n 351: {\n imageUrl: liiketalousImage,\n name: 'Yrittäjyys ja yrittäjäkasvatus',\n color: '#D14081'\n },\n 510: {\n imageUrl: liiketalousImage,\n name: 'Tuotantotalous',\n color: '54'\n },\n 30301: {\n imageUrl: kansalaisImage,\n name: 'Kansalais- ja järjestötoiminta',\n color: '#FFBF00'\n },\n 508: {\n imageUrl: tektiiliImage,\n name: 'Tekstiili- ja vaatetusala',\n color: '#D14081'\n }\n};\n","\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-card.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-card.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./course-card.vue?vue&type=template&id=588b5220&scoped=true\"\nimport script from \"./course-card.vue?vue&type=script&lang=ts\"\nexport * from \"./course-card.vue?vue&type=script&lang=ts\"\nimport style0 from \"./course-card.vue?vue&type=style&index=0&id=588b5220&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"588b5220\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-list.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./course-list.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./course-list.vue?vue&type=template&id=c345d58c&scoped=true\"\nimport script from \"./course-list.vue?vue&type=script&lang=ts\"\nexport * from \"./course-list.vue?vue&type=script&lang=ts\"\nimport style0 from \"./course-list.vue?vue&type=style&index=0&id=c345d58c&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"c345d58c\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[_c('div',{staticClass:\"button-group\"},[_c('SearchFilterDropdown',{attrs:{\"type\":\"distanceLearning\",\"initialSelection\":[_vm.distanceLearning],\"options\":_vm.distanceLearningList}}),_c('SearchFilterDropdown',{attrs:{\"type\":\"weekdays\",\"initialSelection\":_vm.weekdays,\"options\":_vm.weekdaysList}}),_c('SearchFilterDropdown',{attrs:{\"type\":\"semester\",\"initialSelection\":[_vm.semester],\"options\":_vm.semestersList}}),_c('SearchFilterDropdown',{attrs:{\"type\":\"classifications\",\"initialSelection\":_vm.classifications,\"options\":_vm.classificationsList}}),_c('SearchFilterDropdown',{attrs:{\"type\":\"serviceProviders\",\"initialSelection\":_vm.serviceProviders,\"options\":_vm.serviceProvidersList}})],1),_c('div',{staticClass:\"button-group checkbox-group\"},_vm._l((_vm.checkboxFilters),function(filter){return _c('SearchFilterCheckbox',{key:filter.name,attrs:{\"filter\":filter,\"initialSelection\":_vm.getInitialSelection(filter)}})}),1)])}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-dropdown',{attrs:{\"aria-role\":\"list\",\"scrollable\":\"\",\"max-height\":\"65vh\"},model:{value:(_vm.selected),callback:function ($$v) {_vm.selected=$$v},expression:\"selected\"}},[_c('b-button',{staticClass:\"is-primary filter-button\",attrs:{\"slot\":\"trigger\",\"outlined\":!Boolean(_vm.selected),\"type\":\"button\"},slot:\"trigger\"},[_c('span',[_vm._v(_vm._s(_vm.$t((\"searchFilters.\" + _vm.type))))])]),(_vm.type === 'serviceProviders')?_c('b-dropdown-item',{attrs:{\"custom\":\"\",\"aria-role\":\"listitem\"}},[_c('b-input',{staticClass:\"search\",attrs:{\"placeholder\":_vm.$t('serviceProviders.search')},model:{value:(_vm.searchValue),callback:function ($$v) {_vm.searchValue=$$v},expression:\"searchValue\"}})],1):_vm._e(),(_vm.showSelectedOptionSeparately)?_c('b-dropdown-item',{key:_vm.selected,staticClass:\"filter-item\",attrs:{\"value\":_vm.selected,\"aria-role\":\"listitem\"},on:{\"click\":function($event){return _vm.optionClicked(_vm.selected)}}},[_vm._v(\" \"+_vm._s(_vm.selectedName)+\" \")]):_vm._e(),_vm._l((_vm.filteredOptions),function(option){return _c('b-dropdown-item',{key:option.id.toString(),staticClass:\"filter-item\",attrs:{\"value\":option.id.toString(),\"aria-role\":\"listitem\"},on:{\"click\":function($event){_vm.optionClicked(option.id.toString())}}},[_c('span',[_vm._v(_vm._s(option.name))])])})],2)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filter-dropdown.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filter-dropdown.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-filter-dropdown.vue?vue&type=template&id=3044e8f6&scoped=true\"\nimport script from \"./search-filter-dropdown.vue?vue&type=script&lang=ts\"\nexport * from \"./search-filter-dropdown.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-filter-dropdown.vue?vue&type=style&index=0&id=3044e8f6&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"3044e8f6\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return (_vm.filter)?_c('b-checkbox',{key:_vm.filter.inputId,attrs:{\"id\":_vm.filter.inputId,\"value\":_vm.selected === 'true' ? 'true' : 'false',\"native-value\":_vm.selected === 'true' ? 'true' : 'false'},on:{\"input\":function($event){return _vm.filterClicked(_vm.filter)}}},[_vm._v(\" \"+_vm._s(_vm.filter.translatelabel ? _vm.$t((\"checkbox.\" + (_vm.filter.name))) : _vm.filter.name)+\" \")]):_vm._e()}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filter-checkbox.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filter-checkbox.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-filter-checkbox.vue?vue&type=template&id=3fa938b2&scoped=true\"\nimport script from \"./search-filter-checkbox.vue?vue&type=script&lang=ts\"\nexport * from \"./search-filter-checkbox.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-filter-checkbox.vue?vue&type=style&index=0&id=3fa938b2&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"3fa938b2\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filters.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-filters.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-filters.vue?vue&type=template&id=78e4aa58&scoped=true\"\nimport script from \"./search-filters.vue?vue&type=script&lang=ts\"\nexport * from \"./search-filters.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-filters.vue?vue&type=style&index=0&id=78e4aa58&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"78e4aa58\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-navbar',{staticClass:\"sticky-header\"},[_c('template',{slot:\"brand\"},[_c('Logo',{attrs:{\"width\":\"140px\"}})],1),_c('template',{slot:\"start\"},[_c('b-field',{staticClass:\"search-fields\",attrs:{\"grouped\":\"\"}},[_c('form',{on:{\"submit\":function($event){$event.preventDefault();}}},[_c('b-field',[_c('b-input',{attrs:{\"placeholder\":_vm.$t('searchHeader.searchForCourse'),\"type\":\"search\",\"icon-right\":\"magnify\"},model:{value:(_vm.newKeyword),callback:function ($$v) {_vm.newKeyword=$$v},expression:\"newKeyword\"}})],1),_c('b-field',[_c('b-autocomplete',{attrs:{\"placeholder\":_vm.$t('searchHeader.location'),\"type\":\"search\",\"data\":_vm.locationSuggestions,\"icon-right\":\"map-marker-outline\",\"clearable\":\"\"},model:{value:(_vm.newLocation),callback:function ($$v) {_vm.newLocation=$$v},expression:\"newLocation\"}})],1),_c('b-field',{staticClass:\"field-container\",attrs:{\"grouped\":\"\"}},[_c('b-dropdown',{model:{value:(_vm.newDistance),callback:function ($$v) {_vm.newDistance=$$v},expression:\"newDistance\"}},[_c('b-input',{staticClass:\"distance-search\",attrs:{\"slot\":\"trigger\",\"disabled\":_vm.newLocation === undefined || _vm.newLocation === '',\"type\":\"button\",\"icon-right\":\"arrow-expand\",\"value\":_vm.newLocation\n ? _vm.newDistance + ' km'\n : _vm.$t('searchHeader.distance')},slot:\"trigger\"}),_c('b-dropdown-item',{attrs:{\"value\":10,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"10 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":25,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"25 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":50,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"50 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":100,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"100 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":250,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"250 km\")])])],1)],1),_c('b-field',[_c('b-button',{staticClass:\"is-uppercase search-button\",attrs:{\"native-type\":\"submit\",\"type\":\"is-primary\"},on:{\"click\":_vm.search}},[_vm._v(_vm._s(_vm.$t('searchHeader.search')))])],1)],1)])],1),_c('template',{slot:\"end\"},[_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{ path: (\"/\" + _vm.language + \"/search\") }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.browse')))]),_c('b-navbar-item',{attrs:{\"tag\":\"router-link\",\"to\":{ path: (\"/\" + _vm.language + \"/service-providers\") }}},[_vm._v(\" \"+_vm._s(_vm.$t('header.serviceProviders'))+\" \")]),_c('LanguageSelection')],1)],2)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../../node_modules/thread-loader/dist/cjs.js!../../../../node_modules/babel-loader/lib/index.js!../../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-header-desktop.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../../node_modules/thread-loader/dist/cjs.js!../../../../node_modules/babel-loader/lib/index.js!../../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-header-desktop.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-header-desktop.vue?vue&type=template&id=02755115&scoped=true\"\nimport script from \"./search-header-desktop.vue?vue&type=script&lang=ts\"\nexport * from \"./search-header-desktop.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-header-desktop.vue?vue&type=style&index=0&id=02755115&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"02755115\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('section',{staticClass:\"wrapper\"},[_c('MobileHeader',{staticClass:\"header-mobile\"}),_c('b-button',{staticClass:\"search-button\",attrs:{\"slot\":\"trigger\",\"rounded\":\"\",\"outline\":\"\",\"tag\":\"a\"},on:{\"click\":function($event){_vm.searchModalActive = true}},slot:\"trigger\"},[_c('div',{staticClass:\"search-parameters\"},[(_vm.keyword)?_c('span',{staticClass:\"search-keyword\"},[_vm._v(_vm._s(_vm.keyword))]):_c('span',{staticClass:\"search-keyword placeholder\"},[_vm._v(_vm._s(_vm.$t('searchHeader.searchForCourse')))]),_c('div',{staticClass:\"dot\"}),(_vm.location)?_c('span',{staticClass:\"search-location\"},[_vm._v(_vm._s(_vm.location))]):_c('span',{staticClass:\"search-location placeholder\"},[_vm._v(_vm._s(_vm.$t('searchHeader.location')))]),(_vm.location)?_c('span',{staticClass:\"search-distance\"},[_vm._v(_vm._s(_vm.newDistance)+\" km \")]):_c('span',{staticClass:\"search-distance placeholder\"},[_vm._v(_vm._s(_vm.$t('searchHeader.distance')))]),_c('b-icon',{staticClass:\"search-icon\",attrs:{\"icon\":\"magnify\",\"size\":\"is-medium\"}})],1)]),_c('b-modal',{attrs:{\"width\":640,\"scroll\":\"keep\"},model:{value:(_vm.searchModalActive),callback:function ($$v) {_vm.searchModalActive=$$v},expression:\"searchModalActive\"}},[_c('div',{staticClass:\"content notification\"},[_c('form',{staticClass:\"search-fields\",on:{\"submit\":function($event){$event.preventDefault();}}},[_c('b-field',[_c('b-input',{attrs:{\"placeholder\":_vm.$t('searchHeader.searchForCourse'),\"type\":\"search\",\"icon-right\":\"magnify\"},model:{value:(_vm.newKeyword),callback:function ($$v) {_vm.newKeyword=$$v},expression:\"newKeyword\"}})],1),_c('b-field',[_c('b-autocomplete',{attrs:{\"placeholder\":_vm.$t('searchHeader.location'),\"type\":\"search\",\"data\":_vm.locationSuggestions,\"icon-right\":\"map-marker-outline\",\"clearable\":\"\"},model:{value:(_vm.newLocation),callback:function ($$v) {_vm.newLocation=$$v},expression:\"newLocation\"}})],1),_c('b-field',{staticClass:\"field-container\",attrs:{\"grouped\":\"\"}},[_c('b-dropdown',{model:{value:(_vm.newDistance),callback:function ($$v) {_vm.newDistance=$$v},expression:\"newDistance\"}},[_c('b-input',{staticClass:\"distance-search\",attrs:{\"slot\":\"trigger\",\"disabled\":_vm.newLocation === undefined || _vm.newLocation === '',\"type\":\"button\",\"icon-right\":\"arrow-expand\",\"value\":_vm.newLocation\n ? _vm.newDistance + ' km'\n : _vm.$t('searchHeader.distance')},slot:\"trigger\"}),_c('b-dropdown-item',{attrs:{\"value\":10,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"10 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":25,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"25 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":50,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"50 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":100,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"100 km\")])]),_c('b-dropdown-item',{attrs:{\"value\":250,\"aria-role\":\"listitem\"}},[_c('span',[_vm._v(\"250 km\")])])],1)],1),_c('b-field',[_c('b-button',{staticClass:\"is-uppercase\",attrs:{\"native-type\":\"submit\",\"type\":\"is-primary\"},on:{\"click\":_vm.search}},[_vm._v(_vm._s(_vm.$t('searchHeader.search')))])],1)],1)])])],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n\n\n","import mod from \"-!../../../../node_modules/thread-loader/dist/cjs.js!../../../../node_modules/babel-loader/lib/index.js!../../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-header-mobile.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../../node_modules/thread-loader/dist/cjs.js!../../../../node_modules/babel-loader/lib/index.js!../../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-header-mobile.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-header-mobile.vue?vue&type=template&id=7ad1eae7&scoped=true\"\nimport script from \"./search-header-mobile.vue?vue&type=script&lang=ts\"\nexport * from \"./search-header-mobile.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-header-mobile.vue?vue&type=style&index=0&id=7ad1eae7&prod&lang=scss&scoped=true\"\nimport style1 from \"./search-header-mobile.vue?vue&type=style&index=1&id=7ad1eae7&prod&lang=scss\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"7ad1eae7\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('l-map',{key:_vm.zoom + _vm.coordinates.toString(),attrs:{\"zoom\":_vm.zoom,\"center\":[_vm.coordinates.lat, _vm.coordinates.lon],\"options\":_vm.MAP_OPTIONS}},[_c('l-control-zoom'),_c('l-tile-layer',{attrs:{\"url\":_vm.URL}}),(_vm.courses)?_c('v-marker-cluster',{staticClass:\"cluster\"},_vm._l((_vm.markers),function(item,index){return _c('l-marker',{key:index,attrs:{\"vif\":_vm.markers,\"lat-lng\":item.position,\"icon\":_vm.getIcon(item)}},[_c('l-popup',[_c('CourseCard',{key:item.id,attrs:{\"course\":_vm.getCourse(_vm.courses, item.id)}})],1)],1)}),1):_vm._e()],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-map.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-map.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-map.vue?vue&type=template&id=23dfcadb\"\nimport script from \"./search-map.vue?vue&type=script&lang=ts\"\nexport * from \"./search-map.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search-map.vue?vue&type=style&index=0&id=23dfcadb&prod&lang=scss\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('b-pagination',{attrs:{\"total\":_vm.totalNumberOfCourses,\"per-page\":_vm.perPage,\"icon-prev\":_vm.prevIcon,\"icon-next\":_vm.nextIcon,\"range-before\":_vm.currentPage <= 6 ? 6 : 1,\"range-after\":_vm.currentPage < 6 ? 6 - _vm.currentPage : 1,\"aria-next-label\":\"Next page\",\"aria-previous-label\":\"Previous page\",\"aria-page-label\":\"Page\",\"aria-current-label\":\"Current page\"},on:{\"change\":_vm.pushPage},scopedSlots:_vm._u([{key:\"default\",fn:function(props){return _c('b-pagination-button',{directives:[{name:\"show\",rawName:\"v-show\",value:(props.page.number - _vm.currentPage < 50),expression:\"props.page.number - currentPage < 50\"}],attrs:{\"page\":props.page}},[_vm._v(\" \"+_vm._s(props.page.number)+\" \")])}}]),model:{value:(_vm.currentPage),callback:function ($$v) {_vm.currentPage=$$v},expression:\"currentPage\"}})}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-pagination.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search-pagination.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search-pagination.vue?vue&type=template&id=7aa2917f\"\nimport script from \"./search-pagination.vue?vue&type=script&lang=ts\"\nexport * from \"./search-pagination.vue?vue&type=script&lang=ts\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n null,\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return (_vm.tenant)?_c('b-collapse',{staticClass:\"card mobile-tenant\",attrs:{\"animation\":\"slide\",\"open\":false,\"aria-id\":_vm.tenant.tenant},scopedSlots:_vm._u([{key:\"trigger\",fn:function(props){return _c('div',{staticClass:\"card-header\",attrs:{\"role\":\"button\",\"aria-controls\":_vm.tenant.tenant}},[_c('p',{staticClass:\"card-header-title\"},[_vm._v(\" \"+_vm._s(_vm.tenant.name)+\" \")]),_c('a',{staticClass:\"card-header-icon\"},[(_vm.detailsText)?_c('span',{staticClass:\"details\"},[_vm._v(_vm._s(_vm.$t('tenantDropdown.details')))]):_vm._e(),_c('b-icon',{attrs:{\"icon\":props.open ? 'menu-up' : 'menu-down'}})],1)])}}],null,false,2669739512)},[_c('div',{staticClass:\"card-content\"},[_c('div',{staticClass:\"info-logo-wrapper\"},[(_vm.tenant.logo)?_c('div',[_c('img',{staticClass:\"logo\",attrs:{\"alt\":\"logo\",\"src\":_vm.tenant.logo}})]):_vm._e(),_c('div',{staticClass:\"info-wrapper\"},[(_vm.tenant.location)?_c('div',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon-small\",attrs:{\"icon\":\"map-marker\",\"size\":\"is-small\"}}),_c('div',{staticClass:\"location-info\"},[(_vm.tenant.location.address)?_c('span',[_vm._v(\" \"+_vm._s(_vm.tenant.location.address)+\" \")]):_vm._e(),_c('span',[_vm._v(\" \"+_vm._s([_vm.tenant.location.postalcode, _vm.tenant.location.city] .filter(Boolean) .join(' '))+\" \")])])],1):_vm._e(),(_vm.tenant.phone)?_c('div',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon-small\",attrs:{\"icon\":\"phone\",\"size\":\"is-small\"}}),(_vm.phone)?_c('a',{attrs:{\"href\":_vm.phone}},[_vm._v(_vm._s(_vm.tenant.phone))]):_c('span',[_vm._v(_vm._s(_vm.tenant.phone))])],1):_vm._e(),(_vm.tenant.email)?_c('div',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon-small\",attrs:{\"icon\":\"email\",\"size\":\"is-small\"}}),_c('a',{attrs:{\"href\":_vm.email}},[_vm._v(\" \"+_vm._s(_vm.tenant.email)+\" \")])],1):_vm._e(),(_vm.tenant.homepage)?_c('div',{staticClass:\"info\"},[_c('b-icon',{staticClass:\"icon-small\",attrs:{\"icon\":\"home\",\"size\":\"is-small\"}}),_c('a',{attrs:{\"href\":_vm.tenant.homepage,\"target\":\"_blank\"}},[_vm._v(\" \"+_vm._s(_vm.tenant.homepage)+\" \")])],1):_vm._e()])]),_c('div',{staticClass:\"links-wrapper\"},[_c('div',{staticClass:\"icons\"},[(_vm.tenant.facebook)?_c('a',{attrs:{\"href\":_vm.tenant.facebook,\"target\":\"_blank\"}},[_c('b-icon',{staticClass:\"icon-large\",attrs:{\"icon\":\"facebook\",\"size\":\"is-medium\"}})],1):_vm._e(),(_vm.tenant.instagram)?_c('a',{attrs:{\"href\":_vm.tenant.instagram,\"target\":\"_blank\"}},[_c('b-icon',{staticClass:\"icon-large\",attrs:{\"icon\":\"instagram\",\"size\":\"is-medium\"}})],1):_vm._e(),(_vm.tenant.linkedin)?_c('a',{attrs:{\"href\":_vm.tenant.linkedin,\"target\":\"_blank\"}},[_c('b-icon',{staticClass:\"icon-large\",attrs:{\"icon\":\"linkedin\",\"size\":\"is-medium\"}})],1):_vm._e(),(_vm.tenant.twitter)?_c('a',{attrs:{\"href\":_vm.tenant.twitter,\"target\":\"_blank\"}},[_c('b-icon',{staticClass:\"icon-large\",attrs:{\"icon\":\"twitter\",\"size\":\"is-medium\"}})],1):_vm._e()]),(_vm.browseLink)?_c('router-link',{staticClass:\"router-style\",attrs:{\"to\":{\n path: (\"/\" + _vm.language + \"/search?serviceproviders=\" + (_vm.tenant.tenant))\n }}},[_c('b-button',{staticClass:\"is-primary button-style\"},[_vm._v(\" \"+_vm._s(_vm.$t('serviceProviders.browse'))+\" \")]),_c('span',{staticClass:\"is-primary browse-style\"},[_vm._v(\" \"+_vm._s(_vm.$t('serviceProviders.browse'))+\" \")])],1):_vm._e()],1)])]):_vm._e()}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./tenant-dropdown.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../../node_modules/thread-loader/dist/cjs.js!../../../node_modules/babel-loader/lib/index.js!../../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./tenant-dropdown.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./tenant-dropdown.vue?vue&type=template&id=7b458b0c&scoped=true\"\nimport script from \"./tenant-dropdown.vue?vue&type=script&lang=ts\"\nexport * from \"./tenant-dropdown.vue?vue&type=script&lang=ts\"\nimport style0 from \"./tenant-dropdown.vue?vue&type=style&index=0&id=7b458b0c&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"7b458b0c\",\n null\n \n)\n\nexport default component.exports","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./search.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./search.vue?vue&type=template&id=b0e7a8bc&scoped=true\"\nimport script from \"./search.vue?vue&type=script&lang=ts\"\nexport * from \"./search.vue?vue&type=script&lang=ts\"\nimport style0 from \"./search.vue?vue&type=style&index=0&id=b0e7a8bc&prod&lang=scss&scoped=true\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"b0e7a8bc\",\n null\n \n)\n\nexport default component.exports","var render = function () {var _vm=this;var _h=_vm.$createElement;var _c=_vm._self._c||_h;return _c('div',[_c('Header'),(_vm.tenants)?_c('div',{staticClass:\"wrapper\"},[_c('b-field',[_c('b-input',{staticClass:\"search\",attrs:{\"placeholder\":_vm.$t('serviceProviders.search'),\"type\":\"is-primary\",\"icon-right\":\"magnify\"},model:{value:(_vm.searchValue),callback:function ($$v) {_vm.searchValue=$$v},expression:\"searchValue\"}})],1),_c('div',{staticClass:\"tenants\"},_vm._l((_vm.filteredTenants),function(tenant){return _c('div',{key:tenant.tenant},[_c('TenantDropdown',{attrs:{\"tenant\":tenant,\"browseLink\":true,\"detailsText\":false}})],1)}),0)],1):_vm._e(),_c('Footer')],1)}\nvar staticRenderFns = []\n\nexport { render, staticRenderFns }","\n\n\n\n\n","import mod from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./service-providers.vue?vue&type=script&lang=ts\"; export default mod; export * from \"-!../../node_modules/thread-loader/dist/cjs.js!../../node_modules/babel-loader/lib/index.js!../../node_modules/ts-loader/index.js??clonedRuleSet-41.use[2]!../../node_modules/@vue/vue-loader-v15/lib/index.js??vue-loader-options!./service-providers.vue?vue&type=script&lang=ts\"","import { render, staticRenderFns } from \"./service-providers.vue?vue&type=template&id=3b37ff00&scoped=true\"\nimport script from \"./service-providers.vue?vue&type=script&lang=ts\"\nexport * from \"./service-providers.vue?vue&type=script&lang=ts\"\nimport style0 from \"./service-providers.vue?vue&type=style&index=0&id=3b37ff00&prod&scoped=true&lang=css\"\n\n\n/* normalize component */\nimport normalizer from \"!../../node_modules/@vue/vue-loader-v15/lib/runtime/componentNormalizer.js\"\nvar component = normalizer(\n script,\n render,\n staticRenderFns,\n false,\n null,\n \"3b37ff00\",\n null\n \n)\n\nexport default component.exports","import VueRouter, { Route, RouteConfig } from 'vue-router';\n\nimport Course from './views/course.vue';\nimport Index from './views/index.vue';\nimport Language from './views/language.vue';\nimport NotFound from './views/not-found.vue';\nimport Search from './views/search.vue';\nimport ServiceProviders from './views/service-providers.vue';\nimport Vue from 'vue';\n\nVue.use(VueRouter);\n\nconst routes: RouteConfig[] = [\n {\n path: '/',\n // TODO: Redirect to a specific saved in Local or Session Storage?\n redirect: '/fi'\n },\n {\n path: '/:language',\n component: Language,\n props: true,\n children: [\n {\n path: '/',\n name: 'index',\n props: true,\n component: Index\n },\n {\n path: '/:language/search',\n name: 'search',\n props: true,\n component: Search\n },\n {\n path: '/:language/service-providers',\n name: 'service-providers',\n props: true,\n component: ServiceProviders\n },\n {\n path: '/:language/course/:id',\n name: 'course',\n props: true,\n component: Course\n },\n {\n path: '/:language/404',\n name: '404',\n props: true,\n component: NotFound\n },\n {\n path: '*',\n redirect: '404'\n }\n ]\n }\n];\n\ninterface VueRouterExtended extends VueRouter {\n /**\n * Route where the user was previously.\n */\n previousRoute?: Route;\n /**\n * Go back to the previous page if there is a previous page\n * in our service, if not, then go to frontpage.\n */\n backOrFrontpage: () => void;\n}\n\n/**\n * Get a monkey-patched router with referer and function to\n * go back or to frontpage.\n *\n * @returns\n */\nconst getRouter = (): VueRouterExtended => {\n const r = new VueRouter({\n mode: 'history',\n routes,\n scrollBehavior() {\n return { x: 0, y: 0 };\n }\n }) as VueRouterExtended;\n\n r.beforeEach((to, from, next) => {\n r.previousRoute = from;\n next();\n });\n\n r.backOrFrontpage = () => {\n // previousRoute might be there if there actually wasn't a previous\n // route, but if it is, its name is null\n if (r.previousRoute?.name) {\n r.back();\n } else if (r.currentRoute.params.language) {\n r.push({\n name: 'index',\n params: { language: r.currentRoute.params.language }\n });\n } else {\n r.push({ name: 'index' });\n }\n };\n\n return r;\n};\n\nexport const router = getRouter();\n","import VueI18n from 'vue-i18n';\nimport { router } from './router';\n\nimport { default as messages } from '../frontend-assets/i18n.json';\n\nexport const initializeI18n = () =>\n new VueI18n({\n locale: 'fi',\n fallbackLocale: 'fi',\n numberFormats: {\n fi: {\n currency: {\n style: 'currency',\n currency: 'EUR'\n }\n },\n sv: {\n currency: {\n style: 'currency',\n currency: 'EUR'\n }\n },\n en: {\n currency: {\n style: 'currency',\n currency: 'EUR'\n }\n }\n },\n dateTimeFormats: {\n fi: {\n weekdayShort: {\n weekday: 'short'\n },\n weekdayLong: {\n weekday: 'long'\n }\n },\n en: {\n weekdayShort: {\n weekday: 'short'\n },\n weekdayLong: {\n weekday: 'long'\n }\n },\n sv: {\n weekdayShort: {\n weekday: 'short'\n },\n weekdayLong: {\n weekday: 'long'\n }\n }\n },\n silentFallbackWarn: true,\n messages\n });\n\nexport const changeLanguage = (language: 'fi' | 'sv' | 'en') => {\n router.push({ params: { language } });\n // Force a refresh, because pushing the params doesn't necessarily refresh the contents\n router.go(0);\n};\n","import 'leaflet/dist/leaflet.css';\n\nimport {\n formatDate,\n formatDateRange,\n formatDateTime,\n formatDateTimeRange,\n formatMidnight,\n formatPrice,\n formatTime,\n formatTimeRange\n} from './filters';\n\nimport App from './App.vue';\nimport Buefy from 'buefy';\nimport Meta from 'vue-meta';\nimport Vue from 'vue';\nimport VueCompositionApi from '@vue/composition-api';\nimport VueI18n from 'vue-i18n';\nimport { capitalize } from 'lodash/fp';\nimport { initializeI18n } from './i18n';\nimport { router } from './router';\n\nVue.use(Buefy);\nVue.use(Meta);\nVue.use(VueCompositionApi);\nVue.use(VueI18n);\n\nVue.config.productionTip = false;\n\nVue.filter('capitalize', capitalize);\nVue.filter('date', formatDate);\nVue.filter('dateRange', formatDateRange);\nVue.filter('dateTime', formatDateTime);\nVue.filter('dateTimeRange', formatDateTimeRange);\nVue.filter('time', formatTime);\nVue.filter('timeRange', formatTimeRange);\nVue.filter('price', formatPrice);\nVue.filter('midnight', formatMidnight);\n\nnew Vue({\n i18n: initializeI18n(),\n router,\n render: (h) => h(App)\n}).$mount('#app');\n","// The module cache\nvar __webpack_module_cache__ = {};\n\n// The require function\nfunction __webpack_require__(moduleId) {\n\t// Check if module is in cache\n\tvar cachedModule = __webpack_module_cache__[moduleId];\n\tif (cachedModule !== undefined) {\n\t\treturn cachedModule.exports;\n\t}\n\t// Create a new module (and put it into the cache)\n\tvar module = __webpack_module_cache__[moduleId] = {\n\t\tid: moduleId,\n\t\tloaded: false,\n\t\texports: {}\n\t};\n\n\t// Execute the module function\n\t__webpack_modules__[moduleId].call(module.exports, module, module.exports, __webpack_require__);\n\n\t// Flag the module as loaded\n\tmodule.loaded = true;\n\n\t// Return the exports of the module\n\treturn module.exports;\n}\n\n// expose the modules object (__webpack_modules__)\n__webpack_require__.m = __webpack_modules__;\n\n","var deferred = [];\n__webpack_require__.O = (result, chunkIds, fn, priority) => {\n\tif(chunkIds) {\n\t\tpriority = priority || 0;\n\t\tfor(var i = deferred.length; i > 0 && deferred[i - 1][2] > priority; i--) deferred[i] = deferred[i - 1];\n\t\tdeferred[i] = [chunkIds, fn, priority];\n\t\treturn;\n\t}\n\tvar notFulfilled = Infinity;\n\tfor (var i = 0; i < deferred.length; i++) {\n\t\tvar [chunkIds, fn, priority] = deferred[i];\n\t\tvar fulfilled = true;\n\t\tfor (var j = 0; j < chunkIds.length; j++) {\n\t\t\tif ((priority & 1 === 0 || notFulfilled >= priority) && Object.keys(__webpack_require__.O).every((key) => (__webpack_require__.O[key](chunkIds[j])))) {\n\t\t\t\tchunkIds.splice(j--, 1);\n\t\t\t} else {\n\t\t\t\tfulfilled = false;\n\t\t\t\tif(priority < notFulfilled) notFulfilled = priority;\n\t\t\t}\n\t\t}\n\t\tif(fulfilled) {\n\t\t\tdeferred.splice(i--, 1)\n\t\t\tvar r = fn();\n\t\t\tif (r !== undefined) result = r;\n\t\t}\n\t}\n\treturn result;\n};","// getDefaultExport function for compatibility with non-harmony modules\n__webpack_require__.n = (module) => {\n\tvar getter = module && module.__esModule ?\n\t\t() => (module['default']) :\n\t\t() => (module);\n\t__webpack_require__.d(getter, { a: getter });\n\treturn getter;\n};","// define getter functions for harmony exports\n__webpack_require__.d = (exports, definition) => {\n\tfor(var key in definition) {\n\t\tif(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {\n\t\t\tObject.defineProperty(exports, key, { enumerable: true, get: definition[key] });\n\t\t}\n\t}\n};","__webpack_require__.g = (function() {\n\tif (typeof globalThis === 'object') return globalThis;\n\ttry {\n\t\treturn this || new Function('return this')();\n\t} catch (e) {\n\t\tif (typeof window === 'object') return window;\n\t}\n})();","__webpack_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))","// define __esModule on exports\n__webpack_require__.r = (exports) => {\n\tif(typeof Symbol !== 'undefined' && Symbol.toStringTag) {\n\t\tObject.defineProperty(exports, Symbol.toStringTag, { value: 'Module' });\n\t}\n\tObject.defineProperty(exports, '__esModule', { value: true });\n};","__webpack_require__.nmd = (module) => {\n\tmodule.paths = [];\n\tif (!module.children) module.children = [];\n\treturn module;\n};","__webpack_require__.p = \"/static/kurssit.kansalaisopistot.fi/\";","// no baseURI\n\n// object to store loaded and loading chunks\n// undefined = chunk not loaded, null = chunk preloaded/prefetched\n// [resolve, reject, Promise] = chunk loading, 0 = chunk loaded\nvar installedChunks = {\n\t143: 0\n};\n\n// no chunk on demand loading\n\n// no prefetching\n\n// no preloaded\n\n// no HMR\n\n// no HMR manifest\n\n__webpack_require__.O.j = (chunkId) => (installedChunks[chunkId] === 0);\n\n// install a JSONP callback for chunk loading\nvar webpackJsonpCallback = (parentChunkLoadingFunction, data) => {\n\tvar [chunkIds, moreModules, runtime] = data;\n\t// add \"moreModules\" to the modules object,\n\t// then flag all \"chunkIds\" as loaded and fire callback\n\tvar moduleId, chunkId, i = 0;\n\tif(chunkIds.some((id) => (installedChunks[id] !== 0))) {\n\t\tfor(moduleId in moreModules) {\n\t\t\tif(__webpack_require__.o(moreModules, moduleId)) {\n\t\t\t\t__webpack_require__.m[moduleId] = moreModules[moduleId];\n\t\t\t}\n\t\t}\n\t\tif(runtime) var result = runtime(__webpack_require__);\n\t}\n\tif(parentChunkLoadingFunction) parentChunkLoadingFunction(data);\n\tfor(;i < chunkIds.length; i++) {\n\t\tchunkId = chunkIds[i];\n\t\tif(__webpack_require__.o(installedChunks, chunkId) && installedChunks[chunkId]) {\n\t\t\tinstalledChunks[chunkId][0]();\n\t\t}\n\t\tinstalledChunks[chunkId] = 0;\n\t}\n\treturn __webpack_require__.O(result);\n}\n\nvar chunkLoadingGlobal = self[\"webpackChunklinnunrata\"] = self[\"webpackChunklinnunrata\"] || [];\nchunkLoadingGlobal.forEach(webpackJsonpCallback.bind(null, 0));\nchunkLoadingGlobal.push = webpackJsonpCallback.bind(null, chunkLoadingGlobal.push.bind(chunkLoadingGlobal));","// startup\n// Load entry module and return exports\n// This entry module depends on other loaded chunks and execution need to be delayed\nvar __webpack_exports__ = __webpack_require__.O(undefined, [998], () => (__webpack_require__(99391)))\n__webpack_exports__ = __webpack_require__.O(__webpack_exports__);\n"],"names":["DATE_FORMAT_FI","DATETIME_FORMAT_FI","TIME_FORMAT_FI","formatTime","date","isValid","format","formatDate","formatDateTime","formatTimeRange","begins","ends","concat","formatDateRange","isSameDay","beginsFormat","isSameMonth","isSameYear","formatDateTimeRange","formatMidnight","getTime","startOfDay","subMinutes","formatPrice","price","toLocaleString","style","currency","maximumFractionDigits","minimumFractionDigits","render","_vm","this","_h","$createElement","_c","_self","attrs","staticRenderFns","defineComponent","name","metaInfo","title","messages","component","staticClass","_e","isLoading","course","domProps","_s","path","language","_v","tenantName","teacher","description","_l","sortBy","periods","period","key","keywords","some","keyword","includes","length","lessons","location","address","city","filter","Boolean","join","latlon","BASE_PATH","replace","Configuration","configuration","arguments","undefined","_classCallCheck","_defineProperty","_createClass","set","get","basePath","fetchApi","middleware","queryParamsStringify","querystring","username","password","apiKey","accessToken","_asyncToGenerator","_regeneratorRuntime","mark","_callee","wrap","_context","prev","next","abrupt","stop","headers","credentials","DefaultConfig","BaseAPI","_this","_ref2","_callee2","url","init","fetchParams","_iterator","_step","_middleware","response","_iterator2","_step2","_iterator3","_step3","_middleware2","_context2","_createForOfIteratorHelper","s","n","done","value","pre","_objectSpread","fetch","t0","sent","t1","e","f","finish","t2","onError","error","clone","t3","t4","Error","FetchError","post","t5","t6","_x","_x2","apply","_next$middleware","_len","preMiddlewares","Array","_key","middlewares","map","withMiddleware","_toConsumableArray","_len2","postMiddlewares","_key2","mime","jsonRegex","test","_request","_callee3","context","initOverrides","_yield$this$createFet","_context3","createFetchParams","status","ResponseError","request","_x3","_x4","_createFetchParams","_callee5","initOverrideFn","initParams","overriddenInit","body","_context5","query","Object","keys","assign","forEach","_callee4","_context4","method","isFormData","URLSearchParams","isBlob","isJsonMime","JSON","stringify","_x5","_x6","constructor","slice","Blob","FormData","RegExp","_Error","msg","_this2","_callSuper","_assertThisInitialized","_inherits","_wrapNativeSuper","_Error2","cause","_this3","RequiredError","_Error3","field","_this4","params","prefix","querystringSingleKey","part","keyPrefix","fullKey","multiValue","singleValue","encodeURIComponent","String","Set","valueAsArray","from","Date","toISOString","JSONApiResponse","raw","transformer","jsonValue","_value","_callee6","_context6","json","call","CourseSortOrderFromJSON","CourseSortOrderFromJSONTyped","ignoreDiscriminator","GeopointFromJSON","GeopointFromJSONTyped","HellewiAgeLimitsFromJSON","HellewiAgeLimitsFromJSONTyped","HellewiLocationFromJSON","HellewiLocationFromJSONTyped","HellewiTenantTypeFromJSON","HellewiTenantTypeFromJSONTyped","HellewiLessonParticipantCountFromJSON","HellewiLessonParticipantCountFromJSONTyped","HellewiCourseLessonFromJSON","HellewiCourseLessonFromJSONTyped","HellewiCatalogItemType","Category","Categorysubject","Classification","Coursetype","Department","Educationsector","Educationtype","Language","Levelofstudy","Location","Locationgroup","Period","Subject","Tag","Tenant","Teachingformat","Term","Unit","Weekday","Dateinput","Coursesbeginning","Registrationopen","HellewiCatalogItemTypeFromJSON","HellewiCatalogItemTypeFromJSONTyped","HellewiCatalogItemFromJSON","HellewiCatalogItemFromJSONTyped","WeekdayFromJSON","WeekdayFromJSONTyped","HellewiCourseDayFromJSON","HellewiCourseDayFromJSONTyped","HellewiCourseMinimalFromJSON","HellewiCourseMinimalFromJSONTyped","HellewiCourseMinimalParentFromJSON","HellewiCourseMinimalParentFromJSONTyped","HellewiCourseNotificationLabelFromJSON","HellewiCourseNotificationLabelFromJSONTyped","HellewiCourseNotificationFromJSON","HellewiCourseNotificationFromJSONTyped","HellewiCoursePeriodFromJSON","HellewiCoursePeriodFromJSONTyped","HellewiCoursePriceInstallmentInstallmentsInnerFromJSON","HellewiCoursePriceInstallmentInstallmentsInnerFromJSONTyped","HellewiCoursePriceInstallmentFromJSON","HellewiCoursePriceInstallmentFromJSONTyped","HellewiCourseProductFromJSON","HellewiCourseProductFromJSONTyped","HellewiCoursePriceFromJSON","HellewiCoursePriceFromJSONTyped","HellewiCourseStatusFromJSON","HellewiCourseStatusFromJSONTyped","HellewiLanguageFromJSON","HellewiLanguageFromJSONTyped","HellewiTagFromJSON","HellewiTagFromJSONTyped","HellewiCoursePartialFromJSON","HellewiCoursePartialFromJSONTyped","HellewiCatalogFromJSON","HellewiCatalogFromJSONTyped","HellewiCatalogSettingsEnabledCatalogItemTypesFromJSON","HellewiCatalogSettingsEnabledCatalogItemTypesFromJSONTyped","HellewiCatalogSettingsFromJSON","HellewiCatalogSettingsFromJSONTyped","HellewiFileFromJSON","HellewiFileFromJSONTyped","HellewiImageFromJSON","HellewiImageFromJSONTyped","HellewiParticipantCountFromJSON","HellewiParticipantCountFromJSONTyped","HellewiCourseFromJSON","HellewiCourseFromJSONTyped","HellewiCourseCountFromJSON","HellewiCourseCountFromJSONTyped","HellewiTenantFromJSON","HellewiTenantFromJSONTyped","RequestState","CatalogApi","_runtime$BaseAPI","_getCatalogRaw","requestParameters","queryParameters","headerParameters","runtime","getCatalogRaw","_getCatalog","_args2","getCatalog","_getCatalogSettingsRaw","getCatalogSettingsRaw","_getCatalogSettings","getCatalogSettings","CourseApi","_getCourseRaw","getCourseRaw","_getCourse","getCourse","_getCourseCountRaw","getCourseCountRaw","_getCourseCount","_args4","getCourseCount","_listCourseParticipantCountsRaw","listCourseParticipantCountsRaw","_x7","_x8","_listCourseParticipantCounts","_args6","listCourseParticipantCounts","_listCoursesRaw","_callee7","_context7","listCoursesRaw","_x9","_x10","_listCourses","_callee8","_args8","_context8","listCourses","TenantApi","_listTenantsRaw","listTenantsRaw","_listTenants","listTenants","filterUndefineds","xs","x","translate","i18nKey","parent","$t","translation","toString","stateHasError","state","computed","stateIsLoading","Loading","ApiEndpointInitialization","api","initial","initialize","Initialized","Uninitialized","onBeforeMount","watch","useErrorToast","ctx","warnComponents","ref","warnToast","push","Snackbar","open","message","duration","type","position","actionText","indefinite","queue","clearErrorToasts","close","err","useCourseApi","memoize","changeConfiguration","useGetCourseCount","_useCourseApi","execute","_ref","Success","useGetCourse","_useCourseApi2","id","_response$value","useListCourses","count","courses","locations","_useCourseApi3","currentParams","ongoing","_ref3","isEqual","cancel","PCancelable","_ref4","resolve","reject","onCancel","responseRaw","partialCourses","ids","participantCounts","isEmpty","Math","min","parseInt","participantcount","find","pc","slot","on","$event","changeLanguage","setup","serviceName","width","props","router","currentRoute","components","LanguageSelection","Logo","goBack","logoWidth","menuModalActive","model","callback","$$v","expression","windowWidth","window","innerWidth","onWidthChange","onMounted","addEventListener","onUnmounted","removeEventListener","backOrFrontpage","$tc","totalCourseCount","_useGetCourseCount","center","MAP_OPTIONS","URL","markerIcon","text","zoomSnap","scrollWheelZoom","zoomControl","LMap","LTileLayer","LMarker","LControlZoom","LTooltip","coordinates","required","latLng","lat","lon","divIcon","className","iconSize","html","colors","primaryColor","Availability","_f","formattedWeekdays","day","weekday","$d","times","scopedSlots","_u","fn","time","class","availability","registrationbegins","registrationendssoft","registrationlink","registrationopen","getDefaultPrice","prices","_default","getPriceEuros","amount","currentYear","getFullYear","nextYear","currentMonth","getMonth","formatWeekdays","Map","days","groupedDays","setISODay","values","groupBy","getAvailability","full","sparefull","sparesAvailable","almostfull","available","registrationClosed","_props$course","_props$course2","lessoncount","row","_props$period$lessons","_props$course$lessons","Header","MobileHeader","Footer","CourseMap","RegistrationBox","LessonsCollapse","_useGetCourse","hasError","checkError","_course$value","tenantCi","ci","catalogitems","onLocatingError","onLocatingSuccessful","popularClassifications","useCatalogApi","useGetCatalogUnfiltered","_useCatalogApi","useGetCatalog","_useCatalogApi2","currentQ","q","catalog","searchSuggestions","proxy","getMyLocation","locationSuggestions","onLocationAutocompleteSelect","distance","search","locationLoading","municipalities","municipalitiesData","m","Kunta","Maakunta","OPENSTREETMAP_NOMINATIM_BASEURL","DEFAULT_ZOOM","DEFAULT_GEOPOINT","DISTANCE_AND_ZOOM_PAIRS","getAddressByCoordinates","geoPoint","data","ok","county","getCoordinatesByAddress","parseFloat","isNaN","getLocationSuggestions","input","municipality","toLowerCase","keywordElement","distanceLearning","navigator","geolocation","getCurrentPosition","pos","coords","latitude","longitude","emit","timeout","_keywordElement$value","focus","initialSearchSuggestions","suggestion","_keyword$value","distancelearning","eopisto","classification","classifications","LanderSearch","Categories","_useGetCatalogUnfilte","getCatalogHasError","_catalog$value","orderBy","_useErrorToast","onBeforeUnmount","hasErrorNow","hadErrorBefore","apiConfiguration","useTenantApi","formatUrl","useListTenants","_useTenantApi","tenant","facebook","twitter","instagram","linkedin","homepage","root","proto","protocol","host","hostname","port","changeConfigurationTenantApi","changeConfigurationCourseApi","changeConfigurationCatalogApi","changeConfigurations","$i18n","locale","Semester","DistanceLearning","courseCount","languages","semester","serviceProviders","weekdays","registrationOpen","civicSkills","creditCourse","showMap","page","zoom","generateQuery","serviceProvider","dateRangeForSemester","trimEnd","CurrentYearAutumn","CurrentYearSpring","CurrentYearSummer","NextYearAutumn","NextYearSpring","NextYearSummer","isNumeric","useSearch","geocodingState","$route","route","split","serviceproviders","civicskills","creditcourse","Number","immediate","getCourseLink","background","color","imageUrl","objectFit","expanded","nativeOn","decodedName","useRouter","pushRoute","_ref$keyword","_ref$location","_ref$distance","_ref$weekdays","_ref$semester","_ref$languages","_ref$classifications","_ref$serviceProviders","_ref$distanceLearning","_ref$page","_ref$registrationopen","_ref$creditcourse","_ref$civicskills","p","goToFrontPage","goToCourse","DEFAULT_COLOR","DEFAULT_IMAGE","luokittelemattomatImage","educationSectorMappings","liikuntaImage","kadentaidotImage","musiikkiImage","kieletImage","kuvataideImage","tanssiImage","tietotekniikkaImage","ruokaImage","terveysImage","kirjallisuusImage","opetusImage","historiaImage","sosiaaliImage","tietoImage","puutarhaImage","kotitalousImage","yleissivistäväImage","kulttuuriImage","perusopetusImage","yhteiskunnallinenImage","luontoImage","ajoneuvoImage","humanistinenImage","vapaaaikaImage","poliisiImage","viestintäImage","liiketalousImage","kansalaisImage","tektiiliImage","VClamp","_props$course3","_props$course4","_props$course5","_useRouter","educationSectorId","item","educationSectorMapping","decode","_item$keywords","CourseCard","distanceLearningList","weekdaysList","semestersList","classificationsList","serviceProvidersList","getInitialSelection","selected","searchValue","optionClicked","selectedName","option","initialSelection","options","previous","filteredOptions","_props$options","toUpperCase","showSelectedOptionSeparately","getSelectedName","o","clickId","cur","inputId","filterClicked","translatelabel","filterKeyword","_props$filter","kwData","getSemestersList","month","SearchFilterCheckbox","SearchFilterDropdown","_props$semester","selectedSemester","_props$catalog","capitalize","_props$catalog2","_props$catalog3","True","False","checkboxFilters","_props$catalog4","_props$catalog5","_props$catalog6","registrationOpenFilter","creditcourseFilter","_filter$keywords","indexOf","tag","civicSkillsFilter","_filter$keywords2","_filter$keywords3","_filter$keywords4","preventDefault","newKeyword","newLocation","newDistance","_props$distance","_props$distance2","searchModalActive","index","markers","getIcon","courseId","LPopup","Vue2LeafletMarkerCluster","_props$courses","filteredData","_course$location","markerData","_course$location2","_course$location3","totalNumberOfCourses","perPage","prevIcon","nextIcon","currentPage","pushPage","directives","rawName","number","total","logo","postalcode","phone","email","browseLink","detailsText","_props$tenant","_props$tenant2","match","CourseList","SearchFilters","SearchHeaderDesktop","SearchHeaderMobile","SearchMap","SearchPagination","TenantDropdown","COURSES_ON_PAGE","_useGetCatalog","_useListTenants","tenants","_useListCourses","listCoursesResponse","listCoursesState","listCoursesIsLoading","listCoursesHasError","_useSearch","geocodingIsLoading","geocodingHasError","_tenants$value","te","_serviceProviders$val","limit","listTenantsHasError","current","filteredTenants","Vue","use","VueRouter","routes","redirect","children","Index","Search","ServiceProviders","Course","NotFound","getRouter","r","mode","scrollBehavior","y","beforeEach","to","previousRoute","_r$previousRoute","back","initializeI18n","VueI18n","fallbackLocale","numberFormats","fi","sv","en","dateTimeFormats","weekdayShort","weekdayLong","silentFallbackWarn","go","Buefy","Meta","VueCompositionApi","config","productionTip","i18n","h","App","$mount","__webpack_module_cache__","__webpack_require__","moduleId","cachedModule","exports","module","loaded","__webpack_modules__","deferred","O","result","chunkIds","priority","notFulfilled","Infinity","i","fulfilled","j","every","splice","getter","__esModule","d","a","definition","defineProperty","enumerable","g","globalThis","Function","obj","prop","prototype","hasOwnProperty","Symbol","toStringTag","nmd","paths","installedChunks","chunkId","webpackJsonpCallback","parentChunkLoadingFunction","moreModules","chunkLoadingGlobal","self","bind","__webpack_exports__"],"sourceRoot":""}