Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Overview

This guide is a quick reference that lists the steps for accessing the customer information of the currently logged in user. In USTA parlance, this is 'Bound' access. In this mode, the customer UAID is bound to the session under which the user has logged in to USTA.com.  The token will restrict access to only data for this one UAID.

Integrating your application with USTA.com is easy. You can use any programming language or tool that supports HTTPS communications.  

Me Construct

When working in Bound mode, 'me' represents the only customer to which you will have access to data.  In other words, data that is about the logged in user.

Before Development

Before you begin development of your browser-based application, contact USTA to discuss what data you will need to access from USTA.  Credentials will be issued for use to connect via HTTP.

...

  1. Stage (preproduction)
  2. Prod

Building Your Application

The following is a quick guide for accessing bound customer data.  More on the bound mode can be found on the API Reference page.  

It should be noted that the best use of this API is within the context of a browser-based application.  Because the customer UAID is bound to the token, it is safe to store in a cookie.

Image Added

JanRain Test Account

For the purpose of testing, we have created a dummy Janrain client id for use against the non-prod platform.

FieldValue
client_idafwu4zrn4caebfaf9d375vb5tvee5es5
secretUsta@1234

Step 1:  Retrieve a

...

Identity Token

The USTA bound access model is secured via the Janrain Identity Service.  You must pass in your unique email corresponding to the USTA account for which you would like to retrieve customer information.  Please note that the identity must pre-exist at Janrain before the call is made in order to authenticate and receive a credentials token.an identity token.  The UAID associated with the identity will be the only identity for which you will be able to retrieve data. 

If the email address does not exist at Janrain, there is no customer information to retrieve from USTA.

Headers

This API call uses Basic Authorization.  Use the supplied client_id and secret to generate a Basic Authentication token.  There are many online generators you can use for testing.  One is here.

KeyValue
Content-Typeapplication/x-www-form-urlencoded
Cache-Controlno-cache

HTTP Call

This is the API call.  Janrain only has two environments.  Please note the difference in base urls:

Test:  https://usta-dev.us-dev.janraincapture.com

Prod: https://usta-prod.us.janraincapture.com

Data/Payload

You must use the client_id and currentPassword assigned by USTA.  The signInEmailAddress is your unique user identity at Janrain. 

All other values are static and should be supplied as written below.

KeyValue
client_id<YOUR ASSIGNED JANRAIN CLIENT ID>
signInEmailAddress<YOUR UNIQUE JANRAIN EMAIL ADDRESS>
currentPassword<YOUR JANRAIN PASSWORD>
flowstandard
flow_version20161114171439489756
redirect_urihttp://localhost
response_typetoken
formsignInForm
localeen-US

Result

The important info returned from this call are the following:

access_token: The identity token representing the logged in user.

Code Block
languagexml
titleResult of https://usta-dev.us-dev.janraincapture.com/oauth/auth_native_traditional
{
  "capture_user": {
    ...
  },
  "sso_code": "cb5730b0a4bcccdd",
  "stat": "ok",
  "access_token": "y5udk6hrb7ytqh5n"
}

Example

This example uses CURL from the command line.

Panel

curl -X POST -d 'client_id=afwu4zrn4caebfaf9d375vb5tvee5es5&flow=standard&flow_version=20161114171439489756&locale=en-US&redirect_uri=http://localhost&response_type=token&form=signInForm&signInEmailAddress=jmeterTesting2@mailinator.com&currentPassword=Usta@1234' 'https://usta-dev.us-dev.janraincapture.com/oauth/auth_native_traditional'


Step 2:  Retrieve a JWT Token


This API calls the USTA OAuth Service to retrieve a JWT token that will be used to define the scope of permissions for future calls.  Please note that if you are working within the context of a browser application, this token will be visible to users and could be used for subsequent calls.  This is the equivalent of establishing a durable session.

Headers

This API call uses Basic Authorization.  Use the supplied client_id and secret to generate a Basic Authentication token.  There are many online generators you can use for testing.  One is here.

application/x-www-form-urlencoded
KeyValue
authorization'Basic [SUPPLY YOUR GENERATED BASIC AUTHENTICATION TOKEN]'Content-Type

HTTP Call

This is the API call.  Please note the difference in base urls:

Test:  https://stage-services.usta.com

Prod: https://services.usta.com

Result

The important info returned from this call are the following:

...

Code Block
languagexml
titleResult of https://stage-services.usta.com/v1/oauth/token?grant_type=client_credentials
{
    "access_token": "eyJh...,
    "token_type": "bearer",
    "expires_in": 43199,
    "scope": "safeplay:status safeplay:details",
    "client_name": "ClubBling",
    "jti": "7b5f8ede-bbc1-4b2b-b127-a6f0e9dfb8cd"
}

Example

This example uses CURL from the command line.

Panel

curl -X POST 
'https://stage-services.usta.com/v1/oauth/token?grant_type=clientjanrain_credentialstoken
-H 'Authorization: Basic ZTc2ZGQxZWItZjVjMC00MDFiLWFjYTktZWYxZGRlNTcyYzg4OkhOOUU2U2ovdmtWUWEyR2pKYUxBSDF4WndWTzN0dHZWQmJRQnpRaVlpbWc1RWFvVVJ5bUVhTzc4SVRtNVh5NjQzSUo0UThTcHpTNXQ2c2Jz'


Step

...

3

...

Perform API Operations Using JWT Token

This API call is used to retrieve a 'thumbs up/thumbs down' assessment of whether the provider is SafePlay approved.  This result is calculated based on the following criteria:

  • Legal Agreement Date
  • NCSI Status
  • SafeSport Completion
  • SafeSport Expiration

Headers

...

Data/Payload

Email is used as the unique identifier for looking up SafePlay status.

...

Result

The result is calculated summary status of true/false.

...

Once you have a JWT token, you can begin calling Bound API calls.  Remember that the customer UAID is bound to the token, and only data associated with that UAID can be retrieved in Bound mode.

For instance, you can retrieve your Customer Profile information using the following API call:   https://stage-services

...

/v1/

...

{
    "isApproved": false
}

Example

This example uses CURL from the command line.

Panel

curl -X POST 
https://dev-services.usta.com/dev/v1/approval/isApproved 
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZSI6WyJzYWZlcGxheTpzdGF0dXMiLCJzYWZlcGxheTpkZXRhaWxzIl0sImV4cCI6MTU2OTM3OTI1OSwiY2xpZW50X25hbWUiOiJDbHViU3BhcmsiLCJqdGkiOiJjNWI0ZWNlYS1hNGQwLTQ4NmMtOGFiYi0xYzE3NmJkYTM0NGUiLCJjbGllbnRfaWQiOiJlNzZkZDFlYi1mNWMwLTQwMWItYWNhOS1lZjFkZGU1NzJjODgifQ.dWri48wRO4pbYZaZHseX6u8fRqW8yrOGr4YwpQ_IlSX4QVGPA7QHxW2wf3aOuXsXSfKYow9W7fXyNtrktlgq8i6_ZcTFPNSpEmcMnMM5gDByDbc0gEklPQ0xm8dh1GuW80SKjuFUroEieRx2T0hlxFMnoV79po2l4UsVQ7VCHSUnA498hIZnUOZlFbUltMeZS0POCLhOb41VC0Mbqkgk4QwEKtkZRLcVGCbINhlEsgOvA5TPgTVDEAi1Wt3N1O7xN5PmojNRpI8Rg0Ti2LE18TZ5JHVBxD7W3140glQURG_oRdkLNCK_czJhxI1g1PVpHjXkyM3O_Yv3RVU5_Gly3Q' 
-H 'Content-Type: application/json' 
-H 'cache-control: no-cache' 
-d '{
"email": "provider@mailinator.com"
}'

 

Step 2:  Retrieve Approval Details Using JWT Token (Optional)

Similar to the call above, you can optionally see the inputs that went into the calculation of the isApproved call.

customer/me

Headers

KeyValue
Content-Typeapplication/json
authorization'Bearer ZTc2ZGQxZWItZjVjMC00MDFiLWFjYTktZWYxZGRlNTcyYzg4OkhOOUU2U2ovdmtWUWEyR2pKYUxBSDF4WndWTzN0dHZWQmJRQnpRaVlpbWc1RWFvVVJ5bUVhTzc4SVRtNVh5NjQzSUo0UThTcHpTNXQ2c2Jz'

Data/Payload

Result

The result shows the current values the account profile for the user associated with the inputs:

  • Legal Agreement Date
  • NCSI Status
  • SafeSport Completion
  • SafeSport Expiration

the email id requested in the Janrain token in Step 1.

Code Block
languagexmljs
titleResult Of https://stage-services.usta.com/dev/v1/approvalcustomer/detailsme
{
    "legalAgreementAcceptDateuaid": "2019-05-142017492001",
    "legalAgreementExpireDatefirstName": "2021-05-14bat",
    "legalAgreementStatuslastName": "Acceptedman",
    "ncsiCheckTimestampdateOfBirth": "20192018-06-28T12:03:0402-11",
    "ncsiExpiryDategender": "2019-06-19DND",
    "ncsiCheckStatuswheelchairPlayer": "Expired"false,
    "safeSportCompleteDateTimeemails": "2018-10-25T10:56:07",[
        {
            "safeSportExpiryDateemailAddress": "2020-10-25"bat.man430@mailinator.com"
        }
    ],
    "safeSportStatusaddresses": "COMPLETE", [
        {
            "safePlayStatusid": "EXPIRED1568772805481",
    "safePlayStatusDisplayValue": "Expired"        "isPrimary": true
        }
    ]
}


Example

This example uses CURL from the command line.

Panel

curl -X POST GET \
https://devstage-services.usta.com/dev/v1/approvalcustomers/details me \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9eyJhb..eyJzY29wZSI6WyJzYWZlcGxheTpzdGF0dXMiLCJzYWZlcGxheTpkZXRhaWxzIl0sImV4cCI6MTU2OTM3NzM5OCwiY2xpZW50X25hbWUiOiJRQSIsImp0aSI6ImI4ZmVkMTBkLTliMWItNDU2My1iZDRjLWE1ZDUyMjVhYWYxOSIsImNsaWVudF9pZCI6InFhX3NwYWFzIn0. fbmasURVRWmbUh-vx4kJJvXwYGUzh_Jc7cOgEpDxyUoOkPGBsagWUixEzMmiZylo7ZywPN5x9cTBLGon9w7aQ2BzgsfQJLqL4rmVLf9YEspo9WTSXq0tqhlV8RlzVJhCoSCIfk4qS_gztdnvTdX7a0Im64IL8At_oEMcCspnmHJJzu9cpuUQn-ByJV3xzgYTY9ZibxG_g2z4SwnpPznB0kTUw-F1_pxE8nlN_Y0-_rPt-S-VGLIXF72rEeyQhgIbAapK6Cli9Bcy1-kf992f2nDOkiL3ygfwqtsObQ5AnxNwwenVhLgWZjoh6XFob0lEHwRmBD4qJAofbFm5yZcEqg\
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json' \
-d '{
"email": "broderick@mailinator.com"
}'