public-api-docs
Wunder MaaS API
The Wunder MaaS API is not an API in the technical sense, it is a concept on how to use User API for the MaaS use-case.
To save you the burden of storing access credentials for every user, which signs up to Wunder Mobility Platform through your MaaS platform, we use impersonation, which allows you to do API endpoint requests in “the name” of your users by using an API client with the corresponding permissions.
The Wunder User Impersonation is a top-level API concept allowing authorized API users to impersonate other end-users for use cases like MaaS applications. This makes it possible to work with one API client when it comes down to authorization and still has the benefit of correct action traceability of specific users as well as correct analytics based on demographic as well as other factors.
Impersonation header (pass UUID of an user)
The MaaS API extends the User API by providing a way to request resources on behalf of another user. This frees the application from the need to store the credentials for each user and manage a separate pair of access and refresh tokens for each user.
Impersonation is done by including the user identifier (UUID) on which behalf the resource should be accessed as HTTP header GoUrban-Impersonate (subject to change).
The API client which accesses the resources needs to have permission for impersonation. Only users which have been created by this API client can be impersonated by the same API client. This is to prevent misuse and accidentally impersonating a user who was created through the normal sign-up flow.
Sequence diagram:
Resources
Please see the following resources for more information: