API Access

On the link https://<your_comet_domain>/swagger-ui/index.html you can find the API Swagger Documentation. For example, the link would look like https://comet.ussoccer.com/swagger-ui/index.html for US Soccer, or https://comet.oceaniafootball.com/swagger-ui/index.html for OFC and its MAs.

In the upper right corner you will find tre list of available API Definitions in your COMET instance.

Each request should contain a valid keycloak authorization bearer token in its header obtained through the /api/public/auth/[login|refresh] endpoint(s) which can be found under General definition.

In order to test an API endpoint using Swagger, first go to /api/public/auth/login endpoint, and click on Try it out.

After that:

• in the Request Body, enter the username and password of an active COMET User

• click on Execute button,

• and copy the generated Access Token from the Response Body (string between parantheses)

Now go to the definition where you want to test an API Endpoint (e.g. Registrations) click on Authorize button, paste the Access Token in dialog and click on Authorize button in dialog.

You can now access any API endpoints below, by clicking on Try it out, entering required input parameters, clicking on Execute, and reading the Request Body.

The username/password entered for generating the Access Token, is used to authorize all API endpoints. Authorizations on API endpoints are equivalent to those on the COMET UI, so if a user is prevented to do an action via API, he would also be prevented to do the same action in the UI.

For example, if you need authorizations to manage via API all player registrations under a specific organization, the user entered to get the Access Token should have the PLAYER ADMINISTRATOR (or SUPERUSER) role in that organization, or above in hierarchy.