US flag signifying that this is a United States Federal Government website An official website of the United States Government

API Documentation

From "Open Source Micro-purchasing: An experiment in federal acquisition":

18F is an open-source team. We currently have hundreds of publicly available repositories, with dozens under active development. We've had numerous contributions from colleagues within government, and contributions from members of the public. But in the next few weeks, we are going to run an experiment: we want to contract for contributions. And we want to do it the 18F way.

Part of contracting the 18F way is ensuring that all systems are built modularly and with APIs as capable as the human interface. The micro-purchase platform itself is no exception. This means that all data and transactions that are accessible via the web UI can be accessed by software using the API.

This documentation for using the API assumes you have some experience with writing clients for RESTful APIs, although for some situations you can just use curl or jq to get the information you need.

Current Version

This documentation is generated from the API's specification file, written in Swagger. This file can be used to validate API responses and to automatically generate client libraries. We have not verified that auto-generated clients function correctly, but please file an issue if you try it and it works (or doesn't).

The current version of the API is 0.0.1

The Swagger specification can be found at https://micropurchase.18f.gov/api/v0/swagger.json

All requests to the API use a base path that includes a version string. The base path for the current version of the API is /api/v0 and this should be prepended to all requests.

When a new version is introduced, all methods of the prior version will be deprecated and after a few months, the endpoints of the previous version will be removed. It is your responsibility to update your code for the latest version.

Requests

All API access is over HTTPS and all data is returned as JSON. There is no reason to specify the content type for the response.

Errors will return with the appropriate HTTP status code. In addition, all errors return a standardized Error response with an error string within it.

Authentication

Currently all authentication occurs via the GitHub API. Rather than having the micro-purchase platform generate and store API keys, GitHub Personal API Tokens act as the API key. If you have created an account on the micro-purchase platform, you are automatically signed up to use the API. All you need to do is generate a GitHub Personal API Token (with no scopes) and put it in the request headers for API requests:

  
 Api-Key: the-personal-api-token
  

Note that many routes do not require authentication to return data. For instance, you do not need an API key to see details of a single auction, although it will reveal your bidding information if an authentication key is provided. Administrators use the same mechanism for authentication but also must be marked as admins on the Micro-purchase platform.

Quick Start

You don't need to write code to see results from the API. In your terminal, run the following curl command:

$ curl https://micropurchase.18f.gov/api/v0/auctions
  
This returns a JSON string of all Auction resources. Each auction resource contains its child Bid and Bidder resources.

If you just want to collect auction data via the API, there is no need to authenticate. But if you're an auction participant, you'll need to authenticate to do things such as placing bids and viewing your own (temporarily) private bidding data.

To get started with authentication, visit your GitHub settings to generate a new private token you will use for the API. Enter in anything you want in "Token Description". Leave all scopes unchecked in "Select scopes". Click "Generate token". Copy and save the token somewhere safe. Once you leave the token page, GitHub will never reveal it again. The good news is that these tokens are easily re-creatable.

Methods

GET /auctions

Returns a list of all auctions (future, available, and closed). Each auction contains bids and each bid contains one bidder. If an auction is still running, bid['bidder_id'] and all keys in bidder will be null. This request does not require authentication, but if you are authenticated, your bids will not be redacted. This is consistent with the behavior of the web UI.

Example response:


{
  "auctions": [
    {
      "issue_url": "https://github.com/18F/mpt3500/issues/10",
      "github_repo": "https://github.com/18F/mpt3500",
      "start_price": 3500,
      "start_datetime": "2016-01-26T18:00:00+00:00",
      "end_datetime": "2016-02-27T17:00:00+00:00",
      "title": "Review a blog post",
      "description": "Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?\r\n\r\n## A Markdown Quote\r\n\r\n> Ut enim ad minima veniam, quis nostrum exercitationem ullam corporis suscipit laboriosam, nisi ut aliquid ex ea commodi consequatur? Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum fugiat quo voluptas nulla pariatur?\r\n\r\n```\r\ndef foo(bar)\r\n 10.times do\r\n   puts bar\r\n  end\r\nend\r\n```",
      "id": 1,
      "created_at": "2015-12-21T16:40:01+00:00",
      "updated_at": "2015-12-21T16:40:01+00:00",
      "summary": "## Summary\r\n\r\nWe need some prose to be proof-read.",
      "bids": [
        {
          "bidder_id": null,
          "auction_id": 1,
          "amount": 222,
          "created_at": "2016-01-06T16:59:59+00:00",
          "updated_at": "2016-01-06T16:59:59+00:00",
          "id": 68,
          "bidder": {
            "github_id": null,
            "duns_number": null,
            "name": null,
            "email": null,
            "sam_account": null,
            "created_at": null,
            "updated_at": null,
            "id": null
          }
        },
        {
          "bidder_id": null,
          "auction_id": 1,
          "amount": 240,
          "created_at": "2016-01-06T16:59:55+00:00",
          "updated_at": "2016-01-06T16:59:55+00:00",
          "id": 67,
          "bidder": {
            "github_id": null,
            "duns_number": null,
            "name": null,
            "email": null,
            "sam_account": null,
            "created_at": null,
            "updated_at": null,
            "id": null
          }
        }
      ]
    }
  ]
}
Code Meaning Return Type
200 Returns a list of auctions AuctionListResponse

GET /auctions/{id}

This returns the details of a specific auction, in the same format as the auctions index

Code Meaning Return Type
200 Returns a single auction AuctionResponse
404 The auction is not found Error

POST /auctions/{id}/bids

Submit a new bid to an auction via a JSON payload. Only integer bids are allowed and the bid may be rejected if it doesn't meet the validation rules for the auction. You must be authenticated and able to place a bid to use this method.

Example response:


{
  "bid": {
    "bidder_id": 1,
    "auction_id": 3,
    "amount": 1000,
    "created_at": "2016-01-27T01:12:07+00:00",
    "updated_at": "2016-01-27T01:12:07+00:00",
    "id": 7,
    "bidder": {
      "github_id": "86790",
      "duns_number": "123456789",
      "name": "Alan deLevie",
      "email": "",
      "sam_account": true,
      "created_at": "2015-12-23T14:51:34+00:00",
      "updated_at": "2016-01-26T01:56:24+00:00",
      "id": 1
    }
  }
}
Code Meaning Return Type
200 Returns the bid object that was created BidResponse
403 When the user is not authenticated Error
404 When the auction is not found Error

GET /admin/auctions

The administrator view of all auctions. This includes privileged information which is not shown to end users and requires administrator authentication.

Code Meaning Return Type
200 Returns a list of auctions AdminAuctionListResponse
403 Returned if the user is not found or is not an admin Error

GET /admin/auctions/{id}

The details of a specific auction.

Code Meaning Return Type
200 Returns a single auction AdminAuctionResponse
403 Returned if the user is not found or not an admin Error
404 If the auction is not found Error

GET /admin/users

The administrator view of all users. This includes privileged information which is not shown to end users and requires administrator authentication.

Code Meaning Return Type
200 Returns lists of users and metadata AdminReport
403 Returned if the user is not found or not an admin Error

Definitions

Auction

The public representation of a single auction

{
  "id": 1,
  "title": "Auction title",
  "summary": "The first part of the auction description",
  "description": "The rest of the auction description",
  "type": "reverse",
  "issue_url": "https://github.com/18F/micropurchase/issues/217",
  /* Where the auction pull request should be opened against */
  "github_repo": "https://github.com/18f/micropurchase",
  "start_price": 3500,
  "customer": "18F",
  "started_at": "2016-01-01T13:00:00Z",
  "ended_at": "2016-01-01T13:00:00Z",
  "created_at": "2016-01-01T13:00:00Z",
  "updated_at": "2016-01-01T13:00:00Z",
  "winning_bid": << WinningBid >>,
  "bids": [<< Bid >>...],
  "skills": ["rspec", "ruby on rails"]
}
  

WinningBid

The current winning bid for the auction. For open reverse auctions, these fields will provide information about the current lowest bid during the auction. The bidder ID is provided as a convenient way for your program to check if the winning bid is yours. For sealed-bid auctions, these values will be nil until the auction is over and the final winning bid has been determined. If there is no bid, these fields will be nil.

{
  "amount": 39,
  "bidder_id": 34
}
  

Bid

The public representation of a single bid. Note that in some cases -- for instance, when a reverse auction is still running -- information in the auctions may be redacted with nil

{
  "id": 39,
  "bidder_id": 45,
  "auction_id": 1,
  "amount": 2300,
  "created_at": "2016-01-01T13:00:00Z",
  "updated_at": "2016-01-01T13:00:00Z",
  "bidder": << Bidder >>
}
  

Bidder

The public information for a specific bidder. Note that in some cases -- for instance, when a reverse auction is still running -- all information about bidders who are not the authenticated user will be redacted and replaced with nil values.

{
  "id": 34,
  "github_id": 3402,
  "duns_number": "123456789",
  "name": "Micah Purchase",
  "github_login": "github_login",
  "sam_status": "sam_accepted",
  "created_at": "2016-01-01T13:00:00Z",
  "updated_at": "2016-01-01T13:00:00Z"
}
  

AuctionResponse

The API currently returns a wrapper around a single auction in its response

{
  "auction": << Auction >>
}
  

AuctionListResponse

This response contains an array of one or more auctions

{
  "auctions": [<< Auction >>...]
}
  

BidResponse

Returned as a response to submitting a bid

{
  "bid": << Bid >>
}
  

AdminAuction

The admin view of a single auction. This includes all of the fields in the regular Auction class as well as some additional privileged fields

{
  "id": 1,
  "title": "Auction title",
  "summary": "The first part of the auction description",
  "description": "The rest of the auction description",
  "type": "reverse",
  "issue_url": "https://github.com/18F/micropurchase/issues/217",
  /* Where the auction pull request should be opened against */
  "github_repo": "https://github.com/18f/micropurchase",
  "start_price": 3500,
  "customer": "18F",
  "started_at": "2016-01-01T13:00:00Z",
  "ended_at": "2016-01-01T13:00:00Z",
  "created_at": "2016-01-01T13:00:00Z",
  "updated_at": "2016-01-01T13:00:00Z",
  "winning_bid": << WinningBid >>,
  "bids": [<< Bid >>...],
  "skills": ["rspec", "ruby on rails"],
  "billable_to": "example",
  "c2_proposal_url": "http://example.com/",
  "notes": "example",
  "delivery_due_at": "2016-01-01T13:00:00Z",
  "delivery_url": "http://example.com/",
  "paid_at": "2016-01-01T13:00:00Z",
}
  

AdminAuctionResponse

The response for requesting a single auction via the admin API

{
  "auction": << Auction >>
}
  

AdminAuctionListResponse

The response for requesting admin auctions

{
  "auctions": [<< Auction >>...]
}
  

AdminReport

{
  "admin_report": << AdminUserInfo >>
}
  

AdminUserInfo

Metadata about users

{
  "quick_stats": << QuickStats >>,
  "non_admin_users": [<< User >>...],
  "admin_users": [<< User >>...]
}
  

QuickStats

{
  "total_users": 87,
  "users_with_duns": 23,
  "users_in_sam": 21,
  "notes": "example"
}
  

User

The admin information about a user

{
  "id": 39,
  "github_id": 34001,
  "contracting_officer": false,
  "small_business": false,
  "duns_number": "123456789",
  "name": "Micah Purchase",
  "created_at": "2016-01-01T13:00:00Z",
  "updated_at": "2016-01-01T13:00:00Z",
  "email": "user@example.com",
  "sam_status": "duns_blank",
  "payment_url": "http://example.com/",
  "github_login": "example"
}
  

Error

The standard format for error messages

{
  "error": "You must be authenticated to bid on an auction"
}