Leaf Connect
About
The Leaf API allows an API Owner to grant permission to access Field Boundaries, Field Operations and Machine Data Files to other API Owners. The access is controlled at the Leaf user level by the API account that owns the data.
All HTTP methods should be prepended by this service's endpoint:
How it works
Scenario
API Owner A wants to grant permission to API Owner B to read their fields.
1 - Sharing Relation
The first step is to create a relationship between the API Owners, from who owns the data - the sender (API Owner A) to the receiver (API Owner B). Check the endpoint Create an API Owner sharing relation.
The receiver API Owner (API Owner B) must confirm the relationship changing the relation status to ALLOWED.
This relationship status can be changed in the future by both sides, but once the sender blocks the relationship, the receiver will not be able to access the data, nor to reactivate the sharing relation status.
This step is only necessary once, that is, it is not necessary to repeat this step for new integrations with the same receiver.
2 - Permissions
In this step, permissions are granted for the resources of each Leaf user. More info here.
Note: This permission is READ only and FIELDS and OPERATIONS resources are available.
Company
Company-level sharing is not supported, but the permission can be granted or revoked at the same time the Leaf user is added or removed from the company.
3 - Access
At the end of these steps, API Owner B will be able to visualize the fields, operations and/or machine data files from the shared Leaf user, using the existing field/operations/machine data files endpoints, like this one.
Endpoints
This service has the following endpoints available:
| Description | Endpoints |
|---|---|
| Get API Owner sharing relation | GET /usermanagement/api/api-owners/sharing-relation/{RelationRole} |
| Get API Owner sharing relation status | GET /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{targetApiOwner}/status |
| Create an API Owner sharing relation | POST /usermanagement/api/api-owners/sharing-relation/receiver |
| Update an API Owner sharing relation status | PATCH /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{targetApiOwner} |
| Get LeafUser permissions | GET /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{TargetApiOwner}/users-permissions/{leafUserId} |
| Create a LeafUser permissions | POST /usermanagement/api/api-owners/sharing-relation/receiver/{ReceiverApiOwner}/users-permissions/{leafUserId} |
| Update LeafUser permissions | PATCH /usermanagement/api/api-owners/sharing-relation/receiver/{ReceiverApiOwner}/users-permissions/{leafUserId}/{RESOURCE} |
| Invalidate receiver's tokens | POST /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{TargetApiOwner}/invalidate-tokens |
| Delete LeafUser sharing permissions | DELETE /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{ReceiverApiOwner}/users-permissions/{leafUserId} |
Get API Owner sharing relation
 GET /usermanagement/api/api-owners/sharing-relation/{RelationRole}
Get all API Owners relation based on the relation role: SENDER or RECEIVER.
Request examples
- cURL
- Python
- JavaScript
Response
Get API Owner sharing relation status
 GET /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{targetApiOwner}/status
Get the relation status based in the relation role (SENDER or RECEIVER).
Request examples
- cURL
- Python
- JavaScript
Response
A string with one of the following values: PENDING, ALLOWED or BLOCKED.
Create an API Owner sharing relation
 POST /usermanagement/api/api-owners/sharing-relation/receiver
Create a sharing relation between the API Owners.
Request examples
- cURL
- Python
- JavaScript
Response
Update an API Owner sharing relation status
 PATCH /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{targetApiOwner}
Update the sharing relation status. The values available are ALLOWED or BLOCKED.
After the sender creates a relationship, the recevier must approve it by changing the status from PENDING to ALLOWED.
Both API Owners can block the relation, but once locked by the sender, there is no way for the receiver to change it again.
Request examples
- cURL
- Python
- JavaScript
Response
Get LeafUser permissions
 GET /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{TargetApiOwner}/users-permissions/{leafUserId}
Get all permissions granted to a receiver API Owner for a Leaf user.
Request examples
- cURL
- Python
- JavaScript
Response
Create a LeafUser permissions
 POST /usermanagement/api/api-owners/sharing-relation/receiver/{ReceiverApiOwner}/users-permissions/{leafUserId}
Grants permission to a receiver for a given Leaf user resource.
Note: shared Leaf users (from other API Owner) are not available for grant permissions
Request examples
- cURL
- Python
- JavaScript
Response
Availability
| Resource | Actions | Types |
|---|---|---|
FIELD | READ | - |
OPERATIONS | READ | APPLIED, HARVESTED, PLANTED |
Update LeafUser permissions
 PATCH /usermanagement/api/api-owners/sharing-relation/receiver/{ReceiverApiOwner}/users-permissions/{leafUserId}/{RESOURCE}
Update the permissions granted to the receiver API Owner.
Request examples
- cURL
- Python
- JavaScript
Response
Availability
| Resource | Actions | Types |
|---|---|---|
FIELD | READ | - |
OPERATIONS | READ | APPLIED, HARVESTED, PLANTED |
Invalidate receiver's tokens
 POST /usermanagement/api/api-owners/sharing-relation/{RelationRole}/{TargetApiOwner}/invalidate-tokens
Invalidate the receiver's tokens created before the current date and time.
Request examples
- cURL
- Python
- JavaScript
Delete LeafUser sharing permissions
 DELETE /usermanagement/api/api-owners/sharing-relation/{RelationRole}/users-permissions/{leafUserId}
Deletes a permission.
Request examples
- cURL
- Python
- JavaScript