WeSeeDo Personal - WeSeeDo

Introduction

The WeSeeDo Personal API enables you to make video calls, easily and safely. Thanks to this API you and your customers can see each other via a two-sided visual connection built on WebRTC technology. WeSeeDo is AVG/GDPR-proof and complies with the ISO 27001 and NEN 7510.

You can integrate the API with OAuth 2.0 stand-alone or within your current planning software and applications. White label is also an option. In addition, the WeSeeDo Personal API offers the possibility to create single sign-on links.

The API offers the following:

Call scheduling.
2-way or 3-way video and audio calls.
Notifications (optional).
Digital waiting room for participants (optional).

API specification

Test the API on SwaggerHub

Base URL

https://api-prd.kpn.com/communication/weseedo/weseedopersonal

Conceptual model

Requirements

Computer, laptop, tablet or smartphone with a camera, microphone and speakers.
Internet connection: broadband or mobile. Sufficient bandwidth with for video calling. Minimum speed: 3G.

Definitions

Company

A company in this API is an entity that has sites and user entities linked to it. For example, the roles agent, assistant, assistant_video and admin are linked to a company.

GDPR

The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.

ICT

Information and communication technology.

ISO 27001

ISO/IEC 27001 is an international standard on how to manage information security.

NEN 7510

The Dutch standard NEN 7510 provides frameworks for information security for healthcare organizations and associated organizations, like providers of software and ICT services. Information processed and stored by care providers is almost always confidential.

NOvA

The Netherlands Bar (Nederlandse orde van advocaten, NOvA) is the professional organisation of the legal profession.

SMS

Short Message Service (SMS), also called text message.

API workflow

Workflow diagram

Features and constraints

Features

No need to download or install software for participants.
2-way or 3-way conversations are both possible.
Complies with:
- GDPR.
- ICT guidelines of the NOvA.
- NEN 7510 standard.
- ISO 27001 standard.

Constraints

There might be some country specific restrictions depending on the country you want to send a SMS to. If you need help, please contact our User support.

Getting started

Make sure you've read What's in it for you for more info on how to register and start testing APIs.

Authentication

The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id and client_secret to receive an access token.

Go to the Authentication tab on top of this page to find out how to:

Authenticate to an API using cURL.
Authenticate to an API on Swaggerhub.
Import Open API Specifications (OAS), also called Swagger files into Postman.

How to...

Create new users

This endpoint creates a new user. A user can perform several roles, for example, the agent role. Agents can create meetings and start meetings.

To create a user, send a request to the endpoint POST /management/users.

You will need this information:

First name.
Last name.
E-mail.
Locale: nl or en.
Role: agent, assistant, assistant_video.
Entity type and id. This is the company id that you received in the onboarding e-mail.

If you set a password, Sandbox users will be able to log in directly to WeSeeDo sandbox using the provided email and password. If you don't set a password, users will receive an e-mail at the specified email with an activation link to create a password themselves.

The password must have a:

Minimum of 8 characters.
Minimum of 1 lower case character.
Minimum of 1 uppercase character.
Minimum of 1 number.

Request

^^Request body example^^

{
  "first_name": "Firstname of the agent",
  "last_name": "Lastname of the agent",
  "email": "agent1@weseedo.nl",
  "photo": "iVBORw0KGgoAAAANSUhEUgAAARgAAAAqCAIAA.....",
  "password": "StrongPassword123!",
  "locale": "en",
  "role": "agent",
  "entity": {
    "type": "company",
    "id": "11h1aa1a0e11a1c11df11111"
  }
}

User roles

agent

The most common role for the user is the agent role. The agent can log in to WeSeeDo Personal. The agent can schedule appointments for himself and have WeSeeDo conversations.

assistant

The assistant role can log in to the WeSeeDo Personal. The assistant can schedule appointments for other user objects with the roles agent or assistant_video, which are linked to the same site. The assistant cannot make video calls itself, and therefore does not require a license.

assistant_video

The assistant_video role has the same options as the assistant, but can also make video calls. A license is therefore required for a user with the role assistant_video.

Retrieve users

You can retrieve all users or you can retrieve a specific user.

If you want to retrieve a list of all users, use the endpoint GET /management/users.
If you want to retrieve a specific user, use the endpoint GET /management/users/{id}. You need to provide a valid user id.

Update users

You can update all user details or you can update only parts of it. For example, the password:

If you want to update user details, use the endpoint PUT /management/users/{id}.
If you want to update only specific details of a user, use the endpoint Patch /management/users/{id}. You need to provide a valid user id.

You cannot change the assigned role.

Delete users

To delete users, send a request with the user id of the user you want to delete to the endpoint DELETE/ management/users/{id}.

Create new meetings

This endpoint creates meetings and sends the meeting invitation via e-mail or SMS or both to the participants:

POST /personal/meetings

You will need this information:

The user id of the agent who is going to host the meeting. It is not required if the agent schedules the meeting.
The site id. You can find the site id in the response of a GET /management/users request.

Retrieve meetings

You can retrieve all meetings or you can retrieve a specific meeting:

If you want to retrieve meetings, use the endpoint GET /personal/meetings.
If you want to retrieve a list of a specific user, use the endpoint GET /personal/meetings/{id}. You need to provide a valid meeting id.

Update meetings

To update meetings, use the endpoint PATCH /personal/meetings/{id} and POST /personal/meetings/{id}.

At the moment it is only possible to change the time of a meeting.

Delete meetings

To delete meetings, send a request with the meeting id of the meeting you want to delete to the endpoint DELETE /personal/meetings/{id}.

Return codes

Code	Description
200	Success.
201	Created.
202	Accepted.
302	Found. Link in location header.
400	Bad request.
401	Unauthorized.
403	Forbidden.
404	Not found.
405	Method not allowed.
412	Precondition failed.
429	Too many requests.
500	Internal server error.
502	Bad gateway.
503	Service unavailable.

HTTP response headers

The following tables display the standard response headers that are returned with each API response:

Standard response field name	Description
sunset	This field will be populated with the deprecation details. By default the value is `n/a`.
api-version	Indicates the API version you have used.
quota-interval	Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the `quota-time-unit` you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated. For example, an interval of 24 with a `quota-time-unit` of hour means that the quota will be calculated over the course of 24 hours.
quota-limit	Number of API calls an user can make within a given time period. If this limit is exceeded, the user will be throttled and API requests will fail.
quota-reset-UTC	All quota times are set to the Coordinated Universal Time (UTC) time zone.
quota-time-unit	Used to specify the unit of time applicable to the quota. For example, an interval of 24 with a `quota-time-unit` of hour means that the quota will be calculated over the course of 24 hours.
quota-used	Number of API calls made within the quota.
strict-transport-security	The HTTP `Strict-Transport-Security` (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers. `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload`.
Access control field name	Description
access-control-allow-credentials	Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (`Request.credentials`) is `include`. When a request's credentials mode (`Request.credentials`) is `include`, browsers will only expose the response to frontend JavaScript if the `Access-Control-Allow-Credentials` value is `true`. Boolean.
access-control-allow-origin	Indicates whether the response can be shared with requesting code from the given origin.
access-control-allow-headers	Used in response to a pre-flight request which includes the `Access-Control-Request-Headers` to indicate which HTTP headers can be used during the actual request.
access-control-max-age	Indicates how long the results of a pre-flight request (that is the information contained in the `Access-Control-Allow-Methods` and `Access-Control-Allow-Headers` headers) can be cached.
access-control-allow-methods	Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests. For example: `GET`, `PUT`, `POST`, `DELETE`.
content-length	The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient.
content-type	The Content-Type entity header the client what the content type of the returned content actually is.

You are here