Introduction
The WeSeeDo Personal API enables you to make video calls, easily and safely. Thanks to this API you and your customers can see each other via a two-sided visual connection built on WebRTC technology. WeSeeDo is AVG/GDPR-proof and complies with the ISO 27001 and NEN 7510.
You can integrate the API with OAuth 2.0 stand-alone or within your current planning software and applications. White label is also an option. In addition, the WeSeeDo Personal API offers the possibility to create single sign-on links.
The API offers the following:
- Call scheduling.
- 2-way or 3-way video and audio calls.
- Notifications (optional).
- Digital waiting room for participants (optional).
API specification
Base URL
https://api-prd.kpn.com/communication/weseedo/weseedopersonal
Conceptual model
Requirements
- Computer, laptop, tablet or smartphone with a camera, microphone and speakers.
- Internet connection: broadband or mobile. Sufficient bandwidth with for video calling. Minimum speed: 3G.
Definitions
Company
A company
in this API is an entity that has sites
and user
entities linked to it. For example, the roles agent
, assistant
, assistant_video
and admin
are linked to a company
.
GDPR
The General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. It also addresses the transfer of personal data outside the EU and EEA areas.
ICT
Information and communication technology.
ISO 27001
ISO/IEC 27001 is an international standard on how to manage information security.
NEN 7510
The Dutch standard NEN 7510 provides frameworks for information security for healthcare organizations and associated organizations, like providers of software and ICT services. Information processed and stored by care providers is almost always confidential.
NOvA
The Netherlands Bar (Nederlandse orde van advocaten, NOvA) is the professional organisation of the legal profession.
SMS
Short Message Service (SMS), also called text message.
API workflow
Features and constraints
Features
- No need to download or install software for participants.
- 2-way or 3-way conversations are both possible.
- Complies with:
- GDPR.
- ICT guidelines of the NOvA.
- NEN 7510 standard.
- ISO 27001 standard.
Constraints
- There might be some country specific restrictions depending on the country you want to send a SMS to. If you need help, please contact our User support.
Getting started
Make sure you've read What's in it for you for more info on how to register and start testing APIs.
Authentication
The API follows the KPN Store API Authentication Standard to secure the API. It includes the use of OAuth 2.0 client_id
and client_secret
to receive an access token.
Go to the Authentication tab on top of this page to find out how to:
- Authenticate to an API using cURL.
- Authenticate to an API on Swaggerhub.
- Import Open API Specifications (OAS), also called Swagger files into Postman.
How to...
Create new users
This endpoint creates a new user. A user can perform several roles, for example, the agent
role. Agents can create meetings and start meetings.
To create a user, send a request to the endpoint POST /management/users
.
You will need this information:
- First name.
- Last name.
- E-mail.
- Locale:
nl
oren
. - Role:
agent
,assistant
,assistant_video
. - Entity
type
andid
. This is the companyid
that you received in the onboarding e-mail.
If you set a
password
, Sandbox users will be able to log in directly to WeSeeDo sandbox using the providedpassword
. If you don't set apassword
, users will receive an e-mail at the specified
The password must have a:
- Minimum of 8 characters.
- Minimum of 1 lower case character.
- Minimum of 1 uppercase character.
- Minimum of 1 number.
Request
^^Request body example^^
{
"first_name": "Firstname of the agent",
"last_name": "Lastname of the agent",
"email": "agent1@weseedo.nl",
"photo": "iVBORw0KGgoAAAANSUhEUgAAARgAAAAqCAIAA.....",
"password": "StrongPassword123!",
"locale": "en",
"role": "agent",
"entity": {
"type": "company",
"id": "11h1aa1a0e11a1c11df11111"
}
}
User roles
agent
The most common role for the user is the agent
role. The agent can log in to WeSeeDo Personal. The agent can schedule appointments for himself and have WeSeeDo conversations.
assistant
The assistant
role can log in to the WeSeeDo Personal. The assistant can schedule appointments for other user objects with the roles agent
or assistant_video
, which are linked to the same site. The assistant cannot make video calls itself, and therefore does not require a license.
assistant_video
The assistant_video
role has the same options as the assistant, but can also make video calls. A license is therefore required for a user with the role assistant_video
.
Retrieve users
You can retrieve all users or you can retrieve a specific user.
- If you want to retrieve a list of all users, use the endpoint
GET /management/users
. - If you want to retrieve a specific user, use the endpoint
GET /management/users/{id}
. You need to provide a valid userid
.
Update users
You can update all user details or you can update only parts of it. For example, the password:
- If you want to update user details, use the endpoint
PUT /management/users/{id}
. - If you want to update only specific details of a user, use the endpoint
Patch /management/users/{id}
. You need to provide a valid userid
.
You cannot change the assigned role.
Delete users
To delete users, send a request with the user id
of the user you want to delete to the endpoint DELETE/ management/users/{id}
.
Create new meetings
This endpoint creates meetings and sends the meeting invitation via e-mail or SMS or both to the participants:
POST /personal/meetings
You will need this information:
- The user
id
of the agent who is going to host the meeting. It is not required if the agent schedules the meeting. - The site
id
. You can find the siteid
in the response of aGET /management/users
request.
Retrieve meetings
You can retrieve all meetings or you can retrieve a specific meeting:
- If you want to retrieve meetings, use the endpoint
GET /personal/meetings
. - If you want to retrieve a list of a specific user, use the endpoint
GET /personal/meetings/{id}
. You need to provide a valid meetingid
.
Update meetings
To update meetings, use the endpoint PATCH /personal/meetings/{id}
and POST /personal/meetings/{id}
.
At the moment it is only possible to change the time of a meeting.
Delete meetings
To delete meetings, send a request with the meeting id
of the meeting you want to delete to the endpoint DELETE /personal/meetings/{id}
.
Return codes
Code | Description |
---|---|
200 | Success. |
201 | Created. |
202 | Accepted. |
302 | Found. Link in location header. |
400 | Bad request. |
401 | Unauthorized. |
403 | Forbidden. |
404 | Not found. |
405 | Method not allowed. |
412 | Precondition failed. |
429 | Too many requests. |
500 | Internal server error. |
502 | Bad gateway. |
503 | Service unavailable. |
HTTP response headers
The following tables display the standard response headers that are returned with each API response:
Standard response field name | Description |
---|---|
sunset | This field will be populated with the deprecation details. By default the value is n/a. |
api-version | Indicates the API version you have used. |
quota-interval | Used to specify an integer (for example, 1, 2, 5, 60, and so on) that will be paired with the quota-time-unit you specify (minute, hour, day, week, or month) to determine a time period during which the quota use is calculated. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
quota-limit | Number of API calls an user can make within a given time period. If this limit is exceeded, the user will be throttled and API requests will fail. |
quota-reset-UTC | All quota times are set to the Coordinated Universal Time (UTC) time zone. |
quota-time-unit | Used to specify the unit of time applicable to the quota. For example, an interval of 24 with a quota-time-unit of hour means that the quota will be calculated over the course of 24 hours. |
quota-used | Number of API calls made within the quota. |
strict-transport-security | The HTTP Strict-Transport-Security (HSTS) response header lets a website tell browsers that it should only be accessed using HTTPS, instead of using HTTP. All present and future subdomains will be HTTPS for a maximum of 1 year and access is blocked to pages or sub domains that can only be served over HTTP including HSTS preload lists of web browsers. Strict-Transport-Security: max-age=31536000; includeSubDomains; preload. |
Access control field name | Description |
access-control-allow-credentials | Tells browsers whether to expose the response to frontend JavaScript when the request's credentials mode (Request.credentials) is include. When a request's credentials mode (Request.credentials) is include, browsers will only expose the response to frontend JavaScript if the Access-Control-Allow-Credentials value is true. Boolean. |
access-control-allow-origin | Indicates whether the response can be shared with requesting code from the given origin. |
access-control-allow-headers | Used in response to a pre-flight request which includes the Access-Control-Request-Headers to indicate which HTTP headers can be used during the actual request. |
access-control-max-age | Indicates how long the results of a pre-flight request (that is the information contained in the Access-Control-Allow-Methods and Access-Control-Allow-Headers headers) can be cached. |
access-control-allow-methods | Indicates which HTTP methods are allowed on a particular endpoint for cross-origin requests.For example: GET, PUT, POST, DELETE. |
content-length | The Content-Length entity header indicates the size of the entity-body, in bytes, sent to the recipient. |
content-type | The Content-Type entity header the client what the content type of the returned content actually is. |