Deprecated
REST/JSON API v1.1.0
The e-Attestations REST/JSON API v1.1.0 allows you to interface a client information system to the e-Attestations platform via the HTTP REST protocol with JSON encoding.
This API is deprecated. For new integrations, please use the EDGE API which offers more features and better performance.
Overview
This REST API enables third-party compliance monitoring (suppliers, partners) via a RESTful architecture with JSON responses.
Main Features
- Third-party management (creation, consultation)
- Creation and tracking of evaluation dossiers
- Document and file download
- Compliance indicator consultation
Environments
Two environments are available for integration:
TEST Environment
https://rs.test-e-attestations.com/api/v1/For development and integration testing
PRODUCTION Environment
https://rs.e-attestations.com/api/v1/For real-world usage
Encoding
All communications with the API must use UTF-8 encoding.
Ensure your requests and response processing use UTF-8 to avoid special character display issues.
OpenID Connect Authentication
The API uses OpenID Connect (OIDC) with JWT tokens (JSON Web Tokens) for authentication. You must obtain a token before calling API endpoints.
Authentication Endpoints
TEST
https://auth.test-e-attestations.com/auth/realms/eat_realm/protocol/openid-connect/tokenPRODUCTION
https://auth.e-attestations.com/auth/realms/eat_realm/protocol/openid-connect/tokenAuthentication Request
HTTP Request
POST /auth/realms/eat_realm/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
client_id=ea-api-edge
&grant_type=password
&username=VOTRE_USERNAME
&password=VOTRE_PASSWORDRequired Parameters
| Parameter | Value | Description |
|---|---|---|
client_id | ea-api-edge | Client identifier (fixed) |
grant_type | password | Authentication type |
username | Your identifier | API username |
password | Your password | API password |
Response
JSON Response
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 300,
"refresh_expires_in": 1800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"token_type": "bearer",
"not-before-policy": 0,
"session_state": "abc123..."
}The token has a limited validity period (indicated by
expires_in in seconds). Remember to renew it before expiration or use the refresh_token.Token Usage
Include the token in the Authorization header of all your requests:
HTTP Header
Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...GET/account
Retrieves account information associated with the valid token.
Request
HTTP Request
GET /api/v1/account
Authorization: Bearer {access_token}Response
JSON Response
{
"content": {
"accountId": 12345,
"accountName": "Ma Societe",
"subscriptionStartDate": "2020-01-01",
"subscriptionEndDate": "2025-12-31"
},
"messages": {
"info": [],
"warning": [],
"error": []
}
}GET/account/{accountId}
Returns global statistics for tracked third parties on the account.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
accountId | Integer | Yes | Account identifier (path) |
Request
HTTP Request
GET /api/v1/account/12345
Authorization: Bearer {access_token}Response
JSON Response
{
"content": {
"accountId": 12345,
"totalThirdparties": 150,
"monitoredThirdparties": 120,
"totalDossiers": 180,
"completedDossiers": 95,
"pendingDossiers": 85
},
"messages": {
"info": [],
"warning": [],
"error": []
}
}GET/account/{accountId}/thirdparties
Lists third parties from the account repository with optional filtering.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
monitored | Boolean | Filter by monitoring status |
companyIdType | String | Identifier type (CIT001, CIT002) |
name | String | Company name |
siren | String | SIREN number (9 digits) |
siret | String | SIRET number (14 digits) |
tva | String | EU VAT number |
thirdpartyGlobalState | Boolean | Third party global state |
page | Integer | Page number (default: 0) |
pageSize | Integer | Page size (default: 20) |
Request
HTTP Request
GET /api/v1/account/12345/thirdparties?monitored=true&page=0&pageSize=20
Authorization: Bearer {access_token}Response
JSON Response
{
"content": [
{
"thirdpartyId": 67890,
"companyIdType": "CIT001",
"companyIdValue": "12345678901234",
"thirdpartyCode": "FOURNISSEUR-001",
"name": "Fournisseur Example SAS",
"monitored": true,
"globalState": true
}
],
"messages": {
"info": [],
"warning": [],
"error": []
},
"page": 0,
"size": 20,
"totalElements": 1
}GET/account/{accountId}/thirdparties/{thirdpartyId}
Returns detailed third party information: identity, address, users, business status, activity and financial data.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
accountId | Integer | Yes | Account identifier |
thirdpartyId | Integer | Yes | Third party identifier |
Request
HTTP Request
GET /api/v1/account/12345/thirdparties/67890
Authorization: Bearer {access_token}Response
JSON Response
{
"content": {
"thirdpartyId": 67890,
"companyIdType": "CIT001",
"companyIdValue": "12345678901234",
"thirdpartyCode": "FOURNISSEUR-001",
"identity": {
"name": "Fournisseur Example SAS",
"legalForm": "SAS",
"siren": "123456789",
"siret": "12345678901234",
"vatNumber": "FR12345678901",
"creationDate": "2010-05-15"
},
"address": {
"street": "123 Rue de la Paix",
"postalCode": "75001",
"city": "Paris",
"country": "France"
},
"activity": {
"mainActivity": "6201Z",
"mainActivityLabel": "Programmation informatique"
},
"financial": {
"capital": 100000,
"currency": "EUR",
"employees": 50
},
"users": [
{
"email": "contact@fournisseur.com",
"firstName": "Jean",
"lastName": "Dupont"
}
],
"businessStatus": {
"active": true,
"closedDate": null
}
},
"messages": {
"info": [],
"warning": [],
"error": []
}
}POST/account/{accountId}/dossiersAsynchronous
Creates a monitoring dossier for a third party. Processing is asynchronous and returns a processId to track progress.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
companyIdType | String | Yes | Identifier type (CIT001, CIT002) |
companyIdValue | String | Yes | Identifier value (SIRET, VAT) |
thirdpartyCode | String | No | Internal third party code |
dossierReference | String | No | Unique dossier reference |
description | String | No | Dossier description |
purchasingCategory | String | No | Purchasing category |
expirationDate | Date | No | Expiration date (YYYY-MM-DD) |
requiredDocuments | Array | No | List of required document codes |
thirdpartyEmail | Array | No | Third party emails for invitation |
userInCharge | Array | No | Responsible user emails |
Request
HTTP Request
POST /api/v1/account/12345/dossiers
Authorization: Bearer {access_token}
Content-Type: application/json
{
"companyIdType": "CIT001",
"companyIdValue": "12345678901234",
"thirdpartyCode": "FOURNISSEUR-001",
"dossierReference": "DOS-2024-001",
"description": "Evaluation fournisseur IT",
"purchasingCategory": "IT",
"expirationDate": "2025-12-31",
"requiredDocuments": ["KBIS", "URSSAF", "ASSURANCE"],
"thirdpartyEmail": ["contact@fournisseur.com"],
"userInCharge": ["acheteur@masociete.com"]
}Response
JSON Response
{
"content": {
"processId": "abc123-def456-ghi789",
"status": "PENDING"
},
"messages": {
"info": ["Dossier creation in progress"],
"warning": [],
"error": []
}
}The returned
processId allows you to track dossier creation progress. Use the GET /dossiers endpoint with this processId to check status.GET/account/{accountId}/dossiers
Multi-criteria search of account dossiers.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
thirdpartyId | Integer | Third party identifier |
companyIdType | String | Identifier type |
companyIdValue | String | Identifier value |
thirdpartyCode | String | Internal third party code |
dossierReference | String | Dossier reference |
monitored | Boolean | Monitoring status |
stateLastChangeDate | Date | Last modification date |
page | Integer | Page number |
pageSize | Integer | Page size |
Request
HTTP Request
GET /api/v1/account/12345/dossiers?thirdpartyCode=FOURNISSEUR-001&page=0&pageSize=10
Authorization: Bearer {access_token}Response
JSON Response
{
"content": [
{
"dossierId": 11111,
"thirdpartyId": 67890,
"dossierReference": "DOS-2024-001",
"monitored": true,
"state": true,
"creationDate": "2024-01-15",
"expirationDate": "2025-12-31",
"indicators": [
{
"code": "I001",
"label": "Obligation de vigilance",
"state": true
}
],
"documents": [
{
"documentId": 22222,
"documentCode": "KBIS",
"name": "Extrait Kbis",
"present": true,
"requestDate": "2024-01-15",
"expirationDate": "2025-01-15"
}
]
}
],
"messages": {
"info": [],
"warning": [],
"error": []
},
"page": 0,
"size": 10,
"totalElements": 1
}GET/account/{accountId}/dossiers/{dossierId}
Retrieves complete details of a specific dossier, including documents, indicators and file information.
Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
accountId | Integer | Yes | Account identifier |
dossierId | Integer | Yes | Dossier identifier |
Request
HTTP Request
GET /api/v1/account/12345/dossiers/11111
Authorization: Bearer {access_token}Response
JSON Response
{
"content": {
"dossierId": 11111,
"thirdpartyId": 67890,
"dossierReference": "DOS-2024-001",
"description": "Evaluation fournisseur IT",
"purchasingCategory": "IT",
"monitored": true,
"state": true,
"creationDate": "2024-01-15",
"expirationDate": "2025-12-31",
"stoppingReason": null,
"indicators": [
{
"code": "I001",
"label": "Obligation de vigilance",
"state": true
}
],
"documents": [
{
"documentId": 22222,
"documentCode": "KBIS",
"name": "Extrait Kbis",
"present": true,
"requestDate": "2024-01-15",
"expirationDate": "2025-01-15",
"listFileInformation": [
{
"fileId": 33333,
"fileUUID": "uuid-abc-123",
"uploadDate": "2024-01-20",
"fileSize": 125000,
"expirationDate": "2025-01-15"
}
]
},
{
"documentId": 22223,
"documentCode": "URSSAF",
"name": "Attestation URSSAF",
"present": false,
"requestDate": "2024-01-15",
"expirationDate": null,
"listFileInformation": []
}
]
},
"messages": {
"info": [],
"warning": [],
"error": []
}
}POST/account/{accountId}/dossiers/{dossierId}
Updates an existing dossier.
Request Body
| Field | Type | Description |
|---|---|---|
dossierReference | String | New dossier reference |
description | String | New description |
purchasingCategory | String | New category |
expirationDate | Date | New expiration date |
thirdpartyCode | String | New third party code |
thirdpartyEmail | Array | New emails |
Request
HTTP Request
POST /api/v1/account/12345/dossiers/11111
Authorization: Bearer {access_token}
Content-Type: application/json
{
"dossierReference": "DOS-2024-001-V2",
"description": "Evaluation fournisseur IT - Mise a jour",
"expirationDate": "2026-06-30"
}Response
JSON Response
{
"content": {
"dossierId": 11111,
"updated": true
},
"messages": {
"info": ["Dossier updated successfully"],
"warning": [],
"error": []
}
}GET/account/{accountId}/dossiers/{dossierId}/documents/{documentId}/files/{fileId}
Downloads a file associated with a document. Returns the binary file content.
Parameters
| Parameter | Type | Description |
|---|---|---|
accountId | Integer | Account identifier |
dossierId | Integer | Dossier identifier |
documentId | Integer | Document identifier |
fileId | Integer | File identifier |
Request
HTTP Request
GET /api/v1/account/12345/dossiers/11111/documents/22222/files/33333
Authorization: Bearer {access_token}Response
Binary Response
Content-Type: application/pdf
Content-Disposition: attachment; filename="kbis_fournisseur.pdf"
[Binary file content]GET/account/{accountId}/requirements
Lists required documents configured for the account.
Request
HTTP Request
GET /api/v1/account/12345/requirements
Authorization: Bearer {access_token}Response
JSON Response
{
"content": [
{
"documentCode": "KBIS",
"name": "Extrait Kbis",
"description": "Extrait d'immatriculation au RCS",
"validityPeriod": 90
},
{
"documentCode": "URSSAF",
"name": "Attestation URSSAF",
"description": "Attestation de vigilance URSSAF",
"validityPeriod": 180
},
{
"documentCode": "ASSURANCE",
"name": "Attestation d'assurance",
"description": "Attestation RC professionnelle",
"validityPeriod": 365
}
],
"messages": {
"info": [],
"warning": [],
"error": []
}
}Standard Response Format
All API responses follow a standardized JSON structure:
Standard Response Structure
{
"content": { /* Response data */ },
"messages": {
"info": [], // Information messages
"warning": [], // Warnings
"error": [] // Errors
},
"page": 0, // Page number (pagination)
"size": 20, // Page size
"totalElements": 0 // Total number of elements
}Company Identifier Types
| Code | Description | Format |
|---|---|---|
CIT001 | SIRET | 14 digits (French establishment) |
CIT002 | VAT Number | EU identifier (e.g.: FR12345678901) |
Compliance Indicators
| Code | Label | Description |
|---|---|---|
I001 | Duty of Care | Duty of care compliance indicator |
Dossier Stopping Reasons
| Code | Description |
|---|---|
OUTOFBUSINESS | Company closed or deregistered |
EXPIRATION | Dossier expired |
STOPREQUEST | Manually requested stop |
UNKNOWN | Unknown reason |
HTTP Error Codes
| Code | Status | Description |
|---|---|---|
200 | OK | Request processed successfully |
400 | Bad Request | Malformed request or invalid parameters |
401 | Unauthorized | Missing or invalid token |
403 | Forbidden | Access denied to resource |
404 | Not Found | Resource not found |
429 | Too Many Requests | Request limit exceeded |
500 | Internal Server Error | Internal server error |
503 | Service Unavailable | Service temporarily unavailable |
Error Message Format
Error Response
{
"timestamp": "2024-01-15T09:06:15.245+0000",
"status": 404,
"error": "Not Found",
"message": "Dossier not found with id: 99999",
"path": "/api/v1/account/12345/dossiers/99999"
}Technical Support
Reminder: This v1.1 API is deprecated. For new integrations or to benefit from the latest features, please use the EDGE API.