pay-adminusers
The GOV.UK Pay Admin Users Module in Java (Dropwizard)
Environment Variables
| NAME | DESCRIPTION |
|---|---|
ADMIN_PORT |
The port number to listen for Dropwizard admin requests on. Defaults to 8081. |
BASE_URL |
This is the publicly visible URL for the pay admin users root. Defaults to http://localhost:8080. |
DB_HOST |
The hostname of the database server. |
DB_NAME |
The name of the database on DB_HOST. Defaults to adminusers. |
DB_PASSWORD |
The password for the DB_USER user. |
DB_PORT |
The port number it use when connecting to the database server. Defaults to 5432. |
DB_SSL_OPTION |
To turn TLS on this value must be set as ssl=true. Otherwise must be empty. |
DB_USER |
The username to log into the database as. |
FORGOTTEN_PASSWORD_EXPIRY_MINUTES |
The number of minutes password reset tokens are valid for. Defaults to 90. |
JAVA_HOME |
The location of the JRE. Set to /opt/java/openjdk in the Dockerfile. |
JAVA_OPTS |
Commandline arguments to pass to the java runtime. Optional. |
JPA_LOG_LEVEL |
The logging level to set for JPA. Defaults to WARNING. |
JPA_SQL_LOG_LEVEL |
The logging level to set for JPA SQL logging. Defaults to WARNING. |
LOGIN_ATTEMPT_CAP |
The number of consecutive failed logins a user can have before their account is disabled. Defaults to 10. |
METRICS_HOST |
The hostname to send graphite metrics to. Defaults to localhost. |
METRICS_PORT |
The port number to send graphite metrics to. Defaults to 8092. |
NOTIFY_SIGN_IN_OTP_SMS_TEMPLATE_ID |
The GOV.UK Notify template ID to use for sending OTP codes via SMS for signing in. Defaults to pay-notify-sign-in-otp-sms-template-id. |
NOTIFY_CHANGE_SIGN_IN_2FA_TO_SMS_OTP_SMS_TEMPLATE_ID |
The GOV.UK Notify template ID to use for sending OTP codes via SMS for changing the sign-in method to text messages. Defaults to pay-notify-switch-sign-in-2fa-to-sms-otp-sms-template-id. |
NOTIFY_SELF_INITIATED_CREATE_USER_AND_SERVICE_OTP_SMS_TEMPLATE_ID |
The GOV.UK Notify template ID to use for sending OTP codes via SMS for self-initiated user and service creation. Defaults to pay-notify-self-initiated-create-user-and-service-otp-sms-template-id. |
NOTIFY_CREATE_USER_IN_RESPONSE_TO_INVITATION_TO_SERVICE_OTP_SMS_TEMPLATE_ID |
The GOV.UK Notify template ID to use for sending OTP codes via SMS for creating a user in response to an invitation to join a service. Defaults to pay-notify-create-user-in-response-to-invitation-to-service-otp-sms-template-id. |
NOTIFY_API_KEY |
The GOV.UK Notify API key to use when sending card payment messages. Defaults to api_key-pay-notify-service-id-pay-notify-secret-needs-to-be-32-chars-fsghdngfhmhfkrgsfs. |
NOTIFY_BASE_URL |
The URL of GOV.UK Notify's API. Defaults to https://stubs.pymnt.localdomain/notify. |
NOTIFY_DIRECT_DEBIT_API_KEY |
The GOV.UK Notify API key to use when sending Direct Debit emails. Defaults to api_key-pay-notify-service-id-pay-notify-secret-needs-to-be-32-chars-fsghdngfhmhfkrgsfs. |
NOTIFY_FORGOTTEN_PASSWORD_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending a password reset email to a user of the admin tool. Defaults to pay-notify-forgotten-password-email-template-id. |
NOTIFY_INVITE_SERVICE_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending a confirmation email to a user registering for an admin tool account. Defaults to pay-notify-invite-service-email-template-id. |
NOTIFY_INVITE_SERVICE_USER_DISABLED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a user who is trying to register for an admin tool account but already has a disabled one. Defaults to pay-notify-invite-service-user-disabled-email-template-id. |
NOTIFY_INVITE_SERVICE_USER_EXITS_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a user who is trying to register for an admin tool account but already has one. Defaults to pay-notify-invite-service-user-exists-email-template-id. |
NOTIFY_INVITE_USER_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an invitation to collaborate on a service to a user who does not yet have an admin tool account. Defaults to pay-notify-invite-user-email-template-id. |
NOTIFY_INVITE_USER_EXISTING_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an invitation to collaborate on service to a user who already has an admin tool account. Defaults to pay-notify-invite-user-existing-email-template-id. |
NOTIFY_LIVE_ACCOUNT_CREATED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to an admin tool user who has requested to go live using our procured payment provider. Defaults to pay-notify-live-account-created-email-template-id. |
NOTIFY_MANDATE_CANCELLED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them their Direct Debit mandate has been cancelled. Defaults to pay-mandate-cancelled-email-template-id. |
NOTIFY_MANDATE_FAILED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them their request to set up an on-demand Direct Debit mandate failed. Defaults to pay-mandate-failed-email-template-id. |
NOTIFY_ONE_OFF_MANDATE_AND_PAYMENT_CREATED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them their request to set up a one-off Direct Debit payment was successful. Defaults to pay-one-off-mandate-and-payment-created-email-template-id. |
NOTIFY_ON_DEMAND_MANDATE_CREATED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them their request to set up an on-demand Direct Debit mandate was successful. Defaults to pay-on-demand-mandate-created-email-template-id. |
NOTIFY_ON_DEMAND_PAYMENT_CONFIRMED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them that an on-demand Direct Debit payment will be taken. Defaults to pay-on-demand-payment-confirmed-email-template-id. |
NOTIFY_PAYMENT_FAILED_EMAIL_TEMPLATE_ID |
The GOV.UK Notify template ID to use when sending an email to a paying user to inform them that a Direct Debit payment failed to be taken. Defaults to pay-payment-failed-email-template-id. |
PORT |
The port number to listen for requests on. Defaults to 8080. |
RUN_APP |
Set to true to run the application. Defaults to true. |
RUN_MIGRATION |
Set to true to run a database migration. Defaults to false. |
SELFSERVICE_URL |
The URL to the admin portal. Defaults to https://selfservice.pymnt.localdomain. |
SUPPORT_URL |
The URL users can visit to get support. Defaults to https://frontend.pymnt.localdomain/contact/. |
API Specification
The API Specification provides more detail on the paths and operations including examples.
| Path | Supported Methods | Description |
|---|---|---|
/v1/api/users |
POST | Creates a new user |
/v1/api/users/{externalId} |
GET | Gets a user with the associated external id |
/v1/api/users/?ids={externalId1},{externalId2}... |
GET | Gets users with the associated external ids |
/v1/api/users/{externalId} |
PATCH | amend a specific user attribute |
/v1/api/users/{externalId}/services/{serviceId} |
PUT | update user's role for a service |
/v1/api/users/{externalId}/services |
POST | assign a new service along with role to a user |
/v1/api/users/{externalId}/second-factor |
POST | Send OTP via SMS for an existing user |
/v1/api/users/{externalId}/second-factor/provision |
POST | Create a new provisional OTP key for a user |
/v1/api/users/{externalId}/second-factor/activate |
POST | Activate a new OTP key and method for a user |
/v1/api/users/authenticate |
POST | Authenticate a given username/password |
/v1/api/forgotten-passwords |
POST | Create a new forgotten password request |
/v1/api/forgotten-passwords/{code} |
GET | GETs a forgotten password record by code |
/v1/api/services |
POST | Creates a new service |
/v1/api/invites/service |
POST | Creates a invitation for a new service |
/v1/api/invites/user |
POST | Creates a user invitation |
/v1/api/services/{externalId} |
GET | returns the service with the given external id |
/v1/api/services/{externalId}/users |
GET | returns the users for a service with the given external id |
/v1/api/services/{externalId} |
PATCH | Updates the value of a service attribute |
/v1/api/services?gatewayAccountId={gateway_account_id} |
GET | Find the service with the given gateway account id associated with |
/v1/api/services/{externalId}/stripe-agreement |
POST | Record acceptance of Stripe terms |
/v1/api/services/{externalId}/stripe-agreement |
GET | Get details about the acceptance of Stripe terms |
/v1/api/services/{externalId}/govuk-pay-agreement |
POST | Record acceptance of GOV.UK Pay terms |
/v1/api/services/{externalId}/govuk-pay-agreement |
GET | Get details about the acceptance of GOV.UK Pay terms |
/v1/api/services/{externalId}/send-live-email |
POST | Sends an email to the user who signed the service agreement to inform them that their service is live |
/v1/api/invites/{code}/complete |
POST | Completes an invitation by creating user/service |
/v1/api/invites/{code}/otp/generate |
POST | Generates and sends otp verification code to the phone number registered in the invite |
Maven profiles
Default profile
By default, maven will run all the tests excluding contract tests
mvn clean install
Contract tests profile
By specifying this profile, maven will run only the contract tests
mvn clean install -DrunContractTests -DPACT_BROKER_USERNAME=username -DPACT_BROKER_PASSWORD=password -DPACT_CONSUMER_TAG=tag
Licence
Responsible Disclosure
GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. We will give appropriate credit to those reporting confirmed issues. Please e-mail gds-team-pay-security@digital.cabinet-office.gov.uk with details of any issue you find, we aim to reply quickly.