Chapter 23: API Integration and Automation
Automating methodology operations and integrating with external systems using Guardian's REST API framework
Chapter 22 covered manual testing workflows. Chapter 23 shows you how to automate these processes using Guardian's comprehensive API framework. Using the same VM0033 patterns, you'll learn to automate data submission, integrate with monitoring systems, and build testing frameworks that scale.
Guardian's APIs enable programmatic access to all functionality available through the UI. This automation capability transforms methodology operations from manual processes into scalable, integrated systems that connect with existing organizational infrastructure.
Guardian API Framework Overview
Authentication and API Access
Guardian uses JWT-based authentication for API access. All API calls require authentication headers except for initial login and registration endpoints.
Access Token API:
curl 'https://guardianservice.app/api/v1/accounts/access-token' \
-H 'sec-ch-ua-platform: "macOS"' \
-H 'Referer: https://guardianservice.app/login' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' \
-H 'Accept: application/json, text/plain, */*' \
-H 'sec-ch-ua: "Not;A=Brand";v="99", "Google Chrome";v="139", "Chromium";v="139"' \
-H 'Content-Type: application/json' \
-H 'sec-ch-ua-mobile: ?0' \
--data-raw '{"refreshToken":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjAzMDU2OWVkLThjZWQtNGVmNS05ZjBlLTgwNDAwNjJhMWZiOCIsIm5hbWUiOiJnYXV0YW0iLCJleHBpcmVBdCI6MTc4ODkzNTYwMzYxMywiaWF0IjoxNzU3Mzk5NjAzfQ.JiaVXown792eHo2qxA2_d7VTrLdIL9zIPZ0UI-gZBtGn6ddSIVWsgwO2VRjGEsOHiymQNe8G4o8EwR79StZcfvz762ra52St38Gy9f_MQwVWCLv42oxqPTT8xTep41nnJoZbk85NQSR2rC6zrih4gV6Ue1MIj80TpJfwWC0Lz_4"}'Refresh token is available in response of login(or loginByEmail) endpoints
https://guardianservice.app/api/v1/accounts/loginByEmailBase API URL Pattern: All Guardian APIs follow the pattern: https://guardianservice.app/api/v1/. If you're using local setup - host would update to http://localhost:3000 depending on your port configuration.
For dry-run operations, the typical URL structure is:
Policy blocks:
/api/v1/policies/{policyId}/blocks/{blockId}Dry-run operations:
/api/v1/policies/{policyId}/dry-run/
VM0033 Policy API Structure
Submitting data via APIs is much faster than manual form filling if schema is too big. Using the VM0033 policy JSON we analyzed, here's how API endpoints map to actual policy blocks:
VM0033 Key Block IDs from Policy JSON:
PDD Submission Block:
55df4f18-d3e5-4b93-af87-703a52c704d6- UUID ofadd_project_bntMonitoring Report Block:
53caa366-4c21-46ff-b16d-f95a850f7c7c- UUID ofadd_report_bnt
For every dry run triggered, these IDs change so make sure you have the latest ones.
API Endpoint Construction:
# VM0033 Policy ID from dry-run URL or policy JSON
POLICY_ID="689d5badaf8487e6c32c8a2a"
# PDD Submission endpoint
POST https://guardianservice.app/api/v1/policies/689d5badaf8487e6c32c8a2a/blocks/55df4f18-d3e5-4b93-af87-703a52c704d6
{Pass bearer token in Authorization header}
{With request Body - available in artifacts as [PDD_MR_request_body.json](../../_shared/artifacts/PDD_MR_request_body.json) }
# Monitoring Report submission endpoint
POST https://guardianservice.app/api/v1/policies/689d5badaf8487e6c32c8a2a/blocks/53caa366-4c21-46ff-b16d-f95a850f7c7c
{Pass bearer token in Authorization header}
{With request body - available in artifacts as [PDD_MR_request_body.json](../../_shared/artifacts/PDD_MR_request_body.json) }
Dry-Run API Operations
Virtual User Management for API Testing
Guardian's dry-run APIs enable automated testing with virtual users, simulating multi-stakeholder workflows programmatically.
Creating and Managing Virtual Users:
// Create virtual users for automated testing
async function createVirtualUsers(policyId, authToken) {
const endpoint = `https://guardianservice.app/api/v1/policies/${policyId}/dry-run/user`;
// Create Project Developer virtual user
const projectDeveloper = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${authToken}`
},
body: JSON.stringify({
role: 'Project_Proponent'
})
});
// Create VVB virtual user
const vvbUser = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${authToken}`
},
body: JSON.stringify({
role: 'VVB'
})
});
return {
projectDeveloper: await projectDeveloper.json(),
vvb: await vvbUser.json()
};
}
// Login virtual users and get their tokens
async function loginVirtualUser(policyId, virtualUser, authToken) {
const endpoint = `https://guardianservice.app/api/v1/policies/${policyId}/dry-run/login`;
const response = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${authToken}`
},
body: JSON.stringify({
did: virtualUser.did
})
});
return response.json();
}Automated Workflow Execution
Using dry-run APIs, you can execute complete VM0033 workflows programmatically to validate methodology implementation.
Complete VM0033 Workflow Automation:
// Automated VM0033 workflow execution - This is just a sample code(not tested)
class VM0033WorkflowAutomation {
constructor(policyId, ownerToken) {
this.policyId = policyId;
this.ownerToken = ownerToken;
this.virtualUsers = {};
}
// Initialize dry-run environment
async initializeDryRun() {
// Set policy to dry-run mode
await fetch(`https://guardianservice.app/api/v1/policies/${this.policyId}/dry-run`, {
method: 'PUT',
headers: { 'Authorization': `Bearer ${this.ownerToken}` }
});
// Create virtual users
this.virtualUsers = await createVirtualUsers(this.policyId, this.ownerToken);
// Login virtual users
this.virtualUsers.projectDeveloperToken = await loginVirtualUser(
this.policyId,
this.virtualUsers.projectDeveloper,
this.ownerToken
);
this.virtualUsers.vvbToken = await loginVirtualUser(
this.policyId,
this.virtualUsers.vvb,
this.ownerToken
);
}
// Execute complete project lifecycle
async executeCompleteWorkflow() {
try {
// Step 1: Project Developer submits PDD
const pddResult = await this.submitPDD();
console.log('PDD submitted:', pddResult.id);
// Step 2: VVB registers for validation
const vvbResult = await this.registerVVB();
console.log('VVB registered:', vvbResult.id);
// Step 3: VVB validates project and submits validation report
const validationResult = await this.submitValidationReport(pddResult.id);
console.log('Validation completed:', validationResult.id);
// Step 4: Project Developer submits monitoring reports
const monitoringResults = await this.submitMonitoringReports(pddResult.id);
console.log('Monitoring reports submitted:', monitoringResults.length);
// Step 5: VVB verifies monitoring and submits verification report
const verificationResult = await this.submitVerificationReport(monitoringResults[0].id);
console.log('Verification completed:', verificationResult.id);
// Step 6: Get final artifacts and token information
const artifacts = await this.getArtifacts();
console.log('Workflow completed with artifacts:', artifacts.length);
return {
pdd: pddResult,
validation: validationResult,
monitoring: monitoringResults,
verification: verificationResult,
artifacts: artifacts
};
} catch (error) {
console.error('Workflow execution failed:', error);
throw error;
}
}
async submitPDD() {
return submitPDD(this.policyId, vm0033PddData, this.virtualUsers.projectDeveloperToken.accessToken);
}
async registerVVB() {
const blockId = 'aeab02d2-d7fc-4d7a-93a5-947855da95c7'; // VVB registration block
const endpoint = `https://guardianservice.app/api/v1/policies/${this.policyId}/blocks/${blockId}`;
const vvbData = {
document: {
vvb_details: {
organization_name: "Automated Testing VVB",
accreditation_scope: "Wetland restoration methodologies",
lead_auditor: "API Test Lead"
},
capabilities: {
vm0033_experience: true,
wetland_expertise: true,
site_visit_capability: true
}
}
};
const response = await fetch(endpoint, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': `Bearer ${this.virtualUsers.vvbToken.accessToken}`
},
body: JSON.stringify(vvbData)
});
return response.json();
}
async getArtifacts() {
const endpoint = `https://guardianservice.app/api/v1/policies/${this.policyId}/dry-run/artifacts`;
const response = await fetch(endpoint, {
headers: { 'Authorization': `Bearer ${this.ownerToken}` }
});
return response.json();
}
}
// Execute automated workflow
const workflow = new VM0033WorkflowAutomation('689d5badaf8487e6c32c8a2a', ownerToken);
workflow.initializeDryRun()
.then(() => workflow.executeCompleteWorkflow())
.then(results => console.log('Complete workflow executed:', results))
.catch(error => console.error('Workflow failed:', error));Automated Testing Frameworks
Cypress Testing Integration
Building on Guardian's API patterns, you could create automated testing suites that validate methodology implementation across multiple scenarios.
VM0033 Cypress Test Suite(Sample):
// cypress/integration/vm0033-methodology.spec.js
describe('VM0033 Methodology End-to-End Testing', () => {
let policyId = '689d5badaf8487e6c32c8a2a';
let authTokens = {};
beforeEach(() => {
// Login and get authentication tokens
cy.login('standard_registry', 'password').then((token) => {
authTokens.owner = token;
});
});
it('should execute complete VM0033 workflow via API', () => {
// Initialize dry-run mode
cy.request('PUT', `/api/v1/policies/${policyId}/dry-run`, {}, {
headers: { 'Authorization': `Bearer ${authTokens.owner}` }
}).then((response) => {
expect(response.status).to.eq(200);
});
// Create virtual users
cy.request('POST', `/api/v1/policies/${policyId}/dry-run/user`, {
role: 'Project_Proponent'
}, {
headers: { 'Authorization': `Bearer ${authTokens.owner}` }
}).then((response) => {
const virtualUser = response.body;
// Submit PDD using virtual user
const pddData = {
document: {
project_details: {
G5: 'Cypress Test Project',
project_description: 'Automated test wetland restoration'
}
}
};
cy.request('POST', `/api/v1/policies/${policyId}/blocks/aaa78a11-c00b-4669-9022-bd2971504d70`, pddData, {
headers: { 'Authorization': `Bearer ${virtualUser.accessToken}` }
}).then((pddResponse) => {
expect(pddResponse.status).to.eq(200);
expect(pddResponse.body).to.have.property('id');
});
});
});
it('should validate calculation accuracy against test artifacts', () => {
// Load VM0033 test case data
cy.fixture('vm0033-test-case.json').then((testData) => {
// Submit test data and verify calculations
cy.request('POST', `/api/v1/policies/${policyId}/blocks/aaa78a11-c00b-4669-9022-bd2971504d70`, {
document: testData.input
}, {
headers: { 'Authorization': `Bearer ${authTokens.owner}` }
}).then((response) => {
// Verify calculation results match expected values
const calculatedValues = response.body.calculatedValues;
expect(calculatedValues.baseline_emissions).to.be.closeTo(testData.expected.baseline_emissions, 0.01);
expect(calculatedValues.project_emissions).to.be.closeTo(testData.expected.project_emissions, 0.01);
expect(calculatedValues.net_emission_reductions).to.be.closeTo(testData.expected.net_emission_reductions, 0.01);
});
});
});
it('should handle concurrent user operations', () => {
// Test multiple users submitting data simultaneously
const userPromises = [];
for (let i = 0; i < 5; i++) {
const promise = cy.request('POST', `/api/v1/policies/${policyId}/dry-run/user`, {
role: 'Project_Proponent'
}, {
headers: { 'Authorization': `Bearer ${authTokens.owner}` }
}).then((userResponse) => {
return cy.request('POST', `/api/v1/policies/${policyId}/blocks/aaa78a11-c00b-4669-9022-bd2971504d70`, {
document: { project_details: { G5: `Concurrent Project ${i}` } }
}, {
headers: { 'Authorization': `Bearer ${userResponse.body.accessToken}` }
});
});
userPromises.push(promise);
}
// Verify all concurrent submissions succeed
cy.wrap(Promise.all(userPromises)).then((responses) => {
responses.forEach((response, index) => {
expect(response.status).to.eq(200);
expect(response.body).to.have.property('id');
});
});
});
});Chapter Summary
API integration transforms Guardian methodology implementations from manual processes into automated, scalable systems. Using VM0033's patterns, you can automate data submission, integrate with external monitoring systems, build comprehensive testing frameworks, and manage production operations efficiently.
Key API Integration Patterns:
Automated Data Submission:
PDD and monitoring report API automation using requestVcDocumentBlock endpoints
Multi-year monitoring data generation and submission workflows
Error handling and validation for automated submissions
Dry-Run API Operations:
Virtual user creation and management for multi-stakeholder testing
Programmatic workflow execution and validation
Artifact collection and analysis for testing validation
External System Integration:
IoT sensor data transformation and submission to Guardian monitoring workflows
Registry integration with automated project listing and status synchronization
Real-time data pipeline integration for continuous monitoring operations
Production API Management:
Rate limiting and retry logic for robust production operations
Performance testing and load validation for production scalability
Error handling and monitoring for long-term operational reliability
Implementation Workflow:
Establish API authentication and access token management
Map policy block IDs to API endpoints using policy JSON structure
Build automation scripts for data submission and workflow execution
Create testing frameworks using Cypress and Guardian's dry-run APIs
Integrate external systems through data transformation and API orchestration
Deploy production monitoring with error handling and performance optimization
API integration enables methodology implementations that scale from prototype testing to production operations, supporting hundreds of projects and thousands of stakeholders while maintaining accuracy and compliance with methodology requirements.
Next Steps: This completes Part VI: Integration and Testing. Your methodology implementation is now ready for production deployment with comprehensive testing coverage and scalable API automation capabilities.
Last updated
Was this helpful?