Shell HTTP Node.JS JavaScript Ruby Python Java Go

Digital Account Opening Partner API v0.37.0

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

A partner API for Digital Account Opening (DAO). This is a "back-end for front-end" API that provides just the features that a third-party partner DAO solution needs to integrate with Apiture Digital Banking. Below is an outline of the operations the client may call to onboard new digital banking users.

Customer DAO Application Flow

The client may call any of the following operations at any time:

The client then follows the following sequence of operations:

  1. searchCustomers to determine if a digital banking customer exists or not The client might abandon the DAO process if the customer is already enrolled in digital banking
  2. createCustomer to create a pending digital banking customer
  3. updateCustomer to update the properties of the pending digital banking customer
  4. setCustomerSecurityAnswers Save the customer's answers to the authentication security questions
  5. enableCustomer Approve the digital account opening application (pending) and enable the customer
  6. createCustomerAccountEntitlements to entitle (associate) a customer to one or more banking accounts
  7. createLoginUrl to get a URL to redirect the enabled user to the financial institution's digital banking web application; the user will already be authenticated once they follow the URL.
  8. listFundingAccounts to list internal and external accounts that may be used to fund a new account for a customer
  9. listFundingAccountBalances to list available balances for one or more internal accounts.
  10. createCustomerExternalAccountEntitlements to entitle (associate) a customer to an external banking account

Abnormal Flows

  1. deleteCustomer Delete a pending customer; used when the DAO vendor rejects an application

Customer Communication

The service may also send communication to the customer to inform them of the DAO process status.

Authentication

This API is only used from secure service deployments, not from insecure web or mobile applications. The API is authenticated with a client certificate. The operations in this API do not define a security requirement. Instead, the middleware validates the client certificate before the API controller handles API requests.

Download OpenAPI Definition (YAML)

Base URLs:

Terms of service

Email: Apiture Web: Apiture

Customers

Banking Customers

searchCustomers

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/customerSearch \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/customerSearch HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
  "customerNumber": "123456789",
  "institutionId": "3PB_212"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customerSearch',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customerSearch',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/customerSearch',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/customerSearch', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customerSearch");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customerSearch", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Find existing registered customer

POST https://api.apiture.com/dao/customerSearch

Use this operation to determine if a customer is already registered in online-banking. The response includes the search criteria and a found property which is true if any customer records exist in the banking core that match the input.

This operation uses a "GET over POST" pattern so that personally sensitive information (the user's customer number or tax ID) is transmitted securely in the request body and not in the request URL as query parameters. Like a GET, this operation is idempotent and safe.

This operation is only allowed for trusted services or administrators.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
  "customerNumber": "123456789",
  "institutionId": "3PB_212"
}

Parameters

ParameterDescription
body customerSearch (required)

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/foundCustomers/v0.5.1/profile.json",
  "customerNumber": "123456789",
  "institutionId": "3PB_212",
  "found": true,
  "pendingCustomerIds": [
    "c6559535-3a16-442d-a8e1-1d3408602a6d",
    "0437cc87-b463-4a99-9622-df16629adc77"
  ]
}

Responses

StatusDescription
200 OK
OK.
Schema: foundCustomers
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

createCustomer

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/customers \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'

POST https://api.apiture.com/dao/customers HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

fetch('https://api.apiture.com/dao/customers',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}

result = RestClient.post 'https://api.apiture.com/dao/customers',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}

r = requests.post('https://api.apiture.com/dao/customers', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customers", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create a customer

POST https://api.apiture.com/dao/customers

Create a new customer. This creates a new pending customer based on the request data and assign a new _id resource ID. The client can retrieve the customer with GET /customers/_id. The client may update` the customer, then it may enable the customer, or the financial institution may delete the customer.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Parameters

ParameterDescription
Unique-Request-Id string (required)
Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls.

Note: This is an architectural decision to be decided; other solutions are possible.
minLength: 24
maxLength: 64
body createCustomer (required)

Example responses

201 Response

{
  "_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "pending",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

400 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
201 Created
Created. Note that the response omits the (writeOnly) password.
Schema: customer
HeaderLocation
string uri
The URI of the new customer resource.
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. A customer with the requested taxId or username already exists, or the customer is otherwise ineligible for this operation.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The _error field in the response contains details about the request error.

If the username and/or password in the request do not satisfy the financial institution's credentials policies, the 422 error response includes an _error and _error.attributes.credentialsValidation holds a credentialsValidation object.

If there are multiple validation errors, they are nested in _error.errors.

This error response may have one of the following type values:

getCustomer

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/customers/{customerId} \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/customers/{customerId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/customers/{customerId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/customers/{customerId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this customer

GET https://api.apiture.com/dao/customers/{customerId}

Return a HAL representation of this customer resource.

Parameters

ParameterDescription
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

200 Response

{
  "_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "institutionId": "3PB_212",
  "customerNumber": "123456789",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

404 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
200 OK
OK. Note that the response omits the (writeOnly) password.
Schema: customer
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse

updateCustomer

Code samples

# You can also use wget
curl -X PUT https://api.apiture.com/dao/customers/{customerId} \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "customerNumber": "123456789",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "password": "this-is-my-secure-password",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}',
  method: 'put',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.put 'https://api.apiture.com/dao/customers/{customerId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.put('https://api.apiture.com/dao/customers/{customerId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://api.apiture.com/dao/customers/{customerId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Update this customer

PUT https://api.apiture.com/dao/customers/{customerId}

Perform a complete replacement of this customer.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "customerNumber": "123456789",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "password": "this-is-my-secure-password",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Parameters

ParameterDescription
body customer (required)
A new customer
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

200 Response

{
  "_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "institutionId": "3PB_212",
  "customerNumber": "123456789",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "pending",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

400 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
200 OK
OK. Note that the response omits the (writeOnly) password.
Schema: customer
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The request conflicts with the existing state of the customer.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The _error field in the response contains details about the request error.

If the password in the request does not satisfy the financial institution's credentials policies, the 422 error response includes an _error and _error.attributes.credentialsValidation holds a credentialsValidation object.

If there are multiple validation errors, they are nested in _error.errors.

This error response may have one of the following type values:

deleteCustomer

Code samples

# You can also use wget
curl -X DELETE https://api.apiture.com/dao/customers/{customerId} \
  -H 'Accept: application/json'

DELETE https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}',
  method: 'delete',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.delete 'https://api.apiture.com/dao/customers/{customerId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.delete('https://api.apiture.com/dao/customers/{customerId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://api.apiture.com/dao/customers/{customerId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Delete a pending customer/application.

DELETE https://api.apiture.com/dao/customers/{customerId}

Delete a pending customer. The client may delete a customer if the user abandons the application process or if the financial institution or DAO vendor rejects the account opening application.

Parameters

ParameterDescription
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

404 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
204 No Content
Deleted, no content.
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The customer may not be deleted.

This error response may have one of the following type values:

Schema: errorResponse

setCustomerSecurityAnswers

Code samples

# You can also use wget
curl -X PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
  "answers": [
    {
      "question": "What street did you live on when your were ten years old?",
      "questionIndex": 1,
      "answer": "Lombardo"
    },
    {
      "question": "What is the breed of your first pet?",
      "questionIndex": 3,
      "answer": "Bernese Mountain Dog"
    },
    {
      "question": "What was your high school mascot?",
      "questionIndex": 4,
      "answer": "Burrowing Owls"
    },
    {
      "question": "What is your favorite security question?",
      "questionIndex": 5,
      "answer": "What is your favorite security question?"
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
  method: 'put',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.put 'https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.put('https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Set Customer Security Questions Answers

PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers

Set or replace the customer's chosen security questions and their answers to those questions. The client submits these after presenting candidate questions from the getCandidateSecurityQuestions response and collecting answers for the required number of answers from that candidate list of questions.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
  "answers": [
    {
      "question": "What street did you live on when your were ten years old?",
      "questionIndex": 1,
      "answer": "Lombardo"
    },
    {
      "question": "What is the breed of your first pet?",
      "questionIndex": 3,
      "answer": "Bernese Mountain Dog"
    },
    {
      "question": "What was your high school mascot?",
      "questionIndex": 4,
      "answer": "Burrowing Owls"
    },
    {
      "question": "What is your favorite security question?",
      "questionIndex": 5,
      "answer": "What is your favorite security question?"
    }
  ]
}

Parameters

ParameterDescription
body securityQuestionAnswers (required)
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
  "answers": [
    {
      "question": "What street did you live on when your were ten years old?",
      "questionIndex": 1,
      "answer": "Lombardo"
    },
    {
      "question": "What is the breed of your first pet?",
      "questionIndex": 3,
      "answer": "Bernese Mountain Dog"
    },
    {
      "question": "What was your high school mascot?",
      "questionIndex": 4,
      "answer": "Burrowing Owls"
    },
    {
      "question": "What is your favorite security question?",
      "questionIndex": 5,
      "answer": "What is your favorite security question?"
    }
  ]
}

Responses

StatusDescription
200 OK
OK. Customer's security questions updated.
Schema: securityQuestionAnswers
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. The request body is syntactically correct but the content is invalid.

This error response may have one of the following type values:

Customer Actions

Actions on Customer Resources

authenticateCustomer

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/authenticatedCustomer \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/authenticatedCustomer HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
  "institutionId": "3PB_212",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/authenticatedCustomer',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/authenticatedCustomer',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/authenticatedCustomer',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/authenticatedCustomer', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/authenticatedCustomer");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/authenticatedCustomer", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Authenticate a customer

POST https://api.apiture.com/dao/authenticatedCustomer

Authenticate an existing customer's credentials, returning the customer if one exists and the credentials are valid, or an error response if the system cannot authenticate the customer with the provided credentials.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
  "institutionId": "3PB_212",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}

Parameters

ParameterDescription
body customerCredentials (required)

Example responses

200 Response

{
  "_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "institutionId": "3PB_212",
  "customerNumber": "123456789",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

400 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
200 OK
OK. If the customer credentials are valid, return the corresponding customer object. Note that the response omits the (writeOnly) password.
Schema: customer
HeaderLocation
string uri
The URI of the authenticated customer resource.
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
403 Forbidden
Forbidden. Could not authenticate the customer with the given credentials. No other information is provided.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

createLoginUrl

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}/loginUrl',
  method: 'get',
  data: '?channel=web&ipAddress=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/customers/{customerId}/loginUrl',
  params: {
  'channel' => 'string',
'ipAddress' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/customers/{customerId}/loginUrl', params={
  'channel': 'web',  'ipAddress': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/customers/{customerId}/loginUrl", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

GET https://api.apiture.com/dao/customers/{customerId}/loginUrl

Return a URL with which the pre-authenticated customer may open the financial institution's digital banking web or mobile application. The customer must be enabled.

Subsequent calls may return the same URL as the first call, or the response may be a unique URL.

The login URL may be used only once. If the user does not use the URL within the client application before the URL's expiration time, the client application should request a new login URL.

Consumers should not send this URL to the user (such as via email), but only use it within their digital account opening application to launch the financial institution's banking application.

Parameters

ParameterDescription
channel string (required)
The channel that the requested login URL is targeting, either the financial institution's web application or their mobile application. If mobile is not supported, the service returns a 501 status code for ?channel=mobile requests.
enum values: web, mobile
ipAddress string (required)
The IP address of the device where the customer request originated. This value must be IPV4 or IPV6 format.
minLength: 6
maxLength: 128
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerLoginUrl/v0.1.1/profile.json",
  "loginUrl": "https://thirdpartybank.example.com/digitalBanking?auth=9A8B808FD7684E17AFA621361E9E83D97DB3A139BD3D4444A1F4D71649CA8DFB",
  "channel": "web",
  "expiresAt": "2020-11-04T05:08:32.375Z"
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The customer can login by opening the response's loginUrl in the financial institution's banking application.
Schema: customerLoginUrl
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The request to obtain a login URL for the customer is not allowed because the customer is not enabled. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
501 Not Implemented
Not Implemented. The server does not support the ?channel=mobile query parameter.
Schema: errorResponse

enableCustomer

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/enabledCustomers?customerId=string \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/enabledCustomers?customerId=string HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/enabledCustomers?customerId=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/enabledCustomers',
  method: 'post',
  data: '?customerId=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/enabledCustomers',
  params: {
  'customerId' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/enabledCustomers', params={
  'customerId': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/enabledCustomers?customerId=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/enabledCustomers", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Enable a customer

POST https://api.apiture.com/dao/enabledCustomers

Enable a customer. This changes the state property of the customer to enabled. The response is the updated representation of the customer.

Parameters

ParameterDescription
customerId string (required)
A string which uniquely identifies a banking customer.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "customerNumber": "123456789",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "password": "this-is-my-secure-password",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The customer was updated and its state changed to enabled.
Schema: customer
StatusDescription
400 Bad Request
Bad Request. The customer parameter was malformed or does not refer to an existing or accessible customer.
Schema: errorResponse
StatusDescription
409 Conflict

Conflict. The request to enable the customer is not allowed. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

validateCredentials

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Validate the customers's credentials against the institution's password policies.

POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations

Validate the customers's credentials against the financial institution's username and password policies, returning a response indicating if the credentials are valid or not. Note: 4xx error responses are not returned for well-formed requests, even if the credentials are invalid, as the validation operation completed normally. 4xx responses are only return for invalid request bodies such as invalid JSON or JSON that does not conform to the credentials JSON schema.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}

Parameters

ParameterDescription
institutionId string (required)
The unique ID of the financial institution.
minLength: 4
body credentialsValidationRequest (required)

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidation/v0.1.1/profile.json",
  "valid": false,
  "passwordViolations": [
    {
      "name": "minimumLength",
      "message": "Password must be at least 8 characters long"
    },
    {
      "name": "minimumNumberOfDigits",
      "message": "Password must contain at least one digit"
    },
    {
      "name": "minimumNumberOfSpecial",
      "message": "Password must contain at least one special character"
    },
    {
      "name": "personalDataDisallowed",
      "message": "Password may not contain personal data such as tax ID, address, zip, phone number"
    }
  ],
  "usernameViolations": [
    {
      "name": "minimumLength",
      "message": "Password must be at least 5 characters long"
    },
    {
      "name": "personalDataDisallowed",
      "message": "Username may not contain personal data such as tax ID, address, zip, phone number"
    }
  ],
  "duplicateUsername": false,
  "suggestedUsernames": [
    "mp-3729",
    "mdp-7221"
  ]
}

Responses

StatusDescription
200 OK
OK.
Schema: credentialsValidation
StatusDescription
400 Bad Request
Bad Request. The request body or request parameters are invalid. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
404 Not Found
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. The request body or One or more of the parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

sendCustomerCommunication

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/customers/{customerId}/communications \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/customers/{customerId}/communications HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
  "type": "accountApplicationUnderReview",
  "channel": "email",
  "attributes": {
    "accountName": "My Premiere Savings",
    "productName": "Premiere Savings"
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/customers/{customerId}/communications',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/customers/{customerId}/communications',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/customers/{customerId}/communications',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/customers/{customerId}/communications', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/communications");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customers/{customerId}/communications", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Send a communication to the customer

POST https://api.apiture.com/dao/customers/{customerId}/communications

Send a communication to the customer, informing them of the status of the account opening process. Messages can be sent to the customer via an email channel or as a thread between the financial institution and the customer via the secureMessage system within the banking platform.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
  "type": "accountApplicationUnderReview",
  "channel": "email",
  "attributes": {
    "accountName": "My Premiere Savings",
    "productName": "Premiere Savings"
  }
}

Parameters

ParameterDescription
body customerCommunication (required)
customerId string (required)
The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution.

Example responses

404 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
204 No Content
No Content. The operation succeeded. The message was formatted and sent without error. However, this does guarantee that the message was delivered.
StatusDescription
404 Not Found
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The application state does not permit this communication type.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. The communication type requires message attributes that are not present.
Schema: errorResponse

sendOneTimePassword

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json'

POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
  "code": "377669",
  "channel": "sms",
  "target": "+19105550155"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json'
}

result = RestClient.post 'https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json'
}

r = requests.post('https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Send a one-time-password

POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords

Send a one-time-password to a pending customer, prior to onboarding/enrolling.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
  "code": "377669",
  "channel": "sms",
  "target": "+19105550155"
}

Parameters

ParameterDescription
body oneTimePassword (required)
institutionId string (required)
The unique ID of the financial institution.
minLength: 4

Example responses

422 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Responses

StatusDescription
204 No Content
No Content. The operation succeeded. The message was formatted and sent without error. However, this does guarantee that the message was delivered.
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. The communication type requires message attributes that are not present.
Schema: errorResponse

Customer Accounts

Customer Accounts

listFundingAccounts

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/fundingAccounts?customerId=string \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/fundingAccounts?customerId=string HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/fundingAccounts?customerId=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/fundingAccounts',
  method: 'get',
  data: '?customerId=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/fundingAccounts',
  params: {
  'customerId' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/fundingAccounts', params={
  'customerId': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/fundingAccounts?customerId=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/fundingAccounts", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

List funding accounts

GET https://api.apiture.com/dao/fundingAccounts

List a customer's internal and external accounts that may be used to fund a new account. Items in the response are limited to accounts that the customer may debit from, either internal accounts or linked external accounts. The response lists the external accounts first. This operation does not filter accounts based on available balances or debit limits. The response may include incomplete accounts where the available balance is not immediately available. Use listFundingAccountBalances to list available balances for the incomplete internal accounts in the response. The API does not retrieve balances for external accounts.

Parameters

ParameterDescription
customerId string (required)
A string which uniquely identifies a banking customer.

Example responses

200 Response

{
  "items": [
    {
      "id": "a687b700-a8f7",
      "location": "external",
      "institutionName": "State Employees Credit Union",
      "nickname": "Rainy Day Fund",
      "maskedNumber": "*1234",
      "product": {
        "type": "savings",
        "label": "High Yield Savings"
      }
    },
    {
      "id": "53edf4ea-9bc7",
      "nickname": "Tuition Savings",
      "location": "internal",
      "maskedNumber": "*2345",
      "product": {
        "type": "savings",
        "label": "High Yield Savings"
      }
    },
    {
      "id": "if576c406-6256",
      "nickname": "Share Checking",
      "location": "internal",
      "maskedNumber": "*3456",
      "product": {
        "type": "checking",
        "label": "Premiere Checking"
      }
    }
  ]
}

Responses

StatusDescription
200 OK
OK. The response contains an array of active accounts that may be used for funding new accounts.
Schema: fundingAccounts
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. The customer ID is invalid.

This error response may have one of the following type values:

Schema: errorResponse

listFundingAccountBalances

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/accountBalances',
  method: 'get',
  data: '?customerId=string&accounts=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/accountBalances',
  params: {
  'customerId' => 'string',
'accounts' => '[accountIds](#schemaaccountids)'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/accountBalances', params={
  'customerId': 'string',  'accounts': [
  "string"
]
}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/accountBalances", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

List Funding Account Balances

GET https://api.apiture.com/dao/accountBalances

Return balances for a list of internal accounts for a customer. The accounts query parameter is a list of account IDs which typically comes from the listFundingAccounts operation response. The customer must have view access to all of the accounts, else a 403 Forbidden response is returned.

The response may be incomplete. Given a Retry-After response header, the client can retry the operation after a short delay, requesting only the accounts which are incomplete; see the 202 Accepted response for details.

Parameters

ParameterDescription
customerId string (required)
A string which uniquely identifies a banking customer.
accounts accountIds (required)
The unique account identifiers of one or more internal accounts. (Internal accounts are those with location value of internal.) Note: The account IDs are unrelated to the account number.
unique items
minItems: 1
maxItems: 100
comma-delimited
items:
» minLength: 6
» maxLength: 48
» pattern: ^[-_:.~$a-zA-Z0-9]+$
retryCount integer
When retrying the operation, pass the retryCount from the incompleteAccountBalances response.
minimum: 1
maximum: 10

Example responses

200 Response

{
  "items": [
    {
      "id": "05d00d7d-30d6",
      "available": "3208.20"
    },
    {
      "id": "cb5d67ea-a5c3",
      "available": "1750.80"
    },
    {
      "id": "b5a4f178-2baf",
      "available": "2710.80"
    },
    {
      "id": "959908db-fd40",
      "available": "4812.09"
    },
    {
      "id": "97e6166a-2a4c",
      "available": "9323.63"
    }
  ]
}

Responses

StatusDescription
200 OK
OK. The response contains the balances for all the accounts in the ?accounts= query parameter.
Schema: fundingAccountBalances
202 Accepted
Accepted. The service accepted the request but could not provide balances for all the requested accounts and returned an incomplete response. Try the call again after the time in the Retry-After response header has passed, and request only those accounts from the incompleteAccounts in the response. If there is no Retry-After response header, the client has reached its maximum number of tries and should not retry the operation.
Schema: incompleteFundingAccountBalances
HeaderRetry-After
string

Indicates an absolute time, in HTTP date-time format, UTC or a delay in seconds (a non-negative integer) after which the client may retry the operation. See RFC7231: Retry-After

Examples:

  • Retry-After: 5
  • Retry-After: Mon, 03 May 2022 23:59:59 GMT
StatusDescription
403 Forbidden
Forbidden. The given customer does not have balance view access to one or more of the accounts.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. The request body and/or query parameters were well-formed but otherwise invalid.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
503 Service Unavailable
Service Unavailable. Could not fetch the account balance from the banking core.
Schema: errorResponse

Account Entitlements

Entitlements for Banking Account Holders

createCustomerAccountEntitlements

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/accountEntitlements \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'

POST https://api.apiture.com/dao/accountEntitlements HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
  "customerId": "47837239834897",
  "institutionId": "3PB_212",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "accountCode": "savings",
      "accountType": "S",
      "nickname": "New car down payment savings",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    },
    {
      "accountNumber": "8765432108",
      "accountCode": "checking",
      "accountType": "DDA",
      "nickname": "Daily checking account",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

fetch('https://api.apiture.com/dao/accountEntitlements',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

$.ajax({
  url: 'https://api.apiture.com/dao/accountEntitlements',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}

result = RestClient.post 'https://api.apiture.com/dao/accountEntitlements',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}

r = requests.post('https://api.apiture.com/dao/accountEntitlements', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/accountEntitlements");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/accountEntitlements", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create account entitlements for a customer

POST https://api.apiture.com/dao/accountEntitlements

Create one or more account entitlements for a customer. An account entitlement is an association between the customer and the account, granting the customer their account holder access to the account. This API call is only valid for enabled Customers. For the createCustomer/updateCustomer DAO flow, the enableCustomer api call must occur prior to calling this api.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
  "customerId": "47837239834897",
  "institutionId": "3PB_212",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "accountCode": "savings",
      "accountType": "S",
      "nickname": "New car down payment savings",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    },
    {
      "accountNumber": "8765432108",
      "accountCode": "checking",
      "accountType": "DDA",
      "nickname": "Daily checking account",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    }
  ]
}

Parameters

ParameterDescription
Unique-Request-Id string (required)
Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls.

Note: This is an architectural decision to be decided; other solutions are possible.
minLength: 24
maxLength: 64
body createCustomerAccountEntitlements (required)

Example responses

201 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerAccountEntitlements/v0.5.0/profile.json",
  "customerId": "47837239834897",
  "institutionId": "3PB_212",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "accountCode": "savings",
      "accountType": "A",
      "nickname": "New car down payment savings",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    },
    {
      "accountNumber": "8765432108",
      "accountCode": "checking",
      "accountType": "DDA",
      "nickname": "Daily checking account",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    }
  ]
}

Responses

StatusDescription
201 Created
Created.
Schema: customerAccountEntitlements
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict
Conflict. Accounts already exist for this customer, or the operation was already invoked.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

createCustomerExternalAccountEntitlements

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/dao/externalAccountEntitlements \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'

POST https://api.apiture.com/dao/externalAccountEntitlements HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2

const fetch = require('node-fetch');
const inputBody = '{
  "customerId": "47837239834897",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "routingNumber": "123123123",
      "institutionName": "Third National Bank of the West",
      "ownerName": "Lucile Watson",
      "type": "savings",
      "usage": "personal",
      "nickname": "Daily checking account"
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

fetch('https://api.apiture.com/dao/externalAccountEntitlements',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'

};

$.ajax({
  url: 'https://api.apiture.com/dao/externalAccountEntitlements',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}

result = RestClient.post 'https://api.apiture.com/dao/externalAccountEntitlements',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}

r = requests.post('https://api.apiture.com/dao/externalAccountEntitlements', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/externalAccountEntitlements");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/dao/externalAccountEntitlements", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create external account entitlements for a customer

POST https://api.apiture.com/dao/externalAccountEntitlements

Create one or more external account entitlements for a customer. An account entitlement is an association between the customer and the external account, granting the customer their account holder access to the account. This API call is only valid for enabled Customers.

Body parameter

{
  "customerId": "47837239834897",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "routingNumber": "123123123",
      "institutionName": "Third National Bank of the West",
      "ownerName": "Lucile Watson",
      "type": "savings",
      "usage": "personal",
      "nickname": "Daily checking account"
    }
  ]
}

Parameters

ParameterDescription
Unique-Request-Id string (required)
Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls.

Note: This is an architectural decision to be decided; other solutions are possible.
minLength: 24
maxLength: 64
body newCustomerExternalAccountEntitlements (required)

Example responses

201 Response

{
  "customerId": "47837239834897",
  "accounts": [
    {
      "id": "afd8038c56f112ce573b",
      "accountNumber": "9876543210",
      "routingNumber": "123123123",
      "institutionName": "Third National Bank of the West",
      "ownerName": "Lucile Watson",
      "type": "savings",
      "usage": "personal",
      "nickname": "Daily checking account"
    }
  ]
}

Responses

StatusDescription
201 Created
Created.
Schema: customerExternalAccountEntitlements
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict
Conflict. Accounts already exist for this customer, or the operation was already invoked.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

Institutions

Financial Institutions (Banks and Credit Unions)

getCredentialsPolicies

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return the financial institution's credentials (username and password) policies

GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies

The client uses this to obtain the financial institution's password and username policies and requirements. The client can also provides the validateCredentials operation to validate customers's credentials against the policies, so that the client need not implement the logic to interpret the rules.

Parameters

ParameterDescription
institutionId string (required)
The unique ID of the financial institution.
minLength: 4

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsPolicies/v0.2.1/profile.json",
  "username": {
    "message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
    "enforced": [
      "minimumLength",
      "maximumLength",
      "caseSensitive",
      "personalDataDisallowed",
      "accountDataDisallowed"
    ],
    "minimumLength": 8,
    "maximumLength": 24,
    "caseSensitive": true,
    "personalDataDisallowed": true,
    "accountDataDisallowed": true
  },
  "password": {
    "enforced": [
      "minimumLength",
      "maximumLength",
      "minimumNumberOfLetters",
      "minimumNumberOfDigits",
      "usernameDisallowed",
      "personalDataDisallowed",
      "repeatingCharactersDisallowed",
      "notMatchPrevious"
    ],
    "minimumLength": 8,
    "maximumLength": 24,
    "caseSensitive": true,
    "minimumNumberOfLetters": 1,
    "minimumNumberOfDigits": 1,
    "minimumNumberOfSpecial": 1,
    "usernameDisallowed": true,
    "personalDataDisallowed": true,
    "repeatingCharactersDisallowed": true,
    "notMatchPrevious": 6
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: credentialsPolicies
StatusDescription
404 Not Found
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

getCandidateSecurityQuestions

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions \
  -H 'Accept: application/json'

GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json'

};

fetch('https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json'

};

$.ajax({
  url: 'https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json'
}

result = RestClient.get 'https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json'
}

r = requests.get('https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return security questions candidate

GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions

Return a list of possible security questions the user may choose. The client should present these questions to the user and collect responses for some of them and submit them back via setCustomerSecurityAnswers.

Parameters

ParameterDescription
institutionId string (required)
The unique ID of the financial institution.
minLength: 4

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionCandidates/v0.1.0/profile.json",
  "questions": [
    {
      "text": "What is your mother's maiden name?",
      "minimumLength": 2,
      "maximumLength": 64
    },
    {
      "text": "What street did you live on when your were ten years old?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "In what city was your father born?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What is the breed of your first pet?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What was your high school mascot?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What is your favorite security question?",
      "minimumLength": 8,
      "maximumLength": 80
    }
  ],
  "minimumAnswerCount": 3,
  "maximumAnswerCount": 3
}

Responses

StatusDescription
200 OK
OK.
Schema: securityQuestionCandidates
StatusDescription
404 Not Found
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity

Unprocessable Entity. One or more of the parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.

This error response may have one of the following type values:

Schema: errorResponse

Schemas

abstractRequest

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractRequest/v2.0.0/profile.json",
  "_links": {}
}

Abstract Request (v2.0.0)

An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.

This schema was resolved from common/abstractRequest.

Properties

NameDescription
_links object: links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only

abstractResource

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractResource/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  }
}

Abstract Resource (v2.1.0)

An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.

This schema was resolved from common/abstractResource.

Properties

NameDescription
_links object: links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

accountCode

"checking"

Account Code (v2.0.0)

A core-agnostic code which names the account's banking category. The category determines what type of banking functions are allowed for such accounts.

accountCode strings may have one of the following enumerated values:

ValueDescription
checkingChecking
savingsSavings
cdCD:

Certificate of Deposit

iraIRA:

Individual Retirement Account

loanLoan
creditCardCredit Card

Type: string
enum values: checking, savings, cd, ira, loan, creditCard

accountIds

[
  "string"
]

Account IDs (v1.0.0)

An array of account IDs.

accountIds is an array schema.

Array Elements

NameDescription
Account IDs (v1.0.0) array: [resourceId]
An array of account IDs.
unique items
minItems: 1
maxItems: 100

accountUsage

"personal"

Account Usage (v1.0.0)

Indicates an account is used for personal or business banking.

Type: string
enum values: personal, business

address

{
  "addressLine1": "555 N Front Street",
  "addressLine2": "Suite 5555",
  "city": "Wilmington",
  "region": "North Carolina",
  "postalCode": "28401-5405",
  "countryCode": "US",
  "international": false
}

Address (v0.2.0)

A postal address.

Properties

NameDescription
addressLine1 string (required)
The first street address line of the address, normally a house number and street name.
minLength: 4
maxLength: 30
addressLine2 string
The optional second street address line of the address.
maxLength: 30
city string (required)
The name of the city or municipality.
minLength: 2
maxLength: 30
region string
The mailing address region code, such as state in the US, or a province in Canada. If state abbreviations are provided on input and countryCode is US, the service converts the abbreviation to the full state name. For example, NC becomes North Carolina.
minLength: 2
maxLength: 20
postalCode string (required)
The mailing address postal code, such as a US Zip or Zip+4 code, or a Canadian postal code.
minLength: 5
maxLength: 10
countryCode string (required)
The ISO 3166-1 alpha-2 country code. This is normalized to uppercase.
minLength: 2
maxLength: 2
pattern: ^[a-zA-Z]{2}$
international boolean
If true, the user acknowledged that the address they provided is an international address (the countryCode is not "US").
Default: false

attributes

{}

Attributes (v2.1.0)

An optional map of name/value pairs which contains additional dynamic data about the resource.

This schema was resolved from common/attributes.

Properties

createCustomer

{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Create Customer (v0.9.0)

Request body for creating a digital banking customer. Phone Numbers The service strips all spaces, hyphens, periods and parentheses from phone number fields in request bodies. Some examples of allowed phone numbers are 9105550155, (910) 555-0155, 910.555.0155, and +19105550155. The default country code prefix is +1. See Phone Number Representations for more information.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
institutionId string (required)
The financial institution's ID.
minLength: 4
customerType string: customerType (required)

The type of customer, retail (personal) or commercial (business banking).

customerType strings may have one of the following enumerated values:

ValueDescription
retailRetail:

Retail (personal) banking customer

commercialCommercial:

Commercial (business) banking customer


enum values: retail, commercial
birthdate string(date) (required)
The contact's birth date in YYYY-MM-DD format. This is required if type is retail.
electronicStatementConsent boolean
true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
electronicDocumentConsent boolean
true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
primaryPhoneNumber string (required)
The customer's primary phone number; also know as "day-time phone number". (See "Phone Numbers" in the schema description for details.)
minLength: 8
maxLength: 16
secondaryPhoneNumber string
The customer's secondary phone number; also known as "evening phone number". (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 16
smsPhoneNumber string
The customer's phone number to use for text messages (Short Message Service or SMS). (See "Phone Numbers" in the schema description for details.) This must be a US number (+1 if the number includes country code; ten digits excluding the country code).
minLength: 9
maxLength: 20
alternatePhoneNumber string
The customer's alternate phone number. (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 20
faxPhoneNumber string
The customer's FAX phone number. (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 20
primaryAddress object: address (required)
The customer's primary address.
primaryEmailAddress string(email) (required)
The customer's primary email address.
minLength: 8
maxLength: 120
secondaryEmailAddress string(email)
The customer's secondary email address.
minLength: 8
maxLength: 120
taxId string (required)
The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.
maxLength: 16
fullName string (required)
The customer's full name.
maxLength: 50
username string (required)
The customer's unique on-line banking username. This value cannot be changed after it has been set.
maxLength: 64
password string (required)
The password the customer uses to log in. This is not returned in responses; it is only used in requests to set or update the customer's password.
write-only
minLength: 6
maxLength: 48

createCustomerAccountEntitlement

{
  "_profile": "https://production.api.apiture.com/schemas/dao/baseRequest/v0.3.0/profile.json",
  "accountNumber": "9876543210",
  "accountCode": "savings",
  "accountType": "S",
  "nickname": "New car down payment savings",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Create Customer Account Entitlement (v0.5.0)

Details of a new account entitlement created for a banking customer.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
accountNumber string (required)
The full account number of the new account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved).
minLength: 4
maxLength: 17
accountType string (required)
The account type, an abbreviation of the banking account type, determined by the banking core. Examples of account types include but are not limited to: D, DDA, S, SAV, CD, IRA, LON, LOC, LOAN, CC.
accountCode string: accountCode
The banking account product code.
enum values: checking, savings, cd, ira, loan, creditCard
accountIdentifier string
MICR number or some other account identification number depending on the underlying bank core.
minLength: 2
maxLength: 32
pattern: ^[-A-Za-z0-9]{2,32}$
nickname string
The name the customer gave to the account.
electronicStatementConsent boolean
true if the user consents to (monthly) electronic account statement delivery for this account. If omitted, the value in the customer is honored.
electronicDocumentConsent boolean
true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. If omitted, the value in the customer is honored.

createCustomerAccountEntitlements

{
  "_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
  "customerId": "47837239834897",
  "institutionId": "3PB_212",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "accountCode": "savings",
      "accountType": "S",
      "nickname": "New car down payment savings",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    },
    {
      "accountNumber": "8765432108",
      "accountCode": "checking",
      "accountType": "DDA",
      "nickname": "Daily checking account",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    }
  ]
}

Create Customer Account Entitlements (v0.6.0)

Request used to create new customer accounts for an existing customer.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
customerId string (required)
The customer ID. This is not related to the customer number or member number.
institutionId string (required)
The financial institution's ID.
minLength: 4
accounts array: [createCustomerAccountEntitlement] (required)
One or more accounts to add to a customer.
minItems: 1

credentialsPolicies

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsPolicies/v0.2.1/profile.json",
  "username": {
    "message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
    "enforced": [
      "minimumLength",
      "maximumLength",
      "caseSensitive",
      "personalDataDisallowed",
      "accountDataDisallowed"
    ],
    "minimumLength": 8,
    "maximumLength": 24,
    "caseSensitive": true,
    "personalDataDisallowed": true,
    "accountDataDisallowed": true
  },
  "password": {
    "enforced": [
      "minimumLength",
      "maximumLength",
      "minimumNumberOfLetters",
      "minimumNumberOfDigits",
      "usernameDisallowed",
      "personalDataDisallowed",
      "repeatingCharactersDisallowed",
      "notMatchPrevious"
    ],
    "minimumLength": 8,
    "maximumLength": 24,
    "caseSensitive": true,
    "minimumNumberOfLetters": 1,
    "minimumNumberOfDigits": 1,
    "minimumNumberOfSpecial": 1,
    "usernameDisallowed": true,
    "personalDataDisallowed": true,
    "repeatingCharactersDisallowed": true,
    "notMatchPrevious": 6
  }
}

Credentials Policies (v0.2.1)

The rules the financial institution imposes for customers' credentials (usernames and passwords).

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
username object: usernamePolicies
The rules the financial institution imposes each customer's username.
password object: passwordPolicies
The rules the financial institution imposes on each customer's password.

credentialsValidation

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidation/v0.1.1/profile.json",
  "valid": false,
  "passwordViolations": [
    {
      "name": "minimumLength",
      "message": "Password must be at least 8 characters long"
    },
    {
      "name": "minimumNumberOfDigits",
      "message": "Password must contain at least one digit"
    },
    {
      "name": "minimumNumberOfSpecial",
      "message": "Password must contain at least one special character"
    },
    {
      "name": "personalDataDisallowed",
      "message": "Password may not contain personal data such as tax ID, address, zip, phone number"
    }
  ],
  "usernameViolations": [
    {
      "name": "minimumLength",
      "message": "Password must be at least 5 characters long"
    },
    {
      "name": "personalDataDisallowed",
      "message": "Username may not contain personal data such as tax ID, address, zip, phone number"
    }
  ],
  "duplicateUsername": false,
  "suggestedUsernames": [
    "mp-3729",
    "mdp-7221"
  ]
}

Credentials Validation (v0.1.1)

The response from validating a customer's credentials.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
valid boolean (required)
true if and only if the credentials satisfy the financial institution's username and password policies.
passwordViolations array: [passwordViolation] (required)
A list of password policy violations. The array is empty is there are no violations.
usernameViolations array: [usernameViolation] (required)
A list of username policy violations. The array is empty is there are no violations.
duplicateUsername boolean
If true, the username is already in use. This cannot be checked solely on the client side by evaluating the policies.
suggestedUsernames array: [string]
If the username is invalid, the service may return some suggested valid usernames.
unique items

credentialsValidationRequest

{
  "_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}

Credentials (v0.1.0)

New customer credentials (username and password) for validation. The request may omit the username to just validate a new password, or omit password to just validate a new username.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
username string
The customer's unique on-line banking username.
maxLength: 64
password string
The password the customer uses to log in.
write-only
minLength: 6
maxLength: 48

creditOrDebitValue

"3456.78"

Credit Or Debit Value (v0.1.0)

The monetary value representing a credit (positive amounts with no prefix or a + prefix) or debit (negative amounts with a - prefix). The numeric value is represented as a string so that it can be exact with no loss of precision.

Type: string
pattern: ^(-|+)?(0|[1-9][0-9]*).[0-9][0-9]$

customer

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
  "_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "customerNumber": "123456789",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28",
  "password": "this-is-my-secure-password",
  "primaryAddress": {
    "addressLine1": "555 N Front Street",
    "addressLine2": "Suite 5555",
    "city": "Wilmington",
    "region": "North Carolina",
    "postalCode": "28401-5405",
    "countryCode": "US",
    "international": false
  },
  "primaryEmailAddress": "max.peck@nasa.example.com",
  "primaryPhoneNumber": "+19105550159",
  "smsPhoneNumber": "+19105550159",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Customer (v0.10.1)

Representation of a digital banking customer.

Phone Numbers

The service strips all non-digits from phone number fields in request bodies. Some examples of allowed phone numbers are 9105550155, (910) 555-0155, 910.555.0155, and +19105550155. The default country code prefix is +1 (US and related regions).

Phone numbers are returned in responses in E.164 format with a leading +, country code (up to 3 digits) and subscriber number, for a total of up to 15 digits. Example: +19105550155.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
institutionId string (required)
The financial institution's ID.
minLength: 4
customerType string: customerType (required)

The type of customer, retail (personal) or commercial (business banking).

customerType strings may have one of the following enumerated values:

ValueDescription
retailRetail:

Retail (personal) banking customer

commercialCommercial:

Commercial (business) banking customer


enum values: retail, commercial
birthdate string(date) (required)
The contact's birth date in YYYY-MM-DD format. This is required if type is retail.
electronicStatementConsent boolean
true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
electronicDocumentConsent boolean
true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
_id string
The unique identifier for this customer resource. This is an opaque, read-only string. Note: This _id is not related to the customerNumber. The _id is the {customerId} in the customer resource URI.
read-only
taxId string (required)
The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.
read-only
maxLength: 16
customerNumber string
The unique customer number, also known as the Customer Identification File number or CIF number. This is the Member Number for credit unions. This value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource). This value cannot be changed after a customer hae been enables.
minLength: 1
maxLength: 36
username string
The customer's unique on-line banking username. This value cannot be changed after it has been set.
read-only
maxLength: 64
state string: customerState
The state of the customer. This is a derived property. Update the state with the enableCustomer operation.
read-only
enum values: pending, enabled
primaryPhoneNumber string (required)
The customer's primary phone number; also know as "day-time phone number". (See "Phone Numbers" in the schema description for details.)
minLength: 8
maxLength: 16
secondaryPhoneNumber string
The customer's secondary phone number; also known as "evening phone number". (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 16
smsPhoneNumber string
The customer's phone number to use for text messages (Short Message Service or SMS). (See "Phone Numbers" in the schema description for details.) This must be a US number (+1 if the number includes country code; ten digits excluding the country code).
minLength: 9
maxLength: 20
alternatePhoneNumber string
The customer's alternate phone number. (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 20
faxPhoneNumber string
The customer's FAX phone number. (See "Phone Numbers" in the schema description for details.)
minLength: 9
maxLength: 20
primaryAddress object: address (required)
The customer's primary address.
primaryEmailAddress string(email) (required)
The customer's primary email address.
minLength: 8
maxLength: 120
secondaryEmailAddress string(email)
The customer's secondary email address.
minLength: 8
maxLength: 120
fullName string (required)
The customer's full name. If not set on a customer, the service concatenates the first, middle, and last names.
maxLength: 50
password string
The password the customer uses to log in. This is not returned in responses; it is only used in requests to set or update the customer's password. Omit this in requests except when explicitly changing the user's password.
write-only
minLength: 6
maxLength: 48

customerAccountEntitlement

{
  "_profile": "https://production.api.apiture.com/schemas/dao/baseRequest/v0.3.0/profile.json",
  "accountNumber": "9876543210",
  "accountCode": "savings",
  "accountType": "S",
  "nickname": "New car down payment savings",
  "electronicStatementConsent": true,
  "electronicDocumentConsent": true
}

Customer Account Entitlement (v0.5.0)

Details of a new account entitlement created for a banking customer.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
accountNumber string (required)
The full account number of the new account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved).
minLength: 4
maxLength: 17
accountType string (required)
The account type, an abbreviation of the banking account type, determined by the banking core. Examples of account types include but are not limited to: D, DDA, S, SAV, CD, IRA, LON, LOC, LOAN, CC.
accountCode string: accountCode
The banking account product code.
enum values: checking, savings, cd, ira, loan, creditCard
accountIdentifier string
MICR number or some other account identification number depending on the underlying bank core.
minLength: 2
maxLength: 32
pattern: ^[-A-Za-z0-9]{2,32}$
nickname string
The name the customer gave to the account.
electronicStatementConsent boolean
true if the user consents to (monthly) electronic account statement delivery for this account. If omitted, the value in the customer is honored.
electronicDocumentConsent boolean
true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. If omitted, the value in the customer is honored.

customerAccountEntitlements

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerAccountEntitlements/v0.5.0/profile.json",
  "customerId": "47837239834897",
  "institutionId": "3PB_212",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "accountCode": "savings",
      "accountType": "A",
      "nickname": "New car down payment savings",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    },
    {
      "accountNumber": "8765432108",
      "accountCode": "checking",
      "accountType": "DDA",
      "nickname": "Daily checking account",
      "electronicStatementConsent": true,
      "electronicDocumentConsent": true
    }
  ]
}

Customer Account Entitlements (v0.5.0)

Accounts for an existing customer.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
customerId string
The customer ID. This is not related to the customer number or member number.
institutionId string
The financial institution's ID.
minLength: 4
accounts array: [customerAccountEntitlement]
The customers' accounts.

customerCommunication

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
  "type": "accountApplicationUnderReview",
  "channel": "email",
  "attributes": {
    "accountName": "My Premiere Savings",
    "productName": "Premiere Savings"
  }
}

Customer Communication (v1.0.0)

Communication to a customer or to the financial institution informing them of the account opening status. The communication type and the channel are used as keys used to look up a message template, and the attributes, if any, are substituted in the template text to yield the communication message body.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
type string (required)
The type of communication message to the customer.
enum values: accountApplicationSaved, accountApplicationCanceled, accountApplicationStarted, accountApplicationUnderReview, accountApplicationRejected, accountApplicationDocumentsRejected, customerCreatedAndAccountOpened, accountOpened, daoFailure
channel string (required)
The channel through which the communication is sent to the customer. email denotes an email to the customer. secureMessage creates a new message thread between the customer and the financial institution.
enum values: email, secureMessage
attributes object
An optional map of name/value pairs which contains string values to inject into the message template associated with this message. The attributes vary by type.
ยป additionalProperties string
emailAddress string(email)
The optional email address to use for sending the message. If present, this overrides the customer's primary email address associated with their login account or application.
maxLength: 80

customerCredentials

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
  "institutionId": "3PB_212",
  "username": "maxpeck412",
  "password": "this-is-my-secure-password"
}

Customer Credentials (v0.2.0)

Customer credentials (username and password) for authenticating an existing customer.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
institutionId string (required)
The financial institution's ID.
minLength: 4
username string (required)
The customer's unique on-line banking username.
maxLength: 64
password string (required)
The password the customer uses to log in.
write-only
minLength: 6
maxLength: 48
ipAddress string (required)
The IP address of the device where the customer request originated. This value must be IPV4 or IPV6 format.
minLength: 6
maxLength: 128

customerExternalAccountEntitlement

{
  "id": "8ae73adb-159d",
  "accountNumber": "9876543210",
  "routingNumber": "123123123",
  "type": "savings",
  "institutionName": "Third National Bank of the West",
  "usage": "personal",
  "ownerName": "Lucille Watson"
}

Customer External Account Entitlement (v0.1.0)

The result of adding customer entitlements to an external account.

Properties

NameDescription
accountNumber string: fullAchAccountNumber (required)
The full account number of the external account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved).
minLength: 2
maxLength: 17
pattern: ^[- a-zA-Z0-9.]{2,17}$
routingNumber string (required)
The routing and transit number of the external account.
minLength: 9
maxLength: 9
pattern: ^[0-9]{9}$
institutionName string (required)
The name of the financial institution where the external account is held.
maxLength: 80
type string: accountCode (required)
The type of account.
enum values: checking, savings, cd, ira, loan, creditCard
ownerName string (required)
The name of the account owner at the external financial institution.
maxLength: 80
usage string: accountUsage (required)
Indicates an account is used for personal or business banking.
enum values: personal, business
nickname string
The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname.
maxLength: 50
id string: resourceId (required)
The opaque unique resource ID of the external account. This ID may be used to schedule a transfer from the external account to the new account being opened.
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

customerExternalAccountEntitlements

{
  "customerId": "47837239834897",
  "accounts": [
    {
      "id": "afd8038c56f112ce573b",
      "accountNumber": "9876543210",
      "routingNumber": "123123123",
      "institutionName": "Third National Bank of the West",
      "ownerName": "Lucile Watson",
      "type": "savings",
      "usage": "personal",
      "nickname": "Daily checking account"
    }
  ]
}

Customer External Account Entitlements (v0.1.0)

Response from adding external accounts for a customer.

Properties

NameDescription
customerId string (required)
The customer ID. This is not related to the customer number or member number.
accounts array: [customerExternalAccountEntitlement] (required)
One or more external accounts added to a customer.
minItems: 1

customerLoginUrl

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerLoginUrl/v0.1.1/profile.json",
  "loginUrl": "https://thirdpartybank.example.com/digitalBanking?auth=9A8B808FD7684E17AFA621361E9E83D97DB3A139BD3D4444A1F4D71649CA8DFB",
  "channel": "web",
  "expiresAt": "2020-11-04T05:08:32.375Z"
}

Customer Login URL (v0.1.1)

The customer can login by visiting this loginUrl to the digital banking application. The user is pre-authenticated (single sign-on). The URL may only be used once and has an expiration time.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
loginUrl string(uri) (required)
The customer can login by visiting this URL to the digital banking application.
maxLength: 4000
channel string
The channel from the createLoginUrl request.
enum values: web, mobile
expiresAt string(date-time)
The date-time when the login URL expires. If the user does not use the URL within the client application before the expiration time, the client should request a new login URL.

customerSearch

{
  "_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
  "customerNumber": "123456789",
  "institutionId": "3PB_212"
}

Customer Search (v0.4.0)

Search parameters for finding a registered banking customer. In addition to the required institutionId, the client must supply at least one of customerNumber and taxId.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
customerNumber string
The unique customer number, also known as the Customer Identification File number or CIF number. This derived value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource).
maxLength: 48
taxId string
The customer's tax ID number (such as social security number). The caller should pass the full value (for example "112-22-3333") when searching customers by tax ID. The input may include '-' formatting characters; the search matches just the digits.
maxLength: 16
institutionId string (required)
The financial institution's ID.
minLength: 3
maxLength: 8

customerState

"pending"

Customer State (v1.1.0)

The state of the customer.

customerState strings may have one of the following enumerated values:

ValueDescription
pendingPending:

A new pending customer that is awaiting review and approval

enabledEnabled:

A customer which has been approved and enabled for digital banking

Type: string
enum values: pending, enabled

customerType

"retail"

Customer Type (v1.0.0)

The type of customer, retail (personal) or commercial (business banking).

customerType strings may have one of the following enumerated values:

ValueDescription
retailRetail:

Retail (personal) banking customer

commercialCommercial:

Commercial (business) banking customer

Type: string
enum values: retail, commercial

error

{
  "_id": "2eae46e1575c0a7b0115a4b3",
  "message": "Descriptive error message...",
  "statusCode": 422,
  "type": "errorType1",
  "remediation": "Remediation string...",
  "occurredAt": "2018-01-25T05:50:52.375Z",
  "errors": [
    {
      "_id": "ccdbe2c5c938a230667b3827",
      "message": "An optional embedded error"
    },
    {
      "_id": "dbe9088dcfe2460f229338a3",
      "message": "Another optional embedded error"
    }
  ],
  "_links": {
    "describedby": {
      "href": "https://developer.apiture.com/errors/errorType1"
    }
  }
}

Error (v2.1.0)

Describes an error in an API request or in a service called via the API.

This schema was resolved from common/error.

Properties

NameDescription
message string (required)
A localized message string describing the error condition.
_id string
A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string.
read-only
statusCode integer
The HTTP status code associate with this error.
minimum: 100
maximum: 599
type string
An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet.
occurredAt string(date-time)
An RFC 3339 UTC time stamp indicating when the error occurred.
attributes object: attributes
Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type.
remediation string
An optional localized string which provides hints for how the user or client can resolve the error.
errors array: [error]
An optional array of nested error objects. This property is not always present.
_links object: links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

errorResponse

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Error Response (v2.1.1)

Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.

This schema was resolved from common/errorResponse.

Properties

NameDescription
_links object: links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

foundCustomers

{
  "_profile": "https://production.api.apiture.com/schemas/dao/foundCustomers/v0.5.1/profile.json",
  "customerNumber": "123456789",
  "institutionId": "3PB_212",
  "found": true,
  "pendingCustomerIds": [
    "c6559535-3a16-442d-a8e1-1d3408602a6d",
    "0437cc87-b463-4a99-9622-df16629adc77"
  ]
}

Found Customers (v0.5.1)

Response from searching for customers. The response includes the search criteria and whether any customers were found. Note that found can be true but pendingCustomerIds is empty; this indicates enabled customers but no pending customers match the search criteria.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
customerNumber string
The unique customer number, also known as the Customer Identification File number or CIF number. This derived value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource).
maxLength: 48
taxId string
The customer's tax ID number (such as social security number). The caller should pass the full value (for example "112-22-3333") when searching customers by tax ID. The input may include '-' formatting characters; the search matches just the digits.
maxLength: 16
institutionId string (required)
The financial institution's ID.
minLength: 3
maxLength: 8
found boolean (required)
true if any matching customers were found.
pendingCustomerIds array: [string] (required)
An array containing the customer ID (the _id of the customer resource) for matching pending DAO customer records. This array always exists in the response, although it may be empty.

fullAchAccountNumber

"123456789"

Full ACH Account Number (v1.0.0)

A full account number used in ACH account processing.

Type: string
minLength: 2
maxLength: 17
pattern: ^[- a-zA-Z0-9.]{2,17}$

fundingAccountBalance

{
  "id": "05d00d7d-d630",
  "available": "3208.20"
}

Funding Account Balance (v0.1.0)

The balance for a customer's internal funding account.

Properties

NameDescription
id string: resourceId (required)
The unique ID of the account resource.
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$
available string: creditOrDebitValue
The account funds available for use. This is the string representation of the exact decimal amount. This is only present if a balance is available.
read-only
pattern: ^(-|\+)?(0|[1-9][0-9]*)\.[0-9][0-9]$

fundingAccountBalances

{
  "items": [
    {
      "id": "05d00d7d-30d6",
      "available": "3208.20"
    },
    {
      "id": "cb5d67ea-a5c3",
      "available": "1750.80"
    },
    {
      "id": "b5a4f178-2baf",
      "available": "2710.80"
    },
    {
      "id": "959908db-fd40",
      "available": "4812.09"
    },
    {
      "id": "97e6166a-2a4c",
      "available": "9323.63"
    }
  ]
}

Funding Account Balances (v0.1.0)

A list of account balances for a customer's internal funding accounts.

Properties

NameDescription
items array: [fundingAccountBalance]
The list of balances corresponding to the requested accounts.

fundingAccountItem

{
  "id": "i988e2c3f-28d8",
  "nickname": "Tuition Savings",
  "location": "internal",
  "maskedNumber": "*1234",
  "product": {
    "type": "savings",
    "label": "High Yield Savings"
  }
}

Funding Account Item (v0.1.0)

An item in the collection of funding accounts.

Properties

NameDescription
id string: resourceId (required)
The unique, opaque resource ID of the account.
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$
location string: fundingAccountLocation (required)

Indicates where an account is held with respect to the current financial institution.

fundingAccountLocation strings may have one of the following enumerated values:

ValueDescription
internalInternal Account:

Accounts held at the current financial institution

externalExternal Account:

Accounts held at another financial institution


enum values: internal, external
institutionName string
The name of the financial institution where the account is held. This property is only present if location is external.
maxLength: 80
nickname string (required)
The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname.
maxLength: 50
maskedNumber string: maskedAccountNumber (required)
A masked account number: an asterisk * followed by one to four characters of the fullAccountNumber.
minLength: 2
maxLength: 5
pattern: ^\*[- _a-zA-Z0-9.]{1,4}$
product object: fundingAccountProduct
Describes the banking product for a funding account.

fundingAccountLocation

"internal"

Account Location (v1.0.0)

Indicates where an account is held with respect to the current financial institution.

fundingAccountLocation strings may have one of the following enumerated values:

ValueDescription
internalInternal Account:

Accounts held at the current financial institution

externalExternal Account:

Accounts held at another financial institution

Type: string
enum values: internal, external

fundingAccountProduct

{
  "type": "cd",
  "label": "180 Day CD"
}

Funding Account Banking Product (v0.1.0)

Describes the banking product for a funding account.

Properties

NameDescription
type string: fundingAccountProductType (required)

The type (or category) of a banking account.

fundingAccountProductType strings may have one of the following enumerated values:

ValueDescription
savingsSavings:

Savings Account

checkingChecking:

Checking Account

cdCD:

Certificate of Deposit Account

iraIRA:

Individual Retirement Account

loanLoan:

Loan Account

creditCardCredit Card:

Credit Card Account


enum values: savings, checking, cd, ira, loan, creditCard
label string (required)
A human-readable label for this banking product.
maxLength: 48

fundingAccountProductType

"savings"

Funding Account Product Type (v0.1.0)

The type (or category) of a banking account.

fundingAccountProductType strings may have one of the following enumerated values:

ValueDescription
savingsSavings:

Savings Account

checkingChecking:

Checking Account

cdCD:

Certificate of Deposit Account

iraIRA:

Individual Retirement Account

loanLoan:

Loan Account

creditCardCredit Card:

Credit Card Account

Type: string
enum values: savings, checking, cd, ira, loan, creditCard

fundingAccounts

{
  "items": [
    {
      "id": "a687b700-a8f7",
      "location": "external",
      "institutionName": "State Employees Credit Union",
      "nickname": "Rainy Day Fund",
      "maskedNumber": "*1234",
      "product": {
        "type": "savings",
        "label": "High Yield Savings"
      }
    },
    {
      "id": "53edf4ea-9bc7",
      "nickname": "Tuition Savings",
      "location": "internal",
      "maskedNumber": "*2345",
      "product": {
        "type": "savings",
        "label": "High Yield Savings"
      }
    },
    {
      "id": "if576c406-6256",
      "nickname": "Share Checking",
      "location": "internal",
      "maskedNumber": "*3456",
      "product": {
        "type": "checking",
        "label": "Premiere Checking"
      }
    }
  ]
}

Funding Accounts (v0.1.0)

An array of active accounts that may be used for funding new accounts.

Properties

NameDescription
items array: [fundingAccountItem] (required)
An array of active accounts that may be used for funding new accounts.

incompleteFundingAccountBalances

{
  "items": [
    {
      "id": "05d00d7d-d631",
      "available": "3208.20"
    },
    {
      "id": "cb5d67ea-a5c3",
      "available": "1750.80"
    },
    {
      "id": "b5a4f178-2baf"
    },
    {
      "id": "959908db-fd40"
    },
    {
      "id": "97e6166a-2a4c"
    }
  ],
  "incompleteAccounts": [
    "b5a4f178-2baf",
    "959908db-fd40",
    "97e6166a-2a4c"
  ],
  "retryCount": 1
}

Incomplete Funding Account Balance (v0.1.0)

An array of account balances by account ID, some of which are incomplete. Use the values in incompleteAccounts and retryCount to retry.

Properties

NameDescription
items array: [fundingAccountBalance] (required)
An array of items, one for each of the ?accounts= in the request, returned in the same order.
maxItems: 256
incompleteAccounts array: accountIds (required)
An array of account IDs for accounts where a balance is not yet available. Pass these values as the ?accounts= query parameter on the next retry of the listFundingAccountBalances operation.
unique items
minItems: 1
maxItems: 100
retryCount integer (required)
Pass this value as the as the ?retryCount= parameter with the next retry of the listFundingAccountBalances operation.
minimum: 1
maximum: 10

{
  "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
  "title": "Application"
}

Link (v1.0.0)

Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

This schema was resolved from common/link.

NameDescription
href string(uri) (required)
The URI or URI template for the resource/operation this link refers to.
type string
The media type for the resource.
templated boolean
If true, the link's href is a URI template.
title string
An optional human-readable localized title for the link.
deprecation string(uri)
If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation.
profile string(uri)
The URI of a profile document, a JSON document which describes the target resource/operation.

{
  "property1": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  },
  "property2": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  }
}

Links (v1.0.0)

An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

NameDescription
additionalProperties object: link
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

This schema was resolved from common/link.

maskedAccountNumber

"*1008"

Masked Account Number (v0.1.0)

A masked account number: an asterisk * followed by one to four characters of the fullAccountNumber.

Type: string
minLength: 2
maxLength: 5
pattern: ^*[- _a-zA-Z0-9.]{1,4}$

newCustomerExternalAccountEntitlement

{
  "accountNumber": "9876543210",
  "routingNumber": "123123123",
  "institutionName": "Third National Bank of the West",
  "type": "savings",
  "ownerName": "Lucille Watson",
  "usage": "personal",
  "nickname": "My traditional Savings an Third National Bank of the West"
}

Create External Customer Account Entitlement (v1.0.0)

Details of a new external account entitlement created for a banking customer.

Properties

NameDescription
accountNumber string: fullAchAccountNumber (required)
The full account number of the external account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved).
minLength: 2
maxLength: 17
pattern: ^[- a-zA-Z0-9.]{2,17}$
routingNumber string (required)
The routing and transit number of the external account.
minLength: 9
maxLength: 9
pattern: ^[0-9]{9}$
institutionName string (required)
The name of the financial institution where the external account is held.
maxLength: 80
type string: accountCode (required)
The type of account.
enum values: checking, savings, cd, ira, loan, creditCard
ownerName string (required)
The name of the account owner at the external financial institution.
maxLength: 80
usage string: accountUsage (required)
Indicates an account is used for personal or business banking.
enum values: personal, business
nickname string
The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname.
maxLength: 50

newCustomerExternalAccountEntitlements

{
  "customerId": "47837239834897",
  "accounts": [
    {
      "accountNumber": "9876543210",
      "routingNumber": "123123123",
      "institutionName": "Third National Bank of the West",
      "ownerName": "Lucile Watson",
      "type": "savings",
      "usage": "personal",
      "nickname": "Daily checking account"
    }
  ]
}

New Customer External Account Entitlements (v0.1.0)

Request used to create new external customer accounts for an existing customer.

Properties

NameDescription
customerId string (required)
The customer ID. This is not related to the customer number or member number.
accounts array: [newCustomerExternalAccountEntitlement] (required)
One or more external account entitlements to add to a customer.
minItems: 1

oneTimePassword

{
  "_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
  "code": "377669",
  "channel": "sms",
  "target": "+19105550155"
}

One Time Password (v1.0.0)

One time password to send to a customer via an sms or email message.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
code string (required)
The 4 to 6 character code (one-time-password) to send the the customer.
minLength: 4
maxLength: 6
pattern: ^[a-zA-Z0-9]{4,6}$
channel string (required)
The channel through which the communication is sent to the customer.
enum values: sms, email, voice
phoneNumber string(phone-number)
The phone number for sending the one time password to the user. This field is required if channel is sms or voice.
minLength: 8
maxLength: 16
email string(email)
The email address for sending the one time password to the user. This field is required if channel is email.
maxLength: 80

passwordPolicies

{
  "message": "Valid passwords: * must be between 8 and 24 characters long * are case sensitive * must contain at least one letter * must contain at least one digit * must contain at least one special character * may not contain the username * may not contain data from the user profile (street address, phone number, tax ID) * may not contain repeating such as `111` * may not match the last 6 passwords",
  "enforced": [
    "minimumLength",
    "maximumLength",
    "minimumNumberOfLetters",
    "minimumNumberOfDigits",
    "usernameDisallowed",
    "personalDataDisallowed",
    "repeatingCharactersDisallowed",
    "notMatchPrevious"
  ],
  "minimumLength": 8,
  "maximumLength": 24,
  "caseSensitive": true,
  "minimumNumberOfLetters": 1,
  "minimumNumberOfDigits": 1,
  "minimumNumberOfSpecial": 1,
  "usernameDisallowed": true,
  "personalDataDisallowed": true,
  "repeatingCharactersDisallowed": true,
  "notMatchPrevious": 6
}

Password Policies (v0.2.0)

The rules the financial institution imposes for password policies. The enforced array lists which policies are in force. The corresponding properties provide the values for those policies. For example, if enforced contains [ minimumLength, maximumLength, minimumNumberOfLetters, minimumNumberOfDigits ] then the properties minimumLength, maximumLength, minimumNumberOfLetters, minimumNumberOfDigits define the enforced constraints for those policies, such as:

{ "minimumLength": 8, "maximumLength": 24, "minimumNumberOfLetters": 1 "minimumNumberOfDigits": 1 } Properties of this schema which are not listed in policies are not enforced and clients should ignore their values.

Properties

NameDescription
message string(markdown)
A summary description of the active password policies. This is Github Flavored Markdown. The client can render the Markdown for display to the user. This is often list format.
enforced array: [passwordPolicyName]
The array of password policies that the financial institution enforces. The values are used as name key in a passwordViolation.
unique items
minimumLength integer
The minimum number of characters in a password.
minimum: 1
maximum: 100
maximumLength integer
The maximum number of characters in a password.
minimum: 1
maximum: 256
caseSensitive boolean
If true, passwords are case sensitive. For example, this-is-my-secure-password is not the same as This-is-My-Secure-Password.
minimumNumberOfLetters integer
The minimum number of ASCII letters ('a'-'z', 'A'-'Z') that the password must contain.
minimum: 0
minimumNumberOfDigits integer
The minimum number of ASCII digits ('0'-'9') that the password must contain.
minimum: 0
minimumNumberOfSpecial integer
The minimum number of non-letter, non-digit characters ASCII printable characters ('.', '-', '$', ':', '!' etc.) that the password must contain.
minimum: 0
usernameDisallowed boolean
If true, the password may not the same characters in the customer's username.
personalDataDisallowed boolean
If true, the password may not contain sequences or subsequences from the customer's personal data, such the tax ID or last four digits of the tax ID, or the house number or a sequence of digits from one of their phone numbers.
repeatingCharactersDisallowed boolean
If true, the password may not contain sequences of repeating characters such as 111 or mmm.
notMatchPrevious integer
The password must not match this number of recently used passwords. If 0, no check is made.

passwordPolicyName

"minimumLength"

Password Policy Name (v1.1.0)

The name of a specific password policy. This corresponds to an item in passwordPolicies.enforced.

passwordPolicyName strings may have one of the following enumerated values:

ValueDescription
minimumLengthThe minimum number of characters in a password
maximumLengthThe maximum number of characters in a password
caseSensitiveCase-sensitive:

Passwords are case-sensitive

minimumNumberOfLettersMinimum number of letters (a-z, A-Z) in a password
minimumNumberOfDigitsMinimum number of digits (0-9) in a password
minimumNumberOfSpecialMinimum number of special (non-letter, non-digit) characters in a password
usernameDisallowedA password may not contain the customer's username
personalDataDisallowedA password may not contain personal data such as tax ID, address, zip, phone number
repeatingCharactersDisallowedRepeating characters such as '111' or 'mmmm' are not allowed in a password
notMatchPreviousThe password must not match recently used passwords

Type: string
enum values: minimumLength, maximumLength, caseSensitive, minimumNumberOfLetters, minimumNumberOfDigits, minimumNumberOfSpecial, usernameDisallowed, personalDataDisallowed, repeatingCharactersDisallowed, notMatchPrevious

passwordViolation

{
  "name": "minimumLength",
  "message": "Password must be at least 8 characters long."
}

Password Policy Violation (v0.1.0)

A password policy rule violation, part of credential validation response.

Properties

NameDescription
message string (required)
A message that explains this policy violation.
maxLength: 128
name string: passwordPolicyName (required)
The name of the password policy that this password violates. This corresponds to a item in the passwordPolicies.enforced array and the corresponding property in the passwordPolicies object.
enum values: minimumLength, maximumLength, caseSensitive, minimumNumberOfLetters, minimumNumberOfDigits, minimumNumberOfSpecial, usernameDisallowed, personalDataDisallowed, repeatingCharactersDisallowed, notMatchPrevious

resourceId

"string"

Resource ID (v1.0.0)

The unique, opaque resource ID of the account.

Type: string
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

securityQuestionAnswer

{
  "question": "What was your high school mascot?",
  "questionIndex": 4,
  "answer": "Burrowing Owls"
}

Security Question Answer (v0.2.0)

The answer the customer gave to a security questions.

Properties

NameDescription
question string (required)
The security question text.
questionIndex integer (required)
The zero-based index of the question from securityQuestionCandidates.questions.
minimum: 0
maximum: 12
answer string (required)
The text of the answer the customer provided for this question. The service removes leading and trailing whitespace from the answer.
minLength: 1
maxLength: 255

securityQuestionAnswers

{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
  "answers": [
    {
      "question": "What street did you live on when your were ten years old?",
      "questionIndex": 1,
      "answer": "Lombardo"
    },
    {
      "question": "What is the breed of your first pet?",
      "questionIndex": 3,
      "answer": "Bernese Mountain Dog"
    },
    {
      "question": "What was your high school mascot?",
      "questionIndex": 4,
      "answer": "Burrowing Owls"
    },
    {
      "question": "What is your favorite security question?",
      "questionIndex": 5,
      "answer": "What is your favorite security question?"
    }
  ]
}

Security Question Answers (v0.2.0)

The security questions that the user selected and the answer they gave to each.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
answers array: [securityQuestionAnswer] (required)
An array of questions and answers that the customer provided.
minLength: 1
maxLength: 12

securityQuestionCandidate

{
  "text": "In what city was your father born?",
  "minimumLength": 2,
  "maximumLength": 30
}

Security Question Candidate (v0.1.0)

A candidate security question and any constraints on answers to that question.

Properties

NameDescription
text string (required)
The text of the security question.
maxLength: 80
minimumLength integer (required)
The minimum number of characters an answer must have after removing leading and trailing whitespace.
maximumLength integer (required)
The maximum length an answer may have have after removing leading and trailing whitespace.
pattern string
An optional regular expression pattern that the answer must match.

securityQuestionCandidates

{
  "_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionCandidates/v0.1.0/profile.json",
  "questions": [
    {
      "text": "What is your mother's maiden name?",
      "minimumLength": 2,
      "maximumLength": 64
    },
    {
      "text": "What street did you live on when your were ten years old?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "In what city was your father born?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What is the breed of your first pet?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What was your high school mascot?",
      "minimumLength": 2,
      "maximumLength": 30
    },
    {
      "text": "What is your favorite security question?",
      "minimumLength": 8,
      "maximumLength": 80
    }
  ],
  "minimumAnswerCount": 3,
  "maximumAnswerCount": 3
}

Security Question Candidates (v0.1.0)

A list of candidate security questions the customer may choose from and provide answers so that they can prove their identity later.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
questions array: [securityQuestionCandidate] (required)
An array of questions that the customer may choose from.
minItems: 4
minimumAnswerCount integer (required)
The minimum number questions the customer must select and answer.
minimum: 1
maximum: 8
maximumAnswerCount integer (required)
The maximum number questions the customer must select and answer.
minimum: 1
maximum: 12

summaryCustomer

{
  "_profile": "https://production.api.apiture.com/schemas/dao/summaryCustomer/v0.10.1/profile.json",
  "_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
  "institutionId": "3PB_212",
  "customerType": "retail",
  "customerNumber": "123456789",
  "fullName": "Maxwell Daniel Peck",
  "username": "maxpeck412",
  "state": "enabled",
  "taxId": "112-22-3333",
  "birthdate": "1975-02-28"
}

Summary Customer (v0.10.1)

A summary representation of a customer, returned in customer collections.

Properties

NameDescription
_profile string(uri)
The URI of a resource profile which describes the representation.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_error object: error
An object which describes an error. This value is omitted if the operation succeeded without error.
institutionId string
The financial institution's ID.
minLength: 4
customerType string: customerType

The type of customer, retail (personal) or commercial (business banking).

customerType strings may have one of the following enumerated values:

ValueDescription
retailRetail:

Retail (personal) banking customer

commercialCommercial:

Commercial (business) banking customer


enum values: retail, commercial
birthdate string(date)
The contact's birth date in YYYY-MM-DD format. This is required if type is retail.
electronicStatementConsent boolean
true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
electronicDocumentConsent boolean
true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.
Default: false
_id string
The unique identifier for this customer resource. This is an opaque, read-only string. Note: This _id is not related to the customerNumber. The _id is the {customerId} in the customer resource URI.
read-only
taxId string
The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.
read-only
maxLength: 16
customerNumber string
The unique customer number, also known as the Customer Identification File number or CIF number. This is the Member Number for credit unions. This value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource). This value cannot be changed after a customer hae been enables.
minLength: 1
maxLength: 36
username string
The customer's unique on-line banking username. This value cannot be changed after it has been set.
read-only
maxLength: 64
state string: customerState
The state of the customer. This is a derived property. Update the state with the enableCustomer operation.
read-only
enum values: pending, enabled

usernamePolicies

{
  "message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
  "enforced": [
    "minimumLength",
    "maximumLength",
    "caseSensitive",
    "personalDataDisallowed",
    "accountDataDisallowed"
  ],
  "minimumLength": 8,
  "maximumLength": 24,
  "caseSensitive": true,
  "personalDataDisallowed": true,
  "accountDataDisallowed": true
}

Username Policies (v0.1.0)

The rules the financial institution imposes for usernames.

Properties

NameDescription
message string(markdown)
A summary description of the active username policies. This is Github Flavored Markdown. The client can render the Markdown for display to the user. This is often list format.
enforced array: [usernamePolicyName]
The array of username policies that the financial institution enforces. The values are used as name key in a usernameViolation.
unique items
minimumLength integer
The minimum number of characters in a username.
maximumLength integer
The minimum number of characters in a username.
caseSensitive boolean
If true, usernames are case sensitive and the user must enter the username with the correct matching case to login.
usernameDisallowed boolean
If true, the username may not the same characters in the customer's username.
personalDataDisallowed boolean
If true, the username may not contain sequences or subsequences from the customer's personal data, such the tax ID or last four digits of the tax ID, or the house number or a sequence of digits from one of their phone numbers.
accountDataDisallowed boolean
If true, the username may not contain sequences or subsequences from the customer's account data, such as the account number, customer ID or member number, or other key account properties.

usernamePolicyName

"minimumLength"

Username Policy Name (v1.0.0)

The name of a specific username policy. This corresponds to an item in usernamePolicies.enforced or in a usernameViolation.name.

usernamePolicyName strings may have one of the following enumerated values:

ValueDescription
minimumLengthMinimum username length
maximumLengthMaximum username length
caseSensitiveUsernames are case-sensitive:

Case-sensitive

personalDataDisallowedPersonal Data Disallowed:

A usernames may not contain personal data such as tax ID, address, zip, phone number

accountDataDisallowedA username may not contain sequences or subsequences from the account data

Type: string
enum values: minimumLength, maximumLength, caseSensitive, personalDataDisallowed, accountDataDisallowed

usernameViolation

{
  "name": "personalDataDisallowed",
  "message": "Username may not contain personal data such as tax ID, address, zip, phone number"
}

Username Policy Violation (v0.1.0)

A username policy rule violation, part of credential validation response.

Properties

NameDescription
name string: usernamePolicyName (required)
The name of the username policy that this password violates
enum values: minimumLength, maximumLength, caseSensitive, personalDataDisallowed, accountDataDisallowed
message string (required)
A message that explains this policy violation.
maxLength: 128