Digital Account Opening Partner API v0.37.0
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
A partner API for Digital Account Opening (DAO). This is a "back-end for front-end" API that provides just the features that a third-party partner DAO solution needs to integrate with Apiture Digital Banking. Below is an outline of the operations the client may call to onboard new digital banking users.
Customer DAO Application Flow
The client may call any of the following operations at any time:
getCredentialsPoliciesto retrieve the financial institution's username and password policiesvalidateCredentialsfor validating the customer's username and password against the financial institution's credential policiesgetCandidateSecurityQuestionsfor customer identification
The client then follows the following sequence of operations:
searchCustomersto determine if a digital banking customer exists or not The client might abandon the DAO process if the customer is already enrolled in digital bankingcreateCustomerto create a pending digital banking customerupdateCustomerto update the properties of the pending digital banking customersetCustomerSecurityAnswersSave the customer's answers to the authentication security questionsenableCustomerApprove the digital account opening application (pending) and enable the customercreateCustomerAccountEntitlementsto entitle (associate) a customer to one or more banking accountscreateLoginUrlto get a URL to redirect the enabled user to the financial institution's digital banking web application; the user will already be authenticated once they follow the URL.listFundingAccountsto list internal and external accounts that may be used to fund a new account for a customerlistFundingAccountBalancesto list available balances for one or more internal accounts.createCustomerExternalAccountEntitlementsto entitle (associate) a customer to an external banking account
Abnormal Flows
deleteCustomerDelete a pending customer; used when the DAO vendor rejects an application
Customer Communication
The service may also send communication to the customer to inform them of the DAO process status.
Authentication
This API is only used from secure service deployments, not from insecure web or mobile applications. The API is authenticated with a client certificate. The operations in this API do not define a security requirement. Instead, the middleware validates the client certificate before the API controller handles API requests.
Download OpenAPI Definition (YAML)
Base URLs:
Customers
Banking Customers
searchCustomers
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/customerSearch \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/customerSearch HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
"customerNumber": "123456789",
"institutionId": "3PB_212"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customerSearch',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customerSearch',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/customerSearch',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/customerSearch', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customerSearch");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customerSearch", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Find existing registered customer
POST https://api.apiture.com/dao/customerSearch
Use this operation to determine if a customer is already registered in online-banking. The response includes the search criteria and a found property which is true if any customer records exist in the banking core that match the input.
This operation uses a "GET over POST" pattern so that personally sensitive information (the user's customer number or tax ID) is transmitted securely in the request body and not in the request URL as query parameters. Like a GET, this operation is idempotent and safe.
This operation is only allowed for trusted services or administrators.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
"customerNumber": "123456789",
"institutionId": "3PB_212"
}
Parameters
| Parameter | Description |
|---|---|
body | customerSearch (required) |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/foundCustomers/v0.5.1/profile.json",
"customerNumber": "123456789",
"institutionId": "3PB_212",
"found": true,
"pendingCustomerIds": [
"c6559535-3a16-442d-a8e1-1d3408602a6d",
"0437cc87-b463-4a99-9622-df16629adc77"
]
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. | |
Schema: foundCustomers |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The This error response may have one of the following
| |
Schema: errorResponse |
createCustomer
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/customers \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'
POST https://api.apiture.com/dao/customers HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
"institutionId": "3PB_212",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"password": "this-is-my-secure-password",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
fetch('https://api.apiture.com/dao/customers',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}
result = RestClient.post 'https://api.apiture.com/dao/customers',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}
r = requests.post('https://api.apiture.com/dao/customers', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customers", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Create a customer
POST https://api.apiture.com/dao/customers
Create a new customer. This creates a new pending customer based on the request data and assign a new _id resource ID. The client can retrieve the customer with GET /customers/_id. The client may update` the customer, then it may enable the customer, or the financial institution may delete the customer.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
"institutionId": "3PB_212",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"password": "this-is-my-secure-password",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Parameters
| Parameter | Description |
|---|---|
Unique-Request-Id | string (required) Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls. Note: This is an architectural decision to be decided; other solutions are possible. minLength: 24 maxLength: 64 |
body | createCustomer (required) |
Example responses
201 Response
{
"_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"institutionId": "3PB_212",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "pending",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
400 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 201 | Created |
Created. Note that the response omits the (writeOnly) password. | |
Schema: customer | |
| Header | Locationstring uri |
| The URI of the new customer resource. |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. A customer with the requested This error response may have one of the following
| |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The If the If there are multiple validation errors, they are nested in This error response may have one of the following
|
getCustomer
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/customers/{customerId} \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/customers/{customerId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/customers/{customerId}', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/customers/{customerId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Fetch a representation of this customer
GET https://api.apiture.com/dao/customers/{customerId}
Return a HAL representation of this customer resource.
Parameters
| Parameter | Description |
|---|---|
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
200 Response
{
"_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"institutionId": "3PB_212",
"customerNumber": "123456789",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
404 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. Note that the response omits the (writeOnly) password. | |
Schema: customer |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
updateCustomer
Code samples
# You can also use wget
curl -X PUT https://api.apiture.com/dao/customers/{customerId} \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
"institutionId": "3PB_212",
"customerType": "retail",
"customerNumber": "123456789",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"password": "this-is-my-secure-password",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}',
method: 'put',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.put 'https://api.apiture.com/dao/customers/{customerId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.put('https://api.apiture.com/dao/customers/{customerId}', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://api.apiture.com/dao/customers/{customerId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Update this customer
PUT https://api.apiture.com/dao/customers/{customerId}
Perform a complete replacement of this customer.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
"institutionId": "3PB_212",
"customerType": "retail",
"customerNumber": "123456789",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"password": "this-is-my-secure-password",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Parameters
| Parameter | Description |
|---|---|
body | customer (required) A new customer |
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
200 Response
{
"_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"institutionId": "3PB_212",
"customerNumber": "123456789",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "pending",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
400 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. Note that the response omits the (writeOnly) password. | |
Schema: customer |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. The request conflicts with the existing state of the customer. This error response may have one of the following
| |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The If the If there are multiple validation errors, they are nested in This error response may have one of the following
|
deleteCustomer
Code samples
# You can also use wget
curl -X DELETE https://api.apiture.com/dao/customers/{customerId} \
-H 'Accept: application/json'
DELETE https://api.apiture.com/dao/customers/{customerId} HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}',
{
method: 'DELETE',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}',
method: 'delete',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.delete 'https://api.apiture.com/dao/customers/{customerId}',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.delete('https://api.apiture.com/dao/customers/{customerId}', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("DELETE", "https://api.apiture.com/dao/customers/{customerId}", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Delete a pending customer/application.
DELETE https://api.apiture.com/dao/customers/{customerId}
Delete a pending customer. The client may delete a customer if the user abandons the application process or if the financial institution or DAO vendor rejects the account opening application.
Parameters
| Parameter | Description |
|---|---|
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
404 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 204 | No Content |
| Deleted, no content. |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. The customer may not be deleted. This error response may have one of the following
| |
Schema: errorResponse |
setCustomerSecurityAnswers
Code samples
# You can also use wget
curl -X PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
"answers": [
{
"question": "What street did you live on when your were ten years old?",
"questionIndex": 1,
"answer": "Lombardo"
},
{
"question": "What is the breed of your first pet?",
"questionIndex": 3,
"answer": "Bernese Mountain Dog"
},
{
"question": "What was your high school mascot?",
"questionIndex": 4,
"answer": "Burrowing Owls"
},
{
"question": "What is your favorite security question?",
"questionIndex": 5,
"answer": "What is your favorite security question?"
}
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
{
method: 'PUT',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
method: 'put',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.put 'https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.put('https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("PUT", "https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Set Customer Security Questions Answers
PUT https://api.apiture.com/dao/customers/{customerId}/securityQuestionAnswers
Set or replace the customer's chosen security questions and their answers to those questions. The client submits these after presenting candidate questions from the getCandidateSecurityQuestions response and collecting answers for the required number of answers from that candidate list of questions.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
"answers": [
{
"question": "What street did you live on when your were ten years old?",
"questionIndex": 1,
"answer": "Lombardo"
},
{
"question": "What is the breed of your first pet?",
"questionIndex": 3,
"answer": "Bernese Mountain Dog"
},
{
"question": "What was your high school mascot?",
"questionIndex": 4,
"answer": "Burrowing Owls"
},
{
"question": "What is your favorite security question?",
"questionIndex": 5,
"answer": "What is your favorite security question?"
}
]
}
Parameters
| Parameter | Description |
|---|---|
body | securityQuestionAnswers (required) |
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
"answers": [
{
"question": "What street did you live on when your were ten years old?",
"questionIndex": 1,
"answer": "Lombardo"
},
{
"question": "What is the breed of your first pet?",
"questionIndex": 3,
"answer": "Bernese Mountain Dog"
},
{
"question": "What was your high school mascot?",
"questionIndex": 4,
"answer": "Burrowing Owls"
},
{
"question": "What is your favorite security question?",
"questionIndex": 5,
"answer": "What is your favorite security question?"
}
]
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. Customer's security questions updated. | |
Schema: securityQuestionAnswers |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The request body is syntactically correct but the content is invalid. This error response may have one of the following
|
Customer Actions
Actions on Customer Resources
authenticateCustomer
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/authenticatedCustomer \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/authenticatedCustomer HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
"institutionId": "3PB_212",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/authenticatedCustomer',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/authenticatedCustomer',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/authenticatedCustomer',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/authenticatedCustomer', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/authenticatedCustomer");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/authenticatedCustomer", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Authenticate a customer
POST https://api.apiture.com/dao/authenticatedCustomer
Authenticate an existing customer's credentials, returning the customer if one exists and the credentials are valid, or an error response if the system cannot authenticate the customer with the provided credentials.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
"institutionId": "3PB_212",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}
Parameters
| Parameter | Description |
|---|---|
body | customerCredentials (required) |
Example responses
200 Response
{
"_id": "2bc32b15-3691-4408-9eac-859429d64d0a",
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"institutionId": "3PB_212",
"customerNumber": "123456789",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
400 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. If the customer credentials are valid, return the corresponding customer object. Note that the response omits the (writeOnly) password. | |
Schema: customer | |
| Header | Locationstring uri |
| The URI of the authenticated customer resource. |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 403 | Forbidden |
| Forbidden. Could not authenticate the customer with the given credentials. No other information is provided. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters or request body was well formed but otherwise invalid. The This error response may have one of the following
|
createLoginUrl
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}/loginUrl',
method: 'get',
data: '?channel=web&ipAddress=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/customers/{customerId}/loginUrl',
params: {
'channel' => 'string',
'ipAddress' => 'string'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/customers/{customerId}/loginUrl', params={
'channel': 'web', 'ipAddress': 'string'
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/loginUrl?channel=web&ipAddress=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/customers/{customerId}/loginUrl", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
GET https://api.apiture.com/dao/customers/{customerId}/loginUrl
Return a URL with which the pre-authenticated customer may open the financial institution's digital banking web or mobile application. The customer must be enabled.
Subsequent calls may return the same URL as the first call, or the response may be a unique URL.
The login URL may be used only once. If the user does not use the URL within the client application before the URL's expiration time, the client application should request a new login URL.
Consumers should not send this URL to the user (such as via email), but only use it within their digital account opening application to launch the financial institution's banking application.
Parameters
| Parameter | Description |
|---|---|
channel | string (required) The channel that the requested login URL is targeting, either the financial institution's web application or their mobile application. If mobile is not supported, the service returns a 501 status code for ?channel=mobile requests.enum values: web, mobile |
ipAddress | string (required) The IP address of the device where the customer request originated. This value must be IPV4 or IPV6 format. minLength: 6 maxLength: 128 |
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerLoginUrl/v0.1.1/profile.json",
"loginUrl": "https://thirdpartybank.example.com/digitalBanking?auth=9A8B808FD7684E17AFA621361E9E83D97DB3A139BD3D4444A1F4D71649CA8DFB",
"channel": "web",
"expiresAt": "2020-11-04T05:08:32.375Z"
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. The operation succeeded. The customer can login by opening the response's loginUrl in the financial institution's banking application. | |
Schema: customerLoginUrl |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. The request to obtain a login URL for the customer is not allowed because the customer is not enabled. The This error response may have one of the following
| |
Schema: errorResponse |
| Status | Description |
|---|---|
| 501 | Not Implemented |
Not Implemented. The server does not support the ?channel=mobile query parameter. | |
Schema: errorResponse |
enableCustomer
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/enabledCustomers?customerId=string \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/enabledCustomers?customerId=string HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/enabledCustomers?customerId=string',
{
method: 'POST',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/enabledCustomers',
method: 'post',
data: '?customerId=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/enabledCustomers',
params: {
'customerId' => 'string'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/enabledCustomers', params={
'customerId': 'string'
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/enabledCustomers?customerId=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/enabledCustomers", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Enable a customer
POST https://api.apiture.com/dao/enabledCustomers
Enable a customer. This changes the state property of the customer to enabled. The response is the updated representation of the customer.
Parameters
| Parameter | Description |
|---|---|
customerId | string (required) A string which uniquely identifies a banking customer. |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
"institutionId": "3PB_212",
"customerType": "retail",
"customerNumber": "123456789",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"password": "this-is-my-secure-password",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. The operation succeeded. The customer was updated and its state changed to enabled. | |
Schema: customer |
| Status | Description |
|---|---|
| 400 | Bad Request |
| Bad Request. The customer parameter was malformed or does not refer to an existing or accessible customer. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. The request to enable the customer is not allowed. The This error response may have one of the following
| |
Schema: errorResponse |
validateCredentials
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Validate the customers's credentials against the institution's password policies.
POST https://api.apiture.com/dao/institutions/{institutionId}/credentialValidations
Validate the customers's credentials against the financial institution's username and password policies, returning a response indicating if the credentials are valid or not. Note: 4xx error responses are not returned for well-formed requests, even if the credentials are invalid, as the validation operation completed normally. 4xx responses are only return for invalid request bodies such as invalid JSON or JSON that does not conform to the credentials JSON schema.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}
Parameters
| Parameter | Description |
|---|---|
institutionId | string (required) The unique ID of the financial institution. minLength: 4 |
body | credentialsValidationRequest (required) |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidation/v0.1.1/profile.json",
"valid": false,
"passwordViolations": [
{
"name": "minimumLength",
"message": "Password must be at least 8 characters long"
},
{
"name": "minimumNumberOfDigits",
"message": "Password must contain at least one digit"
},
{
"name": "minimumNumberOfSpecial",
"message": "Password must contain at least one special character"
},
{
"name": "personalDataDisallowed",
"message": "Password may not contain personal data such as tax ID, address, zip, phone number"
}
],
"usernameViolations": [
{
"name": "minimumLength",
"message": "Password must be at least 5 characters long"
},
{
"name": "personalDataDisallowed",
"message": "Username may not contain personal data such as tax ID, address, zip, phone number"
}
],
"duplicateUsername": false,
"suggestedUsernames": [
"mp-3729",
"mdp-7221"
]
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. | |
Schema: credentialsValidation |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or request parameters are invalid. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The request body or One or more of the parameters was well formed but otherwise invalid. The This error response may have one of the following
| |
Schema: errorResponse |
sendCustomerCommunication
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/customers/{customerId}/communications \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/customers/{customerId}/communications HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
"type": "accountApplicationUnderReview",
"channel": "email",
"attributes": {
"accountName": "My Premiere Savings",
"productName": "Premiere Savings"
}
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/customers/{customerId}/communications',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/customers/{customerId}/communications',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/customers/{customerId}/communications',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/customers/{customerId}/communications', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/customers/{customerId}/communications");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/customers/{customerId}/communications", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Send a communication to the customer
POST https://api.apiture.com/dao/customers/{customerId}/communications
Send a communication to the customer, informing them of the status of the account opening process. Messages can be sent to the customer via an email channel or as a thread between the financial institution and the customer via the secureMessage system within the banking platform.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
"type": "accountApplicationUnderReview",
"channel": "email",
"attributes": {
"accountName": "My Premiere Savings",
"productName": "Premiere Savings"
}
}
Parameters
| Parameter | Description |
|---|---|
body | customerCommunication (required) |
customerId | string (required) The unique opaque identifier for a customer resource; this is the _id in the customer schema. Note: This is not the customer number at the financial institution. |
Example responses
404 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 204 | No Content |
| No Content. The operation succeeded. The message was formatted and sent without error. However, this does guarantee that the message was delivered. |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such customer resource at the specified {customerId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
Conflict. The application state does not permit this communication type. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The communication type requires message attributes that are not present. | |
Schema: errorResponse |
sendOneTimePassword
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
"code": "377669",
"channel": "sms",
"target": "+19105550155"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Send a one-time-password
POST https://api.apiture.com/dao/institutions/{institutionId}/oneTimePasswords
Send a one-time-password to a pending customer, prior to onboarding/enrolling.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
"code": "377669",
"channel": "sms",
"target": "+19105550155"
}
Parameters
| Parameter | Description |
|---|---|
body | oneTimePassword (required) |
institutionId | string (required) The unique ID of the financial institution. minLength: 4 |
Example responses
422 Response
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Responses
| Status | Description |
|---|---|
| 204 | No Content |
| No Content. The operation succeeded. The message was formatted and sent without error. However, this does guarantee that the message was delivered. |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The communication type requires message attributes that are not present. | |
Schema: errorResponse |
Customer Accounts
Customer Accounts
listFundingAccounts
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/fundingAccounts?customerId=string \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/fundingAccounts?customerId=string HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/fundingAccounts?customerId=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/fundingAccounts',
method: 'get',
data: '?customerId=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/fundingAccounts',
params: {
'customerId' => 'string'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/fundingAccounts', params={
'customerId': 'string'
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/fundingAccounts?customerId=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/fundingAccounts", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
List funding accounts
GET https://api.apiture.com/dao/fundingAccounts
List a customer's internal and external accounts that may be used to fund a new account. Items in the response are limited to accounts that the customer may debit from, either internal accounts or linked external accounts. The response lists the external accounts first. This operation does not filter accounts based on available balances or debit limits. The response may include incomplete accounts where the available balance is not immediately available. Use listFundingAccountBalances to list available balances for the incomplete internal accounts in the response. The API does not retrieve balances for external accounts.
Parameters
| Parameter | Description |
|---|---|
customerId | string (required) A string which uniquely identifies a banking customer. |
Example responses
200 Response
{
"items": [
{
"id": "a687b700-a8f7",
"location": "external",
"institutionName": "State Employees Credit Union",
"nickname": "Rainy Day Fund",
"maskedNumber": "*1234",
"product": {
"type": "savings",
"label": "High Yield Savings"
}
},
{
"id": "53edf4ea-9bc7",
"nickname": "Tuition Savings",
"location": "internal",
"maskedNumber": "*2345",
"product": {
"type": "savings",
"label": "High Yield Savings"
}
},
{
"id": "if576c406-6256",
"nickname": "Share Checking",
"location": "internal",
"maskedNumber": "*3456",
"product": {
"type": "checking",
"label": "Premiere Checking"
}
}
]
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. The response contains an array of active accounts that may be used for funding new accounts. | |
Schema: fundingAccounts |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The customer ID is invalid. This error response may have one of the following
| |
Schema: errorResponse |
listFundingAccountBalances
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/accountBalances',
method: 'get',
data: '?customerId=string&accounts=string',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/accountBalances',
params: {
'customerId' => 'string',
'accounts' => '[accountIds](#schemaaccountids)'
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/accountBalances', params={
'customerId': 'string', 'accounts': [
"string"
]
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/accountBalances?customerId=string&accounts=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/accountBalances", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
List Funding Account Balances
GET https://api.apiture.com/dao/accountBalances
Return balances for a list of internal accounts for a customer. The accounts query parameter is a list of account IDs which typically comes from the listFundingAccounts operation response. The customer must have view access to all of the accounts, else a 403 Forbidden response is returned.
The response may be incomplete. Given a Retry-After response header, the client can retry the operation after a short delay, requesting only the accounts which are incomplete; see the 202 Accepted response for details.
Parameters
| Parameter | Description |
|---|---|
customerId | string (required) A string which uniquely identifies a banking customer. |
accounts | accountIds (required) The unique account identifiers of one or more internal accounts. (Internal accounts are those with location value of internal.) Note: The account IDs are unrelated to the account number.unique items minItems: 1 maxItems: 100 comma-delimiteditems: » minLength: 6 » maxLength: 48 » pattern: ^[-_:.~$a-zA-Z0-9]+$ |
retryCount | integer When retrying the operation, pass the retryCount from the incompleteAccountBalances response.minimum: 1 maximum: 10 |
Example responses
200 Response
{
"items": [
{
"id": "05d00d7d-30d6",
"available": "3208.20"
},
{
"id": "cb5d67ea-a5c3",
"available": "1750.80"
},
{
"id": "b5a4f178-2baf",
"available": "2710.80"
},
{
"id": "959908db-fd40",
"available": "4812.09"
},
{
"id": "97e6166a-2a4c",
"available": "9323.63"
}
]
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
OK. The response contains the balances for all the accounts in the ?accounts= query parameter. | |
Schema: fundingAccountBalances | |
| 202 | Accepted |
Accepted. The service accepted the request but could not provide balances for all the requested accounts and returned an incomplete response. Try the call again after the time in the Retry-After response header has passed, and request only those accounts from the incompleteAccounts in the response. If there is no Retry-After response header, the client has reached its maximum number of tries and should not retry the operation. | |
Schema: incompleteFundingAccountBalances | |
| Header | Retry-Afterstring |
Indicates an absolute time, in HTTP Examples:
|
| Status | Description |
|---|---|
| 403 | Forbidden |
| Forbidden. The given customer does not have balance view access to one or more of the accounts. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The request body and/or query parameters were well-formed but otherwise invalid. This error response may have one of the following
| |
Schema: errorResponse |
| Status | Description |
|---|---|
| 429 | Too Many Requests |
Too Many Requests. The client has sent too many requests in a given amount of time. This error response may have one of the following
| |
Schema: errorResponse |
| Status | Description |
|---|---|
| 503 | Service Unavailable |
| Service Unavailable. Could not fetch the account balance from the banking core. | |
Schema: errorResponse |
Account Entitlements
Entitlements for Banking Account Holders
createCustomerAccountEntitlements
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/accountEntitlements \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'
POST https://api.apiture.com/dao/accountEntitlements HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2
const fetch = require('node-fetch');
const inputBody = '{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
"customerId": "47837239834897",
"institutionId": "3PB_212",
"accounts": [
{
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "S",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
},
{
"accountNumber": "8765432108",
"accountCode": "checking",
"accountType": "DDA",
"nickname": "Daily checking account",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
fetch('https://api.apiture.com/dao/accountEntitlements',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
$.ajax({
url: 'https://api.apiture.com/dao/accountEntitlements',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}
result = RestClient.post 'https://api.apiture.com/dao/accountEntitlements',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}
r = requests.post('https://api.apiture.com/dao/accountEntitlements', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/accountEntitlements");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/accountEntitlements", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Create account entitlements for a customer
POST https://api.apiture.com/dao/accountEntitlements
Create one or more account entitlements for a customer. An account entitlement is an association between the customer and the account, granting the customer their account holder access to the account. This API call is only valid for enabled Customers. For the createCustomer/updateCustomer DAO flow, the enableCustomer api call must occur prior to calling this api.
Body parameter
{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
"customerId": "47837239834897",
"institutionId": "3PB_212",
"accounts": [
{
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "S",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
},
{
"accountNumber": "8765432108",
"accountCode": "checking",
"accountType": "DDA",
"nickname": "Daily checking account",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
]
}
Parameters
| Parameter | Description |
|---|---|
Unique-Request-Id | string (required) Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls. Note: This is an architectural decision to be decided; other solutions are possible. minLength: 24 maxLength: 64 |
body | createCustomerAccountEntitlements (required) |
Example responses
201 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerAccountEntitlements/v0.5.0/profile.json",
"customerId": "47837239834897",
"institutionId": "3PB_212",
"accounts": [
{
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "A",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
},
{
"accountNumber": "8765432108",
"accountCode": "checking",
"accountType": "DDA",
"nickname": "Daily checking account",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
]
}
Responses
| Status | Description |
|---|---|
| 201 | Created |
| Created. | |
Schema: customerAccountEntitlements |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
| Conflict. Accounts already exist for this customer, or the operation was already invoked. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
createCustomerExternalAccountEntitlements
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/dao/externalAccountEntitlements \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2'
POST https://api.apiture.com/dao/externalAccountEntitlements HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
Unique-Request-Id: 0d43c531-f4b0-4227-8299-8520834c20a2
const fetch = require('node-fetch');
const inputBody = '{
"customerId": "47837239834897",
"accounts": [
{
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"ownerName": "Lucile Watson",
"type": "savings",
"usage": "personal",
"nickname": "Daily checking account"
}
]
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
fetch('https://api.apiture.com/dao/externalAccountEntitlements',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json',
'Unique-Request-Id':'0d43c531-f4b0-4227-8299-8520834c20a2'
};
$.ajax({
url: 'https://api.apiture.com/dao/externalAccountEntitlements',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json',
'Unique-Request-Id' => '0d43c531-f4b0-4227-8299-8520834c20a2'
}
result = RestClient.post 'https://api.apiture.com/dao/externalAccountEntitlements',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json',
'Unique-Request-Id': '0d43c531-f4b0-4227-8299-8520834c20a2'
}
r = requests.post('https://api.apiture.com/dao/externalAccountEntitlements', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/externalAccountEntitlements");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
"Unique-Request-Id": []string{"0d43c531-f4b0-4227-8299-8520834c20a2"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/dao/externalAccountEntitlements", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Create external account entitlements for a customer
POST https://api.apiture.com/dao/externalAccountEntitlements
Create one or more external account entitlements for a customer. An account entitlement is an association between the customer and the external account, granting the customer their account holder access to the account. This API call is only valid for enabled Customers.
Body parameter
{
"customerId": "47837239834897",
"accounts": [
{
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"ownerName": "Lucile Watson",
"type": "savings",
"usage": "personal",
"nickname": "Daily checking account"
}
]
}
Parameters
| Parameter | Description |
|---|---|
Unique-Request-Id | string (required) Each call must supply a unique transaction ID to allow the server to reject duplicate requests. Clients are strongly encouraged to generate a GUID for each unique request, but use the same value when retrying failed API calls. Note: This is an architectural decision to be decided; other solutions are possible. minLength: 24 maxLength: 64 |
body | newCustomerExternalAccountEntitlements (required) |
Example responses
201 Response
{
"customerId": "47837239834897",
"accounts": [
{
"id": "afd8038c56f112ce573b",
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"ownerName": "Lucile Watson",
"type": "savings",
"usage": "personal",
"nickname": "Daily checking account"
}
]
}
Responses
| Status | Description |
|---|---|
| 201 | Created |
| Created. | |
Schema: customerExternalAccountEntitlements |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 409 | Conflict |
| Conflict. Accounts already exist for this customer, or the operation was already invoked. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
Institutions
Financial Institutions (Banks and Credit Unions)
getCredentialsPolicies
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Return the financial institution's credentials (username and password) policies
GET https://api.apiture.com/dao/institutions/{institutionId}/credentialsPolicies
The client uses this to obtain the financial institution's password and username policies and requirements. The client can also provides the validateCredentials operation to validate customers's credentials against the policies, so that the client need not implement the logic to interpret the rules.
Parameters
| Parameter | Description |
|---|---|
institutionId | string (required) The unique ID of the financial institution. minLength: 4 |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsPolicies/v0.2.1/profile.json",
"username": {
"message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
"enforced": [
"minimumLength",
"maximumLength",
"caseSensitive",
"personalDataDisallowed",
"accountDataDisallowed"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"personalDataDisallowed": true,
"accountDataDisallowed": true
},
"password": {
"enforced": [
"minimumLength",
"maximumLength",
"minimumNumberOfLetters",
"minimumNumberOfDigits",
"usernameDisallowed",
"personalDataDisallowed",
"repeatingCharactersDisallowed",
"notMatchPrevious"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"minimumNumberOfLetters": 1,
"minimumNumberOfDigits": 1,
"minimumNumberOfSpecial": 1,
"usernameDisallowed": true,
"personalDataDisallowed": true,
"repeatingCharactersDisallowed": true,
"notMatchPrevious": 6
}
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. | |
Schema: credentialsPolicies |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the parameters was well formed but otherwise invalid. The This error response may have one of the following
| |
Schema: errorResponse |
getCandidateSecurityQuestions
Code samples
# You can also use wget
curl -X GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions \
-H 'Accept: application/json'
GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions HTTP/1.1
Host: api.apiture.com
Accept: application/json
const fetch = require('node-fetch');
const headers = {
'Accept':'application/json'
};
fetch('https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
{
method: 'GET',
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
method: 'get',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Accept' => 'application/json'
}
result = RestClient.get 'https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Accept': 'application/json'
}
r = requests.get('https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("GET", "https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Return security questions candidate
GET https://api.apiture.com/dao/institutions/{institutionId}/securityQuestions
Return a list of possible security questions the user may choose. The client should present these questions to the user and collect responses for some of them and submit them back via setCustomerSecurityAnswers.
Parameters
| Parameter | Description |
|---|---|
institutionId | string (required) The unique ID of the financial institution. minLength: 4 |
Example responses
200 Response
{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionCandidates/v0.1.0/profile.json",
"questions": [
{
"text": "What is your mother's maiden name?",
"minimumLength": 2,
"maximumLength": 64
},
{
"text": "What street did you live on when your were ten years old?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "In what city was your father born?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What is the breed of your first pet?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What was your high school mascot?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What is your favorite security question?",
"minimumLength": 8,
"maximumLength": 80
}
],
"minimumAnswerCount": 3,
"maximumAnswerCount": 3
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. | |
Schema: securityQuestionCandidates |
| Status | Description |
|---|---|
| 404 | Not Found |
Not Found. There is no such financial institution at the specified {institutionId}. The _error field in the response contains details about the request error. | |
Schema: errorResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. One or more of the parameters was well formed but otherwise invalid. The This error response may have one of the following
| |
Schema: errorResponse |
Schemas
abstractRequest
{
"_profile": "https://production.api.apiture.com/schemas/common/abstractRequest/v2.0.0/profile.json",
"_links": {}
}
Abstract Request (v2.0.0)
An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.
This schema was resolved from common/abstractRequest.
Properties
| Name | Description |
|---|---|
_links | object: links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations. This schema was resolved from |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. read-only |
abstractResource
{
"_profile": "https://production.api.apiture.com/schemas/common/abstractResource/v2.1.0/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
}
}
Abstract Resource (v2.1.0)
An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.
This schema was resolved from common/abstractResource.
Properties
| Name | Description |
|---|---|
_links | object: links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations. This schema was resolved from |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. read-only |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. read-only |
accountCode
"checking"
Account Code (v2.0.0)
A core-agnostic code which names the account's banking category. The category determines what type of banking functions are allowed for such accounts.
accountCode strings may have one of the following enumerated values:
| Value | Description |
|---|---|
checking | Checking |
savings | Savings |
cd | CD: Certificate of Deposit |
ira | IRA: Individual Retirement Account |
loan | Loan |
creditCard | Credit Card |
Type: string
enum values: checking, savings, cd, ira, loan, creditCard
accountIds
[
"string"
]
Account IDs (v1.0.0)
An array of account IDs.
accountIds is an array schema.
Array Elements
| Name | Description |
|---|---|
Account IDs (v1.0.0) | array: [resourceId] An array of account IDs. unique items minItems: 1 maxItems: 100 |
accountUsage
"personal"
Account Usage (v1.0.0)
Indicates an account is used for personal or business banking.
Type: string
enum values: personal, business
address
{
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
}
Address (v0.2.0)
A postal address.
Properties
| Name | Description |
|---|---|
addressLine1 | string (required) The first street address line of the address, normally a house number and street name. minLength: 4 maxLength: 30 |
addressLine2 | string The optional second street address line of the address. maxLength: 30 |
city | string (required) The name of the city or municipality. minLength: 2 maxLength: 30 |
region | string The mailing address region code, such as state in the US, or a province in Canada. If state abbreviations are provided on input and countryCode is US, the service converts the abbreviation to the full state name. For example, NC becomes North Carolina.minLength: 2 maxLength: 20 |
postalCode | string (required) The mailing address postal code, such as a US Zip or Zip+4 code, or a Canadian postal code. minLength: 5 maxLength: 10 |
countryCode | string (required) The ISO 3166-1 alpha-2 country code. This is normalized to uppercase. minLength: 2 maxLength: 2 pattern: ^[a-zA-Z]{2}$ |
international | boolean If true, the user acknowledged that the address they provided is an international address (the countryCode is not "US").Default: false |
attributes
{}
Attributes (v2.1.0)
An optional map of name/value pairs which contains additional dynamic data about the resource.
This schema was resolved from common/attributes.
Properties
createCustomer
{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomer/v0.9.0/profile.json",
"institutionId": "3PB_212",
"customerType": "retail",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"password": "this-is-my-secure-password",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Create Customer (v0.9.0)
Request body for creating a digital banking customer. Phone Numbers The service strips all spaces, hyphens, periods and parentheses from phone number fields in request bodies. Some examples of allowed phone numbers are 9105550155, (910) 555-0155, 910.555.0155, and +19105550155. The default country code prefix is +1. See Phone Number Representations for more information.
Properties
| Name | Description | ||||||
|---|---|---|---|---|---|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. | ||||||
institutionId | string (required) The financial institution's ID. minLength: 4 | ||||||
customerType | string: customerType (required) The type of customer, retail (personal) or commercial (business banking).
enum values: retail, commercial | ||||||
birthdate | string(date) (required) The contact's birth date in YYYY-MM-DD format. This is required if type is retail. | ||||||
electronicStatementConsent | boolean true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
electronicDocumentConsent | boolean true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
primaryPhoneNumber | string (required) The customer's primary phone number; also know as "day-time phone number". (See "Phone Numbers" in the schema description for details.) minLength: 8 maxLength: 16 | ||||||
secondaryPhoneNumber | string The customer's secondary phone number; also known as "evening phone number". (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 16 | ||||||
smsPhoneNumber | string The customer's phone number to use for text messages (Short Message Service or SMS). (See "Phone Numbers" in the schema description for details.) This must be a US number ( +1 if the number includes country code; ten digits excluding the country code).minLength: 9 maxLength: 20 | ||||||
alternatePhoneNumber | string The customer's alternate phone number. (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 20 | ||||||
faxPhoneNumber | string The customer's FAX phone number. (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 20 | ||||||
primaryAddress | object: address (required) The customer's primary address. | ||||||
primaryEmailAddress | string(email) (required) The customer's primary email address. minLength: 8 maxLength: 120 | ||||||
secondaryEmailAddress | string(email) The customer's secondary email address. minLength: 8 maxLength: 120 | ||||||
taxId | string (required) The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.maxLength: 16 | ||||||
fullName | string (required) The customer's full name. maxLength: 50 | ||||||
username | string (required) The customer's unique on-line banking username. This value cannot be changed after it has been set. maxLength: 64 | ||||||
password | string (required) The password the customer uses to log in. This is not returned in responses; it is only used in requests to set or update the customer's password. write-only minLength: 6 maxLength: 48 |
createCustomerAccountEntitlement
{
"_profile": "https://production.api.apiture.com/schemas/dao/baseRequest/v0.3.0/profile.json",
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "S",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Create Customer Account Entitlement (v0.5.0)
Details of a new account entitlement created for a banking customer.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
accountNumber | string (required) The full account number of the new account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved). minLength: 4 maxLength: 17 |
accountType | string (required) The account type, an abbreviation of the banking account type, determined by the banking core. Examples of account types include but are not limited to: D, DDA, S, SAV, CD, IRA, LON, LOC, LOAN, CC. |
accountCode | string: accountCode The banking account product code. enum values: checking, savings, cd, ira, loan, creditCard |
accountIdentifier | string MICR number or some other account identification number depending on the underlying bank core. minLength: 2 maxLength: 32 pattern: ^[-A-Za-z0-9]{2,32}$ |
nickname | string The name the customer gave to the account. |
electronicStatementConsent | boolean true if the user consents to (monthly) electronic account statement delivery for this account. If omitted, the value in the customer is honored. |
electronicDocumentConsent | boolean true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. If omitted, the value in the customer is honored. |
createCustomerAccountEntitlements
{
"_profile": "https://production.api.apiture.com/schemas/dao/createCustomerAccountEntitlements/v0.6.0/profile.json",
"customerId": "47837239834897",
"institutionId": "3PB_212",
"accounts": [
{
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "S",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
},
{
"accountNumber": "8765432108",
"accountCode": "checking",
"accountType": "DDA",
"nickname": "Daily checking account",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
]
}
Create Customer Account Entitlements (v0.6.0)
Request used to create new customer accounts for an existing customer.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
customerId | string (required) The customer ID. This is not related to the customer number or member number. |
institutionId | string (required) The financial institution's ID. minLength: 4 |
accounts | array: [createCustomerAccountEntitlement] (required) One or more accounts to add to a customer. minItems: 1 |
credentialsPolicies
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsPolicies/v0.2.1/profile.json",
"username": {
"message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
"enforced": [
"minimumLength",
"maximumLength",
"caseSensitive",
"personalDataDisallowed",
"accountDataDisallowed"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"personalDataDisallowed": true,
"accountDataDisallowed": true
},
"password": {
"enforced": [
"minimumLength",
"maximumLength",
"minimumNumberOfLetters",
"minimumNumberOfDigits",
"usernameDisallowed",
"personalDataDisallowed",
"repeatingCharactersDisallowed",
"notMatchPrevious"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"minimumNumberOfLetters": 1,
"minimumNumberOfDigits": 1,
"minimumNumberOfSpecial": 1,
"usernameDisallowed": true,
"personalDataDisallowed": true,
"repeatingCharactersDisallowed": true,
"notMatchPrevious": 6
}
}
Credentials Policies (v0.2.1)
The rules the financial institution imposes for customers' credentials (usernames and passwords).
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. |
username | object: usernamePolicies The rules the financial institution imposes each customer's username. |
password | object: passwordPolicies The rules the financial institution imposes on each customer's password. |
credentialsValidation
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidation/v0.1.1/profile.json",
"valid": false,
"passwordViolations": [
{
"name": "minimumLength",
"message": "Password must be at least 8 characters long"
},
{
"name": "minimumNumberOfDigits",
"message": "Password must contain at least one digit"
},
{
"name": "minimumNumberOfSpecial",
"message": "Password must contain at least one special character"
},
{
"name": "personalDataDisallowed",
"message": "Password may not contain personal data such as tax ID, address, zip, phone number"
}
],
"usernameViolations": [
{
"name": "minimumLength",
"message": "Password must be at least 5 characters long"
},
{
"name": "personalDataDisallowed",
"message": "Username may not contain personal data such as tax ID, address, zip, phone number"
}
],
"duplicateUsername": false,
"suggestedUsernames": [
"mp-3729",
"mdp-7221"
]
}
Credentials Validation (v0.1.1)
The response from validating a customer's credentials.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. |
valid | boolean (required) true if and only if the credentials satisfy the financial institution's username and password policies. |
passwordViolations | array: [passwordViolation] (required) A list of password policy violations. The array is empty is there are no violations. |
usernameViolations | array: [usernameViolation] (required) A list of username policy violations. The array is empty is there are no violations. |
duplicateUsername | boolean If true, the username is already in use. This cannot be checked solely on the client side by evaluating the policies. |
suggestedUsernames | array: [string] If the username is invalid, the service may return some suggested valid usernames. unique items |
credentialsValidationRequest
{
"_profile": "https://production.api.apiture.com/schemas/dao/credentialsValidationRequest/v0.1.0/profile.json",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}
Credentials (v0.1.0)
New customer credentials (username and password) for validation. The request may omit the username to just validate a new password, or omit password to just validate a new username.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
username | string The customer's unique on-line banking username. maxLength: 64 |
password | string The password the customer uses to log in. write-only minLength: 6 maxLength: 48 |
creditOrDebitValue
"3456.78"
Credit Or Debit Value (v0.1.0)
The monetary value representing a credit (positive amounts with no prefix or a + prefix) or debit (negative amounts with a - prefix). The numeric value is represented as a string so that it can be exact with no loss of precision.
Type: string
pattern: ^(-|+)?(0|[1-9][0-9]*).[0-9][0-9]$
customer
{
"_profile": "https://production.api.apiture.com/schemas/dao/customer/v0.10.1/profile.json",
"_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
"institutionId": "3PB_212",
"customerType": "retail",
"customerNumber": "123456789",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28",
"password": "this-is-my-secure-password",
"primaryAddress": {
"addressLine1": "555 N Front Street",
"addressLine2": "Suite 5555",
"city": "Wilmington",
"region": "North Carolina",
"postalCode": "28401-5405",
"countryCode": "US",
"international": false
},
"primaryEmailAddress": "max.peck@nasa.example.com",
"primaryPhoneNumber": "+19105550159",
"smsPhoneNumber": "+19105550159",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Customer (v0.10.1)
Representation of a digital banking customer.
Phone Numbers
The service strips all non-digits from phone number fields in request bodies. Some examples of allowed phone numbers are 9105550155, (910) 555-0155, 910.555.0155, and +19105550155. The default country code prefix is +1 (US and related regions).
Phone numbers are returned in responses in E.164 format with a leading +, country code (up to 3 digits) and subscriber number, for a total of up to 15 digits. Example: +19105550155.
Properties
| Name | Description | ||||||
|---|---|---|---|---|---|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. | ||||||
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. | ||||||
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. | ||||||
institutionId | string (required) The financial institution's ID. minLength: 4 | ||||||
customerType | string: customerType (required) The type of customer, retail (personal) or commercial (business banking).
enum values: retail, commercial | ||||||
birthdate | string(date) (required) The contact's birth date in YYYY-MM-DD format. This is required if type is retail. | ||||||
electronicStatementConsent | boolean true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
electronicDocumentConsent | boolean true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
_id | string The unique identifier for this customer resource. This is an opaque, read-only string. Note: This _id is not related to the customerNumber. The _id is the {customerId} in the customer resource URI.read-only | ||||||
taxId | string (required) The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.read-only maxLength: 16 | ||||||
customerNumber | string The unique customer number, also known as the Customer Identification File number or CIF number. This is the Member Number for credit unions. This value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource). This value cannot be changed after a customer hae been enables.minLength: 1 maxLength: 36 | ||||||
username | string The customer's unique on-line banking username. This value cannot be changed after it has been set. read-only maxLength: 64 | ||||||
state | string: customerState The state of the customer. This is a derived property. Update the state with the enableCustomer operation.read-only enum values: pending, enabled | ||||||
primaryPhoneNumber | string (required) The customer's primary phone number; also know as "day-time phone number". (See "Phone Numbers" in the schema description for details.) minLength: 8 maxLength: 16 | ||||||
secondaryPhoneNumber | string The customer's secondary phone number; also known as "evening phone number". (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 16 | ||||||
smsPhoneNumber | string The customer's phone number to use for text messages (Short Message Service or SMS). (See "Phone Numbers" in the schema description for details.) This must be a US number ( +1 if the number includes country code; ten digits excluding the country code).minLength: 9 maxLength: 20 | ||||||
alternatePhoneNumber | string The customer's alternate phone number. (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 20 | ||||||
faxPhoneNumber | string The customer's FAX phone number. (See "Phone Numbers" in the schema description for details.) minLength: 9 maxLength: 20 | ||||||
primaryAddress | object: address (required) The customer's primary address. | ||||||
primaryEmailAddress | string(email) (required) The customer's primary email address. minLength: 8 maxLength: 120 | ||||||
secondaryEmailAddress | string(email) The customer's secondary email address. minLength: 8 maxLength: 120 | ||||||
fullName | string (required) The customer's full name. If not set on a customer, the service concatenates the first, middle, and last names. maxLength: 50 | ||||||
password | string The password the customer uses to log in. This is not returned in responses; it is only used in requests to set or update the customer's password. Omit this in requests except when explicitly changing the user's password. write-only minLength: 6 maxLength: 48 |
customerAccountEntitlement
{
"_profile": "https://production.api.apiture.com/schemas/dao/baseRequest/v0.3.0/profile.json",
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "S",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
Customer Account Entitlement (v0.5.0)
Details of a new account entitlement created for a banking customer.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
accountNumber | string (required) The full account number of the new account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved). minLength: 4 maxLength: 17 |
accountType | string (required) The account type, an abbreviation of the banking account type, determined by the banking core. Examples of account types include but are not limited to: D, DDA, S, SAV, CD, IRA, LON, LOC, LOAN, CC. |
accountCode | string: accountCode The banking account product code. enum values: checking, savings, cd, ira, loan, creditCard |
accountIdentifier | string MICR number or some other account identification number depending on the underlying bank core. minLength: 2 maxLength: 32 pattern: ^[-A-Za-z0-9]{2,32}$ |
nickname | string The name the customer gave to the account. |
electronicStatementConsent | boolean true if the user consents to (monthly) electronic account statement delivery for this account. If omitted, the value in the customer is honored. |
electronicDocumentConsent | boolean true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. If omitted, the value in the customer is honored. |
customerAccountEntitlements
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerAccountEntitlements/v0.5.0/profile.json",
"customerId": "47837239834897",
"institutionId": "3PB_212",
"accounts": [
{
"accountNumber": "9876543210",
"accountCode": "savings",
"accountType": "A",
"nickname": "New car down payment savings",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
},
{
"accountNumber": "8765432108",
"accountCode": "checking",
"accountType": "DDA",
"nickname": "Daily checking account",
"electronicStatementConsent": true,
"electronicDocumentConsent": true
}
]
}
Customer Account Entitlements (v0.5.0)
Accounts for an existing customer.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. |
customerId | string The customer ID. This is not related to the customer number or member number. |
institutionId | string The financial institution's ID. minLength: 4 |
accounts | array: [customerAccountEntitlement] The customers' accounts. |
customerCommunication
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCommunication/v1.0.0/profile.json",
"type": "accountApplicationUnderReview",
"channel": "email",
"attributes": {
"accountName": "My Premiere Savings",
"productName": "Premiere Savings"
}
}
Customer Communication (v1.0.0)
Communication to a customer or to the financial institution informing them of the account opening status. The communication type and the channel are used as keys used to look up a message template, and the attributes, if any, are substituted in the template text to yield the communication message body.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
type | string (required) The type of communication message to the customer. enum values: accountApplicationSaved, accountApplicationCanceled, accountApplicationStarted, accountApplicationUnderReview, accountApplicationRejected, accountApplicationDocumentsRejected, customerCreatedAndAccountOpened, accountOpened, daoFailure |
channel | string (required) The channel through which the communication is sent to the customer. email denotes an email to the customer. secureMessage creates a new message thread between the customer and the financial institution.enum values: email, secureMessage |
attributes | object An optional map of name/value pairs which contains string values to inject into the message template associated with this message. The attributes vary by type. |
» additionalProperties | string |
emailAddress | string(email) The optional email address to use for sending the message. If present, this overrides the customer's primary email address associated with their login account or application. maxLength: 80 |
customerCredentials
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerCredentials/v0.2.0/profile.json",
"institutionId": "3PB_212",
"username": "maxpeck412",
"password": "this-is-my-secure-password"
}
Customer Credentials (v0.2.0)
Customer credentials (username and password) for authenticating an existing customer.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
institutionId | string (required) The financial institution's ID. minLength: 4 |
username | string (required) The customer's unique on-line banking username. maxLength: 64 |
password | string (required) The password the customer uses to log in. write-only minLength: 6 maxLength: 48 |
ipAddress | string (required) The IP address of the device where the customer request originated. This value must be IPV4 or IPV6 format. minLength: 6 maxLength: 128 |
customerExternalAccountEntitlement
{
"id": "8ae73adb-159d",
"accountNumber": "9876543210",
"routingNumber": "123123123",
"type": "savings",
"institutionName": "Third National Bank of the West",
"usage": "personal",
"ownerName": "Lucille Watson"
}
Customer External Account Entitlement (v0.1.0)
The result of adding customer entitlements to an external account.
Properties
| Name | Description |
|---|---|
accountNumber | string: fullAchAccountNumber (required) The full account number of the external account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved). minLength: 2 maxLength: 17 pattern: ^[- a-zA-Z0-9.]{2,17}$ |
routingNumber | string (required) The routing and transit number of the external account. minLength: 9 maxLength: 9 pattern: ^[0-9]{9}$ |
institutionName | string (required) The name of the financial institution where the external account is held. maxLength: 80 |
type | string: accountCode (required) The type of account. enum values: checking, savings, cd, ira, loan, creditCard |
ownerName | string (required) The name of the account owner at the external financial institution. maxLength: 80 |
usage | string: accountUsage (required) Indicates an account is used for personal or business banking. enum values: personal, business |
nickname | string The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname. maxLength: 50 |
id | string: resourceId (required) The opaque unique resource ID of the external account. This ID may be used to schedule a transfer from the external account to the new account being opened. minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ |
customerExternalAccountEntitlements
{
"customerId": "47837239834897",
"accounts": [
{
"id": "afd8038c56f112ce573b",
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"ownerName": "Lucile Watson",
"type": "savings",
"usage": "personal",
"nickname": "Daily checking account"
}
]
}
Customer External Account Entitlements (v0.1.0)
Response from adding external accounts for a customer.
Properties
| Name | Description |
|---|---|
customerId | string (required) The customer ID. This is not related to the customer number or member number. |
accounts | array: [customerExternalAccountEntitlement] (required) One or more external accounts added to a customer. minItems: 1 |
customerLoginUrl
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerLoginUrl/v0.1.1/profile.json",
"loginUrl": "https://thirdpartybank.example.com/digitalBanking?auth=9A8B808FD7684E17AFA621361E9E83D97DB3A139BD3D4444A1F4D71649CA8DFB",
"channel": "web",
"expiresAt": "2020-11-04T05:08:32.375Z"
}
Customer Login URL (v0.1.1)
The customer can login by visiting this loginUrl to the digital banking application. The user is pre-authenticated (single sign-on). The URL may only be used once and has an expiration time.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. |
loginUrl | string(uri) (required) The customer can login by visiting this URL to the digital banking application. maxLength: 4000 |
channel | string The channel from the createLoginUrl request.enum values: web, mobile |
expiresAt | string(date-time) The date-time when the login URL expires. If the user does not use the URL within the client application before the expiration time, the client should request a new login URL. |
customerSearch
{
"_profile": "https://production.api.apiture.com/schemas/dao/customerSearch/v0.4.0/profile.json",
"customerNumber": "123456789",
"institutionId": "3PB_212"
}
Customer Search (v0.4.0)
Search parameters for finding a registered banking customer. In addition to the required institutionId, the client must supply at least one of customerNumber and taxId.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
customerNumber | string The unique customer number, also known as the Customer Identification File number or CIF number. This derived value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource).maxLength: 48 |
taxId | string The customer's tax ID number (such as social security number). The caller should pass the full value (for example "112-22-3333") when searching customers by tax ID. The input may include '-' formatting characters; the search matches just the digits.maxLength: 16 |
institutionId | string (required) The financial institution's ID. minLength: 3 maxLength: 8 |
customerState
"pending"
Customer State (v1.1.0)
The state of the customer.
customerState strings may have one of the following enumerated values:
| Value | Description |
|---|---|
pending | Pending: A new pending customer that is awaiting review and approval |
enabled | Enabled: A customer which has been approved and enabled for digital banking |
Type: string
enum values: pending, enabled
customerType
"retail"
Customer Type (v1.0.0)
The type of customer, retail (personal) or commercial (business banking).
customerType strings may have one of the following enumerated values:
| Value | Description |
|---|---|
retail | Retail: Retail (personal) banking customer |
commercial | Commercial: Commercial (business) banking customer |
Type: string
enum values: retail, commercial
error
{
"_id": "2eae46e1575c0a7b0115a4b3",
"message": "Descriptive error message...",
"statusCode": 422,
"type": "errorType1",
"remediation": "Remediation string...",
"occurredAt": "2018-01-25T05:50:52.375Z",
"errors": [
{
"_id": "ccdbe2c5c938a230667b3827",
"message": "An optional embedded error"
},
{
"_id": "dbe9088dcfe2460f229338a3",
"message": "Another optional embedded error"
}
],
"_links": {
"describedby": {
"href": "https://developer.apiture.com/errors/errorType1"
}
}
}
Error (v2.1.0)
Describes an error in an API request or in a service called via the API.
This schema was resolved from common/error.
Properties
| Name | Description |
|---|---|
message | string (required) A localized message string describing the error condition. |
_id | string A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string. read-only |
statusCode | integer The HTTP status code associate with this error. minimum: 100 maximum: 599 |
type | string An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet. |
occurredAt | string(date-time) An RFC 3339 UTC time stamp indicating when the error occurred. |
attributes | object: attributes Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type. |
remediation | string An optional localized string which provides hints for how the user or client can resolve the error. |
errors | array: [error] An optional array of nested error objects. This property is not always present. |
_links | object: links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations. This schema was resolved from |
errorResponse
{
"_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.1/profile.json",
"_links": {
"self": {
"href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
}
},
"_error": {
"_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
"message": "Description of the error will appear here.",
"statusCode": 422,
"type": "specificErrorType",
"attributes": {
"value": "Optional attribute describing the error"
},
"remediation": "Optional instructions to remediate the error may appear here.",
"occurredAt": "2018-01-25T05:50:52.375Z",
"_links": {
"describedby": {
"href": "https://production.api.apiture.com/errors/specificErrorType"
}
},
"_embedded": {
"errors": []
}
}
}
Error Response (v2.1.1)
Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.
This schema was resolved from common/errorResponse.
Properties
| Name | Description |
|---|---|
_links | object: links An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations. This schema was resolved from |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_profile | string(uri) The URI of a resource profile which describes the representation. read-only |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. read-only |
foundCustomers
{
"_profile": "https://production.api.apiture.com/schemas/dao/foundCustomers/v0.5.1/profile.json",
"customerNumber": "123456789",
"institutionId": "3PB_212",
"found": true,
"pendingCustomerIds": [
"c6559535-3a16-442d-a8e1-1d3408602a6d",
"0437cc87-b463-4a99-9622-df16629adc77"
]
}
Found Customers (v0.5.1)
Response from searching for customers. The response includes the search criteria and whether any customers were found. Note that found can be true but pendingCustomerIds is empty; this indicates enabled customers but no pending customers match the search criteria.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. |
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. |
customerNumber | string The unique customer number, also known as the Customer Identification File number or CIF number. This derived value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource).maxLength: 48 |
taxId | string The customer's tax ID number (such as social security number). The caller should pass the full value (for example "112-22-3333") when searching customers by tax ID. The input may include '-' formatting characters; the search matches just the digits.maxLength: 16 |
institutionId | string (required) The financial institution's ID. minLength: 3 maxLength: 8 |
found | boolean (required) true if any matching customers were found. |
pendingCustomerIds | array: [string] (required) An array containing the customer ID (the _id of the customer resource) for matching pending DAO customer records. This array always exists in the response, although it may be empty. |
fullAchAccountNumber
"123456789"
Full ACH Account Number (v1.0.0)
A full account number used in ACH account processing.
Type: string
minLength: 2 maxLength: 17 pattern: ^[- a-zA-Z0-9.]{2,17}$
fundingAccountBalance
{
"id": "05d00d7d-d630",
"available": "3208.20"
}
Funding Account Balance (v0.1.0)
The balance for a customer's internal funding account.
Properties
| Name | Description |
|---|---|
id | string: resourceId (required) The unique ID of the account resource. minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ |
available | string: creditOrDebitValue The account funds available for use. This is the string representation of the exact decimal amount. This is only present if a balance is available. read-only pattern: ^(-|\+)?(0|[1-9][0-9]*)\.[0-9][0-9]$ |
fundingAccountBalances
{
"items": [
{
"id": "05d00d7d-30d6",
"available": "3208.20"
},
{
"id": "cb5d67ea-a5c3",
"available": "1750.80"
},
{
"id": "b5a4f178-2baf",
"available": "2710.80"
},
{
"id": "959908db-fd40",
"available": "4812.09"
},
{
"id": "97e6166a-2a4c",
"available": "9323.63"
}
]
}
Funding Account Balances (v0.1.0)
A list of account balances for a customer's internal funding accounts.
Properties
| Name | Description |
|---|---|
items | array: [fundingAccountBalance] The list of balances corresponding to the requested accounts. |
fundingAccountItem
{
"id": "i988e2c3f-28d8",
"nickname": "Tuition Savings",
"location": "internal",
"maskedNumber": "*1234",
"product": {
"type": "savings",
"label": "High Yield Savings"
}
}
Funding Account Item (v0.1.0)
An item in the collection of funding accounts.
Properties
| Name | Description | ||||||
|---|---|---|---|---|---|---|---|
id | string: resourceId (required) The unique, opaque resource ID of the account. minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ | ||||||
location | string: fundingAccountLocation (required) Indicates where an account is held with respect to the current financial institution.
enum values: internal, external | ||||||
institutionName | string The name of the financial institution where the account is held. This property is only present if location is external.maxLength: 80 | ||||||
nickname | string (required) The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname. maxLength: 50 | ||||||
maskedNumber | string: maskedAccountNumber (required) A masked account number: an asterisk * followed by one to four characters of the fullAccountNumber.minLength: 2 maxLength: 5 pattern: ^\*[- _a-zA-Z0-9.]{1,4}$ | ||||||
product | object: fundingAccountProduct Describes the banking product for a funding account. |
fundingAccountLocation
"internal"
Account Location (v1.0.0)
Indicates where an account is held with respect to the current financial institution.
fundingAccountLocation strings may have one of the following enumerated values:
| Value | Description |
|---|---|
internal | Internal Account: Accounts held at the current financial institution |
external | External Account: Accounts held at another financial institution |
Type: string
enum values: internal, external
fundingAccountProduct
{
"type": "cd",
"label": "180 Day CD"
}
Funding Account Banking Product (v0.1.0)
Describes the banking product for a funding account.
Properties
| Name | Description | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
type | string: fundingAccountProductType (required) The type (or category) of a banking account.
enum values: savings, checking, cd, ira, loan, creditCard | ||||||||||||||
label | string (required) A human-readable label for this banking product. maxLength: 48 |
fundingAccountProductType
"savings"
Funding Account Product Type (v0.1.0)
The type (or category) of a banking account.
fundingAccountProductType strings may have one of the following enumerated values:
| Value | Description |
|---|---|
savings | Savings: Savings Account |
checking | Checking: Checking Account |
cd | CD: Certificate of Deposit Account |
ira | IRA: Individual Retirement Account |
loan | Loan: Loan Account |
creditCard | Credit Card: Credit Card Account |
Type: string
enum values: savings, checking, cd, ira, loan, creditCard
fundingAccounts
{
"items": [
{
"id": "a687b700-a8f7",
"location": "external",
"institutionName": "State Employees Credit Union",
"nickname": "Rainy Day Fund",
"maskedNumber": "*1234",
"product": {
"type": "savings",
"label": "High Yield Savings"
}
},
{
"id": "53edf4ea-9bc7",
"nickname": "Tuition Savings",
"location": "internal",
"maskedNumber": "*2345",
"product": {
"type": "savings",
"label": "High Yield Savings"
}
},
{
"id": "if576c406-6256",
"nickname": "Share Checking",
"location": "internal",
"maskedNumber": "*3456",
"product": {
"type": "checking",
"label": "Premiere Checking"
}
}
]
}
Funding Accounts (v0.1.0)
An array of active accounts that may be used for funding new accounts.
Properties
| Name | Description |
|---|---|
items | array: [fundingAccountItem] (required) An array of active accounts that may be used for funding new accounts. |
incompleteFundingAccountBalances
{
"items": [
{
"id": "05d00d7d-d631",
"available": "3208.20"
},
{
"id": "cb5d67ea-a5c3",
"available": "1750.80"
},
{
"id": "b5a4f178-2baf"
},
{
"id": "959908db-fd40"
},
{
"id": "97e6166a-2a4c"
}
],
"incompleteAccounts": [
"b5a4f178-2baf",
"959908db-fd40",
"97e6166a-2a4c"
],
"retryCount": 1
}
Incomplete Funding Account Balance (v0.1.0)
An array of account balances by account ID, some of which are incomplete. Use the values in incompleteAccounts and retryCount to retry.
Properties
| Name | Description |
|---|---|
items | array: [fundingAccountBalance] (required) An array of items, one for each of the ?accounts= in the request, returned in the same order.maxItems: 256 |
incompleteAccounts | array: accountIds (required) An array of account IDs for accounts where a balance is not yet available. Pass these values as the ?accounts= query parameter on the next retry of the listFundingAccountBalances operation.unique items minItems: 1 maxItems: 100 |
retryCount | integer (required) Pass this value as the as the ?retryCount= parameter with the next retry of the listFundingAccountBalances operation.minimum: 1 maximum: 10 |
link
{
"href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
"title": "Application"
}
Link (v1.0.0)
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.
This schema was resolved from common/link.
Properties
| Name | Description |
|---|---|
href | string(uri) (required) The URI or URI template for the resource/operation this link refers to. |
type | string The media type for the resource. |
templated | boolean If true, the link's href is a URI template. |
title | string An optional human-readable localized title for the link. |
deprecation | string(uri) If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation. |
profile | string(uri) The URI of a profile document, a JSON document which describes the target resource/operation. |
links
{
"property1": {
"href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
"title": "Application"
},
"property2": {
"href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
"title": "Application"
}
}
Links (v1.0.0)
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
This schema was resolved from common/links.
Properties
| Name | Description |
|---|---|
additionalProperties | object: link Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property. This schema was resolved from |
maskedAccountNumber
"*1008"
Masked Account Number (v0.1.0)
A masked account number: an asterisk * followed by one to four characters of the fullAccountNumber.
Type: string
minLength: 2 maxLength: 5 pattern: ^*[- _a-zA-Z0-9.]{1,4}$
newCustomerExternalAccountEntitlement
{
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"type": "savings",
"ownerName": "Lucille Watson",
"usage": "personal",
"nickname": "My traditional Savings an Third National Bank of the West"
}
Create External Customer Account Entitlement (v1.0.0)
Details of a new external account entitlement created for a banking customer.
Properties
| Name | Description |
|---|---|
accountNumber | string: fullAchAccountNumber (required) The full account number of the external account. This is represented as a string, even if the financial institution's account numbers are numeric (so that leading zeros may be preserved). minLength: 2 maxLength: 17 pattern: ^[- a-zA-Z0-9.]{2,17}$ |
routingNumber | string (required) The routing and transit number of the external account. minLength: 9 maxLength: 9 pattern: ^[0-9]{9}$ |
institutionName | string (required) The name of the financial institution where the external account is held. maxLength: 80 |
type | string: accountCode (required) The type of account. enum values: checking, savings, cd, ira, loan, creditCard |
ownerName | string (required) The name of the account owner at the external financial institution. maxLength: 80 |
usage | string: accountUsage (required) Indicates an account is used for personal or business banking. enum values: personal, business |
nickname | string The nickname (friendly name) the customer has given this account. If omitted, the customer has not set a nickname. maxLength: 50 |
newCustomerExternalAccountEntitlements
{
"customerId": "47837239834897",
"accounts": [
{
"accountNumber": "9876543210",
"routingNumber": "123123123",
"institutionName": "Third National Bank of the West",
"ownerName": "Lucile Watson",
"type": "savings",
"usage": "personal",
"nickname": "Daily checking account"
}
]
}
New Customer External Account Entitlements (v0.1.0)
Request used to create new external customer accounts for an existing customer.
Properties
| Name | Description |
|---|---|
customerId | string (required) The customer ID. This is not related to the customer number or member number. |
accounts | array: [newCustomerExternalAccountEntitlement] (required) One or more external account entitlements to add to a customer. minItems: 1 |
oneTimePassword
{
"_profile": "https://production.api.apiture.com/schemas/dao/oneTimePassword/v1.0.0/profile.json",
"code": "377669",
"channel": "sms",
"target": "+19105550155"
}
One Time Password (v1.0.0)
One time password to send to a customer via an sms or email message.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
code | string (required) The 4 to 6 character code (one-time-password) to send the the customer. minLength: 4 maxLength: 6 pattern: ^[a-zA-Z0-9]{4,6}$ |
channel | string (required) The channel through which the communication is sent to the customer. enum values: sms, email, voice |
phoneNumber | string(phone-number) The phone number for sending the one time password to the user. This field is required if channel is sms or voice.minLength: 8 maxLength: 16 |
email | string(email) The email address for sending the one time password to the user. This field is required if channel is email.maxLength: 80 |
passwordPolicies
{
"message": "Valid passwords: * must be between 8 and 24 characters long * are case sensitive * must contain at least one letter * must contain at least one digit * must contain at least one special character * may not contain the username * may not contain data from the user profile (street address, phone number, tax ID) * may not contain repeating such as `111` * may not match the last 6 passwords",
"enforced": [
"minimumLength",
"maximumLength",
"minimumNumberOfLetters",
"minimumNumberOfDigits",
"usernameDisallowed",
"personalDataDisallowed",
"repeatingCharactersDisallowed",
"notMatchPrevious"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"minimumNumberOfLetters": 1,
"minimumNumberOfDigits": 1,
"minimumNumberOfSpecial": 1,
"usernameDisallowed": true,
"personalDataDisallowed": true,
"repeatingCharactersDisallowed": true,
"notMatchPrevious": 6
}
Password Policies (v0.2.0)
The rules the financial institution imposes for password policies. The enforced array lists which policies are in force. The corresponding properties provide the values for those policies. For example, if enforced contains [ minimumLength, maximumLength, minimumNumberOfLetters, minimumNumberOfDigits ] then the properties minimumLength, maximumLength, minimumNumberOfLetters, minimumNumberOfDigits define the enforced constraints for those policies, such as:
{ "minimumLength": 8, "maximumLength": 24, "minimumNumberOfLetters": 1 "minimumNumberOfDigits": 1 } Properties of this schema which are not listed in policies are not enforced and clients should ignore their values.
Properties
| Name | Description |
|---|---|
message | string(markdown) A summary description of the active password policies. This is Github Flavored Markdown. The client can render the Markdown for display to the user. This is often list format. |
enforced | array: [passwordPolicyName] The array of password policies that the financial institution enforces. The values are used as name key in a passwordViolation.unique items |
minimumLength | integer The minimum number of characters in a password. minimum: 1 maximum: 100 |
maximumLength | integer The maximum number of characters in a password. minimum: 1 maximum: 256 |
caseSensitive | boolean If true, passwords are case sensitive. For example, this-is-my-secure-password is not the same as This-is-My-Secure-Password. |
minimumNumberOfLetters | integer The minimum number of ASCII letters ( 'a'-'z', 'A'-'Z') that the password must contain.minimum: 0 |
minimumNumberOfDigits | integer The minimum number of ASCII digits ( '0'-'9') that the password must contain.minimum: 0 |
minimumNumberOfSpecial | integer The minimum number of non-letter, non-digit characters ASCII printable characters ( '.', '-', '$', ':', '!' etc.) that the password must contain.minimum: 0 |
usernameDisallowed | boolean If true, the password may not the same characters in the customer's username. |
personalDataDisallowed | boolean If true, the password may not contain sequences or subsequences from the customer's personal data, such the tax ID or last four digits of the tax ID, or the house number or a sequence of digits from one of their phone numbers. |
repeatingCharactersDisallowed | boolean If true, the password may not contain sequences of repeating characters such as 111 or mmm. |
notMatchPrevious | integer The password must not match this number of recently used passwords. If 0, no check is made. |
passwordPolicyName
"minimumLength"
Password Policy Name (v1.1.0)
The name of a specific password policy. This corresponds to an item in passwordPolicies.enforced.
passwordPolicyName strings may have one of the following enumerated values:
| Value | Description |
|---|---|
minimumLength | The minimum number of characters in a password |
maximumLength | The maximum number of characters in a password |
caseSensitive | Case-sensitive: Passwords are case-sensitive |
minimumNumberOfLetters | Minimum number of letters (a-z, A-Z) in a password |
minimumNumberOfDigits | Minimum number of digits (0-9) in a password |
minimumNumberOfSpecial | Minimum number of special (non-letter, non-digit) characters in a password |
usernameDisallowed | A password may not contain the customer's username |
personalDataDisallowed | A password may not contain personal data such as tax ID, address, zip, phone number |
repeatingCharactersDisallowed | Repeating characters such as '111' or 'mmmm' are not allowed in a password |
notMatchPrevious | The password must not match recently used passwords |
Type: string
enum values: minimumLength, maximumLength, caseSensitive, minimumNumberOfLetters, minimumNumberOfDigits, minimumNumberOfSpecial, usernameDisallowed, personalDataDisallowed, repeatingCharactersDisallowed, notMatchPrevious
passwordViolation
{
"name": "minimumLength",
"message": "Password must be at least 8 characters long."
}
Password Policy Violation (v0.1.0)
A password policy rule violation, part of credential validation response.
Properties
| Name | Description |
|---|---|
message | string (required) A message that explains this policy violation. maxLength: 128 |
name | string: passwordPolicyName (required) The name of the password policy that this password violates. This corresponds to a item in the passwordPolicies.enforced array and the corresponding property in the passwordPolicies object.enum values: minimumLength, maximumLength, caseSensitive, minimumNumberOfLetters, minimumNumberOfDigits, minimumNumberOfSpecial, usernameDisallowed, personalDataDisallowed, repeatingCharactersDisallowed, notMatchPrevious |
resourceId
"string"
Resource ID (v1.0.0)
The unique, opaque resource ID of the account.
Type: string
minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$
securityQuestionAnswer
{
"question": "What was your high school mascot?",
"questionIndex": 4,
"answer": "Burrowing Owls"
}
Security Question Answer (v0.2.0)
The answer the customer gave to a security questions.
Properties
| Name | Description |
|---|---|
question | string (required) The security question text. |
questionIndex | integer (required) The zero-based index of the question from securityQuestionCandidates.questions.minimum: 0 maximum: 12 |
answer | string (required) The text of the answer the customer provided for this question. The service removes leading and trailing whitespace from the answer. minLength: 1 maxLength: 255 |
securityQuestionAnswers
{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionAnswers/v0.2.0/profile.json",
"answers": [
{
"question": "What street did you live on when your were ten years old?",
"questionIndex": 1,
"answer": "Lombardo"
},
{
"question": "What is the breed of your first pet?",
"questionIndex": 3,
"answer": "Bernese Mountain Dog"
},
{
"question": "What was your high school mascot?",
"questionIndex": 4,
"answer": "Burrowing Owls"
},
{
"question": "What is your favorite security question?",
"questionIndex": 5,
"answer": "What is your favorite security question?"
}
]
}
Security Question Answers (v0.2.0)
The security questions that the user selected and the answer they gave to each.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
answers | array: [securityQuestionAnswer] (required) An array of questions and answers that the customer provided. minLength: 1 maxLength: 12 |
securityQuestionCandidate
{
"text": "In what city was your father born?",
"minimumLength": 2,
"maximumLength": 30
}
Security Question Candidate (v0.1.0)
A candidate security question and any constraints on answers to that question.
Properties
| Name | Description |
|---|---|
text | string (required) The text of the security question. maxLength: 80 |
minimumLength | integer (required) The minimum number of characters an answer must have after removing leading and trailing whitespace. |
maximumLength | integer (required) The maximum length an answer may have have after removing leading and trailing whitespace. |
pattern | string An optional regular expression pattern that the answer must match. |
securityQuestionCandidates
{
"_profile": "https://production.api.apiture.com/schemas/dao/securityQuestionCandidates/v0.1.0/profile.json",
"questions": [
{
"text": "What is your mother's maiden name?",
"minimumLength": 2,
"maximumLength": 64
},
{
"text": "What street did you live on when your were ten years old?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "In what city was your father born?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What is the breed of your first pet?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What was your high school mascot?",
"minimumLength": 2,
"maximumLength": 30
},
{
"text": "What is your favorite security question?",
"minimumLength": 8,
"maximumLength": 80
}
],
"minimumAnswerCount": 3,
"maximumAnswerCount": 3
}
Security Question Candidates (v0.1.0)
A list of candidate security questions the customer may choose from and provide answers so that they can prove their identity later.
Properties
| Name | Description |
|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. |
questions | array: [securityQuestionCandidate] (required) An array of questions that the customer may choose from. minItems: 4 |
minimumAnswerCount | integer (required) The minimum number questions the customer must select and answer. minimum: 1 maximum: 8 |
maximumAnswerCount | integer (required) The maximum number questions the customer must select and answer. minimum: 1 maximum: 12 |
summaryCustomer
{
"_profile": "https://production.api.apiture.com/schemas/dao/summaryCustomer/v0.10.1/profile.json",
"_id": "bcea94f7-d542-4cee-ac3b-2b40903a46fc",
"institutionId": "3PB_212",
"customerType": "retail",
"customerNumber": "123456789",
"fullName": "Maxwell Daniel Peck",
"username": "maxpeck412",
"state": "enabled",
"taxId": "112-22-3333",
"birthdate": "1975-02-28"
}
Summary Customer (v0.10.1)
A summary representation of a customer, returned in customer collections.
Properties
| Name | Description | ||||||
|---|---|---|---|---|---|---|---|
_profile | string(uri) The URI of a resource profile which describes the representation. | ||||||
_embedded | object An optional map of nested resources, mapping each nested resource name to a nested resource representation. | ||||||
_error | object: error An object which describes an error. This value is omitted if the operation succeeded without error. | ||||||
institutionId | string The financial institution's ID. minLength: 4 | ||||||
customerType | string: customerType The type of customer, retail (personal) or commercial (business banking).
enum values: retail, commercial | ||||||
birthdate | string(date) The contact's birth date in YYYY-MM-DD format. This is required if type is retail. | ||||||
electronicStatementConsent | boolean true if the user consents to (monthly) electronic account statement delivery. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
electronicDocumentConsent | boolean true if the user consents to electronic document delivery for documents other than their monthly account statement for this account. This may be overridden on an account-by-account basis when setting creating customer account entitlements.Default: false | ||||||
_id | string The unique identifier for this customer resource. This is an opaque, read-only string. Note: This _id is not related to the customerNumber. The _id is the {customerId} in the customer resource URI.read-only | ||||||
taxId | string The customer's tax ID. The caller should pass the full tax ID (for example "112-22-3333") when creating a customer.read-only maxLength: 16 | ||||||
customerNumber | string The unique customer number, also known as the Customer Identification File number or CIF number. This is the Member Number for credit unions. This value is assigned to the customer in the banking core. The customerNumber differs from the _id (which is the ID of the resource). This value cannot be changed after a customer hae been enables.minLength: 1 maxLength: 36 | ||||||
username | string The customer's unique on-line banking username. This value cannot be changed after it has been set. read-only maxLength: 64 | ||||||
state | string: customerState The state of the customer. This is a derived property. Update the state with the enableCustomer operation.read-only enum values: pending, enabled |
usernamePolicies
{
"message": "Valid usernames: * must be between 5 and 20 characters long * are case sensitive * may not contain data from the user profile (street address, phone number, tax ID)",
"enforced": [
"minimumLength",
"maximumLength",
"caseSensitive",
"personalDataDisallowed",
"accountDataDisallowed"
],
"minimumLength": 8,
"maximumLength": 24,
"caseSensitive": true,
"personalDataDisallowed": true,
"accountDataDisallowed": true
}
Username Policies (v0.1.0)
The rules the financial institution imposes for usernames.
Properties
| Name | Description |
|---|---|
message | string(markdown) A summary description of the active username policies. This is Github Flavored Markdown. The client can render the Markdown for display to the user. This is often list format. |
enforced | array: [usernamePolicyName] The array of username policies that the financial institution enforces. The values are used as name key in a usernameViolation.unique items |
minimumLength | integer The minimum number of characters in a username. |
maximumLength | integer The minimum number of characters in a username. |
caseSensitive | boolean If true, usernames are case sensitive and the user must enter the username with the correct matching case to login. |
usernameDisallowed | boolean If true, the username may not the same characters in the customer's username. |
personalDataDisallowed | boolean If true, the username may not contain sequences or subsequences from the customer's personal data, such the tax ID or last four digits of the tax ID, or the house number or a sequence of digits from one of their phone numbers. |
accountDataDisallowed | boolean If true, the username may not contain sequences or subsequences from the customer's account data, such as the account number, customer ID or member number, or other key account properties. |
usernamePolicyName
"minimumLength"
Username Policy Name (v1.0.0)
The name of a specific username policy. This corresponds to an item in usernamePolicies.enforced or in a usernameViolation.name.
usernamePolicyName strings may have one of the following enumerated values:
| Value | Description |
|---|---|
minimumLength | Minimum username length |
maximumLength | Maximum username length |
caseSensitive | Usernames are case-sensitive: Case-sensitive |
personalDataDisallowed | Personal Data Disallowed: A usernames may not contain personal data such as tax ID, address, zip, phone number |
accountDataDisallowed | A username may not contain sequences or subsequences from the account data |
Type: string
enum values: minimumLength, maximumLength, caseSensitive, personalDataDisallowed, accountDataDisallowed
usernameViolation
{
"name": "personalDataDisallowed",
"message": "Username may not contain personal data such as tax ID, address, zip, phone number"
}
Username Policy Violation (v0.1.0)
A username policy rule violation, part of credential validation response.
Properties
| Name | Description |
|---|---|
name | string: usernamePolicyName (required) The name of the username policy that this password violates enum values: minimumLength, maximumLength, caseSensitive, personalDataDisallowed, accountDataDisallowed |
message | string (required) A message that explains this policy violation. maxLength: 128 |