Customers v0.7.0

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

Banking Customers. Customers can be either individuals or businesses who hold bank accounts.

Download OpenAPI Definition (YAML)

Base URLs:

https://api.apiture.com/banking

Email: Apiture Web: Apiture

License: Apiture API License

Authentication

API Key (apiKey)
- header parameter: API-Key
- API Key based client identification. See details at Secure Access.

OpenID Connect authentication (accessToken)
- OpenId Connect (OIDC) authentication/authorization. The client uses the authorization_endpoint and token_endpoint to obtain an access token to pass in the Authorization header. Those endpoints are available via the OIDC Configuration URL. The actual URL may vary with each financial institution. See details at Secure Access.
- OIDC Configuration URL = https://oidc.apiture.com/oidc/.well-known/oidc-configuration

Customers

Banking Customers

getMyPreferences

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/banking/customers/me/preferences \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.apiture.com/banking/customers/me/preferences HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/banking/customers/me/preferences',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/banking/customers/me/preferences',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.apiture.com/banking/customers/me/preferences',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.apiture.com/banking/customers/me/preferences', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/banking/customers/me/preferences");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/banking/customers/me/preferences", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return the customer's preferences

GET https://api.apiture.com/banking/customers/me/preferences

Return the customer's preferences, organized by preference groups.

Optionally, an agent can access a business customer's preferences when acting on behalf of that business customer.

Parameters

Parameter Description

customerId
in: query resourceId
The optional identifier of a business customer. This is an opaque string. An agent who is operating on behalf of a business can use this to access the resources of that business customer. The agent must have entitlements to act on behalf of the business; if not, the operation returns a 403 Forbidden response. For other situations, omit this value, else this must match the authenticated caller's customer ID (not their access ID).
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

Parameter	Description
`customerId` `in: query`	`resourceId` The optional identifier of a business customer. This is an opaque string. An agent who is operating on behalf of a business can use this to access the resources of that business customer. The agent must have entitlements to act on behalf of the business; if not, the operation returns a 403 Forbidden response. For other situations, omit this value, else this must match the authenticated caller's customer ID (not their access ID). `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`

Example responses

200 Response

{
  "ach": {
    "settlement": {
      "ppdDebit": "summary",
      "ppdCredit": "detailed",
      "ctxDebit": "detailed",
      "ctxCredit": "summary",
      "ccdDebit": "summary",
      "ccdCredit": "summary",
      "achImport": "summary"
    }
  }
}

Responses

Status	Description
200	OK
	OK.
	Schema: `customerPreferences`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `problemResponse`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: problemResponse

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request. `https://production.api.apiture.com/errors/sessionExpired/v1.0.0` The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/loginIncomplete/v1.0.0` The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session. `https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0` The user must change their password. Remediation: Instruct the user to change their password or other login credentials. `https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0` The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `problemResponse`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
https://production.api.apiture.com/errors/sessionExpired/v1.0.0
The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/loginIncomplete/v1.0.0
The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session.
https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0
The user must change their password. Remediation: Instruct the user to change their password or other login credentials.
https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0
The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: problemResponse

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
	Schema: `problemResponse`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.

Schema: problemResponse

Status	Description
422	Unprocessable Entity
	Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.
	Schema: `problemResponse`

getMyAchPreferences

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/banking/customers/me/preferences/ach \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.apiture.com/banking/customers/me/preferences/ach HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/banking/customers/me/preferences/ach',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/banking/customers/me/preferences/ach',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.apiture.com/banking/customers/me/preferences/ach',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.apiture.com/banking/customers/me/preferences/ach', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/banking/customers/me/preferences/ach");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/banking/customers/me/preferences/ach", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return the customer's ACH preferences

GET https://api.apiture.com/banking/customers/me/preferences/ach

Return the customer's preferences related to ACH batches.

Optionally, an agent can access a business customer's preferences when acting on behalf of that business customer.

Parameters

Parameter Description

Parameter	Description
`customerId` `in: query`	`resourceId` The optional identifier of a business customer. This is an opaque string. An agent who is operating on behalf of a business can use this to access the resources of that business customer. The agent must have entitlements to act on behalf of the business; if not, the operation returns a 403 Forbidden response. For other situations, omit this value, else this must match the authenticated caller's customer ID (not their access ID). `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`

Example responses

200 Response

{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}

Responses

Status	Description
200	OK
	OK.
	Schema: `customerAchPreferences`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `problemResponse`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: problemResponse

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request. `https://production.api.apiture.com/errors/sessionExpired/v1.0.0` The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/loginIncomplete/v1.0.0` The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session. `https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0` The user must change their password. Remediation: Instruct the user to change their password or other login credentials. `https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0` The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `problemResponse`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
https://production.api.apiture.com/errors/sessionExpired/v1.0.0
The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/loginIncomplete/v1.0.0
The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session.
https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0
The user must change their password. Remediation: Instruct the user to change their password or other login credentials.
https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0
The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: problemResponse

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
	Schema: `problemResponse`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.

Schema: problemResponse

patchMyAchPreferences

Code samples

# You can also use wget
curl -X PATCH https://api.apiture.com/banking/customers/me/preferences/ach \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

PATCH https://api.apiture.com/banking/customers/me/preferences/ach HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/banking/customers/me/preferences/ach',
{
  method: 'PATCH',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/banking/customers/me/preferences/ach',
  method: 'patch',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.patch 'https://api.apiture.com/banking/customers/me/preferences/ach',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.patch('https://api.apiture.com/banking/customers/me/preferences/ach', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/banking/customers/me/preferences/ach");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PATCH");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PATCH", "https://api.apiture.com/banking/customers/me/preferences/ach", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Update the customer's ACH preferences

PATCH https://api.apiture.com/banking/customers/me/preferences/ach

Perform a partial update of the customer's ACH preferences as per JSON Merge Patch format and processing rules. Only fields in the request body are updated on the resource; fields which are omitted are not updated.

Optionally, an agent can access a business customer's preferences when acting on behalf of that business customer.

Body parameter

{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}

Parameters

Parameter Description

body customerAchPreferencesPatch (required)

Parameter	Description
`customerId` `in: query`	`resourceId` The optional identifier of a business customer. This is an opaque string. An agent who is operating on behalf of a business can use this to access the resources of that business customer. The agent must have entitlements to act on behalf of the business; if not, the operation returns a 403 Forbidden response. For other situations, omit this value, else this must match the authenticated caller's customer ID (not their access ID). `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`body`	`customerAchPreferencesPatch` (required)

Example responses

200 Response

{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}

Responses

Status	Description
200	OK
	OK.
	Schema: `customerAchPreferences`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `problemResponse`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: problemResponse

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request. `https://production.api.apiture.com/errors/sessionExpired/v1.0.0` The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/loginIncomplete/v1.0.0` The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session. `https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0` The user must change their password. Remediation: Instruct the user to change their password or other login credentials. `https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0` The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `problemResponse`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
https://production.api.apiture.com/errors/sessionExpired/v1.0.0
The user's session has expired. Remediation: Re-authenticate the user to get a new access token or other authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires a the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/loginIncomplete/v1.0.0
The user is correctly authenticated but additional actions are required for activating their login session. Remediation: Instruct the user to complete the additional actions to activate their login session.
https://production.api.apiture.com/errors/passwordChangeRequired/v1.0.0
The user must change their password. Remediation: Instruct the user to change their password or other login credentials.
https://production.api.apiture.com/errors/invalidCsrfToken/v1.0.0
The CSRF token is invalid. Remediation: The client application is not correctly configured to send CSRF.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: problemResponse

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
	Schema: `problemResponse`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This error response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.

Schema: problemResponse

Schemas

achPaymentSettlementType

"summary"

ACH Payment Settlement Type (v1.0.0)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

type: string

enum values: summary, detailed

achSettlementPreference

{
  "ppdDebit": "summary",
  "ppdCredit": "detailed",
  "ctxDebit": "detailed",
  "ctxCredit": "summary",
  "ccdDebit": "summary",
  "ccdCredit": "summary",
  "achImport": "summary"
}

ACH Settlement Preference (v1.0.0)

Indicates the ACH settlement type for payment batch creation. Preferences are set for various individual SEC codes for specific payment directions, as well as for imports via NACHA ACH file.
The schema achSettlementPreference was added on version 0.2.0 of the API.

Properties

Name Description

ACH Settlement Preference (v1.0.0) object
Indicates the ACH settlement type for payment batch creation. Preferences are set for various individual SEC codes for specific payment directions, as well as for imports via NACHA ACH file.
The schema achSettlementPreference was added on version 0.2.0 of the API.

ppdDebit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

ppdCredit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

ctxDebit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

ctxCredit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

ccdDebit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

ccdCredit

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

achImport

achPaymentSettlementType (required)

Provides instruction for the system on how to process the payment batch.
The schema achPaymentSettlementType was added on version 0.2.0 of the API.

achPaymentSettlementType strings may have one of the following enumerated values:

Value	Description
`summary`	Summary: Creates a single offsetting entry in the settlement account for all instructions in the payment batch.
`detailed`	Detailed: Creates individual offsetting entries in the settlement account for each instruction in the payment batch.

enum values: summary, detailed

apiProblem

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists at the given account_url",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

API Problem (v1.1.0)

API problem or error, as per RFC 7807 application/problem+json.

Properties

Name	Description
`API Problem (v1.1.0)`	`object` API problem or error, as per RFC 7807 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference`
`title`	`string` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`.
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string` A human-readable explanation specific to this occurrence of the problem.
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference`
`id`	`readOnlyResourceId` The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`occurredAt`	`readOnlyTimestamp(date-time)` A readonly or derived timestamp (an instant in time) formatted in RFC 3339 `date-time` UTC format: `YYYY-MM-DDThh:mm:ss.sssZ`. The schema `readOnlyTimestamp` was added on version `0.4.0` of the API. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. items: `object`

challengeFactor

{
  "type": "sms",
  "labels": [
    "9876"
  ]
}

Challenge Factor (v1.0.0)

An challenge factor. See requiredIdentityChallenge for multiple examples.

Properties

Name Description

Challenge Factor (v1.0.0) object
An challenge factor. See requiredIdentityChallenge for multiple examples.

type

challengeFactorType (required)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

enum values: sms, email, voice, securityQuestions, authenticatorToken

labels array: [string]
A list of text label which identifies the channel(s) though which the user completes the challenge. For an sms or voice challenge, the only label item is the last four digits of the corresponding phone number. For an email challenge, each label is the masked email address.
minItems: 1
maxItems: 4
items: string
» maxLength: 40

securityQuestions challengeSecurityQuestions
Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

challengeFactorType

"sms"

Challenge Factor Type (v1.0.0)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

type: string

enum values: sms, email, voice, securityQuestions, authenticatorToken

challengePromptId

"string"

Challenge Prompt ID (v1.0.0)

The unique ID of a prompt (such as a security question) in a challenge factor.

type: string

minLength: 1
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

challengeSecurityQuestion

{
  "id": "74699fa628911e762ea5",
  "prompt": "What is your mother's maiden name?"
}

Challenge Security Question (v1.0.0)

A single security question within the questions array of the challengeSecurityQuestions

Properties

Name	Description
`Challenge Security Question (v1.0.0)`	`object` A single security question within the `questions` array of the `challengeSecurityQuestions`
`id`	`challengePromptId` (required) The unique ID of a prompt (such as a security question) in a challenge factor. `minLength: 1` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`prompt`	`string` (required) The text prompt of this security question. `maxLength: 50`

challengeSecurityQuestions

{
  "questions": [
    {
      "id": "q1",
      "prompt": "What is your mother's maiden name?"
    },
    {
      "id": "q4",
      "prompt": "What is your high school's name?"
    },
    {
      "id": "q9",
      "prompt": "What is the name of your first pet?"
    }
  ]
}

Challenge Security Questions (v1.0.0)

Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

Properties

Name	Description
`Challenge Security Questions (v1.0.0)`	`object` Describes a `securityQuestions` challenge. This is omitted if the challenge `type` is not `securityQuestions`.
`questions`	`array: [challengeSecurityQuestion]` (required) The array of security questions. `minItems: 1` `maxItems: 8` items: `object`

customerAchPreferences

{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}

Customer ACH Preferences (v1.0.0)

A digital banking customer's ACH Payment preferences.
The schema customerAchPreferences was added on version 0.2.0 of the API.

Properties

Name	Description
`Customer ACH Preferences (v1.0.0)`	`object` A digital banking customer's ACH Payment preferences. The schema `customerAchPreferences` was added on version `0.2.0` of the API.
`settlement`	`achSettlementPreference` (required) Indicates the ACH settlement type for payment batch creation. Preferences are set for various individual SEC codes for specific payment directions, as well as for imports via NACHA ACH file. The schema `achSettlementPreference` was added on version `0.2.0` of the API.

customerAchPreferencesPatch

{
  "settlement": {
    "ppdDebit": "summary",
    "ppdCredit": "detailed",
    "ctxDebit": "detailed",
    "ctxCredit": "summary",
    "ccdDebit": "summary",
    "ccdCredit": "summary",
    "achImport": "summary"
  }
}

Customer ACH Preferences Patch (v1.0.0)

Representation used to patch existing customer ACH preferences using the JSON Merge Patch format and processing rules.
The schema customerAchPreferencesPatch was added on version 0.2.0 of the API.

Properties

Name	Description
`Customer ACH Preferences Patch (v1.0.0)`	`object` Representation used to patch existing customer ACH preferences using the JSON Merge Patch format and processing rules. The schema `customerAchPreferencesPatch` was added on version `0.2.0` of the API.
`settlement`	`achSettlementPreference` Indicates the ACH settlement type for payment batch creation. Preferences are set for various individual SEC codes for specific payment directions, as well as for imports via NACHA ACH file. The schema `achSettlementPreference` was added on version `0.2.0` of the API.

customerPreferences

{
  "ach": {
    "settlement": {
      "ppdDebit": "summary",
      "ppdCredit": "detailed",
      "ctxDebit": "detailed",
      "ctxCredit": "summary",
      "ccdDebit": "summary",
      "ccdCredit": "summary",
      "achImport": "summary"
    }
  }
}

Customer Preference (v1.0.1)

Enumerated customer preferences grouped by preference category.
The schema customerPreferences was added on version 0.2.0 of the API.

Properties

Name	Description
`Customer Preference (v1.0.1)`	`object` Enumerated customer preferences grouped by preference category. The schema `customerPreferences` was added on version `0.2.0` of the API.
`ach`	`customerAchPreferences` Customer preferences related to ACH batch payments.

customerReference

{
  "id": "f48291b6-14ce",
  "name": "Amanda Cummins"
}

Customer Reference (v1.0.0)

A reference to a customer. The name property is the customer's name at the time this reference was created.

Properties

Name	Description
`Customer Reference (v1.0.0)`	`object` A reference to a customer. The `name` property is the customer's `name` at the time this reference was created.
`id`	`resourceId` (required) The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL. `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`name`	`string` (required) The customer's full name. `minLength: 2` `maxLength: 48`

phoneNumberType

"primary"

Phone Number Type (v1.0.0)

Describes the type of a banking customer's phone number.

phoneNumberType strings may have one of the following enumerated values:

Value	Description
`primary`	Primary: The user's primary phone number
`secondary`	Secondary: The user's secondary phone number
`mobile`	Mobile: The user's mobile phone number
`fax`	fax: The user's fax phone number
`alternate`	Alternate: The user's alternate phone number

type: string

enum values: primary, secondary, mobile, fax, alternate

problemResponse

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists for the given account reference",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Problem Response (v0.3.0)

API problem or error response, as per RFC 7807 application/problem+json.

Properties

Name	Description
`Problem Response (v0.3.0)`	`object` API problem or error response, as per RFC 7807 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference`
`title`	`string` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`.
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string` A human-readable explanation specific to this occurrence of the problem.
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference`
`id`	`readOnlyResourceId` The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`occurredAt`	`readOnlyTimestamp(date-time)` A readonly or derived timestamp (an instant in time) formatted in RFC 3339 `date-time` UTC format: `YYYY-MM-DDThh:mm:ss.sssZ`. The schema `readOnlyTimestamp` was added on version `0.4.0` of the API. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. items: `object`
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

readOnlyResourceId

"string"

Read-only Resource Identifier (v1.0.0)

The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.

type: string

read-only
minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

readOnlyTimestamp

"2021-10-30T19:06:04.250Z"

Read-Only Timestamp (v1.0.0)

A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.
The schema readOnlyTimestamp was added on version 0.4.0 of the API.

type: string(date-time)

read-only
format: date-time
minLength: 20
maxLength: 30

requiredIdentityChallenge

{
  "operationId": "createTransfer",
  "challengeId": "0504076c566a3cf7009c",
  "factors": [
    {
      "type": "sms",
      "labels": [
        "9876"
      ]
    },
    {
      "type": "voice",
      "labels": [
        "9876"
      ]
    },
    {
      "type": "voice",
      "labels": [
        "6754"
      ]
    },
    {
      "type": "email",
      "labels": [
        "an****nk@example.com",
        "an****98@example.com"
      ]
    },
    {
      "type": "authenticatorToken",
      "labels": [
        "Acme fob"
      ]
    },
    {
      "type": "securityQuestions",
      "securityQuestions": {
        "questions": [
          {
            "id": "q1",
            "prompt": "What is your mother's maiden name?"
          },
          {
            "id": "q4",
            "prompt": "What is your high school's name?"
          },
          {
            "id": "q9",
            "prompt": "What is the name of your first pet?"
          }
        ]
      }
    }
  ]
}

Required Challenge (v1.0.0)

A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is challengeRequired. See the "Challenge API" for details.

Properties

Name	Description
`Required Challenge (v1.0.0)`	`object` A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is `challengeRequired`. See the "Challenge API" for details.
`operationId`	`readOnlyResourceId` (required) The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`challengeId`	`readOnlyResourceId` (required) The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable. `read-only` `minLength: 6` `maxLength: 48` `pattern: ^[-_:.~$a-zA-Z0-9]+$`
`factors`	`array: [challengeFactor]` (required) A list of challenge factors. The user must complete one of these challenge factors. The `labels` in each factor identify one or more channels the user may use, such as a list of email addresses the system may use to send a one-time passcode to the user. *Note: The same channel may be used by multiple factors in the array of factors. For example, the user's primary mobile phone number may be used for both an `sms` factor and a `voice` factor. `minLength: 1` `maxLength: 8` items: `object`

resourceId

"string"

Resource Identifier (v1.0.0)

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

type: string

minLength: 6
maxLength: 48
pattern: ^[-_:.~$a-zA-Z0-9]+$

Generated by @apiture/api-doc 3.0.2 on Tue May 16 2023 17:32:44 GMT+0000 (Coordinated Universal Time).