System Card Activity Webhook v0.1.1

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

This API defines a webhook which Card Adapter uses to inform Apiture Digital Banking of new activity on a debit or credit card.

This is not a vendor-specific API.

Download OpenAPI Definition (YAML)

Base URLs:

https://api.apiture.com/system

Email: Apiture Web: Apiture

License: Apiture API License

Authentication

OAuth2 authentication (clientCredentials)
- Client Credentials OAuth2 flow that allows a secure service application to access resources. (This access is not used with insecure clients such as web or mobile applications.) See details at Secure Access.
- Flow: clientCredentials
- Token URL = https://dev-oidc.apiture-comm-nonprod.com/oidc/token

Scope	Scope Description
`cardAdapter/write`	For webhook calls from Card Adapter to alert customers of card activity

System Card Activity Webhook

processCardActivity

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/system/incomingCardActivity \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/problem+json' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.apiture.com/system/incomingCardActivity HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/problem+json

const fetch = require('node-fetch');
const inputBody = '{
  "institutionId": "TIBURON",
  "items": [
    {
      "customerId": "d1b95731fb029fec062c",
      "cardId": "ca0sf8ds0af",
      "pan": "4242424242424242",
      "activityType": "declined",
      "reasonCode": "transactionLimitSurpassed",
      "reason": "The per transaction limit was surpassed",
      "amount": {
        "value": "5555.55",
        "currency": "USD"
      },
      "merchant": {
        "category": "shopping.other",
        "name": "Amazon",
        "address": {
          "regionCode": "WA",
          "countryCode": "US"
        }
      },
      "occurredAt": "2024-10-01T07:56:02.375Z",
      "location": "onlineMerchant"
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/incomingCardActivity',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/incomingCardActivity',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/problem+json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.apiture.com/system/incomingCardActivity',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/problem+json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.apiture.com/system/incomingCardActivity', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/incomingCardActivity");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/problem+json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/system/incomingCardActivity", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Inform Apiture Digital Banking of incoming card activity from Card Adapter.

POST https://api.apiture.com/system/incomingCardActivity

Card Adapter uses this webhook to inform ADB of new card activity so that ADB can notify customers of card activity via their card notification subscription preferences.

Body parameter

{
  "institutionId": "TIBURON",
  "items": [
    {
      "customerId": "d1b95731fb029fec062c",
      "cardId": "ca0sf8ds0af",
      "pan": "4242424242424242",
      "activityType": "declined",
      "reasonCode": "transactionLimitSurpassed",
      "reason": "The per transaction limit was surpassed",
      "amount": {
        "value": "5555.55",
        "currency": "USD"
      },
      "merchant": {
        "category": "shopping.other",
        "name": "Amazon",
        "address": {
          "regionCode": "WA",
          "countryCode": "US"
        }
      },
      "occurredAt": "2024-10-01T07:56:02.375Z",
      "location": "onlineMerchant"
    }
  ]
}

Parameters

Parameter	Description
`body`	`incomingSystemCardActivity` (required) `Unevaluated Properties: false`

Example responses

400 Response

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/badRequest/v1.0.0",
  "title": "Bad Request",
  "status": 400,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "Input did not parse as JSON",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Responses

Status	Description
200	OK
	OK.

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `Inline`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `Inline`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Schemas

apiProblem

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists at the given account_url",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

API Problem (v1.2.1)

API problem or error, as per RFC 7807 application/problem+json.

Properties

Name	Description
`API Problem (v1.2.1)`	`object` API problem or error, as per RFC 7807 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`

cardActivity

{
  "customerId": "d1b95731fb029fec062c",
  "cardId": "ca0sf8ds0af",
  "pan": "4242424242424242",
  "activityType": "declined",
  "reasonCode": "transactionLimitSurpassed",
  "reason": "The per transaction limit was surpassed",
  "amount": {
    "value": "5555.55",
    "currency": "USD"
  },
  "merchant": {
    "category": "shopping.other",
    "name": "Amazon",
    "address": {
      "regionCode": "WA",
      "countryCode": "US"
    }
  },
  "occurredAt": "2024-10-01T07:56:02.375Z",
  "location": "onlineMerchant"
}

Card Activity (v1.0.0)

The default payload for each card activity notification in a webhook message.

Properties

Name Description

Card Activity (v1.0.0) object
The default payload for each card activity notification in a webhook message.
Unevaluated Properties: false

customerId readOnlyResourceId
The unique ID of a banking customer. Only present if known.
read-only
minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

customerTaxId string(text)
The customer's US social security number (SSN) or individual taxpayer ID number (ITIN). Only present if known.
format: text
minLength: 9
maxLength: 11

cardId

externalResourceId(text)
The identifier of the card.

A cardId is different from the credit or debit card account id.
read-only
format: text
minLength: 1
maxLength: 256

pan fullCardPersonalAccountNumber (required)
The PAN (primary account number) of the card. This a numeric identifier assigned to credit and debit cards for financial transactions. It typically consists of 16 digits and can be found on the front or back of the card.
minLength: 14
maxLength: 19
pattern: "^\\d{1}[0-9 ]{12,17}\\d{1}$"

activityType

cardActivityType (required)

The type of the card activity.

cardActivityType strings may have one of the following enumerated values:

Value	Description
`approved`	Approved: The card processor approved a card transaction
`declined`	Declined: The card processor declined a card transaction

enum values: approved, declined

reasonCode

cardActivityReasonCode (required)

The reason code pertaining to the card activity.

cardActivityReasonCode strings may have one of the following enumerated values:

Value	Description
`transactionLimitSurpassed`	Transaction Limit Surpassed: The transaction limit was surpassed
`dailyLimitSurpassed`	Daily Limit Surpassed: The daily spending limit was surpassed
`monthlyLimitSurpassed`	Monthly Limit Surpassed: The monthly spending limit was surpassed
`transactionOccurred`	Transaction Occurred: A transaction occurred
`transactionDeclined`	Transaction Declined: A transaction was declined
`merchantCategoryAlertTriggered`	Merchant Category Alert Triggered: The merchant category alert was triggered. Check `merchant.category` for the category of the merchant that triggered the alert.
`transactionCategoryAlertTriggered`	Transaction Category Alert Triggered: The transaction category alert was triggered. Check `transactionCategory` for the category of the transaction that triggered the alert.
`allowedRegionsAlertTriggered`	Allowed Regions Alert Triggered: The allowed regions alert was triggered
`cardFrozen`	Card Frozen: The card is frozen
`invalidMerchantLocation`	Invalid Merchant Location: The merchant of a transaction was outside of the allowed regions
`merchantBlocked`	Merchant Blocked: The merchant of a transaction was blocked

enum values: transactionLimitSurpassed, dailyLimitSurpassed, monthlyLimitSurpassed, transactionOccurred, transactionDeclined, merchantCategoryAlertTriggered, transactionCategoryAlertTriggered, allowedRegionsAlertTriggered, cardFrozen, invalidMerchantLocation, merchantBlocked

reason string(text)
The raw string reason passed from the card vendor describing the card activity.
format: text
minLength: 1
maxLength: 400

amount money
The amount of the charge associated with the card activity.

merchant cardActivityMerchant
Data identifying a merchant related to a card activity event.
Unevaluated Properties: false

occurredAt readOnlyTimestamp(date-time) (required)
The date and time when the card activity ocurred, in YYYY-MM-DDThh:mm:ss.sssZ RFC 3339 date-time UTC format.
read-only
format: date-time
minLength: 20
maxLength: 30

location cardActivityLocation (required)
The location of the card activity.
enum values: atm, autopay, transfer, physicalMerchant, mailMerchant, phoneMerchant, onlineMerchant, other

cardActivityLocation

"atm"

Card Activity Location (v1.0.0)

The location of the card activity.

type: string

enum values: atm, autopay, transfer, physicalMerchant, mailMerchant, phoneMerchant, onlineMerchant, other

cardActivityMerchant

{
  "category": "shopping.other",
  "name": "Amazon",
  "address": {
    "regionCode": "WA",
    "countryCode": "US"
  }
}

Card Activity Merchant (v1.0.0)

Data identifying a merchant related to a card activity event.

Properties

Name	Description
`Card Activity Merchant (v1.0.0)`	`object` Data identifying a merchant related to a card activity event. `Unevaluated Properties: false`
`category`	`cardMerchantCategories` The category of the merchant. enum values: `ageRestricted`, `ageRestricted.drinkingPlaces`, `ageRestricted.gambling`, `ageRestricted.liquorAndCigarStores`, `ageRestricted.dating`, `education`, `education.tuitionFees`, `education.books`, `entertainment`, `entertainment.games`, `entertainment.musicAndMovies`, `entertainment.parks`, `entertainment.other`, `foodAndDining`, `foodAndDining.restaurants`, `foodAndDining.groceries`, `giftsAndDonations`, `giftsAndDonations.gifts`, `giftsAndDonations.donations`, `household`, `household.maintenanceOrRepair`, `household.decorationOrImprovement`, `household.housekeeping`, `household.cableUtilities`, `household.communicationUtilities`, `household.security`, `household.chemicalUtilities`, `household.otherUtilities`, `household.rentalServices`, `household.laundry`, `insurance`, `personalCare`, `personalCare.pharmacy`, `personalCare.beautyProducts`, `personalCare.doctor`, `personalCare.sports`, `personalCare.wellness`, `personalCare.childrenServices`, `shopping`, `shopping.clothing`, `shopping.electronics`, `shopping.accessories`, `shopping.other`, `transportation`, `transportation.autoServices`, `transportation.gasOrFuel`, `transportation.parking`, `transportation.toll`, `transportation.other`, `travel`, `travel.autoRentals`, `travel.airline`, `travel.train`, `travel.lodging`, `travel.other`, `other`, `other.atm`
`name`	`string(text)` The name of the merchant. `format: text` `minLength: 1` `maxLength: 200`
`address`	`partialAddress` The address of the merchant.

cardActivityReasonCode

"transactionLimitSurpassed"

Card Activity Reason Code (v1.0.0)

The reason code pertaining to the card activity.

cardActivityReasonCode strings may have one of the following enumerated values:

Value	Description
`transactionLimitSurpassed`	Transaction Limit Surpassed: The transaction limit was surpassed
`dailyLimitSurpassed`	Daily Limit Surpassed: The daily spending limit was surpassed
`monthlyLimitSurpassed`	Monthly Limit Surpassed: The monthly spending limit was surpassed
`transactionOccurred`	Transaction Occurred: A transaction occurred
`transactionDeclined`	Transaction Declined: A transaction was declined
`merchantCategoryAlertTriggered`	Merchant Category Alert Triggered: The merchant category alert was triggered. Check `merchant.category` for the category of the merchant that triggered the alert.
`transactionCategoryAlertTriggered`	Transaction Category Alert Triggered: The transaction category alert was triggered. Check `transactionCategory` for the category of the transaction that triggered the alert.
`allowedRegionsAlertTriggered`	Allowed Regions Alert Triggered: The allowed regions alert was triggered
`cardFrozen`	Card Frozen: The card is frozen
`invalidMerchantLocation`	Invalid Merchant Location: The merchant of a transaction was outside of the allowed regions
`merchantBlocked`	Merchant Blocked: The merchant of a transaction was blocked

type: string

cardActivityType

"approved"

Card Activity Type (v1.0.0)

The type of the card activity.

cardActivityType strings may have one of the following enumerated values:

Value	Description
`approved`	Approved: The card processor approved a card transaction
`declined`	Declined: The card processor declined a card transaction

type: string

enum values: approved, declined

cardMerchantCategories

"ageRestricted"

Card Merchant Categories (v1.1.0)

Categories of card merchants for alerts and transaction rules.

cardMerchantCategories strings may have one of the following enumerated values:

Value	Description
`ageRestricted`	Age Restricted: A merchant providing goods or services with age restrictions, such as gambling or liquor
`ageRestricted.drinkingPlaces`	Age Restricted - Drinking Places: A merchant that sells alcoholic beverages for consumption on the premises, such as bars, pubs, or clubs
`ageRestricted.gambling`	Age Restricted - Gambling: A merchant offering games of chance or betting services, including casinos, lotteries, and sports betting
`ageRestricted.liquorAndCigarStores`	Age Restricted - Liquor and Cigar Stores: A merchant that specializes in the sale of alcoholic beverages and tobacco products, including cigars
`ageRestricted.dating`	Age Restricted - Dating: A merchant offering services for personal matchmaking or dating platforms that require age verification
`education`	Education: A merchant that provides educational services or supplies, including schools, tutoring, and course materials
`education.tuitionFees`	Education - Tuition Fees: A merchant charging fees for educational instruction, including universities, colleges, and private schools
`education.books`	Education - Books: A merchant that sells textbooks or educational materials, including physical and digital formats
`entertainment`	Entertainment: A merchant that provides entertainment services, such as an arcade or movie theater
`entertainment.games`	Entertainment - Games: A merchant that sells or provides access to video games, board games, or other interactive gaming experiences
`entertainment.musicAndMovies`	Entertainment - Music and Movies: A merchant offering music, movies, or streaming services, either through physical media or digital platforms
`entertainment.parks`	Entertainment - Parks: A merchant providing access to amusement or theme parks, including rides, shows, and other attractions
`entertainment.other`	Entertainment - Other: A merchant that offers other forms of entertainment not covered by the above categories, such as live events or virtual experiences
`foodAndDining`	Food and Dining: A merchant that provides food or beverages, either prepared or for later consumption
`foodAndDining.restaurants`	Food and Dining - Restaurants: A merchant that sells prepared foods
`foodAndDining.groceries`	Food and Dining - Groceries: A merchant that sells pre-packaged or fresh food products
`giftsAndDonations`	Gifts and Donations: A merchant that facilitates the purchase of gifts or charitable donations
`giftsAndDonations.gifts`	Gifts and Donations - Gifts: A merchant that sells items intended for gifting, such as flowers, greeting cards, or gift baskets
`giftsAndDonations.donations`	Gifts and Donations - Donations: A merchant that accepts contributions to charitable organizations or causes
`household`	Household: A merchant that sells household goods, such as rugs or lamps
`household.maintenanceOrRepair`	Household - Maintenance or Repair: A merchant that provides services or goods related to the maintenance or repair of a home, such as plumbing or electrical work
`household.decorationOrImprovement`	Household - Decoration or Improvement: A merchant offering products or services for home decoration or improvement, including furniture, paint, or renovation services
`household.housekeeping`	Household - Housekeeping: A merchant that provides cleaning or housekeeping services, either for regular maintenance or special occasions
`household.cableUtilities`	Household - Cable Utilities: A merchant that provides cable television services or related equipment
`household.communicationUtilities`	Household - Communication Utilities: A merchant that offers telephone, internet, or other communication services
`household.security`	Household - Security: A merchant providing home security systems, alarm monitoring, or surveillance equipment
`household.chemicalUtilities`	Household - Chemical Utilities: A merchant that offers chemical-based services or products for the home, such as pest control or pool maintenance
`household.otherUtilities`	Household - Other Utilities: A merchant offering other utilities services, such as electricity or water supply
`household.rentalServices`	Household - Rental Services: A merchant that rents household items or equipment, such as tools, furniture, or party supplies
`household.laundry`	Household - Laundry: A merchant providing laundry or dry-cleaning services, including self-service laundromats
`insurance`	Insurance: A merchant providing insurance services, including health, auto, home, or life insurance policies
`personalCare`	Personal Care: A merchant that sells personal care items
`personalCare.pharmacy`	Personal Care - Pharmacy: A merchant that sells prescription or over-the-counter medications, as well as health-related products
`personalCare.beautyProducts`	Personal Care - Beauty Products: A merchant offering beauty or skincare products, including makeup, lotions, or hair care items
`personalCare.doctor`	Personal Care - Doctor: A merchant providing medical services, such as general practitioners, specialists, or medical clinics
`personalCare.sports`	Personal Care - Sports: A merchant offering sports-related goods or services, such as fitness centers or sporting equipment
`personalCare.wellness`	Personal Care - Wellness: A merchant providing wellness services, such as spas, massage therapy, or alternative medicine
`personalCare.childrenServices`	Personal Care - Children Services: A merchant offering services specific to children, such as daycare, tutoring, or children's health care
`shopping`	Shopping: A merchant that sells consumer goods
`shopping.clothing`	Shopping - Clothing: A merchant that sells apparel, including formal wear, casual wear, or specialty items such as uniforms or costumes
`shopping.electronics`	Shopping - Electronics: A merchant that sells electronic devices or accessories, including computers, smartphones, and audio equipment
`shopping.accessories`	Shopping - Accessories: A merchant offering items to complement clothing or electronics, such as jewelry, bags, or cases
`shopping.other`	Shopping - Other: A merchant selling other consumer goods not categorized under clothing, electronics, or accessories
`transportation`	Transportation: A merchant providing services or goods for transportation, such as public transit, vehicle maintenance, or fuel
`transportation.autoServices`	Transportation - Auto Services: A merchant providing services related to vehicle maintenance or repair, including oil changes, tire services, or auto body work
`transportation.gasOrFuel`	Transportation - Gas or Fuel: A merchant that sells gasoline for vehicles. The merchant may also sell convenience items, such as snacks or beverages
`transportation.parking`	Transportation - Parking: A merchant providing parking services, including garages or metered parking facilities
`transportation.toll`	Transportation - Toll: A merchant that charges fees for access to certain roadways or bridges, typically via toll booths or automated systems
`transportation.other`	Transportation - Other: A merchant providing other transportation-related services, such as ride-sharing, taxis, or bicycles
`travel`	Travel: A merchant providing transportation services, such as an airline
`travel.autoRentals`	Travel - Auto Rentals: A merchant offering car rentals, including short-term or long-term vehicle hire
`travel.airline`	Travel - Airline: A merchant providing air travel services, including passenger flights or cargo transport
`travel.train`	Travel - Train: A merchant providing rail services for passenger or cargo transport, including trains or subways
`travel.lodging`	Travel - Lodging: A merchant offering overnight accommodations, such as hotels, motels, or vacation rentals
`travel.other`	Travel - Other: A merchant offering other travel-related services, such as cruises, tours, or travel agencies
`other`	Other: A merchant not matching other defined categories
`other.atm`	Other - ATM: A merchant providing access to automated teller machines for cash withdrawals or banking services

type: string

enum values: ageRestricted, ageRestricted.drinkingPlaces, ageRestricted.gambling, ageRestricted.liquorAndCigarStores, ageRestricted.dating, education, education.tuitionFees, education.books, entertainment, entertainment.games, entertainment.musicAndMovies, entertainment.parks, entertainment.other, foodAndDining, foodAndDining.restaurants, foodAndDining.groceries, giftsAndDonations, giftsAndDonations.gifts, giftsAndDonations.donations, household, household.maintenanceOrRepair, household.decorationOrImprovement, household.housekeeping, household.cableUtilities, household.communicationUtilities, household.security, household.chemicalUtilities, household.otherUtilities, household.rentalServices, household.laundry, insurance, personalCare, personalCare.pharmacy, personalCare.beautyProducts, personalCare.doctor, personalCare.sports, personalCare.wellness, personalCare.childrenServices, shopping, shopping.clothing, shopping.electronics, shopping.accessories, shopping.other, transportation, transportation.autoServices, transportation.gasOrFuel, transportation.parking, transportation.toll, transportation.other, travel, travel.autoRentals, travel.airline, travel.train, travel.lodging, travel.other, other, other.atm

cardTransactionCategories

"atm"

Card Transaction Categories (v1.0.0)

Categories of card transactions for alerts and transaction rules.

cardTransactionCategories strings may have one of the following enumerated values:

Value	Description
`atm`	Automatic Teller Machine (ATM): A withdrawal transaction from an ATM
`autopay`	Autopay: A transaction that occurred from an automated payment
`transfer`	Transfer: A transaction that occurred from a money movement to another account
`physicalMerchant`	Physical Merchant: A transaction that occurred at a merchant in a physical location
`mailMerchant`	Mail Merchant: A transaction that occurred through a mail based retailer
`phoneMerchant`	Phone Merchant: A transaction that occurred through a phone based retailer
`onlineMerchant`	Online Merchant: A transaction that occurred through an online retailer
`other`	Other: A transaction not matching other categories

type: string

enum values: atm, autopay, transfer, physicalMerchant, mailMerchant, phoneMerchant, onlineMerchant, other

challengeFactor

{
  "type": "sms",
  "labels": [
    "9876"
  ]
}

Challenge Factor (v1.2.1)

A challenge factor. See requiredIdentityChallenge for multiple examples.

Properties

Name Description

Challenge Factor (v1.2.1) object
A challenge factor. See requiredIdentityChallenge for multiple examples.

id

challengeFactorId
The ID of an a challenge factor. This ID is unique within the challenge factors associated with a challenge. The client should pass this id value as the factorId when starting or verifying a challenge factor.

Note: The id will become required in a future update to this schema.
minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

type

challengeFactorType (required)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

enum values: sms, email, voice, securityQuestions, authenticatorToken

labels array: [string]
A list of text label which identifies the channel(s) through which the user completes the challenge. For an sms or voice challenge, the only label item is the last four digits of the corresponding phone number. For an email challenge, each label is the masked email address.
minItems: 1
maxItems: 4
items: string(text)
» format: text
» maxLength: 300

securityQuestions challengeSecurityQuestions
Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

challengeFactorId

"string"

Challenge Factor ID (v1.0.0)

The ID of an a challenge factor. This ID is unique within the factors offered with a challenge.

type: string

minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

challengeFactorType

"sms"

Challenge Factor Type (v1.0.0)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

type: string

enum values: sms, email, voice, securityQuestions, authenticatorToken

challengeOperationId

"string"

Challenge Operation ID (v1.0.1)

The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses.

type: string

minLength: 6
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{6,48}$"

challengePromptId

"string"

Challenge Prompt ID (v1.0.0)

The unique ID of a prompt (such as a security question) in a challenge factor.

type: string

minLength: 1
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]+$"

challengeSecurityQuestion

{
  "id": "74699fa628911e762ea5",
  "prompt": "What is your mother's maiden name?"
}

Challenge Security Question (v1.0.1)

A single security question within the questions array of the challengeSecurityQuestions

Properties

Name	Description
`Challenge Security Question (v1.0.1)`	`object` A single security question within the `questions` array of the `challengeSecurityQuestions`
`id`	`challengePromptId` (required) The unique ID of security question prompt. This should be included in the `challengeVerification` response as the `promptId`. `minLength: 1` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]+$"`
`prompt`	`string(text)` (required) The text prompt of this security question. `format: text` `maxLength: 80`

challengeSecurityQuestions

{
  "questions": [
    {
      "id": "q1",
      "prompt": "What is your mother's maiden name?"
    },
    {
      "id": "q4",
      "prompt": "What is your high school's name?"
    },
    {
      "id": "q9",
      "prompt": "What is the name of your first pet?"
    }
  ]
}

Challenge Security Questions (v1.0.1)

Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

Properties

Name	Description
`Challenge Security Questions (v1.0.1)`	`object` Describes a `securityQuestions` challenge. This is omitted if the challenge `type` is not `securityQuestions`.
`questions`	`array: [challengeSecurityQuestion]` (required) The array of security questions. `minItems: 1` `maxItems: 8` items: `object`

countryCode

"US"

Country Code (v1.0.0)

The ISO-3611 alpha-2 value for a country.

type: string

minLength: 2
maxLength: 2
pattern: "^[A-Za-z]{2}$"

currencyCode

"str"

(v1.0.0)*

A ISO 4217 currency code This is always upper case ASCII. Crypto currencies with codes longer that 3 characters are not supported.

type: string(text)

format: text
minLength: 3
maxLength: 3
pattern: "^[A-Z]{3}$"

externalResourceId

"string"

External Resource Identifier (v1.1.0)

The unique, opaque system identifier for an external resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference an external resource by ID rather than URL.

type: string(text)

read-only
format: text
minLength: 1
maxLength: 256

fullCardPersonalAccountNumber

"4242424242424242"

Full Card Personal Account Number (v1.0.0)

A full personal account number used in a credit or debit card. Spaces in requests are ignored. Spaces are omitted in responses.

type: string

minLength: 14
maxLength: 19
pattern: "^\d{1}[0-9 ]{12,17}\d{1}$"

incomingSystemCardActivity

{
  "institutionId": "TIBURON",
  "items": [
    {
      "customerId": "d1b95731fb029fec062c",
      "cardId": "ca0sf8ds0af",
      "pan": "4242424242424242",
      "activityType": "declined",
      "reasonCode": "transactionLimitSurpassed",
      "reason": "The per transaction limit was surpassed",
      "amount": {
        "value": "5555.55",
        "currency": "USD"
      },
      "merchant": {
        "category": "shopping.other",
        "name": "Amazon",
        "address": {
          "regionCode": "WA",
          "countryCode": "US"
        }
      },
      "occurredAt": "2024-10-01T07:56:02.375Z",
      "location": "onlineMerchant"
    }
  ]
}

Incoming System Card Activity (v1.0.0)

The default webhook body payload for card activity.

Properties

Name	Description
`Incoming System Card Activity (v1.0.0)`	`object` The default webhook body payload for card activity. `Unevaluated Properties: false`
`institutionId`	`institutionId` (required) The ID of the institution where this customer is enrolled in digital banking. `minLength: 2` `maxLength: 8` `pattern: "^[A-Z0-9_]{2,8}$"`
`items`	`array: [cardActivity]` (required) An array containing card activity items. `minItems: 1` `maxItems: 1000` items: `object` » `Unevaluated Properties: false`

institutionId

"TIBURON"

Institution ID (v1.1.0)

The unique immutable identifier of a financial institution.

type: string

minLength: 2
maxLength: 8
pattern: "^[A-Z0-9_]{2,8}$"

monetaryValue

"3456.78"

Monetary Value (v1.1.1)

The monetary value, supporting only positive amounts. The numeric value is represented as a string so that it can be exact with no loss of precision.

type: string(decimal)

format: decimal
maxLength: 16
pattern: "^(0|[1-9][0-9]*)\.[0-9][0-9]$"

money

{
  "value": "1000.00",
  "currency": "USD"
}

Money (v1.0.2)

An amount of money in a specific currency.

Properties

Name	Description
`Money (v1.0.2)`	`object` An amount of money in a specific currency.
`value`	`monetaryValue(decimal)` The net monetary value. A negative amount denotes a debit; a positive amount denotes a credit. The numeric value is represented as a string so that it can be exact with no loss of precision. `format: decimal` `maxLength: 16` `pattern: "^(0\|[1-9][0-9]*)\\.[0-9][0-9]$"`
`currency`	`currencyCode(text)` The ISO 4217 currency code for this monetary value. `format: text` `minLength: 3` `maxLength: 3` `pattern: "^[A-Z]{3}$"`

partialAddress

{
  "address1": "1805 Tiburon Dr.",
  "address2": "Building 14, Suite 1500",
  "locality": "Wilmington",
  "regionCode": "NC",
  "countryCode": "US",
  "postalCode": "28403"
}

Partial Address (v1.0.1)

A partial postal address that can hold a US address or an international (non-US) postal addresses. Partial addresses do not require any property to have a value.

Properties

Name	Description
`Partial Address (v1.0.1)`	`object` A partial postal address that can hold a US address or an international (non-US) postal addresses. Partial addresses do not require any property to have a value.
`address1`	`string(text)` The first line of the postal address. In the US, this typically includes the building number and street name. `format: text` `maxLength: 35`
`address2`	`string(text)` The second line of the street address. This should only be used if it has a value. Typical values include building numbers, suite numbers, and other identifying information beyond the first line of the postal address. `format: text` `maxLength: 35`
`locality`	`string(text)` The city/town/municipality of the address. `format: text` `maxLength: 30`
`countryCode`	`countryCode` The ISO-3611 alpha-2 value for a country. `minLength: 2` `maxLength: 2` `pattern: "^[A-Za-z]{2}$"`
`regionName`	`string(text)` The state, district, or outlying area of the postal address. This is required if `countryCode` is not `US`. `regionCode` and `regionName` are mutually exclusive. `format: text` `minLength: 2` `maxLength: 20`
`regionCode`	`string` The state, district, or outlying area of the postal address. This is required if `countryCode` is `US`. `regionCode` and `regionName` are mutually exclusive. `minLength: 2` `maxLength: 2` `pattern: "^[A-Za-z]{2}$"`
`postalCode`	`postalCode` The postal code, which varies in format by country. For postal codes in the US, this should be a five digit US ZIP code or ten character ZIP+4. `minLength: 2` `maxLength: 20` `pattern: "[0-9A-Za-z][- 0-9A-Za-z]{0,18}[0-9A-Za-z]"`

postalCode

"20521"

Postal code (v1.0.0)

The postal code, which varies in format by country. For postal codes in the US, this should be a five digit US ZIP code or ten character ZIP+4.

type: string

minLength: 2
maxLength: 20
pattern: "[0-9A-Za-z][- 0-9A-Za-z]{0,18}[0-9A-Za-z]"

problemResponse

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists for the given account reference",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Problem Response (v0.4.1)

API problem or error response, as per RFC 9457 application/problem+json.

Properties

Name	Description
`Problem Response (v0.4.1)`	`object` API problem or error response, as per RFC 9457 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

readOnlyResourceId

"string"

Read-only Resource Identifier (v1.0.1)

The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.

type: string

read-only
minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

readOnlyTimestamp

"2021-10-30T19:06:04.250Z"

Read-Only Timestamp (v1.0.0)

A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.

type: string(date-time)

read-only
format: date-time
minLength: 20
maxLength: 30

requiredIdentityChallenge

{
  "operationId": "createTransfer",
  "challengeId": "0504076c566a3cf7009c",
  "factors": [
    {
      "type": "sms",
      "labels": [
        "9876"
      ],
      "id": "85c0ee5753fcd0b0953f"
    },
    {
      "type": "voice",
      "labels": [
        "9876"
      ],
      "id": "d089e10a80a8627df37b"
    },
    {
      "type": "voice",
      "labels": [
        "6754"
      ],
      "id": "10506ecf9d1c2ee00403"
    },
    {
      "type": "email",
      "labels": [
        "an****nk@example.com",
        "an****98@example.com"
      ],
      "id": "e917d671cb2f030b56f1"
    },
    {
      "type": "authenticatorToken",
      "labels": [
        "Acme fob"
      ],
      "id": "fe6c452d7da0bbb4e407"
    },
    {
      "type": "securityQuestions",
      "securityQuestions": {
        "questions": [
          {
            "id": "q1",
            "prompt": "What is your mother's maiden name?"
          },
          {
            "id": "q4",
            "prompt": "What is your high school's name?"
          },
          {
            "id": "q9",
            "prompt": "What is the name of your first pet?"
          }
        ]
      },
      "id": "df33c6f88a37d6b3f0a6"
    }
  ]
}

Required Challenge (v1.2.3)

A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is challengeRequired. See the "Challenge API" for details.

Properties

Name	Description
`Required Challenge (v1.2.3)`	`object` A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is `challengeRequired`. See the "Challenge API" for details.
`operationId`	`challengeOperationId` (required) The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses. `minLength: 6` `maxLength: 48` `pattern: "^[-a-zA-Z0-9$_]{6,48}$"`
`challengeId`	`readOnlyResourceId` (required) The unique ID of this challenge instance. This is an opaque string. This is passed when starting a challenge factor or when validating the identity challenge responses. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`factors`	`array: [challengeFactor]` (required) A list of challenge factors. The user must complete one of these challenge factors. The `labels` in each factor identify one or more channels the user may use, such as a list of email addresses the system may use to send a one-time passcode to the user. *Note: The same channel may be used by multiple factors in the array of factors. For example, the user's primary mobile phone number may be used for both an `sms` factor and a `voice` factor. `minItems: 1` `maxItems: 8` items: `object`

resourceId

"string"

Resource Identifier (v1.0.1)

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

type: string

minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

Generated by @apiture/api-doc 3.2.4 on Wed Mar 26 2025 19:42:38 GMT+0000 (Coordinated Universal Time).