Shell HTTP JavaScript Node.JS Ruby Python Java Go

Consents v0.10.2

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The Consents API tracks a user's consent of financial institution policies and documents such as banking product terms and conditions, electronic consent, and privacy policy.

Target Documents

A consent resource holds the URI of a target document (typically, a PDF document). Each consent also has a type, such as privacyPolicy or productTermsAndConditions or electronicConsent, which indicates the target document's purpose and hence what kind of consent this is. (See consentTypeNames.) The consent also holds the document's media type, specific document revision identification string, and the time stamp that the document was last revised (modified). If the document is later revised, any previously given consents for any revision of that document become stale; this indicates the user should review and consent to the revised document.

Contexts

A consent may be associated with a context in which an application or service is requesting the consent; the context is represented as the URI of some resource. For example, two different banking products (DDA1, DDA2) at a financial institution may share the same terms and conditions document, D0. If the user is opening an account of type DDA1, the client can create a consent for D0 using the product URI for DDA1 as the context. When the user opens a new account for product DDA2, the client can create a new consent for D0 using product DDA2's URI as the context. Because the contexts of the two consents are different, the two consents are independent of each other, indicating that the user must consent to the terms and conditions each time they open an account, even if they have consented to the same document earlier.

The context is optional. For example, for the financial institution's privacy policy, there is no specific context.

Life Cycle

When a banking application or service (the requester) wishes a user to agree to or consent to a document, it creates a new consent resource to track the request and the user's response.

The user can consent to a document to indicate that they agree to the terms described in the document. This is typically done when the user checks an "I agree" checkbox or other user experience. To record the consent given by the user, the client application which serves as the controller issues a POST to the apiture:give link on a consent resource. This sets the state to given and records the date and time on the consent.

When a user gives consent to a document, all consent resources which match the target document, context URI, and user ID are also marked as given, although the action can be scoped to just a specific instance.

A client can check for pending or stale consents for a user.

Consents are not directly mutable (the PUT and PATCH verbs are not supported), but other operations described below may update a consent resource to indicate a user has given or revoked consent, that a consent is stale, or that a requester has rescinded a request for consent.

If the user wishes to undo or revoke a specific consent, the client application should POST to the apiture:revoke link on a consent resource (/revokedConsents?consent={consentId}) to reset the consent back to the pending state.

If the requester no longer requires the user's consent, it can rescind the request with POST /rescindedConsents?type={type}&document={documentUri}&context={contextUri}&user=user. This sets the state to rescinded on the first matching consent. For example, if the user is removed as a joint owner of an account of type DDA2, rescinding the productTermsAndConditions consents matches and removes only the first matching consent for DDA2. (The user may be an owner of other accounts on product DDA2, and their consent must be tracked and possibly requested again if the terms and conditions for DDA2 change.)

Document revisions

If the document is revised (for example, the financial institution has updated their privacy policy), a client can mark a document as revised via POST /revisedDocuments. All consents associated with the older revisions of the document are marked stale. A stale consent indicates that the user should consent to the revised document. The client applications should notify the user that the document has changed (such as via email or or via notification at their next login) and present the revised document to the user for them to accept.

Error Types

Error responses in this API may have one of the type values described below. See Errors for more information on error responses and error types.

consentRefNotFound

Description: No consent was found that matches the ?consent= query parameter.
Remediation: Use the links in a consent resource, or provide a valid consent ID.

consentTypeNameInUse

Description: An update to the consent type names omits one or more types that are in use.
Remediation: Include all in-use type names.

The attributes object in the error may have the following properties:

Property Type Description
typeNames [undefined] The list of type names that are in use but missing from the request.
Example: productTermsAndConditions

invalidConsentType

Description: The specified consent type does not match existing consent type names.
Remediation: Supply a consent type from the consent type names in the /consentTypeNames resource.

invalidContextUri

Description: The consent context URI was not well formed.
Remediation: Pass a valid URI.

invalidDocumentRevision

Description: The time stamp on the revised document predates the existing time stamp.
Remediation: Revised documents must have newer time stamps.

invalidDocumentUri

Description: The document URI was not well formed.
Remediation: Pass a valid URI.

Download OpenAPI Definition (YAML)

Base URLs:

Terms of service

Email: Apiture Web: Apiture

Authentication

Scope Scope Description
banking/read Read access to consents
banking/write Write (update) access to consents
banking/full Full access to consents

Consents

User Consent of a Policy or Other Document

getConsents

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/consents \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/consents/consents HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consents',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consents',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/consents',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/consents/consents', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consents");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/consents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of consents

GET /consents

Return a paginated sortable filterable searchable collection of consents. The links in the response include pagination links.

Parameters

Parameter Description
type
(query)
string
Subset the response to those with this type value. Use | to separate multiple values. For example, ?type=termsAndCondition matches only items whose type is termsAndCondition ?type=privacyPolicy|electronicConsent matches items whose type is privacyPolicy or electronicConsent. This is combined with an implicit and with other filters if they are used. See filtering.
state
(query)
string
Subset the response to those with this state value. Use | to separate multiple values. For example, ?type=given|stale matches only items whose state is given or stale. This is combined with an implicit and with other filters if they are used. See filtering.
userId
(query)
string
Subset the response to those with this userId value. Use | to separate multiple values. This is for administrative use; bank users can only see their own consents.
contextUri
(query)
string
Subset the response to those with this contextUri value. Use | to separate multiple values.
secondaryContextUri
(query)
string
Subset the response to those with this secondaryContextUri value.
start
(query)
integer(int64)
The zero-based index of the first consent item to include in this page. The default 0 denotes the beginning of the collection.
limit
(query)
integer(int32)
The maximum number of consent representations to return in this page.
Default: 100
sortBy
(query)
string
Optional sort criteria. See sort criteria format, such as ?sortBy=field1,-field2.
This collection may be sorted by the following properties:
type
userId
document.revisedAt.
filter
(query)
string
Optional filter criteria. See filtering.
This collection may be filtered by the following properties and functions:
• Property state using functions eq, ne, contains, search
• Property type using functions eq, ne, contains, search
• Property userId using functions eq, ne, contains, search
• Property contextUri using functions eq, ne, contains, search
• Property secondaryContextUri using functions eq, ne, contains, search.
q
(query)
string
Optional search string. See searching.

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consents/v1.1.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "consents",
  "_links": {
    "self": {
      "href": "/consents/consents?start=10&limit=10"
    },
    "first": {
      "href": "/consents/consents?start=0&limit=10"
    },
    "next": {
      "href": "/consents/consents?start=20&limit=10"
    },
    "collection": {
      "href": "/consents/consents"
    }
  },
  "_embedded": {
    "items": [
      {
        "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
          }
        }
      },
      {
        "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/d62c0701-0d74-4836-83f9-ebf3709442ea"
          }
        }
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consents
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

createConsent

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/consents \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/consents HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/hal+json
Accept: application/hal+json

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consents',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/consents/createConsent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a"
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consents',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/consents',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/consents', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consents");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/consents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create a new consent

POST /consents

Create a new consent resource or locate an existing consent.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/consents/createConsent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a"
}

Parameters

Parameter Description
body
(body)
createConsent (required)
The data necessary to create a new consent.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK. An existing consent resource for the document and user was found and the contextUri of this request added to that resource.
Schema: consent
201 Created
Created.
Schema: consent
StatusDescription
400 Bad Request

Bad Request. The request body or content was not well formed.

This error response may have one of the following type values:

Schema: errorResponse

Response Headers

StatusDescription
200 Location string uri
The URI of the existing consent resource. If the URI begins with / it is relative to the API root context. Else, it is a full URI starting with scheme://host
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.
201 Location string uri
The URI of the new consent resource. If the URI begins with / it is relative to the API root context. Else, it is a full URI starting with scheme://host
201 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.

getConsent

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/consents/{consentId} \
  -H 'Accept: application/hal+json' \
  -H 'If-None-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/consents/consents/{consentId} HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json
If-None-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consents/{consentId}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consents/{consentId}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-None-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/consents/{consentId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-None-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/consents/consents/{consentId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consents/{consentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-None-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/consents/{consentId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this consent

GET /consents/{consentId}

Return a HAL representation of this consent resource.

Parameters

Parameter Description
If-None-Match
(header)
string
The entity tag that was returned in the ETag response. If the resource's current entity tag matches, the GET returns 304 (Not Modified) and no response body, else the resource representation is returned.
consentId
(path)
string (required)
The unique identifier of this consent. This is an opaque string.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consent
StatusDescription
304 Not Modified
Not Modified. The resource has not been modified since it was last fetched.
StatusDescription
404 Not Found
Not Found. There is no such consent resource at the specified {consentId}. The _error field in the response contains details about the request error.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update this consent resource.

patchConsent

Code samples

# You can also use wget
curl -X PATCH https://api.devbank.apiture.com/consents/consents/{consentId} \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

PATCH https://api.devbank.apiture.com/consents/consents/{consentId} HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/hal+json
Accept: application/hal+json
If-Match: string

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consents/{consentId}',
  method: 'patch',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consents/{consentId}',
{
  method: 'PATCH',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.patch 'https://api.devbank.apiture.com/consents/consents/{consentId}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.patch('https://api.devbank.apiture.com/consents/consents/{consentId}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consents/{consentId}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PATCH");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PATCH", "https://api.devbank.apiture.com/consents/consents/{consentId}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Update this consent

PATCH /consents/{consentId}

Perform a partial update of this consent. Only the secondaryContextUri and contextUri are patchable. Fields which are omitted are not updated. Nested _embedded and _links are ignored if included.

Body parameter

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Parameters

Parameter Description
If-Match
(header)
string
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.
body
(body)
consent (required)
consentId
(path)
string (required)
The unique identifier of this consent. This is an opaque string.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consent
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
404 Not Found
Not Found. There is no such consent resource at the specified {consentId}. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. One or more of the query parameters was well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which may be provided in an If-Match request header for PUT or PATCH operations which update this consent resource.

getNeededConsents

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/neededConsents \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/consents/neededConsents HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/neededConsents',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/neededConsents',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/neededConsents',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/consents/neededConsents', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/neededConsents");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/neededConsents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Get needed consents

GET /neededConsents

Return a list of needed consents (both pending and stale consents) for a user. If no consents exists for a user ID (including if the user ID is not found), the response is an empty collection.

Parameters

Parameter Description
userId
(query)
string
The user ID of the user; This is the _id of the User resource. If omitted, the returned list is the needed consents for the currently authenticated user.
consolidate
(query)
boolean
If true, two or more duplicate consents in the response body that have the same type and contextUri are consolidated such that the result contain only one of the duplicates. Warning: the client should not use ?matching=false when the user gives consent to consents resources in the consolidated response.

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consents/v1.1.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "consents",
  "_links": {
    "self": {
      "href": "/consents/consents?start=10&limit=10"
    },
    "first": {
      "href": "/consents/consents?start=0&limit=10"
    },
    "next": {
      "href": "/consents/consents?start=20&limit=10"
    },
    "collection": {
      "href": "/consents/consents"
    }
  },
  "_embedded": {
    "items": [
      {
        "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
          }
        }
      },
      {
        "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/d62c0701-0d74-4836-83f9-ebf3709442ea"
          }
        }
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consents

Consent Actions

Actions on Consent Resources

giveConsent

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/givenConsents?consent=string \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/givenConsents?consent=string HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/givenConsents',
  method: 'post',
  data: '?consent=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/givenConsents?consent=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/givenConsents',
  params: {
  'consent' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/givenConsents', params={
  'consent': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/givenConsents?consent=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/givenConsents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Give a consent

POST /givenConsents

Indicate that a user has given consent to a document. This marks the given consent as given. If scope is matching, all matching needed consents (pending or stale consents which have the same type, document.uri and contextUri) are marked as given. This operation may be invoked by using POST on the apiture:giveConsent link on a consent resource; there is no query parameter.

Parameters

Parameter Description
consent
(query)
string (required)
A string which uniquely identifies a consent which is to added to the given consents resource set. This may be the unique consentId or the URI of the consent.
scope
(query)
string
The scope of the given consent. If instance, only the consent named in the ?consent= query parameter is marked as given. If matching, all needed consent matching the named in the ?consent= query parameter (pending or stale consents which have the same type, document.uri and contextUri) are marked as given. The default if omitted is matching.
Enumerated values:
instance
matching

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The consents were updated and their state changed to given. The response may include an array of additional consents _embedded.consents which match the named consent and which were also given.
Schema: consent
StatusDescription
400 Bad Request

Bad Request. The consent parameter was malformed or does not refer to an existing or accessible consent.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to give the consent is not allowed. The _error field in the response contains details about the request error. For example, the consent may have been revoked or rescinded.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

revokeConsent

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/revokedConsents?consent=string \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/revokedConsents?consent=string HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json
If-Match: string

var headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/revokedConsents',
  method: 'post',
  data: '?consent=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/revokedConsents?consent=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/revokedConsents',
  params: {
  'consent' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/revokedConsents', params={
  'consent': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/revokedConsents?consent=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/revokedConsents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Revoke a consent

POST /revokedConsents

A user has revoked a previously given consent. This operation updates a consent by adding it to the set of revoked consents. This changes the state property of the consent to revoked. This operation is available via the apiture:revoke link on the consent resource, if and only if the consent is eligible for the revoke operation. The responses is the updated representation of the consent.

The If-Match request header, if present, must match the current entity tag value of the consent.

Parameters

Parameter Description
consent
(query)
string (required)
A string which uniquely identifies a consent which is to added to the given consents resource set. This may be the unique consentId or the URI of the consent.
If-Match
(header)
string
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.

Try It

Example responses

200 Response

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The consent was updated and its state changed to revoked.
Schema: consent
StatusDescription
400 Bad Request

Bad Request. The consent parameter was malformed or does not refer to an existing or accessible consent.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request to revoke the consent is not allowed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.

rescindConsents

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/rescindedConsents?type=string \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/rescindedConsents?type=string HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/rescindedConsents',
  method: 'post',
  data: '?type=string',
  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/rescindedConsents?type=string',
{
  method: 'POST',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/rescindedConsents',
  params: {
  'type' => 'string'
}, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/rescindedConsents', params={
  'type': 'string'
}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/rescindedConsents?type=string");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/rescindedConsents", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Rescind matching consents

POST /rescindedConsents

Rescind consent requests which match the specified consent type, optional user and context. This action is typically performed by the financial institution to indicate that it no longer requires the user's consent. For example, a service may rescind a consent if a user is removed as an account owner or as an authorized signer, when an account application expires, or when they remove a banking product. Rescinding consent changes the state property of the matching consent resources to rescinded. The client must pass the at least the document type in order to find matching consents. If the optional document, user, and/or context are specified, only consents that match those options and type are rescinded.

The response is the collection of updated matching consent resources. If no matching consents were found, the consents collection response has an empty items array.

Parameters

Parameter Description
type
(query)
string (required)
Specify the consent type to rescind.
context
(query)
string(uri)
The URI of the consent context.
secondaryContext
(query)
string(uri)
The URI of the secondary consent context. Use this if the primary context is insufficient for uniquely identifying the intended consents to rescind.
user
(query)
string(uri)
Rescind all matching consents for the user with this user ID.
document
(query)
string(uri)
The URI of the target document. This is not required but if passed, the document.uri must match as well as the other required query parameters.

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consents/v1.1.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "consents",
  "_links": {
    "self": {
      "href": "/consents/consents?start=10&limit=10"
    },
    "first": {
      "href": "/consents/consents?start=0&limit=10"
    },
    "next": {
      "href": "/consents/consents?start=20&limit=10"
    },
    "collection": {
      "href": "/consents/consents"
    }
  },
  "_embedded": {
    "items": [
      {
        "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
          }
        }
      },
      {
        "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/d62c0701-0d74-4836-83f9-ebf3709442ea"
          }
        }
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK. The operation succeeded. The matching consents are updated and their state changed to rescinded.
Schema: consents
StatusDescription
400 Bad Request

Bad Request. One or more query parameters is not well-formed.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.

Documents

Manage Documents Subject to Consent

reviseDocument

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/revisedDocuments \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/revisedDocuments HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/hal+json
Accept: application/hal+json

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/revisedDocuments',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/consents/revisedDocument/v1.0.1/profile.json",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "revisionId": "2019:1.2.0",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "revisedAt": "2019-10-05T10:30:00.000Z",
  "type": "productTermsAndConditions",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/revisedDocuments',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/revisedDocuments',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/revisedDocuments', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/revisedDocuments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/revisedDocuments", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Mark a document as revised, rendering corresponding consents as stale

POST /revisedDocuments

Mark a document as revised. All given consents related to that document, document type, and the optional context are marked as stale, indicating that the user should be presented the document and asked to consent to the terms of the revised document. The newly stale consents are listed in the result of GET /neededConsents. This operation is restricted to financial institution administrators or service applications. Any given consents which already match the document and time stamp (and, optionally, document revision) are not marked stale.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/consents/revisedDocument/v1.0.1/profile.json",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "revisionId": "2019:1.2.0",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "revisedAt": "2019-10-05T10:30:00.000Z",
  "type": "productTermsAndConditions",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Parameters

Parameter Description
body
(body)
revisedDocument (required)
The details of the revised document.

Try It

Example responses

202 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/revisedDocument/v1.0.1/profile.json",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "revisionId": "2019:1.2.0",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "revisedAt": "2019-10-05T10:30:00.000Z",
  "type": "productTermsAndConditions",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Responses

StatusDescription
202 Accepted
Accepted. The operation was received and accepted. The operation continues to update all matching consents, setting state changed to stale and changing the revision and documentRevisedAt to match the values in the request.
Schema: revisedDocument
StatusDescription
400 Bad Request

Bad Request. The request body or content was not well formed.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request contains semantically invalid data.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

moveDocument

Code samples

# You can also use wget
curl -X POST https://api.devbank.apiture.com/consents/movedDocuments \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.devbank.apiture.com/consents/movedDocuments HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/hal+json
Accept: application/hal+json

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/movedDocuments',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/consents/movedDocument/v1.0.0/profile.json",
  "type": "productTermsAndConditions",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/movedDocuments',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.devbank.apiture.com/consents/movedDocuments',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.devbank.apiture.com/consents/movedDocuments', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/movedDocuments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.devbank.apiture.com/consents/movedDocuments", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Change the location of a document

POST /movedDocuments

If the financial institution moves a document that is tracked by consents, such as the Terms and Conditions document for a product, use this operation to update the document URI of any consents.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/consents/movedDocument/v1.0.0/profile.json",
  "type": "productTermsAndConditions",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Parameters

Parameter Description
body
(body)
movedDocument (required)
The details of the revised document.

Try It

Example responses

202 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/movedDocument/v1.0.0/profile.json",
  "type": "productTermsAndConditions",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Responses

StatusDescription
202 Accepted
Accepted. The operation was received and accepted. The operation continues to update all matching consents, setting the document.uri to match the newUri value in the request.
Schema: movedDocument
StatusDescription
400 Bad Request

Bad Request. The request body or content was not well formed.

This error response may have one of the following type values:

Schema: errorResponse
StatusDescription
409 Conflict
Conflict. The request contains semantically invalid data.
Schema: errorResponse
StatusDescription
412 Precondition Failed
Precondition Failed. The supplied If-Match header value does not match the most recent ETag response header value. The resource has changed in the interim.
Schema: errorResponse

Consent Type Name

Allowed Consent Types

getConsentTypeNames

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/consentTypeNames \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/consents/consentTypeNames HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consentTypeNames',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consentTypeNames',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/consentTypeNames',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/consents/consentTypeNames', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consentTypeNames");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/consentTypeNames", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Retrieve the set of consent type names

GET /consentTypeNames

Return the set of reserved consent type names. The name property of a consent must be one of these reserved names. This list may be updated by the financial institution via the updateConsentTypeNames operation. The default list includes the following names:

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consentTypeNames/v1.0.1/profile.json",
  "names": {
    "productTermsAndConditions": [
      {
        "label": "Product Terms and Conditions",
        "description": "The terms and conditions of use for bank accounts of a specific banking product. The user must consent to these terms and conditions in order to open a new account."
      }
    ],
    "termsAndConditions": [
      {
        "label": "Terms and Conditions",
        "description": "The terms and conditions associated with a specific bank account."
      }
    ],
    "privacyPolicy": [
      {
        "label": "Privacy Policy",
        "description": "The financial institution's privacy policy, which covers how the financial institution guards the customer's personal information and how it shares information about customers."
      }
    ],
    "electronicConsent": [
      {
        "label": "Electronic Consent Agreement",
        "description": "Consenting to this agreement means the user agrees to receive electronically certain information such as statements or notices from the financial institution, and that the user agrees their use of the banking applications means they agree to allow those banking applications to perform banking operations, including transferring money or making payments, on their behalf."
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consentTypeNames

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.

updateConsentTypeNames

Code samples

# You can also use wget
curl -X PUT https://api.devbank.apiture.com/consents/consentTypeNames \
  -H 'Content-Type: application/hal+json' \
  -H 'Accept: application/hal+json' \
  -H 'If-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

PUT https://api.devbank.apiture.com/consents/consentTypeNames HTTP/1.1
Host: api.devbank.apiture.com
Content-Type: application/hal+json
Accept: application/hal+json
If-Match: string

var headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/consentTypeNames',
  method: 'put',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');
const inputBody = '{
  "_profile": "https://production.api.apiture.com/schemas/consents/consentTypeNames/v1.0.1/profile.json",
  "names": {
    "productTermsAndConditions": [
      {
        "label": "Product Terms and Conditions",
        "description": "The terms and conditions of use for bank accounts of a specific banking product. The user must consent to these terms and conditions in order to open a new account."
      }
    ],
    "termsAndConditions": [
      {
        "label": "Terms and Conditions",
        "description": "The terms and conditions associated with a specific bank account."
      }
    ],
    "privacyPolicy": [
      {
        "label": "Privacy Policy",
        "description": "The financial institution's privacy policy, which covers how the financial institution guards the customer's personal information and how it shares information about customers."
      }
    ],
    "electronicConsent": [
      {
        "label": "Electronic Consent Agreement",
        "description": "Consenting to this agreement means the user agrees to receive electronically certain information such as statements or notices from the financial institution, and that the user agrees their use of the banking applications means they agree to allow those banking applications to perform banking operations, including transferring money or making payments, on their behalf."
      }
    ]
  }
}';
const headers = {
  'Content-Type':'application/hal+json',
  'Accept':'application/hal+json',
  'If-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/consents/consentTypeNames',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/hal+json',
  'Accept' => 'application/hal+json',
  'If-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.put 'https://api.devbank.apiture.com/consents/consentTypeNames',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/hal+json',
  'Accept': 'application/hal+json',
  'If-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.put('https://api.devbank.apiture.com/consents/consentTypeNames', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/consentTypeNames");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/hal+json"},
        "Accept": []string{"application/hal+json"},
        "If-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://api.devbank.apiture.com/consents/consentTypeNames", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Replace the set of consent type names

PUT /consentTypeNames

A financial institution can use this operation to register additional types of consent that they may request from their users. The type property of a consent must be one of these reserved names. This operation completely replaces the set of reserved consent type names, so it should include all items from the getConsentTypeNames that are in use. This operation is only available to financial institution administrators.

Body parameter

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consentTypeNames/v1.0.1/profile.json",
  "names": {
    "productTermsAndConditions": [
      {
        "label": "Product Terms and Conditions",
        "description": "The terms and conditions of use for bank accounts of a specific banking product. The user must consent to these terms and conditions in order to open a new account."
      }
    ],
    "termsAndConditions": [
      {
        "label": "Terms and Conditions",
        "description": "The terms and conditions associated with a specific bank account."
      }
    ],
    "privacyPolicy": [
      {
        "label": "Privacy Policy",
        "description": "The financial institution's privacy policy, which covers how the financial institution guards the customer's personal information and how it shares information about customers."
      }
    ],
    "electronicConsent": [
      {
        "label": "Electronic Consent Agreement",
        "description": "Consenting to this agreement means the user agrees to receive electronically certain information such as statements or notices from the financial institution, and that the user agrees their use of the banking applications means they agree to allow those banking applications to perform banking operations, including transferring money or making payments, on their behalf."
      }
    ]
  }
}

Parameters

Parameter Description
If-Match
(header)
string
The entity tag that was returned in the ETag response. This must match the current entity tag of the resource.
body
(body)
consentTypeNames (required)
The set of consent type names

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consentTypeNames/v1.0.1/profile.json",
  "names": {
    "productTermsAndConditions": [
      {
        "label": "Product Terms and Conditions",
        "description": "The terms and conditions of use for bank accounts of a specific banking product. The user must consent to these terms and conditions in order to open a new account."
      }
    ],
    "termsAndConditions": [
      {
        "label": "Terms and Conditions",
        "description": "The terms and conditions associated with a specific bank account."
      }
    ],
    "privacyPolicy": [
      {
        "label": "Privacy Policy",
        "description": "The financial institution's privacy policy, which covers how the financial institution guards the customer's personal information and how it shares information about customers."
      }
    ],
    "electronicConsent": [
      {
        "label": "Electronic Consent Agreement",
        "description": "Consenting to this agreement means the user agrees to receive electronically certain information such as statements or notices from the financial institution, and that the user agrees their use of the banking applications means they agree to allow those banking applications to perform banking operations, including transferring money or making payments, on their behalf."
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: consentTypeNames
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
409 Conflict

The request does not include consent type names that are in use in existing consent resource.

This error response may have one of the following type values:

Schema: errorResponse

Response Headers

StatusDescription
200 ETag string
The ETag response header specifies an entity tag which must be provided in an If-Match request header for operations which update the resource.

API

The Consents API

getApi

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/ \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY'

GET https://api.devbank.apiture.com/consents/ HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

fetch('https://api.devbank.apiture.com/consents/',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY'
}

r = requests.get('https://api.devbank.apiture.com/consents/', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Top-level resources and operations in this API

GET /

Return links to the top-level resources and operations in this API.

Try It

Example responses

200 Response

{
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0",
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.1.0/profile.json",
  "_links": {}
}

Responses

StatusDescription
200 OK
OK.
Schema: root

getApiDoc

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/apiDoc \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY'

GET https://api.devbank.apiture.com/consents/apiDoc HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/apiDoc',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

fetch('https://api.devbank.apiture.com/consents/apiDoc',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/apiDoc',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY'
}

r = requests.get('https://api.devbank.apiture.com/consents/apiDoc', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/apiDoc");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/apiDoc", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return API definition document

GET /apiDoc

Return the OpenAPI document that describes this API.

Try It

Example responses

200 Response

{}

Responses

StatusDescription
200 OK
OK.
Schema: Inline

Response Schema

getLabels

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/consents/labels \
  -H 'Accept: application/hal+json' \
  -H 'Accept-Language: string' \
  -H 'API-Key: API_KEY'

GET https://api.devbank.apiture.com/consents/labels HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json
Accept-Language: string

var headers = {
  'Accept':'application/hal+json',
  'Accept-Language':'string',
  'API-Key':'API_KEY'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/consents/labels',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'Accept-Language':'string',
  'API-Key':'API_KEY'

};

fetch('https://api.devbank.apiture.com/consents/labels',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'Accept-Language' => 'string',
  'API-Key' => 'API_KEY'
}

result = RestClient.get 'https://api.devbank.apiture.com/consents/labels',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'Accept-Language': 'string',
  'API-Key': 'API_KEY'
}

r = requests.get('https://api.devbank.apiture.com/consents/labels', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/consents/labels");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "Accept-Language": []string{"string"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/consents/labels", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Localized Labels

GET /labels

Return a JSON object which defines labels for enumeration types defined by the schemas defined in this API. The labels in the response may not all match the requested language; some may be in the default language (en-us).

Parameters

Parameter Description
Accept-Language
(header)
string
The weighted language tags which indicate the user's preferred natural language for the localized labels in the response, as per RFC 7231.

Try It

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/labelGroups/v1.1.0/profile.json",
  "groups": {
    "fristGroup": {
      "unknown": {
        "label": "Unknown",
        "code": "0",
        "hidden": true
      },
      "key1": {
        "label": "Label for Key 1",
        "code": "1",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 1)"
          },
          "fr": {
            "label": "(French label for Key 1)"
          }
        }
      },
      "key2": {
        "label": "Label for Key 2",
        "code": "2",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 2)"
          },
          "fr": {
            "label": "(French label for Key 2)"
          }
        }
      },
      "key3": {
        "label": "Label for Key 3",
        "code": "3",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 3)"
          },
          "fr": {
            "label": "(French label for Key 3)"
          }
        }
      },
      "other": {
        "label": "Other",
        "variants": {
          "es": {
            "label": "(Spanish label for Other)"
          },
          "fr": {
            "label": "(French label for Other)"
          }
        },
        "code": "254"
      }
    },
    "secondGroup": {
      "unknown": {
        "label": "Unknown",
        "code": "?",
        "hidden": true
      },
      "optionA": {
        "label": "Option A",
        "code": "A"
      },
      "optionB": {
        "label": "Option B",
        "code": "B"
      },
      "optionC": {
        "label": "Option C",
        "code": "C"
      },
      "other": {
        "label": "Other",
        "code": "_"
      }
    }
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: labelGroups

Schemas

abstractRequest

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractRequest/v2.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/applications/"
    }
  }
}

Abstract Request (v2.0.0)

An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only

abstractResource

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractResource/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f"
    }
  }
}

Abstract Resource (v2.1.0)

An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

attributes

{}

Attributes (v2.1.0)

An optional map of name/value pairs which contains additional dynamic data about the resource.

Properties

collection

{
  "_links": {
    "property1": {
      "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Application"
    },
    "property2": {
      "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
      "title": "Application"
    }
  },
  "_embedded": {},
  "_profile": "http://example.com",
  "_error": {
    "_id": "2eae46e1575c0a7b0115a4b3",
    "message": "Descriptive error message...",
    "statusCode": 422,
    "type": "errorType1",
    "remediation": "Remediation string...",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "errors": [
      {
        "_id": "ccdbe2c5c938a230667b3827",
        "message": "An optional embedded error"
      },
      {
        "_id": "dbe9088dcfe2460f229338a3",
        "message": "Another optional embedded error"
      }
    ],
    "_links": {
      "describedby": {
        "href": "https://developer.apiture.com/errors/errorType1"
      }
    }
  },
  "count": 0,
  "start": 0,
  "limit": 0,
  "name": "string"
}

Collection (v2.1.0)

A collection of resources. This is an abstract model schema which is extended to define specific resource collections.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "state": "given",
  "givenAt": "2019-07-23T13:27:34.375Z",
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:revoke": {
      "href": "/consents/revokedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    },
    "apiture:rescind": {
      "href": "/consents/rescindedConsents?consent=0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Consent (v1.1.0)

Representation of a consent resource. Users consent or acceptance of a policy or other document.

Response and request bodies using this consent schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this consentGET
apiture:revokeRevoke a consentPOST
apiture:giveGive a consentPOST

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
document document
Properties of the target document.
type string
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
secondaryContextUri string(uri)
The URI of a secondary resource associated with this user's consent and the contextUri. For example, for consent of an account's terms and conditions, the secondary context might be the account.
maxLength: 2048
userId string
The user ID of the user who is requested to consent to a document. This is the _id of the User resource.
_id string
The unique identifier for this consent resource. This is an immutable opaque string.
read-only
state consentStates
The state of this consent.
read-only
givenAt string(date-time)
The time stamp when the user last consented to the document, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). This property is not set if state is pending.
read-only
requestRevokedAt string(date-time)
The time stamp when the user revoked consent, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). A revoked consent reflects a consent request that the user has previously given but has reversed. Revoking a consent sets the state back to pending and clears consentedAt.
read-only
requestRescindedAt string(date-time)
The time stamp when the consent request was rescinded by the requester, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). A rescinded consent reflects a consent request that the system or application has issued in the past but no longer requires. For example, if a user is removed as an authorized signer from an account and a consent is pending for that account's terms and conditions, the Accounts service may rescind that consent request. This property is set only if state is rescinded.
read-only

consentFields

{
  "document": {
    "uri": "http://example.com",
    "contentType": "application/pdf",
    "revisionId": "2019:1.2.0",
    "revisedAt": "2019-08-24T14:15:22Z"
  },
  "type": "string",
  "contextUri": "http://example.com",
  "secondaryContextUri": "http://example.com",
  "userId": "string"
}

Consent Fields (v1.1.0)

Common fields of the consent resource used to build other model schemas.

Properties

NameDescription
document document
Properties of the target document.
type string
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
secondaryContextUri string(uri)
The URI of a secondary resource associated with this user's consent and the contextUri. For example, for consent of an account's terms and conditions, the secondary context might be the account.
maxLength: 2048
userId string
The user ID of the user who is requested to consent to a document. This is the _id of the User resource.

consentStates

"pending"

Consent States (v1.0.0)

The state of a consent resource.

Type: string
Enumerated values:
pending
given
stale
rescinded
revoked

consentTypeNames

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consentTypeNames/v1.0.1/profile.json",
  "names": {
    "productTermsAndConditions": [
      {
        "label": "Product Terms and Conditions",
        "description": "The terms and conditions of use for bank accounts of a specific banking product. The user must consent to these terms and conditions in order to open a new account."
      }
    ],
    "termsAndConditions": [
      {
        "label": "Terms and Conditions",
        "description": "The terms and conditions associated with a specific bank account."
      }
    ],
    "privacyPolicy": [
      {
        "label": "Privacy Policy",
        "description": "The financial institution's privacy policy, which covers how the financial institution guards the customer's personal information and how it shares information about customers."
      }
    ],
    "electronicConsent": [
      {
        "label": "Electronic Consent Agreement",
        "description": "Consenting to this agreement means the user agrees to receive electronically certain information such as statements or notices from the financial institution, and that the user agrees their use of the banking applications means they agree to allow those banking applications to perform banking operations, including transferring money or making payments, on their behalf."
      }
    ]
  }
}

Consent Type Names (v1.0.1)

A list of allowed consent type names and their labels and descriptions.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
names localizedLabels
An object which maps consent type names to their labels and descriptions.

consents

{
  "_profile": "https://production.api.apiture.com/schemas/consents/consents/v1.1.0/profile.json",
  "start": 10,
  "limit": 10,
  "count": 67,
  "name": "consents",
  "_links": {
    "self": {
      "href": "/consents/consents?start=10&limit=10"
    },
    "first": {
      "href": "/consents/consents?start=0&limit=10"
    },
    "next": {
      "href": "/consents/consents?start=20&limit=10"
    },
    "collection": {
      "href": "/consents/consents"
    }
  },
  "_embedded": {
    "items": [
      {
        "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
          }
        }
      },
      {
        "_id": "d62c0701-0d74-4836-83f9-ebf3709442ea",
        "_profile": "https://production.api.apiture.com/schemas/consents/consent/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "/consents/consents/d62c0701-0d74-4836-83f9-ebf3709442ea"
          }
        }
      }
    ]
  }
}

Consent Collection (v1.1.0)

Collection of consents. The items in the collection are ordered in the _embedded.items array; the name is consents. The top-level _links object may contain pagination links (self, next, prev, first, last, collection).

Response and request bodies using this consents schema may contain the following links:

RelSummaryMethod
selfThis filtered page of resultsGET
collectionThe raw collection without filters/sortingGET
nextFetch the next page of resultsGET
prevFetch the previous page of resultsGET

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
Embedded objects.
» items [summaryConsent]
An array containing a page of consent items.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

createConsent

{
  "_profile": "https://production.api.apiture.com/schemas/consents/createConsent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisionId": "2019:1.02.0",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a"
}

Create Consent (v1.1.0)

Representation used to create a new consent.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
document document (required)
Properties of the target document.
type string (required)
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
secondaryContextUri string(uri)
The URI of a secondary resource associated with this user's consent and the contextUri. For example, for consent of an account's terms and conditions, the secondary context might be the account.
maxLength: 2048
userId string (required)
The user ID of the user who is requested to consent to a document. This is the _id of the User resource.

document

{
  "uri": "http://example.com",
  "contentType": "application/pdf",
  "revisionId": "2019:1.2.0",
  "revisedAt": "2019-08-24T14:15:22Z"
}

Document (v1.0.0)

Properties of a target document.

Properties

NameDescription
uri string(uri) (required)
The URI of the target document that the user is consenting to. If the document is revised, this consent is marked as stale. (Note: This need not be a document in the Apiture vault.)
maxLength: 2048
contentType any (required)
The media type for the document. For text documents, the content type should include the text encoding; if omitted, the encoding type is assumed to be utf-8.
revisionId string
The revision identifier of the document revision the user consented to. If the content management system in which the document is stored does not define revision identifiers or tags, this may be omitted and defaults to the revision time stamp.
revisedAt string(date-time) (required)
The time stamp when the target document was last revised (modified), in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).

error

{
  "_id": "2eae46e1575c0a7b0115a4b3",
  "message": "Descriptive error message...",
  "statusCode": 422,
  "type": "errorType1",
  "remediation": "Remediation string...",
  "occurredAt": "2018-01-25T05:50:52.375Z",
  "errors": [
    {
      "_id": "ccdbe2c5c938a230667b3827",
      "message": "An optional embedded error"
    },
    {
      "_id": "dbe9088dcfe2460f229338a3",
      "message": "Another optional embedded error"
    }
  ],
  "_links": {
    "describedby": {
      "href": "https://developer.apiture.com/errors/errorType1"
    }
  }
}

Error (v2.1.0)

Describes an error in an API request or in a service called via the API.

Properties

NameDescription
message string (required)
A localized message string describing the error condition.
_id string
A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string.
read-only
statusCode integer
The HTTP status code associate with this error.
minimum: 100
maximum: 599
type string
An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet.
occurredAt string(date-time)
An RFC 3339 UTC time stamp indicating when the error occurred.
attributes attributes
Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type.
remediation string
An optional localized string which provides hints for how the user or client can resolve the error.
errors [error]
An optional array of nested error objects. This property is not always present.
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

errorResponse

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.0/profile.json",
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Error Response (v2.1.0)

Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

labelGroup

{
  "unknown": {
    "label": "Unknown",
    "code": "0",
    "hidden": true
  },
  "under1Million": {
    "label": "Under $1M",
    "code": "1",
    "range": "[0,1000000.00)",
    "variants": {
      "fr": {
        "label": "Moins de $1M"
      }
    }
  },
  "from1to10Million": {
    "label": "$1M to $10M",
    "code": "2",
    "range": "[1000000.00,10000000.00)",
    "variants": {
      "fr": {
        "label": "$1M \\u00e0 $10M"
      }
    }
  },
  "from10to100Million": {
    "label": "$10M to $100M",
    "code": "3",
    "range": "[10000000.00,100000000.00)",
    "variants": {
      "fr": [
        "label $10M \\u00e0 $100M"
      ]
    }
  },
  "over100Million": {
    "label": "Over $100,000,000.00",
    "code": "4",
    "range": "[100000000.00,]",
    "variants": {
      "fr": {
        "label": "Plus de $10M"
      }
    }
  },
  "other": {
    "label": "Other",
    "code": 254
  }
}

Label Group (v1.0.0)

A map that defines labels for the items in a group. This is a map from each item namea labelItem object. For example, consider a JSON response that includes a property named revenueEstimate; the values for revenueEstimate must be one of the items in the group named estimatedAnnualRevenue, with options ranging under1Million, to over100Million. The item name is used as the selected value in an Apiture representation, such as { ..., "revenueEstimate" : "from10to100Million" , ...}, and the item with the name from10to100Million defines the presentation labels for that item, as well as other metadata about that choice: this is the range [10000000.00,100000000.00).

This allows the client to let the user select a value from a list, such as the following derived from the labels in the example:

Note that the other item is hidden from the selection list, as that item is marked as hidden. For items which define numeric ranges, a client may instead let the customer directly enter their estimated annual revenue as a number, such as 4,500,000.00. The client can then match that number to one of ranges in the items and set the revenueEstimate to the corresponding item's name: { ..., "revenueEstimate" : "from1to10Million", ... }.

Properties

NameDescription
additionalProperties labelItem
An item in a labelGroup, with a set of variants which contains different localized labels for the item. Each (simpleLabel) variant defines the presentation text label and optional description for a language. Items may also have a lookup code to map to external syststems, a numeric range, and a hidden boolean to indicate the item is normally hidden in the UI.

labelGroups

{
  "_profile": "https://production.api.apiture.com/schemas/common/labelGroups/v1.1.0/profile.json",
  "groups": {
    "fristGroup": {
      "unknown": {
        "label": "Unknown",
        "code": "0",
        "hidden": true
      },
      "key1": {
        "label": "Label for Key 1",
        "code": "1",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 1)"
          },
          "fr": {
            "label": "(French label for Key 1)"
          }
        }
      },
      "key2": {
        "label": "Label for Key 2",
        "code": "2",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 2)"
          },
          "fr": {
            "label": "(French label for Key 2)"
          }
        }
      },
      "key3": {
        "label": "Label for Key 3",
        "code": "3",
        "variants": {
          "es": {
            "label": "(Spanish label for Key 3)"
          },
          "fr": {
            "label": "(French label for Key 3)"
          }
        }
      },
      "other": {
        "label": "Other",
        "variants": {
          "es": {
            "label": "(Spanish label for Other)"
          },
          "fr": {
            "label": "(French label for Other)"
          }
        },
        "code": "254"
      }
    },
    "secondGroup": {
      "unknown": {
        "label": "Unknown",
        "code": "?",
        "hidden": true
      },
      "optionA": {
        "label": "Option A",
        "code": "A"
      },
      "optionB": {
        "label": "Option B",
        "code": "B"
      },
      "optionC": {
        "label": "Option C",
        "code": "C"
      },
      "other": {
        "label": "Other",
        "code": "_"
      }
    }
  }
}

Label Groups (v1.1.0)

A set of named groups of labels, each of which contains multiple item labels.

The abbreviated example shows two groups, one named structure and one named estimatedAnnualRevenue. The first has items with names such as corporation, llc and soleProprietorship, with text labels for each in the default and in French. The second has items for estimated revenue ranges but no localized labels. For example, the item named from1to10Million has the label "$1M to $10M" and the range [1000000.00,10000000.00).

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
groups object
Groups of localized labels. This maps group namesa group of labels within that group.
» additionalProperties labelGroup
A map that defines labels for the items in a group. This is a map from each item namea labelItem object. For example, consider a JSON response that includes a property named revenueEstimate; the values for revenueEstimate must be one of the items in the group named estimatedAnnualRevenue, with options ranging under1Million, to over100Million. The item name is used as the selected value in an Apiture representation, such as { ..., "revenueEstimate" : "from10to100Million" , ...}, and the item with the name from10to100Million defines the presentation labels for that item, as well as other metadata about that choice: this is the range [10000000.00,100000000.00).

This allows the client to let the user select a value from a list, such as the following derived from the labels in the example:

  • Unknown
  • Under $1M
  • $1M to $10M
  • $10M to $100M
  • $100M or more

Note that the other item is hidden from the selection list, as that item is marked as hidden. For items which define numeric ranges, a client may instead let the customer directly enter their estimated annual revenue as a number, such as 4,500,000.00. The client can then match that number to one of ranges in the items and set the revenueEstimate to the corresponding item's name: { ..., "revenueEstimate" : "from1to10Million", ... }.

labelItem

{
  "over100Million": {
    "label": "Over $100,000,000.00",
    "code": "4",
    "range": "[100000000.00,]",
    "variants": {
      "fr": {
        "label": "Plus de $10M"
      }
    }
  }
}

Label Item (v1.0.0)

An item in a labelGroup, with a set of variants which contains different localized labels for the item. Each (simpleLabel) variant defines the presentation text label and optional description for a language. Items may also have a lookup code to map to external syststems, a numeric range, and a hidden boolean to indicate the item is normally hidden in the UI.

Properties

NameDescription
label string (required)
A label or title which may be used as labels or other UI controls which present a value.
description string
A more detailed localized description of a localizable label.
variants object
The language-specific variants of this label. The keys in this object are RFC 7231 language codes.
» additionalProperties simpleLabel
A text label and optional description.
code string
If the localized value is associated with an external standard or definition, this is a lookup code or key or URI for that value.
minLength: 1
hidden boolean
If true, this item is normally hidden from the User Interface.
range string
The range of values, if the item describes a bounded numeric value. This is range notation such as [min,max], (exclusiveMin,max], [min,exclusiveMax), or (exclusiveMin,exclusiveMax). For example, [0,100) is the range greater than or equal to 0 and less than 100. If the min or max value are omitted, that end of the range is unbounded. For example, (,1000.00) means less than 1000.00 and [20000.00,] means 20000.00 or more. The ranges do not overlap or have gaps.
pattern: ^[\[\(](-?(0|[1-9][0-9]*)(\.[0-9]+)?)?,(-?(0|[1-9][0-9]*)(\.[0-9]+)?)?[\]\)]$

{
  "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
  "title": "Application"
}

Link (v1.0.0)

Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

Properties

NameDescription
href string(uri) (required)
The URI or URI template for the resource/operation this link refers to.
type string
The media type for the resource.
templated boolean
If true, the link's href is a URI template.
title string
An optional human-readable localized title for the link.
deprecation string(uri)
If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation.
profile string(uri)
The URI of a profile document, a JSON document which describes the target resource/operation.

{
  "property1": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  },
  "property2": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  }
}

Links (v1.0.0)

An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

Properties

NameDescription
additionalProperties link
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

localizedLabel

{
  "label": "Limited Liability Corporation",
  "description": "string",
  "language": "en-us",
  "code": "31"
}

Localized Label (v1.0.0)

A localized label and optional description for localizable content defined in this API.

Properties

NameDescription
label string
A localized label or title which may be used to decorate UI controls which present a value.
description string
A more detailed localized description of this label.
language string
The natural language tag to which this localized label is associated, as per RFC 7231. If empty, this item serves as the default label in case no label matches the caller's language.
code string
If the localized value is associated with an external standard, this is a lookup code or key or URI for that value.

localizedLabels

{
  "property1": [
    {
      "label": "Limited Liability Corporation",
      "description": "string",
      "language": "en-us",
      "code": "31"
    }
  ],
  "property2": [
    {
      "label": "Limited Liability Corporation",
      "description": "string",
      "language": "en-us",
      "code": "31"
    }
  ]
}

Localized Labels (v1.0.0)

An object that maps a name to an array of labels, descriptions and a language (locale) code for the label and description. The first item in the array should be the default label/description; the remaining items must have a language.

Properties

NameDescription
additionalProperties [localizedLabel]
[A localized label and optional description for localizable content defined in this API.]

movedDocument

{
  "_profile": "https://production.api.apiture.com/schemas/consents/movedDocument/v1.0.0/profile.json",
  "type": "productTermsAndConditions",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Moved Document (v1.0.0)

Details about a target document that has been moved or revised.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
uri string(uri) (required)
The original URI of the target document.
maxLength: 2048
newUri string(uri) (required)
The new URI of the target document. All matching consents' document.uri is updated updated to this new document URI, but their state is not changed.
maxLength: 2048
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
type string (required)
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.

revisedDocument

{
  "_profile": "https://production.api.apiture.com/schemas/consents/revisedDocument/v1.0.1/profile.json",
  "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
  "revisionId": "2019:1.2.0",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "revisedAt": "2019-10-05T10:30:00.000Z",
  "type": "productTermsAndConditions",
  "newUri": "/vault/files/da66d490-2b72-4809-9b97-9b33039371f8/content"
}

Revised Document (v1.0.1)

Details about a target document that has been moved or revised.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
uri string(uri) (required)
The URI of the target document that the user is consenting to. If the document is revised, this consent is marked as stale. (Note: This need not be a document in the Apiture vault.)
maxLength: 2048
contentType any (required)
The media type for the document. For text documents, the content type should include the text encoding; if omitted, the encoding type is assumed to be utf-8.
revisionId string
The revision identifier of the document revision the user consented to. If the content management system in which the document is stored does not define revision identifiers or tags, this may be omitted and defaults to the revision time stamp.
revisedAt string(date-time) (required)
The time stamp when the target document was last revised (modified), in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ).
newUri string(uri)
The URI of the revised target document, if the document has moved. All matching consents have their document.uri updated to this new document URI.
maxLength: 2048
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent is requested for a specific document. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
type string (required)
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.

root

{
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0",
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.1.0/profile.json",
  "_links": {}
}

API Root (v2.1.0)

A HAL response, with hypermedia _links for the top-level resources and operations in API.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
_id string
This API's unique ID.
read-only
name string
This API's name.
apiVersion string
This API's version.

simpleLabel

{
  "label": "Board of Directors",
  "description": "string"
}

Simple Label (v1.0.0)

A text label and optional description.

Properties

NameDescription
label string (required)
A label or title which may be used as labels or other UI controls which present a value.
description string
A more detailed localized description of a localizable label.

summaryConsent

{
  "_id": "0399abed-fd3d-4830-a88b-30f38b8a365c",
  "_profile": "https://production.api.apiture.com/schemas/consents/summaryConsent/v1.1.0/profile.json",
  "document": {
    "uri": "/vault/files/fd44d565-0086-4caf-8d9f-3b7681809251/content",
    "contentType": "application/pdf",
    "revisedAt": "2019-07-23T08:26:45.375Z"
  },
  "type": "productTermsAndConditions",
  "userId": "5a5e834c-a7bd-401c",
  "state": "pending",
  "contextUri": "/products/products/34011fe5-192d-4ffb-be32-e7215e56028a",
  "_links": {
    "self": {
      "href": "/consents/consents/0399abed-fd3d-4830-a88b-30f38b8a365c"
    }
  }
}

Consent Summary (v1.1.0)

Summary representation of a consent resource in consents collections. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get _embedded objects.

Properties

NameDescription
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.
_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
document document
Properties of the target document.
type string
Describe what kind of consent this is. This value must be one of the type names in the /consentTypeNames resource.
contextUri string(uri)
The URI of a resource that establishes the context in which the financial institution asks for the user's consent. For example, for consent of an account's terms and conditions, the context might be the banking product for that account.
maxLength: 2048
secondaryContextUri string(uri)
The URI of a secondary resource associated with this user's consent and the contextUri. For example, for consent of an account's terms and conditions, the secondary context might be the account.
maxLength: 2048
userId string
The user ID of the user who is requested to consent to a document. This is the _id of the User resource.
_id string
The unique identifier for this consent resource. This is an immutable opaque string.
read-only
state consentStates
The state of this consent.
read-only
givenAt string(date-time)
The time stamp when the user last consented to the document, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). This property is not set if state is pending.
read-only
requestRevokedAt string(date-time)
The time stamp when the user revoked consent, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). A revoked consent reflects a consent request that the user has previously given but has reversed. Revoking a consent sets the state back to pending and clears consentedAt.
read-only
requestRescindedAt string(date-time)
The time stamp when the consent request was rescinded by the requester, in RFC 3339 UTC date-time format (YYYY-MM-DDThh:mm:ss.sssZ). A rescinded consent reflects a consent request that the system or application has issued in the past but no longer requires. For example, if a user is removed as an authorized signer from an account and a consent is pending for that account's terms and conditions, the Accounts service may rescind that consent request. This property is set only if state is rescinded.
read-only