Partner Real-Time Payment Webhooks v0.1.1

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

This API defines a webhook which a partner provider, Open Payment Network (OPN), may use to inform Apiture Digital Banking of an incoming real-time payment (also known as a debit real-time payment - one that debits the sender's account).

This is a vendor-specific partner API.

Download OpenAPI Definition (YAML)

Base URLs:

https://api.apiture.com/partners

Email: Apiture Web: Apiture

License: Apiture API License

Authentication

OAuth2 authentication (clientCredentials)
- Client Credentials OAuth2 flow that allows a secure service application to access resources. (This access is not used with insecure clients such as web or mobile applications.) See details at Secure Access.
- Flow: clientCredentials
- Token URL = https://dev-oidc.apiture-comm-nonprod.com/oidc/token

Scope	Scope Description
`realtimePayments/write`	For webhook calls from real-time payment processors when a financial institution receives an incoming real-time payment.

Real-Time Payment Partner Webhooks

sendIncomingRealTimePayments

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/problem+json' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/problem+json

const fetch = require('node-fetch');
const inputBody = '{
  "source_url": "string",
  "webhook_url": "string",
  "transfers": [
    {
      "id": "string",
      "url": "string",
      "currency": "string",
      "amount": "0",
      "workflow_type": "string"
    }
  ]
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/problem+json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/problem+json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/problem+json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Inform Apiture Digital Banking of an incoming real-time payment from Open Payment Network.

POST https://api.apiture.com/partners/openPaymentNetwork/incomingRealTimePayments

The vendor Open Payment Network (OPN) uses this webhook to inform ADB of new or updated real-time payments which debit the senders' accounts and credit the recipients' account at this financial institution.

Body parameter

{
  "source_url": "string",
  "webhook_url": "string",
  "transfers": [
    {
      "id": "string",
      "url": "string",
      "currency": "string",
      "amount": "0",
      "workflow_type": "string"
    }
  ]
}

Parameters

Parameter	Description
`body`	`incomingPartnerRealTimePayments` (required)

Example responses

400 Response

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/badRequest/v1.0.0",
  "title": "Bad Request",
  "status": 400,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "Input did not parse as JSON",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Responses

Status	Description
200	OK
	OK.

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This problem responsemay have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `Inline`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem responsemay have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem responsemay have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem responsemay have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This problem responsemay have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `Inline`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem responsemay have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem responsemay have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem responsemay have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Schemas

TransferDetail

{
  "id": "string",
  "url": "string",
  "currency": "string",
  "amount": "0",
  "workflow_type": "string"
}

Transfer Detail (v1.0.0)

The vendor-defined payload for each real-time payment in a webhook message.

Properties

Name	Description
`Transfer Detail (v1.0.0)`	`object` The vendor-defined payload for each real-time payment in a webhook message.
`id`	`string` (required) The ID of the transfer `minLength: 1` `maxLength: 32`
`url`	`string` (required) The web URL of the transfer
`currency`	`string` (required) An ISO 4217 currency (3 uppercase letters) `pattern: "^[A-Z]{3}$"`
`amount`	`string` (required) The amount of the transfer `default: "0"` `pattern: "^[0-9]{1,16}([.][0-9]{0,3})?$"`
`workflow_type`	`string` (required) The type of transfer. Some common transfer types are: `profile_to_profile` Send funds. This transfer type supports payment codes and invitations to people outside the platform. `redeem` Deposit funds into a linked ACH account. `send_rtp_credit` Send funds using RTP. `send_fednow_credit` Send funds using FedNow. `receive_rtp_credit` Receive funds using RTP. `receive_fednow_credit` Receive funds using FedNow.

apiProblem

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists at the given account_url",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

API Problem (v1.2.1)

API problem or error, as per RFC 7807 application/problem+json.

Properties

Name	Description
`API Problem (v1.2.1)`	`object` API problem or error, as per RFC 7807 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`

challengeFactor

{
  "type": "sms",
  "labels": [
    "9876"
  ]
}

Challenge Factor (v1.2.1)

A challenge factor. See requiredIdentityChallenge for multiple examples.

Properties

Name Description

Challenge Factor (v1.2.1) object
A challenge factor. See requiredIdentityChallenge for multiple examples.

id

challengeFactorId
The ID of an a challenge factor. This ID is unique within the challenge factors associated with a challenge. The client should pass this id value as the factorId when starting or verifying a challenge factor.

Note: The id will become required in a future update to this schema.
minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

type

challengeFactorType (required)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

enum values: sms, email, voice, securityQuestions, authenticatorToken

labels array: [string]
A list of text label which identifies the channel(s) through which the user completes the challenge. For an sms or voice challenge, the only label item is the last four digits of the corresponding phone number. For an email challenge, each label is the masked email address.
minItems: 1
maxItems: 4
items: string(text)
» format: text
» maxLength: 300

securityQuestions challengeSecurityQuestions
Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

challengeFactorId

"string"

Challenge Factor ID (v1.0.0)

The ID of an a challenge factor. This ID is unique within the factors offered with a challenge.

type: string

minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

challengeFactorType

"sms"

Challenge Factor Type (v1.0.0)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

type: string

enum values: sms, email, voice, securityQuestions, authenticatorToken

challengeOperationId

"string"

Challenge Operation ID (v1.0.1)

The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses.

type: string

minLength: 6
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{6,48}$"

challengePromptId

"string"

Challenge Prompt ID (v1.0.0)

The unique ID of a prompt (such as a security question) in a challenge factor.

type: string

minLength: 1
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]+$"

challengeSecurityQuestion

{
  "id": "74699fa628911e762ea5",
  "prompt": "What is your mother's maiden name?"
}

Challenge Security Question (v1.0.1)

A single security question within the questions array of the challengeSecurityQuestions

Properties

Name	Description
`Challenge Security Question (v1.0.1)`	`object` A single security question within the `questions` array of the `challengeSecurityQuestions`
`id`	`challengePromptId` (required) The unique ID of security question prompt. This should be included in the `challengeVerification` response as the `promptId`. `minLength: 1` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]+$"`
`prompt`	`string(text)` (required) The text prompt of this security question. `format: text` `maxLength: 80`

challengeSecurityQuestions

{
  "questions": [
    {
      "id": "q1",
      "prompt": "What is your mother's maiden name?"
    },
    {
      "id": "q4",
      "prompt": "What is your high school's name?"
    },
    {
      "id": "q9",
      "prompt": "What is the name of your first pet?"
    }
  ]
}

Challenge Security Questions (v1.0.1)

Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

Properties

Name	Description
`Challenge Security Questions (v1.0.1)`	`object` Describes a `securityQuestions` challenge. This is omitted if the challenge `type` is not `securityQuestions`.
`questions`	`array: [challengeSecurityQuestion]` (required) The array of security questions. `minItems: 1` `maxItems: 8` items: `object`

incomingPartnerRealTimePayments

{
  "source_url": "string",
  "webhook_url": "string",
  "transfers": [
    {
      "id": "string",
      "url": "string",
      "currency": "string",
      "amount": "0",
      "workflow_type": "string"
    }
  ]
}

Incoming Partner Real Time Payments (v1.0.0)

The vendor-defined webhook body payload for new incoming real-time payments or updates to real-time payments.

Properties

Name	Description
`Incoming Partner Real Time Payments (v1.0.0)`	`object` The vendor-defined webhook body payload for new incoming real-time payments or updates to real-time payments.
`source_url`	`string` (required) The platform URL for managing this webhook.
`webhook_url`	`string` (required) The handler URL.
`transfers`	`array: [TransferDetail]` (required) [The vendor-defined payload for each real-time payment in a webhook message.] items: `object`

problemResponse

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists for the given account reference",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Problem Response (v0.4.1)

API problem or error response, as per RFC 9457 application/problem+json.

Properties

Name	Description
`Problem Response (v0.4.1)`	`object` API problem or error response, as per RFC 9457 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

readOnlyResourceId

"string"

Read-only Resource Identifier (v1.0.1)

The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.

type: string

read-only
minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

readOnlyTimestamp

"2021-10-30T19:06:04.250Z"

Read-Only Timestamp (v1.0.0)

A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.

type: string(date-time)

read-only
format: date-time
minLength: 20
maxLength: 30

requiredIdentityChallenge

{
  "operationId": "createTransfer",
  "challengeId": "0504076c566a3cf7009c",
  "factors": [
    {
      "type": "sms",
      "labels": [
        "9876"
      ],
      "id": "85c0ee5753fcd0b0953f"
    },
    {
      "type": "voice",
      "labels": [
        "9876"
      ],
      "id": "d089e10a80a8627df37b"
    },
    {
      "type": "voice",
      "labels": [
        "6754"
      ],
      "id": "10506ecf9d1c2ee00403"
    },
    {
      "type": "email",
      "labels": [
        "an****nk@example.com",
        "an****98@example.com"
      ],
      "id": "e917d671cb2f030b56f1"
    },
    {
      "type": "authenticatorToken",
      "labels": [
        "Acme fob"
      ],
      "id": "fe6c452d7da0bbb4e407"
    },
    {
      "type": "securityQuestions",
      "securityQuestions": {
        "questions": [
          {
            "id": "q1",
            "prompt": "What is your mother's maiden name?"
          },
          {
            "id": "q4",
            "prompt": "What is your high school's name?"
          },
          {
            "id": "q9",
            "prompt": "What is the name of your first pet?"
          }
        ]
      },
      "id": "df33c6f88a37d6b3f0a6"
    }
  ]
}

Required Challenge (v1.2.3)

A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is challengeRequired. See the "Challenge API" for details.

Properties

Name	Description
`Required Challenge (v1.2.3)`	`object` A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is `challengeRequired`. See the "Challenge API" for details.
`operationId`	`challengeOperationId` (required) The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses. `minLength: 6` `maxLength: 48` `pattern: "^[-a-zA-Z0-9$_]{6,48}$"`
`challengeId`	`readOnlyResourceId` (required) The unique ID of this challenge instance. This is an opaque string. This is passed when starting a challenge factor or when validating the identity challenge responses. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`factors`	`array: [challengeFactor]` (required) A list of challenge factors. The user must complete one of these challenge factors. The `labels` in each factor identify one or more channels the user may use, such as a list of email addresses the system may use to send a one-time passcode to the user. *Note: The same channel may be used by multiple factors in the array of factors. For example, the user's primary mobile phone number may be used for both an `sms` factor and a `voice` factor. `minItems: 1` `maxItems: 8` items: `object`

resourceId

"string"

Resource Identifier (v1.0.1)

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

type: string

minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

Generated by @apiture/api-doc 3.2.4 on Wed Mar 26 2025 19:42:36 GMT+0000 (Coordinated Universal Time).