Customer Sessions v0.3.0
Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.
The Customer Sessions API provides the mechanisms to manipulate authenticated sessions. This API allows the trusted caller to terminate or resume customer sessions on the back-end. When a session is resumed, the expiration is reset. This is an internal API and is not intended for public use.
Download OpenAPI Definition (YAML)
Base URLs:
License: Apiture API License
Customer Sessions
Customer Sessions
terminateCustomerSession
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/system/terminatedCustomerSessions \
-H 'Content-Type: application/json' \
-H 'Accept: application/problem+json'
POST https://api.apiture.com/system/terminatedCustomerSessions HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/problem+json
const fetch = require('node-fetch');
const inputBody = '{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/problem+json'
};
fetch('https://api.apiture.com/system/terminatedCustomerSessions',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/problem+json'
};
$.ajax({
url: 'https://api.apiture.com/system/terminatedCustomerSessions',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/problem+json'
}
result = RestClient.post 'https://api.apiture.com/system/terminatedCustomerSessions',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/problem+json'
}
r = requests.post('https://api.apiture.com/system/terminatedCustomerSessions', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/system/terminatedCustomerSessions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/problem+json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/system/terminatedCustomerSessions", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Terminate a customer session
POST https://api.apiture.com/system/terminatedCustomerSessions
Terminates a customer session and prevents any further use of the session.
Body parameter
{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e"
}
Parameters
| Parameter | Description |
|---|---|
body | customerSession (required) |
Example responses
400 Response
{
"id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
"type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
"title": "Account Not Found",
"status": 422,
"occurredAt": "2022-04-25T12:42:21.375Z",
"detail": "No account exists for the given account reference",
"instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}
Responses
| Status | Description |
|---|---|
| 204 | No Content |
| No Content. The operation succeeded but returned no response body. |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following
| |
Schema: problemResponse |
| Status | Description |
|---|---|
| 401 | Unauthorized |
Unauthorized. The operation require authentication but none was given. This error response may have one of the following
| |
Schema: problemResponse | |
| Header | WWW-Authenticatestring |
| Optionally indicates the authentication scheme(s) and parameters applicable to the target resource/operation. This normally occurs if the request requires authentication but no authentication was passed. A 401 Unauthorized response may also be used for operations that have valid credentials but which require step-up authentication. |
| Status | Description |
|---|---|
| 403 | Forbidden |
Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following
| |
Schema: problemResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid. This error response may have one of the following
| |
Schema: problemResponse |
resumeCustomerSession
Code samples
# You can also use wget
curl -X POST https://api.apiture.com/system/resumedCustomerSessions \
-H 'Content-Type: application/json' \
-H 'Accept: application/json'
POST https://api.apiture.com/system/resumedCustomerSessions HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json
const fetch = require('node-fetch');
const inputBody = '{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e",
"customerId": "9fa37c6c-2198",
"institutionId": "BOOIL"
}';
const headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
fetch('https://api.apiture.com/system/resumedCustomerSessions',
{
method: 'POST',
body: inputBody,
headers: headers
})
.then(function(res) {
return res.json();
}).then(function(body) {
console.log(body);
});
var headers = {
'Content-Type':'application/json',
'Accept':'application/json'
};
$.ajax({
url: 'https://api.apiture.com/system/resumedCustomerSessions',
method: 'post',
headers: headers,
success: function(data) {
console.log(JSON.stringify(data));
}
})
require 'rest-client'
require 'json'
headers = {
'Content-Type' => 'application/json',
'Accept' => 'application/json'
}
result = RestClient.post 'https://api.apiture.com/system/resumedCustomerSessions',
params: {
}, headers: headers
p JSON.parse(result)
import requests
headers = {
'Content-Type': 'application/json',
'Accept': 'application/json'
}
r = requests.post('https://api.apiture.com/system/resumedCustomerSessions', params={
}, headers = headers)
print r.json()
URL obj = new URL("https://api.apiture.com/system/resumedCustomerSessions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
System.out.println(response.toString());
package main
import (
"bytes"
"net/http"
)
func main() {
headers := map[string][]string{
"Content-Type": []string{"application/json"},
"Accept": []string{"application/json"},
}
data := bytes.NewBuffer([]byte{jsonReq})
req, err := http.NewRequest("POST", "https://api.apiture.com/system/resumedCustomerSessions", data)
req.Header = headers
client := &http.Client{}
resp, err := client.Do(req)
// ...
}
Resume a customer session
POST https://api.apiture.com/system/resumedCustomerSessions
Resume a customer session and reset any expiration timeout associated with this session. Allows the customer to continue to use the session without requiring session verification. This operation might create a new session if the customer session had expired.
Body parameter
{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e",
"customerId": "9fa37c6c-2198",
"institutionId": "BOOIL"
}
Parameters
| Parameter | Description |
|---|---|
body | resumedCustomerSession (required) |
Example responses
200 Response
{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e"
}
Responses
| Status | Description |
|---|---|
| 200 | OK |
| OK. The customer session was extended. | |
Schema: customerSession | |
| 201 | Created |
| Created. A new customer session was initiated. | |
Schema: customerSession |
| Status | Description |
|---|---|
| 400 | Bad Request |
Bad Request. The request body, request headers, and/or query parameters are not well-formed. This error response may have one of the following
| |
Schema: problemResponse |
| Status | Description |
|---|---|
| 401 | Unauthorized |
Unauthorized. The operation require authentication but none was given. This error response may have one of the following
| |
Schema: problemResponse | |
| Header | WWW-Authenticatestring |
| Optionally indicates the authentication scheme(s) and parameters applicable to the target resource/operation. This normally occurs if the request requires authentication but no authentication was passed. A 401 Unauthorized response may also be used for operations that have valid credentials but which require step-up authentication. |
| Status | Description |
|---|---|
| 403 | Forbidden |
Forbidden. The authenticated caller is not authorized to perform the requested operation. This error response may have one of the following
| |
Schema: problemResponse |
| Status | Description |
|---|---|
| 422 | Unprocessable Entity |
Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid. This error response may have one of the following
| |
Schema: problemResponse |
Schemas
apiProblem
{
"id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
"type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
"title": "Account Not Found",
"status": 422,
"occurredAt": "2022-04-25T12:42:21.375Z",
"detail": "No account exists at the given account_url",
"instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}
API Problem (v1.1.0)
API problem or error, as per RFC 7807 application/problem+json.
Properties
| Name | Description |
|---|---|
type | string(uri-reference) A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". |
title | string A short, human-readable summary of the problem type. The title is usually the same for all problem with the same type. |
status | integer(int32) The HTTP status code for this occurrence of the problem. minimum: 100 maximum: 599 |
detail | string A human-readable explanation specific to this occurrence of the problem. |
instance | string(uri-reference) A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment |
id | string: readOnlyResourceId The unique identifier for this problem. This is an immutable opaque string. read-only minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ |
occurredAt | string(date-time): readOnlyTimestamp The timestamp when the problem occurred, in RFC 3339 date-time YYYY-MM-DDThh:mm:ss.sssZ format, UTC.read-only minLength: 20 maxLength: 30 |
problems | array: [apiProblem] Optional root-causes if there are multiple problems in the request or API call processing. |
attributes | object Additional optional attributes related to the problem. This data conforms to the schema associated with the error type. |
customerSession
{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e"
}
Customer Session Reference (v1.0.0)
Identifies an active session.
Properties
| Name | Description |
|---|---|
sessionId | string (required) The opaque, sensitive, session identifier used as an access token claim. maxLength: 128 |
institutionId
"TIBURON"
Institution ID (v1.0.0)
The unique immutable identifier of a financial institution.
Type: string
minLength: 2 maxLength: 9 pattern: ^[A-Z0-9_]{2,8}$
problemResponse
{
"id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
"type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
"title": "Account Not Found",
"status": 422,
"occurredAt": "2022-04-25T12:42:21.375Z",
"detail": "No account exists for the given account reference",
"instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}
Problem Response (v0.3.0)
API problem or error response, as per RFC 7807 application/problem+json.
Properties
| Name | Description |
|---|---|
type | string(uri-reference) A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be "about:blank". |
title | string A short, human-readable summary of the problem type. The title is usually the same for all problem with the same type. |
status | integer(int32) The HTTP status code for this occurrence of the problem. minimum: 100 maximum: 599 |
detail | string A human-readable explanation specific to this occurrence of the problem. |
instance | string(uri-reference) A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment |
id | string: readOnlyResourceId The unique identifier for this problem. This is an immutable opaque string. read-only minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ |
occurredAt | string(date-time): readOnlyTimestamp The timestamp when the problem occurred, in RFC 3339 date-time YYYY-MM-DDThh:mm:ss.sssZ format, UTC.read-only minLength: 20 maxLength: 30 |
problems | array: [apiProblem] Optional root-causes if there are multiple problems in the request or API call processing. |
attributes | object Additional optional attributes related to the problem. This data conforms to the schema associated with the error type. |
readOnlyResourceId
"string"
Read-only Resource Identifier (v1.0.0)
The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.
Type: string
read-only minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$
readOnlyTimestamp
"2021-10-30T19:06:04.250Z"
Read-Only Timestamp (v1.0.0)
A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.
The schema readOnlyTimestamp was added on version 0.4.0 of the API.
Type: string(date-time)
read-only minLength: 20 maxLength: 30
resourceId
"string"
Resource Identifier (v1.0.0)
The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.
Type: string
minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$
resumedCustomerSession
{
"sessionId": "login#1#6cf93423ff5647ad#4062217d6f04337fd31a76cea23ab7aad8bce93e71a9f0756daaf3cd1ae8579fea1601beb0521b7dbdac0ff4e",
"customerId": "9fa37c6c-2198",
"institutionId": "BOOIL"
}
Request to Resume or Create Customer Session (v1.0.0)
Request to resume a customer session or create a new one if the session has expired.
Properties
| Name | Description |
|---|---|
sessionId | string (required) The opaque, sensitive, session identifier used as an access token claim. maxLength: 128 |
customerId | string: resourceId The opaque identifier of the customer. minLength: 6 maxLength: 48 pattern: ^[-_:.~$a-zA-Z0-9]+$ |
institutionId | string: institutionId The opaque, immutable identifier of the financial institution. minLength: 2 maxLength: 9 pattern: ^[A-Z0-9_]{2,8}$ |