Apiture Authentication and Authorization Provider SAML API v0.3.1

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

This specifies an API provided by the Apiture authentication and authorization (OIDC) provider. The API provides operations related to encryption, signing, code compilation and code execution necessary for Apiture Digital Banking services and APIs to implement dynamic single-sign-on integrations required for FinTech Connector features. This API contains publicly accessible read-only operations to retrieve SAML metadata hosted by the provider.

Download OpenAPI Definition (YAML)

Base URLs:

https://api.apiture.com/system

Email: Apiture Web: Apiture

License: Apiture API License

Authentication

OAuth2 authentication (clientCredentials)
- Client Credentials OAuth2 flow that allows a secure service application to access resources. (This access is not used with insecure clients such as web or mobile applications.) See details at Secure Access.
- Flow: clientCredentials
- Token URL = https://dev-oidc.apiture-comm-nonprod.com/oidc/token

Scope	Scope Description
`bankingAdmin/read`	Read a wide variety of banking and other financial institution and customer data.
`bankingAdmin/write`	Write a wide variety of banking and other financial institution and customer data.
`adminData/read`	Read access to non-banking data and resources.
`adminData/write`	Read, write, and delete access to non-banking data and resources.
`samlPlatform/write`	Write access to security-critical Apiture internal key and certificate data.
`samlPlatform/read`	Read access to integration resources, e.g. supported codes.
`samlAdmin/write`	Write, delete and execute access to service provider metadata and SAML computation operations.
`systemIntegrations/read`	Read access to integration definition resources.
`systemIntegrations/write`	Write, delete and execute access to integration definition resources.

Metadata

SAML Metadata management and operations.

getApitureIdentityProviderSamlMetadata

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/system/saml/identityProvider/metadata \
  -H 'Accept: application/samlmetadata+xml'

GET https://api.apiture.com/system/saml/identityProvider/metadata HTTP/1.1
Host: api.apiture.com
Accept: application/samlmetadata+xml

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/samlmetadata+xml'

};

fetch('https://api.apiture.com/system/saml/identityProvider/metadata',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/samlmetadata+xml'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/identityProvider/metadata',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/samlmetadata+xml'
}

result = RestClient.get 'https://api.apiture.com/system/saml/identityProvider/metadata',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/samlmetadata+xml'
}

r = requests.get('https://api.apiture.com/system/saml/identityProvider/metadata', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/identityProvider/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/samlmetadata+xml"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/system/saml/identityProvider/metadata", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Read Apiture identity provider SAML Metadata

GET https://api.apiture.com/system/saml/identityProvider/metadata

Retrieve the SAML Metadata for the Apiture identity provider.

Example responses

200 Response

<?xml version="1.0" encoding="UTF-8" ?>
<serviceProviderXmlMetadata>&lt;EntityDescriptor ID=&quot;63dd531a-0ed9-451d-b2bc-747904ac5870&quot;
  entityID=&quot;https://auth.apiture.com/saml&quot;
  validUntil=&quot;2025-12-31T23:59:59Z&quot;
  cacheDuration=&quot;PT5M&quot;
  xmlns=&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;
  xmlns:saml2=&quot;urn:oasis:names:tc:SAML:2.0:assertion&quot;&gt;

  &lt;SPSSODescriptor protocolSupportEnumeration=&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;1&quot; /&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;2&quot; /&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;3&quot; /&gt;

      &lt;SingleLogoutService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;
                           Location=&quot;https://serviceprovider.company.com/saml/slo&quot; /&gt;
      &lt;SingleLogoutService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot;
                           Location=&quot;https://serviceprovider.company.com/saml/slo&quot; /&gt;

      &lt;ArtifactResolutionService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:SOAP&quot;
                                 Location=&quot;https://serviceprovider.company.com/saml/ars&quot;
                                 index=&quot;0&quot; /&gt;

      &lt;KeyDescriptor use=&quot;signing&quot;&gt;
          &lt;KeyInfo
              xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
              &lt;X509Data&gt;
                  &lt;X509Certificate&gt;SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS&lt;/X509Certificate&gt;
              &lt;/X509Data&gt;
          &lt;/KeyInfo&gt;
      &lt;/KeyDescriptor&gt;

      &lt;KeyDescriptor use=&quot;encryption&quot;&gt;
          &lt;KeyInfo
              xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
              &lt;X509Data&gt;
                  &lt;X509Certificate&gt;SP_PUBLIC_ENCRYPTION_CERTIFICATE&lt;/X509Certificate&gt;
              &lt;/X509Data&gt;
          &lt;/KeyInfo&gt;
          &lt;EncryptionMethod Algorithm=&quot;http://www.w3.org/2009/xmlenc11#aes256-gcm&quot; /&gt;
          &lt;EncryptionMethod Algorithm=&quot;http://www.w3.org/2001/04/xmlenc#aes256-cbc&quot; /&gt;
      &lt;/KeyDescriptor&gt;
  &lt;/SPSSODescriptor&gt;

  &lt;Organization&gt;
      &lt;OrganizationName xml:lang=&quot;en-GB&quot;&gt;Service Provider&lt;/OrganizationName&gt;
      &lt;OrganizationDisplayName xml:lang=&quot;en-GB&quot;&gt;Service Provider&lt;/OrganizationDisplayName&gt;
      &lt;OrganizationURL xml:lang=&quot;en-GB&quot;&gt;https://apiture.com/&lt;/OrganizationURL&gt;
  &lt;/Organization&gt;

  &lt;ContactPerson contactType=&quot;technical&quot;&gt;
      &lt;Company&gt;Service Provider&lt;/Company&gt;
      &lt;GivenName&gt;Responsible&lt;/GivenName&gt;
      &lt;SurName&gt;party&lt;/SurName&gt;
      &lt;EmailAddress&gt;responsible.party@serviceprovider.com&lt;/EmailAddress&gt;
  &lt;/ContactPerson&gt;
&lt;/EntityDescriptor&gt;</serviceProviderXmlMetadata>

400 Response

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/badRequest/v1.0.0",
  "title": "Bad Request",
  "status": 400,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "Input did not parse as JSON",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Responses

Status	Description
200	OK
	SAML metadata conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0.
	Schema: `serviceProviderXmlMetadata`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `Inline`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

setApitureIdentityProviderMetadataAndCert

Code samples

# You can also use wget
curl -X PUT https://api.apiture.com/system/saml/identityProvider/metadata \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

PUT https://api.apiture.com/system/saml/identityProvider/metadata HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>",
  "privateKey": "-----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----",
  "passphrase": "P/\\$$w0rdS3cr3+!"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/identityProvider/metadata',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/identityProvider/metadata',
  method: 'put',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.put 'https://api.apiture.com/system/saml/identityProvider/metadata',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.put('https://api.apiture.com/system/saml/identityProvider/metadata', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/identityProvider/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://api.apiture.com/system/saml/identityProvider/metadata", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create or update Apiture SAML identity provider metadata and key

PUT https://api.apiture.com/system/saml/identityProvider/metadata

Create or update the Apiture identity provider metadata file and certificate information, including the private key information used by the provider internally.

Body parameter

{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>",
  "privateKey": "-----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----",
  "passphrase": "P/\\$$w0rdS3cr3+!"
}

Parameters

Parameter	Description
`body`	`newSamlProviderMetadata` (required) The SAML metadata and X.509 certificate private key information.

Example responses

200 Response

{
  "metadata": "string",
  "url": "https://auth.apiture.com/identityProvider/metadata"
}

Responses

Status	Description
200	OK
	OK. The response is the updated SAML metadata. The private key and password will not be returned.
	Schema: `samlProviderMetadata`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `Inline`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `Inline`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

getHostedServiceProviderMetadata

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata \
  -H 'Accept: application/samlmetadata+xml'

GET https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata HTTP/1.1
Host: api.apiture.com
Accept: application/samlmetadata+xml

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/samlmetadata+xml'

};

fetch('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/samlmetadata+xml'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/samlmetadata+xml'
}

result = RestClient.get 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/samlmetadata+xml'
}

r = requests.get('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/samlmetadata+xml"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return service-provider metadata

GET https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata

Return service-provider metadata reference hosted by Apiture.

Parameters

Parameter	Description
`serviceProviderMetadataId` `in: path`	`resourceId` (required) The service provider metadata identifier. This is an opaque string. `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`

Example responses

200 Response

<?xml version="1.0" encoding="UTF-8" ?>
<serviceProviderXmlMetadata>&lt;EntityDescriptor ID=&quot;63dd531a-0ed9-451d-b2bc-747904ac5870&quot;
  entityID=&quot;https://auth.apiture.com/saml&quot;
  validUntil=&quot;2025-12-31T23:59:59Z&quot;
  cacheDuration=&quot;PT5M&quot;
  xmlns=&quot;urn:oasis:names:tc:SAML:2.0:metadata&quot;
  xmlns:saml2=&quot;urn:oasis:names:tc:SAML:2.0:assertion&quot;&gt;

  &lt;SPSSODescriptor protocolSupportEnumeration=&quot;urn:oasis:names:tc:SAML:2.0:protocol&quot;&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;1&quot; /&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;2&quot; /&gt;
      &lt;AssertionConsumerService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact&quot;
                                Location=&quot;https://serviceprovider.company.com/saml/acs&quot;
                                index=&quot;3&quot; /&gt;

      &lt;SingleLogoutService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&quot;
                           Location=&quot;https://serviceprovider.company.com/saml/slo&quot; /&gt;
      &lt;SingleLogoutService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&quot;
                           Location=&quot;https://serviceprovider.company.com/saml/slo&quot; /&gt;

      &lt;ArtifactResolutionService Binding=&quot;urn:oasis:names:tc:SAML:2.0:bindings:SOAP&quot;
                                 Location=&quot;https://serviceprovider.company.com/saml/ars&quot;
                                 index=&quot;0&quot; /&gt;

      &lt;KeyDescriptor use=&quot;signing&quot;&gt;
          &lt;KeyInfo
              xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
              &lt;X509Data&gt;
                  &lt;X509Certificate&gt;SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS&lt;/X509Certificate&gt;
              &lt;/X509Data&gt;
          &lt;/KeyInfo&gt;
      &lt;/KeyDescriptor&gt;

      &lt;KeyDescriptor use=&quot;encryption&quot;&gt;
          &lt;KeyInfo
              xmlns=&quot;http://www.w3.org/2000/09/xmldsig#&quot;&gt;
              &lt;X509Data&gt;
                  &lt;X509Certificate&gt;SP_PUBLIC_ENCRYPTION_CERTIFICATE&lt;/X509Certificate&gt;
              &lt;/X509Data&gt;
          &lt;/KeyInfo&gt;
          &lt;EncryptionMethod Algorithm=&quot;http://www.w3.org/2009/xmlenc11#aes256-gcm&quot; /&gt;
          &lt;EncryptionMethod Algorithm=&quot;http://www.w3.org/2001/04/xmlenc#aes256-cbc&quot; /&gt;
      &lt;/KeyDescriptor&gt;
  &lt;/SPSSODescriptor&gt;

  &lt;Organization&gt;
      &lt;OrganizationName xml:lang=&quot;en-GB&quot;&gt;Service Provider&lt;/OrganizationName&gt;
      &lt;OrganizationDisplayName xml:lang=&quot;en-GB&quot;&gt;Service Provider&lt;/OrganizationDisplayName&gt;
      &lt;OrganizationURL xml:lang=&quot;en-GB&quot;&gt;https://apiture.com/&lt;/OrganizationURL&gt;
  &lt;/Organization&gt;

  &lt;ContactPerson contactType=&quot;technical&quot;&gt;
      &lt;Company&gt;Service Provider&lt;/Company&gt;
      &lt;GivenName&gt;Responsible&lt;/GivenName&gt;
      &lt;SurName&gt;party&lt;/SurName&gt;
      &lt;EmailAddress&gt;responsible.party@serviceprovider.com&lt;/EmailAddress&gt;
  &lt;/ContactPerson&gt;
&lt;/EntityDescriptor&gt;</serviceProviderXmlMetadata>

400 Response

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/badRequest/v1.0.0",
  "title": "Bad Request",
  "status": 400,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "Input did not parse as JSON",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Responses

Status	Description
200	OK
	SAML metadata conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0.
	Schema: `serviceProviderXmlMetadata`

Status Description

400 Bad Request

Status	Description
400	Bad Request
	Bad Request. The request body, request headers, and/or query parameters are not well-formed. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/badRequest/v1.0.0` The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.
	Schema: `Inline`

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

404 Not Found

Status	Description
404	Not Found
	Not found. There is no such resource at the request URL. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/notFound/v1.0.0` The resource at the requested URL does not exist. Remediation: Use the URL of an existing resource.
	Schema: `Inline`

Not found. There is no such resource at the request URL.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/notFound/v1.0.0
The resource at the requested URL does not exist. Remediation: Use the URL of an existing resource.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 404

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

deleteHostedServiceProviderMetadata

Code samples

# You can also use wget
curl -X DELETE https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata \
  -H 'Accept: application/problem+json' \
  -H 'Authorization: Bearer {access-token}'

DELETE https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata HTTP/1.1
Host: api.apiture.com
Accept: application/problem+json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
{
  method: 'DELETE',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/problem+json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  method: 'delete',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/problem+json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.delete 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/problem+json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.delete('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("DELETE");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/problem+json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("DELETE", "https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Delete service-provider metadata

DELETE https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata

Delete the service-provider metadata reference hosted by Apiture.

Parameters

Parameter	Description
`serviceProviderMetadataId` `in: path`	`resourceId` (required) The service provider metadata identifier. This is an opaque string. `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`

Example responses

401 Response

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/unauthorized/v1.0.0",
  "title": "Unauthorized",
  "status": 401,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "The request lacks valid authentication credentials",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Responses

Status	Description
204	No Content
	No Content.

Status Description

401 Unauthorized

Status	Description
401	Unauthorized
	Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/unauthorized/v1.0.0` The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.
	Schema: `Inline`

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Status	Description
403	Forbidden
	Forbidden. The authenticated caller is not authorized to perform the requested operation. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/forbidden/v1.0.0` The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation. `https://production.api.apiture.com/errors/customerDisabled/v1.0.0` The customer is disabled. Remediation: Have the customer contact the financial institution for support. `https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0` The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software. `https://production.api.apiture.com/errors/modificationForbidden/v1.0.0` The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization. `https://production.api.apiture.com/errors/challengeRequired/v1.0.0` The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional `Challenge` header to the call. The `attributes` object in the error may have the properties defined by the `requiredIdentityChallenge` schema. `https://production.api.apiture.com/errors/challengeBlocked/v1.0.0` The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again. `https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0` This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors. `https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0` The additional on-time `Challenge` header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed `Challenge` header in the request.
	Schema: `Inline`

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

404 Not Found

Status	Description
404	Not Found
	Not found. There is no such resource at the request URL. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/notFound/v1.0.0` The resource at the requested URL does not exist. Remediation: Use the URL of an existing resource.
	Schema: `Inline`

Not found. There is no such resource at the request URL.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/notFound/v1.0.0
The resource at the requested URL does not exist. Remediation: Use the URL of an existing resource.

Schema: Inline

Status Description

429 Too Many Requests

Status	Description
429	Too Many Requests
	Too Many Requests. The client has sent too many requests in a given amount of time. This problem response may have one of the following `type` values: `https://production.api.apiture.com/errors/tooManyRequests/v1.0.0` The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.
	Schema: `Inline`

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 404

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

setHostedServiceProviderMetadata

Code samples

# You can also use wget
curl -X PUT https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

PUT https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
{
  method: 'PUT',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  method: 'put',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.put 'https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.put('https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("PUT");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("PUT", "https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Create or update service provider metadata

PUT https://api.apiture.com/system/saml/serviceProvider/{serviceProviderMetadataId}/metadata

Create or update service provider metadata hosted by Apiture on behalf of a service provider. The metadata is updated via ADB APIs and services.

Body parameter

{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>"
}

Parameters

Parameter	Description
`body`	`serviceProviderMetadataRequest` (required) The SAML metadata
`serviceProviderMetadataId` `in: path`	`resourceId` (required) The service provider metadata identifier. This is an opaque string. `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`

Example responses

200 Response

{
  "metadata": "string",
  "url": "https://auth.apiture.com/identityProvider/metadata"
}

Responses

Status	Description
200	OK
	OK. The response is the updated SAML metadata. The private key and password will not be returned.
	Schema: `samlProviderMetadata`

Status Description

400 Bad Request

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

404 Not Found

Not found. There is no such resource at the request URL.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/notFound/v1.0.0
The resource at the requested URL does not exist. Remediation: Use the URL of an existing resource.

Schema: Inline

Status Description

429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 404

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Code Generation

Code Generation for SAML integration

getSupportedAlgorithms

Code samples

# You can also use wget
curl -X GET https://api.apiture.com/system/saml/algorithms \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.apiture.com/system/saml/algorithms HTTP/1.1
Host: api.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/algorithms',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/algorithms',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.apiture.com/system/saml/algorithms',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.apiture.com/system/saml/algorithms', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/algorithms");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.apiture.com/system/saml/algorithms", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Retrieve supported signature, digest and encryption algorithms

GET https://api.apiture.com/system/saml/algorithms

Returns the lists of algorithms the provider currently supported for the specified function.

Example responses

200 Response

{
  "signatureAlgorithms": [
    "RSA-SHA256",
    "RSA-SHA512",
    "ECDSA-SHA256"
  ],
  "digestAlgorithms": [
    "SHA256",
    "SHA384",
    "SHA512"
  ],
  "encryptionAlgorithms": [
    "AES256-GCM",
    "AES256-CBC",
    "AES192-CBC"
  ]
}

Responses

Status	Description
200	OK
	Return supported signature, digest and encryption algorithms.
	Schema: `samlAlgorithms`

Status Description

401 Unauthorized

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

computeRequest

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/system/saml/request \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.apiture.com/system/saml/request HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": {},
  "inputData": {},
  "parameterData": {},
  "encrypt": true,
  "sign": true
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/request',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/request',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.apiture.com/system/saml/request',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.apiture.com/system/saml/request', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/request");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/system/saml/request", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Generate a SAML Request

POST https://api.apiture.com/system/saml/request

Generate a SAML request based on the provided integration definition, customer parameter schema, customer parameter data, and integration data schema. This operation is meant for Apiture Digital Banking back-end use.

Body parameter

{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": {},
  "inputData": {},
  "parameterData": {},
  "encrypt": true,
  "sign": true
}

Parameters

Parameter	Description
`body`	`samlRequestInput` (required) The details required to compute the SAML request.

Example responses

200 Response

{
  "samlRequest": "<samlp:AuthnRequest xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'\n                    ID='_aaf23196-1773-2113-474a-fe114412ab72'\n                    Version='2.0' IssueInstant='2004-12-05T09:21:59Z'\n                    Destination='https://idp.example.com/SSOService.php'\n                    ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'\n                    AssertionConsumerServiceURL='https://sp.example.com/ACS/SSO/SSO.php' />"
}

Responses

Status	Description
200	OK
	Successfully computed SAML request.
	Schema: `samlRequest`

Status Description

400 Bad Request

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

422 Unprocessable Entity

Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/invalidJsonSchema/v1.0.0
Unable to interpret schema input or convert the schema to TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidJsonSchema.
https://production.api.apiture.com/errors/invalidIntegrationCode/v1.0.0
The integration code does not compile. Remediation: Correct the code according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidIntegrationCode.
https://production.api.apiture.com/errors/codeExecutionError/v1.0.0
Errors occurred while executing TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for codeExecutionError.

Schema: problemResponse

Status Description

429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

computeValidate

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/system/saml/validation \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.apiture.com/system/saml/validation HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": "string"
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/validation',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/validation',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.apiture.com/system/saml/validation',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.apiture.com/system/saml/validation', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/validation");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/system/saml/validation", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Validate code and schema definitions

POST https://api.apiture.com/system/saml/validation

Validates that the supplied TypeScript code and schema definitions meet requirements and compile successfully.

Body parameter

{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": "string"
}

Parameters

Parameter	Description
`body`	`integrationValidationRequest` (required) The code and definitions required to validate the TypeScript.

Example responses

200 Response

{
  "code": "string"
}

Responses

Status	Description
200	OK
	The successfully validated information.
	Schema: `integrationValidationResponse`

Status Description

400 Bad Request

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

422 Unprocessable Entity

Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/invalidJsonSchema/v1.0.0
Unable to interpret schema input or convert the schema to TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidJsonSchema.
https://production.api.apiture.com/errors/invalidIntegrationCode/v1.0.0
The integration code does not compile. Remediation: Correct the code according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidIntegrationCode.
https://production.api.apiture.com/errors/codeExecutionError/v1.0.0
Errors occurred while executing TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for codeExecutionError.

Schema: problemResponse

Status Description

429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

generateIntegrationSourceCodeAndSampleDataFromJsonSchema

Code samples

# You can also use wget
curl -X POST https://api.apiture.com/system/saml/parameterTypesSource \
  -H 'Content-Type: application/json' \
  -H 'Accept: application/json' \
  -H 'Authorization: Bearer {access-token}'

POST https://api.apiture.com/system/saml/parameterTypesSource HTTP/1.1
Host: api.apiture.com
Content-Type: application/json
Accept: application/json

const fetch = require('node-fetch');
const inputBody = '{
  "inputDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema",
    "type": "object",
    "properties": {
      "userName": {
        "type": "string",
        "format": "text",
        "maxLength": 32
      }
    }
  },
  "parameterDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema'",
    "type": "object",
    "properties": {
      "mySetting": {
        "type": "string",
        "format": "text",
        "maxLength": 120
      }
    }
  }
}';
const headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.apiture.com/system/saml/parameterTypesSource',
{
  method: 'POST',
  body: inputBody,
  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Content-Type':'application/json',
  'Accept':'application/json',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.apiture.com/system/saml/parameterTypesSource',
  method: 'post',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Content-Type' => 'application/json',
  'Accept' => 'application/json',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.post 'https://api.apiture.com/system/saml/parameterTypesSource',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Content-Type': 'application/json',
  'Accept': 'application/json',
  'Authorization': 'Bearer {access-token}'
}

r = requests.post('https://api.apiture.com/system/saml/parameterTypesSource', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.apiture.com/system/saml/parameterTypesSource");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("POST");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Content-Type": []string{"application/json"},
        "Accept": []string{"application/json"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("POST", "https://api.apiture.com/system/saml/parameterTypesSource", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Compute TypeScript and sample JSON from JSON Schema

POST https://api.apiture.com/system/saml/parameterTypesSource

Generate a TypeScript fragment for integration JSON schemas. This allows Apiture Digital banking to return TypeScript typing to allow editors to preview and check property names and types in real-time while editing.

Body parameter

{
  "inputDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema",
    "type": "object",
    "properties": {
      "userName": {
        "type": "string",
        "format": "text",
        "maxLength": 32
      }
    }
  },
  "parameterDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema'",
    "type": "object",
    "properties": {
      "mySetting": {
        "type": "string",
        "format": "text",
        "maxLength": 120
      }
    }
  }
}

Parameters

Parameter Description

body samlCodeGenerationRequest (required)
Convert input and configuration schema definitions to TypeScript code. This function will output IntegrationInput and ConfigurationValues definitions based on the supplied schema and also supply IntegrationOutput and MessageOutput type definitions necessary to define a SAML integration via a function using a method signature "function process(data: IntegrationInput, configuration: ConfigurationValues, output IntegrationOutput, messages: MessageOutput): void".

Example responses

200 Response

{
  "code": "type IntegrationInput = { userName: string }; type ConfigurationValues = { mySetting: string };"
}

Responses

Status	Description
200	OK
	TypeScript response object.
	Schema: `sourceCodeAndSampleData`

Status Description

400 Bad Request

Bad Request. The request body, request headers, and/or query parameters are not well-formed.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/badRequest/v1.0.0
The request body and/or parameters was not well-formed. Remediation: Correct any syntax or schema errors in the request body or parameters.

Schema: Inline

Status Description

401 Unauthorized

Unauthorized. The operation requires authentication but no authentication or insufficient authentication was given.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/unauthorized/v1.0.0
The request lacks valid authentication credentials for the target resource or operation. Remediation: Authenticate the user and pass the required authorization with the request.

Schema: Inline

Status Description

403 Forbidden

Forbidden. The authenticated caller is not authorized to perform the requested operation.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/forbidden/v1.0.0
The user or agent is not allowed to perform this operation; authentication credentials were provided in the request, but the server considers them insufficient to grant access. Remediation: Check the user's permissions and entitlements before attempting the operation.
https://production.api.apiture.com/errors/customerDisabled/v1.0.0
The customer is disabled. Remediation: Have the customer contact the financial institution for support.
https://production.api.apiture.com/errors/antiMalwareRequired/v1.0.0
The financial institution requires the customer to have anti-malware software installed. Remediation: Direct the user to the software requirements guide to install the correct anti-malware software.
https://production.api.apiture.com/errors/modificationForbidden/v1.0.0
The customer is properly authenticated but not authorized to create, modify, or delete resources. Remediation: Avoid modification operation for customers with read-only authorization.
https://production.api.apiture.com/errors/challengeRequired/v1.0.0
The operation requires the customer to complete an identity challenge. Remediation: Complete the challenge as per the problem response, and add an additional Challenge header to the call. The attributes object in the error may have the properties defined by the requiredIdentityChallenge schema.
https://production.api.apiture.com/errors/challengeBlocked/v1.0.0
The user has failed challenges too many times and is blocked from attempting more or performing operations which require additional authentication. Remediation: Have the user end their login session and login again.
https://production.api.apiture.com/errors/noIdentityChallengeFactors/v1.0.0
This operation requires an identity challenge, but the user does not have the necessary registered authentication factors. Remediation: Have the user register one or more challenge security code delivery factors.
https://production.api.apiture.com/errors/invalidIdentityChallengeHeader/v1.0.0
The additional on-time Challenge header in this request is expired, already used, or otherwise invalid. Remediation: Supply a valid, unexpired, unclaimed Challenge header in the request.

Schema: Inline

Status Description

422 Unprocessable Entity

Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/invalidJsonSchema/v1.0.0
Unable to interpret schema input or convert the schema to TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidJsonSchema.
https://production.api.apiture.com/errors/invalidIntegrationCode/v1.0.0
The integration code does not compile. Remediation: Correct the code according to the detail and / or problems. The attributes object in the error may have the properties defined for invalidIntegrationCode.
https://production.api.apiture.com/errors/codeExecutionError/v1.0.0
Errors occurred while executing TypeScript code. Remediation: Correct the code or data according to the detail and / or problems. The attributes object in the error may have the properties defined for codeExecutionError.

Schema: problemResponse

Status Description

429 Too Many Requests

Too Many Requests. The client has sent too many requests in a given amount of time.

This problem response may have one of the following type values:

https://production.api.apiture.com/errors/tooManyRequests/v1.0.0
The client has sent too many requests in a given amount of time, exceeding rate limiting. Remediation: Slow down the rate of API calls.

Schema: Inline

Status	Description
4XX	Unknown
	Client Request Problem. The client request had a problem not listed under another specific 400-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Status	Description
5XX	Unknown
	Server Problem. The server encountered a problem not listed under another specific 500-level HTTP response code. View the `detail` in the problem response for additional details.
	Schema: `Inline`

Response Schema

Status Code 400

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 401

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 403

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 429

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 4XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Status Code 5XX

Property Name	Description
Problem Response (v0.4.1)	`object` API problem or error response, as per RFC 9457 application/problem+json.
» type	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `maxLength: 2048`
» title	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `maxLength: 120`
» status	`integer(int32)` The HTTP status code for this occurrence of the problem. `minimum: 100` `maximum: 599`
» detail	`string(text)` A human-readable explanation specific to this occurrence of the problem. `maxLength: 256`
» instance	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `maxLength: 2048`
» id	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `minLength: 6` `maxLength: 48` pattern: ^[-_:.~$a-zA-Z0-9]{6,48}$
» occurredAt	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `minLength: 20` `maxLength: 30`
» problems	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128`
» attributes	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

Schemas

apiProblem

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/accountNotFound/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists at the given account_url",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

API Problem (v1.2.1)

API problem or error, as per RFC 7807 application/problem+json.

Properties

Name	Description
`API Problem (v1.2.1)`	`object` API problem or error, as per RFC 7807 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`

challengeFactor

{
  "type": "sms",
  "labels": [
    "9876"
  ]
}

Challenge Factor (v1.2.1)

A challenge factor. See requiredIdentityChallenge for multiple examples.

Properties

Name Description

Challenge Factor (v1.2.1) object
A challenge factor. See requiredIdentityChallenge for multiple examples.

id

challengeFactorId
The ID of an a challenge factor. This ID is unique within the challenge factors associated with a challenge. The client should pass this id value as the factorId when starting or verifying a challenge factor.

Note: The id will become required in a future update to this schema.
minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

type

challengeFactorType (required)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

enum values: sms, email, voice, securityQuestions, authenticatorToken

labels array: [string]
A list of text label which identifies the channel(s) through which the user completes the challenge. For an sms or voice challenge, the only label item is the last four digits of the corresponding phone number. For an email challenge, each label is the masked email address.
minItems: 1
maxItems: 4
items: string(text)
» format: text
» maxLength: 300

securityQuestions challengeSecurityQuestions
Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

challengeFactorId

"string"

Challenge Factor ID (v1.0.0)

The ID of an a challenge factor. This ID is unique within the factors offered with a challenge.

type: string

minLength: 3
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{3,48}$"

challengeFactorType

"sms"

Challenge Factor Type (v1.0.0)

The name of challenge factor.

challengeFactorType strings may have one of the following enumerated values:

Value	Description
`sms`	SMS: One-time passcode sent to the primary mobile phone number
`email`	Email: One-time passcode sent to the primary email address
`voice`	Voice: One-time passcode communicated via automated voice phone call
`authenticatorToken`	authenticator Token: One-time passcode issued by a pre-registered hardware device, such as a token key fob, or an authenticator app
`securityQuestions`	Security Questions: Prompt with the user's security questions registered with their security profile

type: string

enum values: sms, email, voice, securityQuestions, authenticatorToken

challengeOperationId

"string"

Challenge Operation ID (v1.0.1)

The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses.

type: string

minLength: 6
maxLength: 48
pattern: "^[-a-zA-Z0-9$_]{6,48}$"

challengePromptId

"string"

Challenge Prompt ID (v1.0.0)

The unique ID of a prompt (such as a security question) in a challenge factor.

type: string

minLength: 1
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]+$"

challengeSecurityQuestion

{
  "id": "74699fa628911e762ea5",
  "prompt": "What is your mother's maiden name?"
}

Challenge Security Question (v1.0.1)

A single security question within the questions array of the challengeSecurityQuestions

Properties

Name	Description
`Challenge Security Question (v1.0.1)`	`object` A single security question within the `questions` array of the `challengeSecurityQuestions`
`id`	`challengePromptId` (required) The unique ID of security question prompt. This should be included in the `challengeVerification` response as the `promptId`. `minLength: 1` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]+$"`
`prompt`	`string(text)` (required) The text prompt of this security question. `format: text` `maxLength: 80`

challengeSecurityQuestions

{
  "questions": [
    {
      "id": "q1",
      "prompt": "What is your mother's maiden name?"
    },
    {
      "id": "q4",
      "prompt": "What is your high school's name?"
    },
    {
      "id": "q9",
      "prompt": "What is the name of your first pet?"
    }
  ]
}

Challenge Security Questions (v1.0.1)

Describes a securityQuestions challenge. This is omitted if the challenge type is not securityQuestions.

Properties

Name	Description
`Challenge Security Questions (v1.0.1)`	`object` Describes a `securityQuestions` challenge. This is omitted if the challenge `type` is not `securityQuestions`.
`questions`	`array: [challengeSecurityQuestion]` (required) The array of security questions. `minItems: 1` `maxItems: 8` items: `object`

institutionId

"TIBURON"

Institution ID (v1.1.0)

The unique immutable identifier of a financial institution.

type: string

minLength: 2
maxLength: 8
pattern: "^[A-Z0-9_]{2,8}$"

integrationDefinition

{
  "id": "MY_INTEG",
  "description": "Fintech1 Integration.",
  "staged": false,
  "state": "enabled",
  "activeInstanceCount": 14,
  "label": "Fintech1 Feature",
  "mobileLabel": "Fintech1 Feature",
  "usesSpecificCustomerId": true,
  "specificCustomerIdLabel": "Customer Id",
  "specificCustomerIdDescription": "Customer Id",
  "availability": {
    "web": true,
    "mobile": true,
    "retail": true,
    "commercial": true,
    "institutions": "single"
  },
  "institutionId": "TCF",
  "partnerDomain": "fintech-partner.com",
  "audienceUrl": "https://my.audience.com/",
  "defaultRelayState": "RelStat123",
  "signatureAlgorithm": "RSA-SHA256",
  "digestAlgorithm": "SHA256",
  "encryptionAlgorithm": "AES256-GCM",
  "assertionEncryptionSupported": true,
  "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
  "serviceProviderHostsMetadata": true,
  "targetMethod": "SAML-POST",
  "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
  "parameterSchema": {
    "type": "object",
    "properties": {
      "value1": {
        "description": "...",
        "type": "string",
        "format": "text",
        "minLength": 1,
        "maxLength": 200
      },
      "value2": {
        "description": "...",
        "type": "integer",
        "format": "int32",
        "minimum": 1,
        "maximum": 100
      },
      "value3": {
        "description": "...",
        "type": "string",
        "enum": [
          "a",
          "b",
          "c"
        ]
      }
    }
  },
  "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
  "createdAt": "2024-10-16T06:04:35.375Z",
  "updatedAt": "2024-10-18T07:14:35.0"
}

Integration Definition (v6.0.0)

The definition of a third party integration.

Properties

Name Description

Integration Definition (v6.0.0) object
The definition of a third party integration.

description string(text) (required)
The description of the client application.
format: text
minLength: 4
maxLength: 4000

label string(text) (required)
The label to be used in the online banking web client menu.
format: text
minLength: 4
maxLength: 128

mobileLabel string(text)
The label to be used in the mobile banking application, if different from the label.
format: text
minLength: 4
maxLength: 128

availability integrationDefinitionAvailability (required)
Defines the run-time contexts in which this integration is available.

institutionId institutionId
The unique immutable identifier of the financial institution the integration definition is executed for. The identifier is used for logging purposes. Only applicable if availability.institutions is single.
minLength: 2
maxLength: 8
pattern: "^[A-Z0-9_]{2,8}$"

audienceUrl string(uri)
The audience URL for the SAML request.
format: uri
maxLength: 255

defaultRelayState string(text) (required)
The default relay state for the SAML request.
format: text
maxLength: 255

signatureAlgorithm string
The signature algorithm used for the SAML request. The value has to match one of the signatureAlgorithms returned by getSupportedIntegrationParameters.
maxLength: 15
pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"

digestAlgorithm string
The digest / hash algorithm used for the SAML request. The value has to match one of the digestAlgorithms returned by getSupportedIntegrationParameters.
maxLength: 15
pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"

encryptionAlgorithm string
The encryption algorithm used for the SAML request. The value has to match one of the encryptionAlgorithms returned by getSupportedIntegrationParameters.
maxLength: 15
pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"

assertionEncryptionSupported boolean
true if this integration supports assertion value encryption.

serviceProviderHostsMetadata boolean
If true, the SAML metadata at the serviceProviderMetadataUrl is hosted by the service provider. If false, the serviceProviderMetadataUrl represents a relative path.

serviceProviderMetadataUrl string(uri-reference)
The SAML Metadata URL for the service provider integration target. When serviceProviderHostsMetadata is false, this is assumed to point to an URL hosted by the Apiture platform provider,
format: uri-reference
minLength: 1
maxLength: 255

parameterSchema jsonObject
JSON schema defining custom integration parameters required by the integration. The integration instance values for these parameters are configured in the financial institution admin application.

requiredProperties array: [integrationPropertyName]
Additional properties, separate from customer, institution, integration and environment properties, that this integration requires to be set. Each value has to match the name of one of the additionalProperties returned by getSupportedIntegrationParameters.
maxItems: 100
items: string
» minLength: 2
» maxLength: 32
» pattern: "^[a-zA-Z][a-zA-Z0-9]{1,31}$"

usesSpecificCustomerId boolean (required)
If true, the integration uses an integration-specific customer identifier. A value for an integration-specific customer identifier has to be provided when defining an integration instance in the administration API.

specificCustomerIdLabel string(text)
Label for the integration-specific customer identifier shown in the financial institution admin application. when defining an integration instance in the administration API. Required if usesSpecificCustomerId is true.
format: text
minLength: 1
maxLength: 255

specificCustomerIdDescription string(text)
Description for the integration-specific customer identifier when defining an integration instance in the administration API. Required if usesSpecificCustomerId is true.
format: text
minLength: 1
maxLength: 255

targetUrlTemplate string(uri)
The URL template to redirect or post to (depending on the targetMethod). The URL template string may contain one or more of the substitution variables {{base64Saml}}, {{institutionId}}, {{configuration.<name>}},{{vendorCustId}}. The respective value(s) for the variable is replaced at runtime. For example, when the configuration for vendorCustomerId for an instance is set to fin in the financial institution admin application, The URL https://{{configuration.vendorCustomerId}}.foo.com/ translates to https://fin.foo.com/.
format: uri
minLength: 1
maxLength: 255

targetMethod string
The method used to provide the data to the integration target. The value has to match one of the targetMethods returned by getSupportedIntegrationParameters.
minLength: 1
maxLength: 15
pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"

createdAt readOnlyTimestamp(date-time)
The date-time when this resource was created, in RFC 3339 date-time YYYY-MM-DDThh:mm:ss.sssZ format, UTC. This is derived and immutable.
read-only
format: date-time
minLength: 20
maxLength: 30

updatedAt readOnlyTimestamp(date-time)
The date-time when the resource was last updated, in RFC 3339 date-time YYYY-MM-DDThh:mm:ss.sssZ format, UTC. This is derived and immutable.
read-only
format: date-time
minLength: 20
maxLength: 30

id integrationDefinitionId (required)
A client-specified ID for this integration. If omitted, the system will generate a unique ID.
minLength: 2
maxLength: 16
pattern: "^[A-Z0-9_]{2,16}$"

partnerDomain integrationPartnerDomain(text) (required)
The unique ID of the partner who implements the integration.
format: text
minLength: 4
maxLength: 100
pattern: "^((?!-))(xn--)?[a-z0-9][a-z0-9-_]{0,61}[a-z0-9]{0,1}\\.(xn--)?([a-z0-9\\-]{1,61}|[a-z0-9-]{1,30}\\.[a-z]{2,})$"

state

integrationDefinitionState (required)

The state of an integration definition.

integrationDefinitionState strings may have one of the following enumerated values:

Value	Description
`disabled`	Disabled
`enabled`	Enabled

enum values: disabled, enabled

activeInstanceCount integer(int32)
The number of active (not disabled) integration instances configured for this integration definition. Integration definitions that have an activeInstanceCount greater than 0 cannot be deleted.
format: int32
minimum: 0
maximum: 10000

staged boolean (required)
If true, the integration definition is staged for deployment but not live in production. If false, this is the live, deployed version of an integration definition.

code string(text)
TypeScript code to compute the SAML request assertion values from input data.
format: text
maxLength: 102400

integrationDefinitionAvailability

{
  "web": true,
  "mobile": true,
  "retail": true,
  "commercial": true,
  "institutions": "single"
}

Integration Definition Availability (v3.0.0)

Defines the run-time contexts in which this integration is available.

Properties

Name Description

Integration Definition Availability (v3.0.0) object
Defines the run-time contexts in which this integration is available.

web boolean (required)
The integration is available within the online banking (web) client application.

mobile boolean (required)
The integration is available within the mobile application.

retail boolean (required)
The integration is available to retail (personal) banking customers.

commercial boolean (required)
The integration is available to commercial (business and small business ) banking customers.

institutions

integrationDefinitionInstitutionAvailability (required)

Integration Definition Visibility.

integrationDefinitionInstitutionAvailability strings may have one of the following enumerated values:

Value	Description
`single`	Single Institution: The integration is only available to a single financial institution
`all`	All Institutions: The integration is available to all financial institutions

enum values: single, all

integrationDefinitionId

"ULTRA_PAY"

Integration Definition Identifier (v1.0.0)

The unique, human-readable identifier for the integration definition.

type: string

minLength: 2
maxLength: 16
pattern: "^[A-Z0-9_]{2,16}$"

integrationDefinitionInstitutionAvailability

"single"

Integration Definition Visibility (v1.0.0)

Integration Definition Visibility.

integrationDefinitionInstitutionAvailability strings may have one of the following enumerated values:

Value	Description
`single`	Single Institution: The integration is only available to a single financial institution
`all`	All Institutions: The integration is available to all financial institutions

type: string

enum values: single, all

integrationDefinitionState

"disabled"

Integration Definition State (v1.0.0)

The state of an integration definition.

integrationDefinitionState strings may have one of the following enumerated values:

Value	Description
`disabled`	Disabled
`enabled`	Enabled

type: string

enum values: disabled, enabled

integrationPartnerDomain

"fintech-partner.com"

Integration Partner Domain (v1.0.0)

The internet domain name (in lowercase) of an integration partner.

type: string(text)

format: text
minLength: 4
maxLength: 100
pattern: "^((?!-))(xn--)?[a-z0-9][a-z0-9-_]{0,61}[a-z0-9]{0,1}\.(xn--)?([a-z0-9\-]{1,61}|[a-z0-9-]{1,30}\.[a-z]{2,})$"

integrationPropertyName

"string"

Integration Property Name (v1.0.0)

The name of a data property that may be assigned in an integration.

type: string

minLength: 2
maxLength: 32
pattern: "^[a-zA-Z][a-zA-Z0-9]{1,31}$"

integrationValidationRequest

{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": "string"
}

Integration Validation Request (v1.0.0)

Integration Validation Request.

Properties

Name	Description
`Integration Validation Request (v1.0.0)`	`object` Integration Validation Request.
`integrationDefinition`	`integrationDefinition` The definition of a third party integration.
`inputDataSchema`	`string(json)` The input data JSON schema. `format: json` `maxLength: 102400`

integrationValidationResponse

{
  "code": "string"
}

Integration Validation Response (v1.0.0)

Integration Validation Response.

Properties

Name	Description
`Integration Validation Response (v1.0.0)`	`object` Integration Validation Response.
`code`	`string(json)` The validated TypeScript code including generated type definitions. `format: json` `maxLength: 102400`

jsonObject

{}

JSON Object (v1.0.0)

A JSON object.

Properties

Name	Description
`JSON Object (v1.0.0)`	`object` A JSON object.

jsonSchema

{}

JSON Schema (v1.0.0)

A 2020/12 JSON Schema as per jsonschema.org.

Properties

Name	Description
`JSON Schema (v1.0.0)`	`object` A 2020/12 JSON Schema as per jsonschema.org.

newSamlProviderMetadata

{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>",
  "privateKey": "-----BEGIN RSA PRIVATE KEY----- [...] -----END RSA PRIVATE KEY-----",
  "passphrase": "P/\\$$w0rdS3cr3+!"
}

Saml Provider Metadata (v1.0.0)

Saml Provider Metadata.

Properties

Name	Description
`Saml Provider Metadata (v1.0.0)`	`object` Saml Provider Metadata.
`metadata`	`serviceProviderXmlMetadata(xml)` Service Provider XML Metadata, conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0 `format: xml` `maxLength: 102400`
`privateKey`	`string(text)` The private key matching the identity provider public signing certificate. The private key information is expected to be base64 encoded and enclosed between `-----BEGIN RSA PRIVATE KEY-----` and `-----END RSA PRIVATE KEY-----` delimiters. `format: text` `maxLength: 4096`
`passphrase`	`string(text)` The passphrase used to decrypt the private key. `format: text` `maxLength: 255`

problemResponse

{
  "id": "3fbad566-be86-4b22-9ba6-3ca99fdc0799",
  "type": "https://production.api.apiture.com/errors/noSuchAccount/v1.0.0",
  "title": "Account Not Found",
  "status": 422,
  "occurredAt": "2022-04-25T12:42:21.375Z",
  "detail": "No account exists for the given account reference",
  "instance": "https://production.api.apiture.com/banking/transfers/bb709151-575041fcd617"
}

Problem Response (v0.4.1)

API problem or error response, as per RFC 9457 application/problem+json.

Properties

Name	Description
`Problem Response (v0.4.1)`	`object` API problem or error response, as per RFC 9457 application/problem+json.
`type`	`string(uri-reference)` A URI reference (RFC3986) that identifies the problem type. If present, this is the URL of human-readable HTML documentation for the problem type. When this member is not present, its value is assumed to be `"about:blank"`. `format: uri-reference` `maxLength: 2048`
`title`	`string(text)` A short, human-readable summary of the problem type. The title is usually the same for all problem with the same `type`. `format: text` `maxLength: 120`
`status`	`integer(int32)` The HTTP status code for this occurrence of the problem. `format: int32` `minimum: 100` `maximum: 599`
`detail`	`string(text)` A human-readable explanation specific to this occurrence of the problem. `format: text` `maxLength: 256`
`instance`	`string(uri-reference)` A URI reference that identifies the specific occurrence of the problem. This is the URI of an API resource that the problem is related to, with a unique error correlation ID URI fragment `format: uri-reference` `maxLength: 2048`
`id`	`readOnlyResourceId` The unique identifier for this problem. This is an immutable opaque string. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`occurredAt`	`readOnlyTimestamp(date-time)` The timestamp when the problem occurred, in RFC 3339 date-time `YYYY-MM-DDThh:mm:ss.sssZ` format, UTC. `read-only` `format: date-time` `minLength: 20` `maxLength: 30`
`problems`	`array: [apiProblem]` Optional root-causes if there are multiple problems in the request or API call processing. `maxItems: 128` items: `object`
`attributes`	`object` Additional optional attributes related to the problem. This data conforms to the schema associated with the error type.

readOnlyResourceId

"string"

Read-only Resource Identifier (v1.0.1)

The unique, opaque system-assigned identifier for a resource. This case-sensitive ID is also used in URLs as path parameters or in other properties or parameters that reference a resource by ID rather than URL. Resource IDs are immutable.

type: string

read-only
minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

readOnlyTimestamp

"2021-10-30T19:06:04.250Z"

Read-Only Timestamp (v1.0.0)

A readonly or derived timestamp (an instant in time) formatted in RFC 3339 date-time UTC format: YYYY-MM-DDThh:mm:ss.sssZ.

type: string(date-time)

read-only
format: date-time
minLength: 20
maxLength: 30

requiredIdentityChallenge

{
  "operationId": "createTransfer",
  "challengeId": "0504076c566a3cf7009c",
  "factors": [
    {
      "type": "sms",
      "labels": [
        "9876"
      ],
      "id": "85c0ee5753fcd0b0953f"
    },
    {
      "type": "voice",
      "labels": [
        "9876"
      ],
      "id": "d089e10a80a8627df37b"
    },
    {
      "type": "voice",
      "labels": [
        "6754"
      ],
      "id": "10506ecf9d1c2ee00403"
    },
    {
      "type": "email",
      "labels": [
        "an****nk@example.com",
        "an****98@example.com"
      ],
      "id": "e917d671cb2f030b56f1"
    },
    {
      "type": "authenticatorToken",
      "labels": [
        "Acme fob"
      ],
      "id": "fe6c452d7da0bbb4e407"
    },
    {
      "type": "securityQuestions",
      "securityQuestions": {
        "questions": [
          {
            "id": "q1",
            "prompt": "What is your mother's maiden name?"
          },
          {
            "id": "q4",
            "prompt": "What is your high school's name?"
          },
          {
            "id": "q9",
            "prompt": "What is the name of your first pet?"
          }
        ]
      },
      "id": "df33c6f88a37d6b3f0a6"
    }
  ]
}

Required Challenge (v1.2.3)

A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is challengeRequired. See the "Challenge API" for details.

Properties

Name	Description
`Required Challenge (v1.2.3)`	`object` A request from the service for the user to verify their identity. This contains a challenge ID, the corresponding operation ID, and a list of challenge factors for identity verification. The user must complete one of these challenge factors to satisfy the challenge. This schema defines the attributes in the 401 Unauthorized problem response when the 401 problem type name is `challengeRequired`. See the "Challenge API" for details.
`operationId`	`challengeOperationId` (required) The ID of an operation/action for which the user must verify their identity via an identity challenge. This is passed when starting a challenge factor or when validating the identity challenge responses. `minLength: 6` `maxLength: 48` `pattern: "^[-a-zA-Z0-9$_]{6,48}$"`
`challengeId`	`readOnlyResourceId` (required) The unique ID of this challenge instance. This is an opaque string. This is passed when starting a challenge factor or when validating the identity challenge responses. `read-only` `minLength: 6` `maxLength: 48` `pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"`
`factors`	`array: [challengeFactor]` (required) A list of challenge factors. The user must complete one of these challenge factors. The `labels` in each factor identify one or more channels the user may use, such as a list of email addresses the system may use to send a one-time passcode to the user. *Note: The same channel may be used by multiple factors in the array of factors. For example, the user's primary mobile phone number may be used for both an `sms` factor and a `voice` factor. `minItems: 1` `maxItems: 8` items: `object`

resourceId

"string"

Resource Identifier (v1.0.1)

The unique, opaque system identifier for a resource. This case-sensitive ID is also used as path parameters in URLs or in other properties or parameters that reference a resource by ID rather than URL.

type: string

minLength: 6
maxLength: 48
pattern: "^[-_:.~$a-zA-Z0-9]{6,48}$"

samlAlgorithms

{
  "signatureAlgorithms": [
    "RSA-SHA256",
    "RSA-SHA512",
    "ECDSA-SHA256"
  ],
  "digestAlgorithms": [
    "SHA256",
    "SHA384",
    "SHA512"
  ],
  "encryptionAlgorithms": [
    "AES256-GCM",
    "AES256-CBC",
    "AES192-CBC"
  ]
}

SAML Algorithms (v1.0.0)

SAML Algorithms.

Properties

Name	Description
`SAML Algorithms (v1.0.0)`	`object` SAML Algorithms.
`signatureAlgorithms`	`array: [string]` A list of supported signature algorithms. `maxItems: 100` items: `string` » `maxLength: 15` » `pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"`
`digestAlgorithms`	`array: [string]` A list of supported digest algorithms. `maxItems: 100` items: `string` » `maxLength: 15` » `pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"`
`encryptionAlgorithms`	`array: [string]` A list of supported encryption algorithms. `maxItems: 100` items: `string` » `maxLength: 15` » `pattern: "^[-a-zA-Z0-9-_ ]{0,15}$"`

samlCodeGenerationRequest

{
  "inputDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema",
    "type": "object",
    "properties": {
      "userName": {
        "type": "string",
        "format": "text",
        "maxLength": 32
      }
    }
  },
  "parameterDataSchema": {
    "$schema": "https://json-schema.org/draft/2020-12/schema'",
    "type": "object",
    "properties": {
      "mySetting": {
        "type": "string",
        "format": "text",
        "maxLength": 120
      }
    }
  }
}

Saml Code Generation Request (v1.0.0)

Saml Code Generation Request.

Properties

Name	Description
`Saml Code Generation Request (v1.0.0)`	`object` Saml Code Generation Request.
`inputDataSchema`	`jsonSchema` The input data JSON schema.
`parameterDataSchema`	`jsonSchema` A 2020/12 JSON Schema as per jsonschema.org.

samlProviderMetadata

{
  "metadata": "string",
  "url": "https://auth.apiture.com/identityProvider/metadata"
}

SAML Provider Metadata (v1.0.0)

SAML Provider Metadata.

Properties

Name	Description
`SAML Provider Metadata (v1.0.0)`	`object` SAML Provider Metadata.
`metadata`	`string(xml)` The updated SAML metadata file content. `format: xml` `maxLength: 102400`
`url`	`string(uri)` The public URL that can be used to retrieve the metadata. `format: uri` `maxLength: 255`

samlRequest

{
  "samlRequest": "<samlp:AuthnRequest xmlns:samlp='urn:oasis:names:tc:SAML:2.0:protocol'\n                    ID='_aaf23196-1773-2113-474a-fe114412ab72'\n                    Version='2.0' IssueInstant='2004-12-05T09:21:59Z'\n                    Destination='https://idp.example.com/SSOService.php'\n                    ProtocolBinding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'\n                    AssertionConsumerServiceURL='https://sp.example.com/ACS/SSO/SSO.php' />"
}

SAML Request (v1.0.0)

SAML Request.

Properties

Name	Description
`SAML Request (v1.0.0)`	`object` SAML Request.
`samlRequest`	`string(xml)` The SAML request XML output. `format: xml` `maxLength: 102400`
`consoleOutput`	`string(text)` Console output written by the code for logging and debugging purposes. `format: text` `maxLength: 102400`

samlRequestInput

{
  "integrationDefinition": {
    "id": "MY_INTEG",
    "description": "Fintech1 Integration.",
    "staged": false,
    "state": "enabled",
    "activeInstanceCount": 14,
    "label": "Fintech1 Feature",
    "mobileLabel": "Fintech1 Feature",
    "usesSpecificCustomerId": true,
    "specificCustomerIdLabel": "Customer Id",
    "specificCustomerIdDescription": "Customer Id",
    "availability": {
      "web": true,
      "mobile": true,
      "retail": true,
      "commercial": true,
      "institutions": "single"
    },
    "institutionId": "TCF",
    "partnerDomain": "fintech-partner.com",
    "audienceUrl": "https://my.audience.com/",
    "defaultRelayState": "RelStat123",
    "signatureAlgorithm": "RSA-SHA256",
    "digestAlgorithm": "SHA256",
    "encryptionAlgorithm": "AES256-GCM",
    "assertionEncryptionSupported": true,
    "serviceProviderMetadataUrl": "https://my.audience.com/saml/metadata.xml",
    "serviceProviderHostsMetadata": true,
    "targetMethod": "SAML-POST",
    "targetUrlTemplate": "https://my-integration.example.com/sp/saml?cust=%7B%7BinstitutionId%7D%7D",
    "parameterSchema": {
      "type": "object",
      "properties": {
        "value1": {
          "description": "...",
          "type": "string",
          "format": "text",
          "minLength": 1,
          "maxLength": 200
        },
        "value2": {
          "description": "...",
          "type": "integer",
          "format": "int32",
          "minimum": 1,
          "maximum": 100
        },
        "value3": {
          "description": "...",
          "type": "string",
          "enum": [
            "a",
            "b",
            "c"
          ]
        }
      }
    },
    "code": "createSAMLRequest(user: UserData, param: Parameters, integration: Integration) {\n  integration.assertions.add('answer', '42');\n}",
    "createdAt": "2024-10-16T06:04:35.375Z",
    "updatedAt": "2024-10-18T07:14:35.0"
  },
  "inputDataSchema": {},
  "inputData": {},
  "parameterData": {},
  "encrypt": true,
  "sign": true
}

Saml Request Input (v1.0.0)

Input data to generate a SAML request.

Properties

Name	Description
`Saml Request Input (v1.0.0)`	`object` Input data to generate a SAML request.
`integrationDefinition`	`integrationDefinition` The definition of a third party integration.
`inputDataSchema`	`jsonSchema` The input data JSON schema.
`inputData`	`jsonObject` Data about the customer gathered by Apiture Digital Banking to provide assertions for the request. The structure of the object needs to conform to the JSON schema supplied by the `inputDataSchema` property.
`parameterData`	`jsonObject` Integration instance configuration data supplied by the Apiture Digital Banking platform based on FXIM integration configuration properties. The structure of the object needs to conform to the JSON schema as specified by the `parameterSchema` property of the `integrationDefinition`.
`encrypt`	`boolean` Encrypt the SAML assertion values.
`sign`	`boolean` Sign the resulting SAML request. All SAML requests intended for use in live environments need to be signed. SAML requests intended for debugging or test purposes should not be signed.

serviceProviderMetadataRequest

{
  "metadata": "<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>"
}

Service Provider Metadata Request (v1.0.0)

Service Provider Metadata, conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0

Properties

Name	Description
`Service Provider Metadata Request (v1.0.0)`	`object` Service Provider Metadata, conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0
`metadata`	`serviceProviderXmlMetadata(xml)` (required) Service Provider XML Metadata, conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0 `format: xml` `maxLength: 102400`

serviceProviderXmlMetadata

"<EntityDescriptor ID=\"63dd531a-0ed9-451d-b2bc-747904ac5870\"\n  entityID=\"https://auth.apiture.com/saml\"\n  validUntil=\"2025-12-31T23:59:59Z\"\n  cacheDuration=\"PT5M\"\n  xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n  xmlns:saml2=\"urn:oasis:names:tc:SAML:2.0:assertion\">\n\n  <SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"1\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"2\" />\n      <AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n                                Location=\"https://serviceprovider.company.com/saml/acs\"\n                                index=\"3\" />\n\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n      <SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n                           Location=\"https://serviceprovider.company.com/saml/slo\" />\n\n      <ArtifactResolutionService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n                                 Location=\"https://serviceprovider.company.com/saml/ars\"\n                                 index=\"0\" />\n\n      <KeyDescriptor use=\"signing\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_SIGNING_CERTIFICATE_USED_FOR_SIGNING_REQUESTS</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n      </KeyDescriptor>\n\n      <KeyDescriptor use=\"encryption\">\n          <KeyInfo\n              xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n              <X509Data>\n                  <X509Certificate>SP_PUBLIC_ENCRYPTION_CERTIFICATE</X509Certificate>\n              </X509Data>\n          </KeyInfo>\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2009/xmlenc11#aes256-gcm\" />\n          <EncryptionMethod Algorithm=\"http://www.w3.org/2001/04/xmlenc#aes256-cbc\" />\n      </KeyDescriptor>\n  </SPSSODescriptor>\n\n  <Organization>\n      <OrganizationName xml:lang=\"en-GB\">Service Provider</OrganizationName>\n      <OrganizationDisplayName xml:lang=\"en-GB\">Service Provider</OrganizationDisplayName>\n      <OrganizationURL xml:lang=\"en-GB\">https://apiture.com/</OrganizationURL>\n  </Organization>\n\n  <ContactPerson contactType=\"technical\">\n      <Company>Service Provider</Company>\n      <GivenName>Responsible</GivenName>\n      <SurName>party</SurName>\n      <EmailAddress>responsible.party@serviceprovider.com</EmailAddress>\n  </ContactPerson>\n</EntityDescriptor>"

Service Provider XML Metadata (v1.0.0)

Service Provider XML Metadata, conformant with SAML V2.0 Metadata Interoperability Profile Version 1.0

type: string(xml)

format: xml
maxLength: 102400

sourceCodeAndSampleData

{
  "code": "type IntegrationInput = { userName: string }; type ConfigurationValues = { mySetting: string };"
}

Integration Definition Source Code (v1.0.0)

Source code snippet (TypeScript) associated with the integration data and parameters.

Properties

Name	Description
`Integration Definition Source Code (v1.0.0)`	`object` Source code snippet (TypeScript) associated with the integration data and parameters.
`code`	`string(text)` The TypeScript output. `format: text` `maxLength: 102400`
`sampleData`	`jsonObject` The sample data matching the specified JSON schema.

Generated by @apiture/api-doc 3.2.4 on Wed Mar 26 2025 19:42:38 GMT+0000 (Coordinated Universal Time).