Access v0.5.0

Scroll down for code samples, example requests and responses. Select a language for code samples from the tabs above or the mobile navigation menu.

The Access API describes the roles and permissions for access to Apiture APIs. This API defines two primary resources:

  • A permission allows a user access to an API operation or set of operations, such as accessing an account, reading account transactions, scheduling transfers and payments, adding beneficiaries, or approving an application. All API operations that require OAuth2 authentication require specific permissions.
  • A role represents an aggregation of permissions or other roles. Users may be assigned one or more roles, via the Users API and Operators API.

Each role has a name (a programmatic identifier), a short readable label, a longer description, a category, assignability (to users), and a list of child nodes and direct permissions. Fetching a role may also embed a full list of its effective permissions, which is the union of the set of the direct permissions in the role and the effective permissions of the direct child roles.

There are three categories of users, and thus three categories of roles that may be assigned to users.

  1. Administrative users who manage the deployment (system).
  2. Financial Institution operators, such as the deposits manager, the wire room staff, customer support, and so on. These financial institution users employ administrative and back office applications to manage the financial institution's digital banking. (operator)
  3. Banking customers who hold accounts and use client applications to perform digital banking. (This is for future use). (customer)

Roles and permissions are organized in a directed acyclic graph. Roles are the nodes in the graph and permissions are the leaves. Roles may have child roles and child permissions, but permissions may not have children. The graph has a maximum nesting depth (node ancestry) of six roles. This version of the API is read-only. Future releases will define operations for creating and updating roles and permissions.

Download OpenAPI Definition (YAML)

Base URLs:

Terms of service

Email: Apiture Web: Apiture

Authentication

  • API Key (apiKey)
    • header parameter: API-Key
    • API Key based authentication. See details at Secure Access.

Scope Scope Description
access/read Read access to roles and permissions.

Permissions

Permissions for API Access

getMyAccess

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/myAccess \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/access/myAccess HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/access/myAccess',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/myAccess',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/myAccess',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/access/myAccess', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/myAccess");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/myAccess", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return the current authenticated user's roles and permissions

GET https://api.devbank.apiture.com/access/myAccess

Return the current authenticated user's roles and permissions.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/access/userAccess/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "roles": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "categoryName": "customer",
      "label": "Create and Manage Transfers",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
        }
      }
    },
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "categoryName": "customer",
      "label": "Create and Manage Bill Payments",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
        }
      }
    }
  ],
  "effectiveRoles": [
    {
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "uri": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
    },
    {
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "uri": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
    }
  ],
  "effectivePermissions": [
    "getScheduledTransfer",
    "getScheduledTransfers",
    "createScheduledTransfer",
    "cancelScheduledTransfer",
    "updateScheduledTransfer",
    "deleteScheduledTransfer",
    "getPaymentInstruction",
    "getPaymentInstructions",
    "createPaymentInstruction",
    "submitPaymentInstruction",
    "cancelPaymentInstruction",
    "deletePaymentInstruction"
  ]
}

Responses

StatusDescription
200 OK
OK.
Schema: userAccess
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

getPermissions

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/permissions \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/access/permissions HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/access/permissions',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/permissions',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/permissions',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/access/permissions', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/permissions");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/permissions", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of API permissions

GET https://api.devbank.apiture.com/access/permissions

Return a paginated, collection of all API permissions. The links in the response include pagination links.

Parameters

ParameterDescription
start
in: query
integer(int64)
The zero-based index of the first permission item to include in this page. The default 0 denotes the beginning of the collection.
format: int64
default: 0
limit
in: query
integer(int32)
The maximum number of permission representations to return in this page.
format: int32
default: 100

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/access/permissions/v1.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=10&limit=10"
    },
    "first": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=0&limit=10"
    },
    "next": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=20&limit=10"
    },
    "collection": {
      "href": "https://api.devbank.apiture.com/access/permissions"
    }
  },
  "name": "permissions",
  "start": 10,
  "limit": 10,
  "count": 67,
  "_embedded": {
    "items": [
      {
        "name": "createScheduledTransfer",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
          }
        }
      },
      {
        "name": "updatedScheduledTransfer",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/updatedScheduledTransfer"
          }
        }
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: permissions
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

getPermission

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/permissions/{permissionName} \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/access/permissions/{permissionName} HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/access/permissions/{permissionName}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/permissions/{permissionName}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/permissions/{permissionName}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/access/permissions/{permissionName}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/permissions/{permissionName}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/permissions/{permissionName}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this permission

GET https://api.devbank.apiture.com/access/permissions/{permissionName}

Return a HAL representation of this permission resource.

Parameters

ParameterDescription
permissionName
in: path
string (required)
The unique name of a permission. This corresponds to the permission's name property.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
    },
    "apiture:roles": {
      "href": "https://api.devbank.apiture.com/access/roles?permission=createScheduledTransfer"
    }
  },
  "name": "createScheduledTransfer",
  "description": "Adds either a new one-time or a recurring transfer, to transfer funds between internal accounts or between an internal and a verified external account.",
  "label": "Create a new scheduled transfer request",
  "_embedded": {}
}

Responses

StatusDescription
200 OK
OK.
Schema: permission
HeaderETag
string
The ETag response header specifies an entity tag which may be provided in an If-Match request header for PUT or PATCH operations which update this permission resource.
StatusDescription
304 Not Modified
Not Modified. The resource has not been modified since it was last fetched.
StatusDescription
404 Not Found
Not Found. There is no such permission resource at the specified {permissionName}. The _error field in the response contains details about the request error.
Schema: errorResponse

Roles

User Roles for API Access

getRoles

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/roles \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/access/roles HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/access/roles',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/roles',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/roles',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/access/roles', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/roles");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/roles", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return a collection of roles

GET https://api.devbank.apiture.com/access/roles

Return a filterable collection of roles.

Parameters

ParameterDescription
filter
in: query
string
Optional filter criteria. See filtering.
This collection may be filtered by the following properties and functions:
• Property categoryName using functions eq, ne, in
• Property assignable using functions eq, ne
• Property user using functions eq, ne, in
• Property updatedAt using functions eq, ne, in, lt, le, gt, ge
• Property createdAt using functions eq, ne, in, lt, le, gt, ge.
permission
in: query
string
Return a list of roles which contain the named permission. This does not include effective permissions which the role inherits from child roles.
category
in: query
string
Return a list of roles for the named category.
enum values: system, operator, customer
assignable
in: query
boolean
Include only roles whose assignable property matches.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/access/roles/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/roles?start=00&limit=100"
    },
    "collection": {
      "href": "https://api.devbank.apiture.com/access/roles"
    }
  },
  "name": "roles",
  "start": 0,
  "limit": 100,
  "count": 7,
  "_embedded": {
    "items": [
      {
        "name": "role1",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/99ade01a-e676-456c-a546-e2fd003c834b"
          }
        }
      },
      {
        "name": "role2",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/70cd5898-3e74-4fcf-917c-b14030a4a061"
          }
        }
      }
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: roles
StatusDescription
400 Bad Request
Bad Request. The request body or one or more of the query parameters was not well formed. The _error field in the response contains details about the request error.
Schema: errorResponse
StatusDescription
422 Unprocessable Entity
Unprocessable Entity. The request body and/or query parameters were well formed but otherwise invalid. The _error field in the response contains details about the request error.
Schema: errorResponse

getRole

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/roles/{role} \
  -H 'Accept: application/json' \
  -H 'If-None-Match: string' \
  -H 'API-Key: API_KEY' \
  -H 'Authorization: Bearer {access-token}'

GET https://api.devbank.apiture.com/access/roles/{role} HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json
If-None-Match: string

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

fetch('https://api.devbank.apiture.com/access/roles/{role}',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'If-None-Match':'string',
  'API-Key':'API_KEY',
  'Authorization':'Bearer {access-token}'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/roles/{role}',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'If-None-Match' => 'string',
  'API-Key' => 'API_KEY',
  'Authorization' => 'Bearer {access-token}'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/roles/{role}',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'If-None-Match': 'string',
  'API-Key': 'API_KEY',
  'Authorization': 'Bearer {access-token}'
}

r = requests.get('https://api.devbank.apiture.com/access/roles/{role}', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/roles/{role}");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "If-None-Match": []string{"string"},
        "API-Key": []string{"API_KEY"},
        "Authorization": []string{"Bearer {access-token}"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/roles/{role}", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Fetch a representation of this role

GET https://api.devbank.apiture.com/access/roles/{role}

Return a HAL representation of this role resource. Note that if looking up a role by name, the response will be a (301) redirect to the role resource by _id.

Parameters

ParameterDescription
If-None-Match
in: header
string
The entity tag that was returned in the ETag response. If the resource's current entity tag matches, the GET returns 304 (Not Modified) and no response body, else the resource representation is returned.
embed
in: query
array[string]
A pipe-delimited list of properties to include in the returned role's _embedded objects. List items must be (roles, permissions, effectivePermissions property names of the roleEmbedded model schema.
pipe-delimited
items: string
» enum values: roles, permissions, effectivePermissions
role
in: path
string (required)
The unique name or _id (identifier) of a role.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/access/role/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/roles/7655fcde-c3a4-404e-a662-9beede86bfa9"
    },
    "apiture:permissions": {
      "href": "https://api.devbank.apiture.com/access/permissions?role=7655fcde-c3a4-404e-a662-9beede86bfa9"
    }
  },
  "name": "moveMoney",
  "label": "Move Money",
  "description": "Create, modify, and cancel transfers, payments, checks, and other funds movement.",
  "categoryName": "customer",
  "assignable": true,
  "_id": "7655fcde-c3a4-404e-a662-9beede86bfa9",
  "createdAt": "2021-01-25T12:46:06.375Z",
  "roles": [
    {
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "uri": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
    },
    {
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "uri": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
    }
  ],
  "permissions": [
    {
      "name": "getScheduledTransfer",
      "uri": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfer"
    },
    {
      "name": "getScheduledTransfers",
      "uri": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfers"
    }
  ],
  "_embedded": {
    "roles": [
      {
        "_profile": "https://production.api.apiture.com/schemas/access/role/v1.1.0/profile.json",
        "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
        "name": "transfers",
        "categoryName": "customer",
        "label": "Create and Manage Transfers",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
          }
        }
      },
      {
        "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
        "name": "payBills",
        "categoryName": "customer",
        "label": "Create and Manage Bill Payments",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
          }
        }
      }
    ],
    "permissions": [
      {
        "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
        "name": "getScheduledTransfer",
        "label": "View a scheduled transfer",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfer"
          }
        }
      },
      {
        "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
        "name": "getScheduledTransfers",
        "label": "View all scheduled transfers",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfers"
          }
        }
      }
    ],
    "effectivePermissions": [
      "getScheduledTransfer",
      "getScheduledTransfers",
      "createScheduledTransfer",
      "cancelScheduledTransfer",
      "updateScheduledTransfer",
      "deleteScheduledTransfer",
      "getPaymentInstruction",
      "getPaymentInstructions",
      "createPaymentInstruction",
      "submitPaymentInstruction",
      "cancelPaymentInstruction",
      "deletePaymentInstruction"
    ]
  }
}

Responses

StatusDescription
200 OK
OK.
Schema: role
HeaderETag
string
The ETag response header specifies an entity tag which may be provided in an If-Match request header for PUT or PATCH operations which update this role resource.
StatusDescription
301 Moved Permanently
Moved. The resource was found by role name, but the service redirects the client to the role resource by ID via the Location response header.
HeaderLocation
string uri
The canonical URI of the role resource.
StatusDescription
304 Not Modified
Not Modified. The resource has not been modified since it was last fetched.
StatusDescription
404 Not Found
Not Found. There is no such role resource at the specified {role}. The _error field in the response contains details about the request error.
Schema: errorResponse

API

The Access API

getApi

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/ \
  -H 'Accept: application/hal+json' \
  -H 'API-Key: API_KEY'

GET https://api.devbank.apiture.com/access/ HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/hal+json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

fetch('https://api.devbank.apiture.com/access/',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/hal+json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/hal+json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/hal+json',
  'API-Key': 'API_KEY'
}

r = requests.get('https://api.devbank.apiture.com/access/', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/hal+json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Top-level resources and operations in this API

GET https://api.devbank.apiture.com/access/

Return links to the top-level resources and operations in this API.

Example responses

200 Response

{
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0"
}

Responses

StatusDescription
200 OK
OK.
Schema: root

getApiDoc

Code samples

# You can also use wget
curl -X GET https://api.devbank.apiture.com/access/apiDoc \
  -H 'Accept: application/json' \
  -H 'API-Key: API_KEY'

GET https://api.devbank.apiture.com/access/apiDoc HTTP/1.1
Host: api.devbank.apiture.com
Accept: application/json

const fetch = require('node-fetch');

const headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

fetch('https://api.devbank.apiture.com/access/apiDoc',
{
  method: 'GET',

  headers: headers
})
.then(function(res) {
    return res.json();
}).then(function(body) {
    console.log(body);
});

var headers = {
  'Accept':'application/json',
  'API-Key':'API_KEY'

};

$.ajax({
  url: 'https://api.devbank.apiture.com/access/apiDoc',
  method: 'get',

  headers: headers,
  success: function(data) {
    console.log(JSON.stringify(data));
  }
})

require 'rest-client'
require 'json'

headers = {
  'Accept' => 'application/json',
  'API-Key' => 'API_KEY'
}

result = RestClient.get 'https://api.devbank.apiture.com/access/apiDoc',
  params: {
  }, headers: headers

p JSON.parse(result)

import requests
headers = {
  'Accept': 'application/json',
  'API-Key': 'API_KEY'
}

r = requests.get('https://api.devbank.apiture.com/access/apiDoc', params={

}, headers = headers)

print r.json()

URL obj = new URL("https://api.devbank.apiture.com/access/apiDoc");
HttpURLConnection con = (HttpURLConnection) obj.openConnection();
con.setRequestMethod("GET");
int responseCode = con.getResponseCode();
BufferedReader in = new BufferedReader(
    new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
    response.append(inputLine);
}
in.close();
System.out.println(response.toString());

package main

import (
       "bytes"
       "net/http"
)

func main() {

    headers := map[string][]string{
        "Accept": []string{"application/json"},
        "API-Key": []string{"API_KEY"},
        
    }

    data := bytes.NewBuffer([]byte{jsonReq})
    req, err := http.NewRequest("GET", "https://api.devbank.apiture.com/access/apiDoc", data)
    req.Header = headers

    client := &http.Client{}
    resp, err := client.Do(req)
    // ...
}

Return API definition document

GET https://api.devbank.apiture.com/access/apiDoc

Return the OpenAPI document that describes this API.

Example responses

200 Response

{}

Responses

StatusDescription
200 OK
OK.
Schema: Inline

Response Schema

Schemas

abstractRequest

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractRequest/v2.0.0/profile.json",
  "_links": {}
}

Abstract Request (v2.0.0)

An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.

This schema was resolved from common/abstractRequest.

Properties

NameDescription
Abstract Request (v2.0.0) object
An abstract schema used to define other request-only schemas. This is a HAL resource representation, minus the _error defined in abstractResource.

This schema was resolved from common/abstractRequest.

_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri

abstractResource

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractResource/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  }
}

Abstract Resource (v2.1.0)

An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.

This schema was resolved from common/abstractResource.

Properties

NameDescription
Abstract Resource (v2.1.0) object
An abstract schema used to define other schemas for request and response bodies. This is a HAL resource representation. This model contains hypermedia _links, and either optional domain object data with _profile and optional _embedded objects, or an _error object. In responses, if the operation was successful, this object will not include the _error, but if the operation was a 4xx or 5xx error, this object will not include _embedded or any data fields, only _error and optionally _links.

This schema was resolved from common/abstractResource.

_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

attributes

{}

Attributes (v2.1.0)

An optional map of name/value pairs which contains additional dynamic data about the resource.

This schema was resolved from common/attributes.

Properties

NameDescription
Attributes (v2.1.0) object
An optional map of name/value pairs which contains additional dynamic data about the resource.

This schema was resolved from common/attributes.
Additional Properties: true

collection

{
  "_profile": "https://production.api.apiture.com/schemas/common/abstractResource/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  }
}

Collection (v2.1.0)

A collection of resources. This is an abstract model schema which is extended to define specific resource collections.

This schema was resolved from common/collection.

Properties

NameDescription
Collection (v2.1.0) object
A collection of resources. This is an abstract model schema which is extended to define specific resource collections.

This schema was resolved from common/collection.

_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

error

{
  "_id": "2eae46e1575c0a7b0115a4b3",
  "message": "Descriptive error message...",
  "statusCode": 422,
  "type": "errorType1",
  "remediation": "Remediation string...",
  "occurredAt": "2018-01-25T05:50:52.375Z",
  "errors": [
    {
      "_id": "ccdbe2c5c938a230667b3827",
      "message": "An optional embedded error"
    },
    {
      "_id": "dbe9088dcfe2460f229338a3",
      "message": "Another optional embedded error"
    }
  ],
  "_links": {
    "describedby": {
      "href": "https://developer.apiture.com/errors/errorType1"
    }
  }
}

Error (v2.1.0)

Describes an error in an API request or in a service called via the API.

This schema was resolved from common/error.

Properties

NameDescription
Error (v2.1.0) object
Describes an error in an API request or in a service called via the API.

This schema was resolved from common/error.

message string (required)
A localized message string describing the error condition.
_id string
A unique identifier for this error instance. This may be used as a correlation ID with the root cause error (i.e. this ID may be logged at the source of the error). This is is an opaque string.
read-only
statusCode integer
The HTTP status code associate with this error.
minimum: 100
maximum: 599
type string
An error identifier which indicates the category of error and associate it with API support documentation or which the UI tier can use to render an appropriate message or hint. This provides a finer level of granularity than the statusCode. For example, instead of just 400 Bad Request, the type may be much more specific. such as integerValueNotInAllowedRange or numericValueExceedsMaximum or stringValueNotInAllowedSet.
occurredAt string(date-time)
An RFC 3339 UTC time stamp indicating when the error occurred.
format: date-time
attributes attributes
Informative values or constraints which describe the error. For example, for a value out of range error, the attributes may specify the minimum and maximum values. This allows clients to present error messages as they see fit (the API does not assume the client/presentation tier). The set of attributes varies by error type.
Additional Properties: true
remediation string
An optional localized string which provides hints for how the user or client can resolve the error.
errors array: [error]
An optional array of nested error objects. This property is not always present.
items: object

errorResponse

{
  "_profile": "https://production.api.apiture.com/schemas/common/errorResponse/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "_error": {
    "_id": "2eae46e1-575c-4d69-8a8f-0a7b0115a4b3",
    "message": "Description of the error will appear here.",
    "statusCode": 422,
    "type": "specificErrorType",
    "attributes": {
      "value": "Optional attribute describing the error"
    },
    "remediation": "Optional instructions to remediate the error may appear here.",
    "occurredAt": "2018-01-25T05:50:52.375Z",
    "_links": {
      "describedby": {
        "href": "https://production.api.apiture.com/errors/specificErrorType"
      }
    },
    "_embedded": {
      "errors": []
    }
  }
}

Error Response (v2.1.0)

Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.

This schema was resolved from common/errorResponse.

Properties

NameDescription
Error Response (v2.1.0) object
Describes an error response, typically returned on 4xx or 5xx errors from API operations. The _error object contains the error details.

This schema was resolved from common/errorResponse.

_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only

{
  "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
  "title": "Application"
}

Link (v1.0.0)

Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

This schema was resolved from common/link.

NameDescription
Link (v1.0.0) object
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

This schema was resolved from common/link.

href string(uri) (required)
The URI or URI template for the resource/operation this link refers to.
format: uri
type string
The media type for the resource.
templated boolean
If true, the link's href is a URI template.
title string
An optional human-readable localized title for the link.
deprecation string(uri)
If present, the containing link is deprecated and the value is a URI which provides human-readable text information about the deprecation.
format: uri
profile string(uri)
The URI of a profile document, a JSON document which describes the target resource/operation.
format: uri

{
  "property1": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  },
  "property2": {
    "href": "https://api.devbank.apiture.com/applications/application/328f6bf6-d762-422f-a077-ab91ca4d0b6f",
    "title": "Application"
  }
}

Links (v1.0.0)

An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

NameDescription
Links (v1.0.0) object
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

Link (v1.0.0) link
Describes a hypermedia link within a _links object in HAL representations. In Apiture APIs, links are HAL links, but Apiture APIs do not use the name or hreflang properties of HAL. Apiture links may include a method property.

This schema was resolved from common/link.

permission

{
  "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
    },
    "apiture:roles": {
      "href": "https://api.devbank.apiture.com/access/roles?permission=createScheduledTransfer"
    }
  },
  "name": "createScheduledTransfer",
  "description": "Adds either a new one-time or a recurring transfer, to transfer funds between internal accounts or between an internal and a verified external account.",
  "label": "Create a new scheduled transfer request",
  "_embedded": {}
}

Permission (v1.0.0)

Representation of permission resources. A permission represents an allowed API operation. Permissions are aggregated into roles.

Response and request bodies using this permission schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this permissionGET
apiture:rolesList roles which have this permission (directly)GET

Properties

NameDescription
Permission (v1.0.0) object

Representation of permission resources. A permission represents an allowed API operation. Permissions are aggregated into roles.

Response and request bodies using this permission schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this permissionGET
apiture:rolesList roles which have this permission (directly)GET
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
name string
The name of this permission. This immutable programmatic identifier also acts as the permission's unique {permissionName}.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
label string
A short text label for this permission, for use in human presentation. This field may be localized.
minLength: 1
maxLength: 128
description string(markdown)
A more detailed description of this permission.
format: markdown
maxLength: 512

permissionReference

{
  "name": "approveApproval",
  "uri": "https://api.devbank.apiture.com/access/permissions/approveApproval"
}

Permission Reference (v1.0.0)

A reference to a permission resource.

Properties

NameDescription
Permission Reference (v1.0.0) object
A reference to a permission resource.
name string (required)
The name of this permission.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
uri string(uri)
The URI of the permission's resource.
format: uri

permissions

{
  "_profile": "https://production.api.apiture.com/schemas/access/permissions/v1.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=10&limit=10"
    },
    "first": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=0&limit=10"
    },
    "next": {
      "href": "https://api.devbank.apiture.com/access/permissions?start=20&limit=10"
    },
    "collection": {
      "href": "https://api.devbank.apiture.com/access/permissions"
    }
  },
  "name": "permissions",
  "start": 10,
  "limit": 10,
  "count": 67,
  "_embedded": {
    "items": [
      {
        "name": "createScheduledTransfer",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
          }
        }
      },
      {
        "name": "updatedScheduledTransfer",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/updatedScheduledTransfer"
          }
        }
      }
    ]
  }
}

Permission Collection (v1.0.0)

Collection of permissions. The items in the collection are ordered in the _embedded.items array; the collection name is permissions. The top-level _links object may contain pagination links (self, next, prev, first, last, collection).

Properties

NameDescription
Permission Collection (v1.0.0) object
Collection of permissions. The items in the collection are ordered in the _embedded.items array; the collection name is permissions. The top-level _links object may contain pagination links (self, next, prev, first, last, collection).
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded permissionsEmbedded
Embedded objects.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

permissionsEmbedded

{
  "items": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
        }
      },
      "name": "createScheduledTransfer",
      "description": "Create a new scheduled transfer in the `scheduledTransfers` collection.",
      "label": "Create a new scheduled transfer request"
    }
  ]
}

Permissions Embedded Objects (v1.0.0)

Objects embedded in the permissions schema.

Properties

NameDescription
Permissions Embedded Objects (v1.0.0) object
Objects embedded in the permissions schema.
items array: [summaryPermission]
An array containing summary representations of permission items.
items: object

role

{
  "_profile": "https://production.api.apiture.com/schemas/access/role/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/roles/7655fcde-c3a4-404e-a662-9beede86bfa9"
    },
    "apiture:permissions": {
      "href": "https://api.devbank.apiture.com/access/permissions?role=7655fcde-c3a4-404e-a662-9beede86bfa9"
    }
  },
  "name": "moveMoney",
  "label": "Move Money",
  "description": "Create, modify, and cancel transfers, payments, checks, and other funds movement.",
  "categoryName": "customer",
  "assignable": true,
  "_id": "7655fcde-c3a4-404e-a662-9beede86bfa9",
  "createdAt": "2021-01-25T12:46:06.375Z",
  "roles": [
    {
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "uri": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
    },
    {
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "uri": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
    }
  ],
  "permissions": [
    {
      "name": "getScheduledTransfer",
      "uri": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfer"
    },
    {
      "name": "getScheduledTransfers",
      "uri": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfers"
    }
  ],
  "_embedded": {
    "roles": [
      {
        "_profile": "https://production.api.apiture.com/schemas/access/role/v1.1.0/profile.json",
        "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
        "name": "transfers",
        "categoryName": "customer",
        "label": "Create and Manage Transfers",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
          }
        }
      },
      {
        "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
        "name": "payBills",
        "categoryName": "customer",
        "label": "Create and Manage Bill Payments",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
          }
        }
      }
    ],
    "permissions": [
      {
        "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
        "name": "getScheduledTransfer",
        "label": "View a scheduled transfer",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfer"
          }
        }
      },
      {
        "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
        "name": "getScheduledTransfers",
        "label": "View all scheduled transfers",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfers"
          }
        }
      }
    ],
    "effectivePermissions": [
      "getScheduledTransfer",
      "getScheduledTransfers",
      "createScheduledTransfer",
      "cancelScheduledTransfer",
      "updateScheduledTransfer",
      "deleteScheduledTransfer",
      "getPaymentInstruction",
      "getPaymentInstructions",
      "createPaymentInstruction",
      "submitPaymentInstruction",
      "cancelPaymentInstruction",
      "deletePaymentInstruction"
    ]
  }
}

Role (v1.1.0)

Representation of role resources. A role is an aggregation of permissions or other roles. Users may be assigned one or more roles (although role assignment is outside the scope of this API.) Note that, while role's may be accessed by name or _id, the self link always uses the canonical form, _id.

Response and request bodies using this role schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this roleGET

Properties

NameDescription
Role (v1.1.0) object

Representation of role resources. A role is an aggregation of permissions or other roles. Users may be assigned one or more roles (although role assignment is outside the scope of this API.) Note that, while role's may be accessed by name or _id, the self link always uses the canonical form, _id.

Response and request bodies using this role schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this roleGET
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded roleEmbedded
Optional related objects (child roles, direct permissions, effective permissions) embedded in a role representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
name string
The name of this role. This immutable programmatic identifier also acts as the role's unique {role}.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
label string
The text label for this role, for use in human presentation. This field may be localized.
minLength: 1
maxLength: 128
categoryName roleCategory

The category of users that may be assigned this role. Child roles are constrained:

  • a customer role can only have customer child roles.
  • a operator role can only have customer or operator child roles.
  • a system role can have any child roles.

enum values: system, operator, customer
assignable boolean
If true, this role can be assigned to users. If false, the role is used for composing other roles only.
default: false
_id string
The unique identifier for this role. This is an immutable opaque string. This is the {role} in canonical resource URIs.
read-only
maxLength: 64
description string(markdown)
The role's description.
format: markdown
maxLength: 512
roles array: [roleReference]
Child roles that this role inherits permissions from. This may be an empty array.
maxLength: 256
items: object
permission array: [permissionReference]
Direct permissions granted by this role. This may be an empty array.
maxLength: 2048
items: object
createdAt string(date-time)
The date-time when the role was created, in YYYY-MM-DDThh:mm:ss.sssZ RFC 3339 date-time format, UTC. This is derived and immutable.
read-only
format: date-time
updatedAt string(date-time)
The date-time when the role was last updated, in YYYY-MM-DDThh:mm:ss.sssZ RFC 3339 date-time format, UTC. This is derived and immutable.
read-only
format: date-time

roleCategory

"system"

Role Category (v1.0.0)

The category of users that may be assigned this role.

roleCategory strings may have one of the following enumerated values:

ValueDescription
systemSystem Administrative User:

System administrative users who manage the deployment.

operatorFinancial Institution Operator:

Administrator employees of the financial institution such as the deposits manager or the wire room staff, customer support, and so on These financial institution users use administrative and back office applications to manage the digital banking.

customerBanking Customer User:

Banking customers who hold accounts and use applications to perform digital banking. (Reserved for future use.)

type: string


enum values: system, operator, customer

roleEmbedded

{
  "roles": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "categoryName": "customer",
      "label": "Create and Manage Transfers",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
        }
      }
    },
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "categoryName": "customer",
      "label": "Create and Manage Bill Payments",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
        }
      }
    }
  ],
  "permissions": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
      "name": "getScheduledTransfer",
      "label": "View a scheduled transfer",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfer"
        }
      }
    },
    {
      "_profile": "https://production.api.apiture.com/schemas/access/permission/v1.0.0/profile.json",
      "name": "getScheduledTransfers",
      "label": "View all scheduled transfers",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/permissions/getScheduledTransfers"
        }
      }
    }
  ],
  "effectivePermissions": [
    "getScheduledTransfer",
    "getScheduledTransfers",
    "createScheduledTransfer",
    "cancelScheduledTransfer",
    "updateScheduledTransfer",
    "deleteScheduledTransfer",
    "getPaymentInstruction",
    "getPaymentInstructions",
    "createPaymentInstruction",
    "submitPaymentInstruction",
    "cancelPaymentInstruction",
    "deletePaymentInstruction"
  ]
}

Role Embedded Objects (v1.1.0)

Objects embedded in a role object.

Properties

NameDescription
Role Embedded Objects (v1.1.0) object
Objects embedded in a role object.
roles array: [summaryRole]
An array of direct child roles. This is included in a role representation if the embed query parameter on the getRole operation includes the name, roles.
items: object
permissions array: [summaryPermission]
An array containing permission objects for all the direct permissions in this role. This is included in a role representation if the embed query parameter on the getRole operation includes the name, permissions.
items: object
effectivePermissions array: [string]
An array containing all the effective permission names for this role. This is the union of the direct permissions for the role and all the effective permissions of all the role's direct child roles. This is included in a role representation if the embed query parameter on the getRole operation includes the name, effectivePermissions.
items: string

roleReference

{
  "_id": "78c16684-0628-4363-a557-987839245d2c",
  "name": "approveApproval",
  "uri": "https://api.devbank.apiture.com/access/roles/78c16684-0628-4363-a557-987839245d2c"
}

Role Reference (v1.0.0)

A reference to a role resource.

Properties

NameDescription
Role Reference (v1.0.0) object
A reference to a role resource.
_id string (required)
The unique identifier for the role.
read-only
maxLength: 64
name string (required)
The name of this role.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
label string
The text label for this role.
minLength: 1
maxLength: 128
uri string(uri)
The URI of the role's resource.
format: uri

roles

{
  "_profile": "https://production.api.apiture.com/schemas/access/roles/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/roles?start=00&limit=100"
    },
    "collection": {
      "href": "https://api.devbank.apiture.com/access/roles"
    }
  },
  "name": "roles",
  "start": 0,
  "limit": 100,
  "count": 7,
  "_embedded": {
    "items": [
      {
        "name": "role1",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/99ade01a-e676-456c-a546-e2fd003c834b"
          }
        }
      },
      {
        "name": "role2",
        "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
        "_links": {
          "self": {
            "href": "https://api.devbank.apiture.com/access/roles/70cd5898-3e74-4fcf-917c-b14030a4a061"
          }
        }
      }
    ]
  }
}

Role Collection (v1.1.0)

Collection of roles. The items in the collection are listed in the _embedded.items array; the collection name is roles.

Properties

NameDescription
Role Collection (v1.1.0) object
Collection of roles. The items in the collection are listed in the _embedded.items array; the collection name is roles.
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded rolesEmbedded
roles collection items
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
count integer
The number of items in the collection. This value is optional and may be omitted if the count is not computable efficiently. If a filter is applied to the collection (either implicitly or explicitly), the count, if present, indicates the number of items that satisfy the filter.
start integer
The start index of this page of items.
limit integer
The maximum number of items per page.
name string
The name of the collection.

rolesEmbedded

{
  "items": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/7655fcde-c3a4-404e-a662-9beede86bfa9"
        }
      },
      "name": "moveMoney",
      "label": "Move Money",
      "description": "Create, modify, and cancel transfers, payments, checks, and other funds movement.",
      "categoryName": "customer",
      "assignable": true,
      "_id": "7655fcde-c3a4-404e-a662-9beede86bfa9"
    }
  ]
}

Roles Embedded Objects (v1.1.0)

Objects embedded in the roles collection.

Properties

NameDescription
Roles Embedded Objects (v1.1.0) object
Objects embedded in the roles collection.
items array: [summaryRole]
An array containing role items.
items: object

root

{
  "_profile": "https://production.api.apiture.com/schemas/common/root/v2.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "id": "apiName",
  "name": "API name",
  "apiVersion": "1.0.0"
}

API Root (v2.1.0)

A HAL response, with hypermedia _links for the top-level resources and operations in API.

This schema was resolved from common/root.

Properties

NameDescription
API Root (v2.1.0) object
A HAL response, with hypermedia _links for the top-level resources and operations in API.

This schema was resolved from common/root.

_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
_id string
This API's unique ID.
read-only
name string
This API's name.
apiVersion string
This API's version.

summaryPermission

{
  "_profile": "https://production.api.apiture.com/schemas/access/summaryPermission/v1.0.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/permissions/createScheduledTransfer"
    }
  },
  "name": "createScheduledTransfer",
  "description": "Create a new scheduled transfer in the `scheduledTransfers` collection.",
  "label": "Create a new scheduled transfer request"
}

Permission Summary (v1.0.0)

Summary representation of a permission resource in the permissions collection. A permission represents an allowed API operation. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get the full permission object.

Response and request bodies using this summaryPermission schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this permissionGET

Properties

NameDescription
Permission Summary (v1.0.0) object

Summary representation of a permission resource in the permissions collection. A permission represents an allowed API operation. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get the full permission object.

Response and request bodies using this summaryPermission schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this permissionGET
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
name string
The name of this permission. This immutable programmatic identifier also acts as the permission's unique {permissionName}.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
label string
A short text label for this permission, for use in human presentation. This field may be localized.
minLength: 1
maxLength: 128

summaryRole

{
  "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/access/roles/7655fcde-c3a4-404e-a662-9beede86bfa9"
    }
  },
  "name": "moveMoney",
  "label": "Move Money",
  "description": "Create, modify, and cancel transfers, payments, checks, and other funds movement.",
  "categoryName": "customer",
  "assignable": true,
  "_id": "7655fcde-c3a4-404e-a662-9beede86bfa9"
}

Role Summary (v1.1.0)

Summary representation of a role resource in the roles collection. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get full role object.

Response and request bodies using this summaryRole schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this roleGET

Properties

NameDescription
Role Summary (v1.1.0) object

Summary representation of a role resource in the roles collection. This representation normally does not contain any _embedded objects. If needed, call the GET operation on the item's self link to get full role object.

Response and request bodies using this summaryRole schema may contain the following links:

RelSummaryMethod
selfFetch a representation of this roleGET
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
name string
The name of this role. This immutable programmatic identifier also acts as the role's unique {role}.
minLength: 6
maxLength: 64
pattern: "^[a-z][a-zA-Z0-9]{0,63}$"
label string
The text label for this role, for use in human presentation. This field may be localized.
minLength: 1
maxLength: 128
categoryName roleCategory

The category of users that may be assigned this role. Child roles are constrained:

  • a customer role can only have customer child roles.
  • a operator role can only have customer or operator child roles.
  • a system role can have any child roles.

enum values: system, operator, customer
assignable boolean
If true, this role can be assigned to users. If false, the role is used for composing other roles only.
default: false
_id string
The unique identifier for this role. This is an immutable opaque string. This is the {role} in canonical resource URIs.
read-only
maxLength: 64

userAccess

{
  "_profile": "https://production.api.apiture.com/schemas/access/userAccess/v1.1.0/profile.json",
  "_links": {
    "self": {
      "href": "https://api.devbank.apiture.com/apiName/resourceName/resourceId"
    }
  },
  "roles": [
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "categoryName": "customer",
      "label": "Create and Manage Transfers",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
        }
      }
    },
    {
      "_profile": "https://production.api.apiture.com/schemas/access/summaryRole/v1.1.0/profile.json",
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "categoryName": "customer",
      "label": "Create and Manage Bill Payments",
      "_links": {
        "self": {
          "href": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
        }
      }
    }
  ],
  "effectiveRoles": [
    {
      "_id": "0d3a9972-a843-458a-b6a9-dec3feb458ff",
      "name": "transfers",
      "uri": "https://api.devbank.apiture.com/access/roles/0d3a9972-a843-458a-b6a9-dec3feb458ff"
    },
    {
      "_id": "93959e3d-f61d-452f-8054-73a92cdfe263",
      "name": "payBills",
      "uri": "https://api.devbank.apiture.com/access/roles/93959e3d-f61d-452f-8054-73a92cdfe263"
    }
  ],
  "effectivePermissions": [
    "getScheduledTransfer",
    "getScheduledTransfers",
    "createScheduledTransfer",
    "cancelScheduledTransfer",
    "updateScheduledTransfer",
    "deleteScheduledTransfer",
    "getPaymentInstruction",
    "getPaymentInstructions",
    "createPaymentInstruction",
    "submitPaymentInstruction",
    "cancelPaymentInstruction",
    "deletePaymentInstruction"
  ]
}

User Access (v1.1.0)

The lists of the currently authenticated user's access: their assigned roles, any effective roles inherited from those assigned role's, and the full set of effective permissions associated with those roles.

Properties

NameDescription
User Access (v1.1.0) object
The lists of the currently authenticated user's access: their assigned roles, any effective roles inherited from those assigned role's, and the full set of effective permissions associated with those roles.
_links links
An optional map of links, mapping each link relation to a link object. This model defines the _links object of HAL representations.

This schema was resolved from common/links.

_embedded object
An optional map of nested resources, mapping each nested resource name to a nested resource representation.
_profile string(uri)
The URI of a resource profile which describes the representation.
read-only
format: uri
_error error
An object which describes an error. This value is omitted if the operation succeeded without error.
read-only
roles array: [summaryRole] (required)
All the roles assigned directly to a user.
items: object
effectiveRoles array: [roleReference] (required)
The union of the user's assigned roles and the roles which have the assigned roles as an ancestor.
items: object
effectivePermissions array: [string] (required)
An array containing all the effective permission names associated with all the roles that are assigned to the user.
items: string

Generated by @apiture/api-doc 3.2.4 on Mon Oct 28 2024 14:41:00 GMT+0000 (Coordinated Universal Time).