v4.0.0 filtered by tag: User (41 APIs)

Bank
Accounts
Views
Counterparties
Transactions

Create (DAuth) User with Account Access

This endpoint is used as part of the DAuth solution to grant access to account and transaction data to a smart contract on the blockchain.

Put the smart contract address in username

For provider use "dauth"

This endpoint will create the (DAuth) User with username and provider if the User does not already exist.

Authentication is Mandatory and the logged in user needs to be account holder.

For information about DAuth see below:

DAuth

DAuth Introduction, Setup and Usage

DAuth is an experimental authentication mechanism that aims to pin an ethereum or other blockchain Smart Contract to an OBP "User".

In the future, it might be possible to be more specific and pin specific actors (wallets) that are acting within the smart contract, but so far, one smart contract acts on behalf of one User.

Thus, if a smart contract "X" calls the OBP API using the DAuth header, OBP will get or create a user called X and the call will proceed in the context of that User "X".

DAuth is invoked by the REST client (caller) including a specific header (see step 3 below) in any OBP REST call.

When OBP receives the DAuth token, it creates or gets a User with a username based on the smart_contract_address and the provider based on the network_name. The combination of username and provider is unique in OBP.

If you are calling OBP-API via an API3 Airnode, the Airnode will take care of constructing the required header.

When OBP detects a DAuth header / token it first checks if the Consumer is allowed to make such a call. OBP will validate the Consumer ip address and signature etc.

Note: The DAuth flow does not require an explicit POST like Direct Login to create the token.

Permissions may be assigned to an OBP User at any time, via the UserAuthContext, Views, Entitlements to Roles or Consents.

Note: DAuth is NOT enabled on this instance!

Note: The DAuth client is responsible for creating a token which will be trusted by OBP absolutely!

To use DAuth:

1) Configure OBP API to accept DAuth.

Set up properties in your props file

# -- DAuth --------------------------------------
# Define secret used to validate JWT token
# jwt.public_key_rsa=path-to-the-pem-file
# Enable/Disable DAuth communication at all
# In case isn't defined default value is false
# allow_dauth=false
# Define comma separated list of allowed IP addresses
# dauth.host=127.0.0.1
# -------------------------------------- DAuth--

Please keep in mind that property jwt.public_key_rsa is used to validate JWT token to check it is not changed or corrupted during transport.

2) Create / have access to a JWT

The following videos are available:
* DAuth in local environment

HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "RS256",
  "typ": "JWT"
}

PAYLOAD:DATA

{
  "smart_contract_address": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
  "network_name": "AIRNODE.TESTNET.ETHEREUM",
  "msg_sender": "0xe12340927f1725E7734CE288F8367e1Bb143E90fhku767",
  "consumer_key": "0x1234a4ec31e89cea54d1f125db7536e874ab4a96b4d4f6438668b6bb10a6adb",
  "timestamp": "2021-11-04T14:13:40Z",
  "request_id": "0Xe876987694328763492876348928736497869273649"
}

VERIFY SIGNATURE

RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),

) your-RSA-key-pair

Here is an example token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k

3) Try a REST call using the header

Using your favorite http client:

GET https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current

Body

Leave Empty!

Headers:

   DAuth: your-jwt-from-step-above

Here is it all together:

GET https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.47.0
Accept: /
DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k

CURL example

curl -v -H 'DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k' https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current

You should receive a response like:

{
    "user_id": "4c4d3175-1e5c-4cfd-9b08-dcdc209d8221",
    "email": "",
    "provider_id": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
    "provider": "ETHEREUM",
    "username": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
    "entitlements": {
        "list": []
    }
}

Under the hood

The file, dauth.scala handles the DAuth,

We:

-> Check if Props allow_dauth is true
  -> Check if DAuth header exists
    -> Check if getRemoteIpAddress is OK
      -> Look for "token"
        -> parse the JWT token and getOrCreate the user
          -> get the data of the user

More information

Parameter names and values are case sensitive.
Each parameter MUST NOT appear more than once per request.


URL Parameters:

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
[{ "id":"1234", "short_name":"short_name", "description":"description", "metadata_view":"owner", "is_public":true, "is_system":true, "alias":"No", "hide_metadata_if_alias_used":true, "can_add_comment":true, "can_add_corporate_location":true, "can_add_image":true, "can_add_image_url":true, "can_add_more_info":true, "can_add_open_corporates_url":true, "can_add_physical_location":true, "can_add_private_alias":true, "can_add_public_alias":true, "can_add_tag":true, "can_add_url":true, "can_add_where_tag":true, "can_delete_comment":true, "can_add_counterparty":true, "can_delete_corporate_location":true, "can_delete_image":true, "can_delete_physical_location":true, "can_delete_tag":true, "can_delete_where_tag":true, "can_edit_owner_comment":true, "can_see_bank_account_balance":true, "can_query_available_funds":true, "can_see_bank_account_bank_name":true, "can_see_bank_account_currency":true, "can_see_bank_account_iban":true, "can_see_bank_account_label":true, "can_see_bank_account_national_identifier":true, "can_see_bank_account_number":true, "can_see_bank_account_owners":true, "can_see_bank_account_swift_bic":true, "can_see_bank_account_type":true, "can_see_comments":true, "can_see_corporate_location":true, "can_see_image_url":true, "can_see_images":true, "can_see_more_info":true, "can_see_open_corporates_url":true, "can_see_other_account_bank_name":true, "can_see_other_account_iban":true, "can_see_other_account_kind":true, "can_see_other_account_metadata":true, "can_see_other_account_national_identifier":true, "can_see_other_account_number":true, "can_see_other_account_swift_bic":true, "can_see_owner_comment":true, "can_see_physical_location":true, "can_see_private_alias":true, "can_see_public_alias":true, "can_see_tags":true, "can_see_transaction_amount":true, "can_see_transaction_balance":true, "can_see_transaction_currency":true, "can_see_transaction_description":true, "can_see_transaction_finish_date":true, "can_see_transaction_metadata":true, "can_see_transaction_other_bank_account":true, "can_see_transaction_start_date":true, "can_see_transaction_this_bank_account":true, "can_see_transaction_type":true, "can_see_url":true, "can_see_where_tag":true, "can_see_bank_routing_scheme":true, "can_see_bank_routing_address":true, "can_see_bank_account_routing_scheme":true, "can_see_bank_account_routing_address":true, "can_see_other_bank_routing_scheme":true, "can_see_other_bank_routing_address":true, "can_see_other_account_routing_scheme":true, "can_see_other_account_routing_address":true, "can_add_transaction_request_to_own_account":true, "can_add_transaction_request_to_any_account":true, "can_see_bank_account_credit_limit":true, "can_create_direct_debit":true, "can_create_standing_order":true }]
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20047: User must have access to the owner view or must be an account holder.
  • OBP-10001: Incorrect json format.
  • OBP-30252: System view not found. Please specify a valid value for VIEW_ID
  • OBP-30005: View not found for Account. Please specify a valid value for VIEW_ID
  • OBP-30063: Cannot grant account access.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by createUserWithAccountAccess, operation_id: OBPv4.0.0-createUserWithAccountAccess Tags: Account-Access, View-Custom, Account, User, OwnerViewRequired, DAuth, New-Style,

Grant User access to View

Grants the User identified by USER_ID access to the view identified by VIEW_ID.

Authentication is Mandatory and the user needs to be account holder.

URL Parameters:

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "id":"1234", "short_name":"short_name", "description":"description", "metadata_view":"owner", "is_public":true, "is_system":true, "alias":"No", "hide_metadata_if_alias_used":true, "can_add_comment":true, "can_add_corporate_location":true, "can_add_image":true, "can_add_image_url":true, "can_add_more_info":true, "can_add_open_corporates_url":true, "can_add_physical_location":true, "can_add_private_alias":true, "can_add_public_alias":true, "can_add_tag":true, "can_add_url":true, "can_add_where_tag":true, "can_delete_comment":true, "can_add_counterparty":true, "can_delete_corporate_location":true, "can_delete_image":true, "can_delete_physical_location":true, "can_delete_tag":true, "can_delete_where_tag":true, "can_edit_owner_comment":true, "can_see_bank_account_balance":true, "can_query_available_funds":true, "can_see_bank_account_bank_name":true, "can_see_bank_account_currency":true, "can_see_bank_account_iban":true, "can_see_bank_account_label":true, "can_see_bank_account_national_identifier":true, "can_see_bank_account_number":true, "can_see_bank_account_owners":true, "can_see_bank_account_swift_bic":true, "can_see_bank_account_type":true, "can_see_comments":true, "can_see_corporate_location":true, "can_see_image_url":true, "can_see_images":true, "can_see_more_info":true, "can_see_open_corporates_url":true, "can_see_other_account_bank_name":true, "can_see_other_account_iban":true, "can_see_other_account_kind":true, "can_see_other_account_metadata":true, "can_see_other_account_national_identifier":true, "can_see_other_account_number":true, "can_see_other_account_swift_bic":true, "can_see_owner_comment":true, "can_see_physical_location":true, "can_see_private_alias":true, "can_see_public_alias":true, "can_see_tags":true, "can_see_transaction_amount":true, "can_see_transaction_balance":true, "can_see_transaction_currency":true, "can_see_transaction_description":true, "can_see_transaction_finish_date":true, "can_see_transaction_metadata":true, "can_see_transaction_other_bank_account":true, "can_see_transaction_start_date":true, "can_see_transaction_this_bank_account":true, "can_see_transaction_type":true, "can_see_url":true, "can_see_where_tag":true, "can_see_bank_routing_scheme":true, "can_see_bank_routing_address":true, "can_see_bank_account_routing_scheme":true, "can_see_bank_account_routing_address":true, "can_see_other_bank_routing_scheme":true, "can_see_other_bank_routing_address":true, "can_see_other_account_routing_scheme":true, "can_see_other_account_routing_address":true, "can_add_transaction_request_to_own_account":true, "can_add_transaction_request_to_any_account":true, "can_see_bank_account_credit_limit":true, "can_create_direct_debit":true, "can_create_standing_order":true }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20047: User must have access to the owner view or must be an account holder.
  • OBP-10001: Incorrect json format.
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-30252: System view not found. Please specify a valid value for VIEW_ID
  • OBP-30005: View not found for Account. Please specify a valid value for VIEW_ID
  • OBP-30063: Cannot grant account access.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by grantUserAccessToView, operation_id: OBPv4.0.0-grantUserAccessToView Tags: Account-Access, View-Custom, Account, User, OwnerViewRequired, New-Style,

Revoke User access to View

Revoke the User identified by USER_ID access to the view identified by VIEW_ID.

Authentication is Mandatory and the user needs to be account holder.

URL Parameters:

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "revoked":true }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20047: User must have access to the owner view or must be an account holder.
  • OBP-10001: Incorrect json format.
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-30252: System view not found. Please specify a valid value for VIEW_ID
  • OBP-30005: View not found for Account. Please specify a valid value for VIEW_ID
  • OBP-30064: Cannot revoke account access.
  • OBP-30065: Cannot find account access.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by revokeUserAccessToView, operation_id: OBPv4.0.0-revokeUserAccessToView Tags: Account-Access, View-Custom, Account, User, OwnerViewRequired, New-Style,

Revoke/Grant User access to View

Revoke/Grant the logged in User access to the views identified by json.

Authentication is Mandatory and the user needs to be an account holder or has owner view access.

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "revoked":true }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20047: User must have access to the owner view or must be an account holder.
  • OBP-10001: Incorrect json format.
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-30252: System view not found. Please specify a valid value for VIEW_ID
  • OBP-30005: View not found for Account. Please specify a valid value for VIEW_ID
  • OBP-30064: Cannot revoke account access.
  • OBP-30065: Cannot find account access.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by revokeGrantUserAccessToViews, operation_id: OBPv4.0.0-revokeGrantUserAccessToViews Tags: Account-Access, View-Custom, Account, User, OwnerViewRequired,

Link a User to a Customer

Authentication is Mandatory

CanCreateUserCustomerLink OR CanCreateUserCustomerLinkAtAnyBank entitlements are required.

URL Parameters:

JSON request body fields:

  • customer_id: 7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Version: OBPv2.0.0, function_name: by createUserCustomerLinks, operation_id: OBPv2.0.0-createUserCustomerLinks Tags: Customer, User,

Get Customers for Current User

Gets all Customers that are linked to a User.

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "customers":[{ "bank_id":"gh.29.uk", "customer_id":"7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh", "customer_number":"5987953", "legal_name":"Eveline Tripman", "mobile_phone_number":"+44 07972 444 876", "email":"felixsmith@example.com", "face_image":{ "url":"www.openbankproject", "date":"2017-09-19T00:00:00Z" }, "date_of_birth":"19900101", "relationship_status":"single", "dependants":1, "dob_of_dependants":["19900101"], "credit_rating":{ "rating":"OBP", "source":"OBP" }, "credit_limit":{ "currency":"EUR", "amount":"0" }, "highest_education_attained":"Master", "employment_status":"worker", "kyc_status":true, "last_ok_date":"2017-09-19T00:00:00Z", "title":"Dr.", "branch_id":"DERBY6", "name_suffix":"Sr" }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-30008: User Customer Link not found by USER_ID
  • OBP-50000: Unknown Error.
Version: OBPv3.0.0, function_name: by getCustomersForUser, operation_id: OBPv3.0.0-getCustomersForUser Tags: Customer, User, New-Style,

Add Entitlement for a User

Create Entitlement. Grant Role to User.

Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)

For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""

For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"

Authentication is required and the user needs to be a Super Admin. Super Admins are listed in the Props file.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }
Required Roles:
  • CanCreateEntitlementAtOneBank - Please login to request this Role
  • CanCreateEntitlementAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-20050: Current User is not a Super Admin!
  • OBP-10001: Incorrect json format.
  • OBP-10007: Incorrect Role name:
  • OBP-30205: This entitlement is a Bank Role. Please set bank_id to a valid bank id.
  • OBP-30206: This entitlement is a System Role. Please set bank_id to empty string.
  • OBP-30216: Entitlement already exists for the user.
  • OBP-50000: Unknown Error.
  • OBP-20006: User is missing one or more roles:
Version: OBPv2.0.0, function_name: by addEntitlement, operation_id: OBPv2.0.0-addEntitlement Tags: Role, Entitlement, User, New-Style,

Create (DAuth) User with Roles

This endpoint is used as part of the DAuth solution to grant Entitlements for Roles to a smart contract on the blockchain.

Put the smart contract address in username

For provider use "dauth"

This endpoint will create the User with username and provider if the User does not already exist.

Then it will create Entitlements i.e. grant Roles to the User.

Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)

i.e. Entitlements are used to create / consume system or bank level resources where as views / account access are used to consume / create customer level resources.

For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""

For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"

Note: The Roles actually granted will depend on the Roles that the calling user has.

If you try to grant Entitlements to a user that already exist (duplicate entitilements) you will get an error.

For information about DAuth see below:

DAuth

DAuth Introduction, Setup and Usage

DAuth is an experimental authentication mechanism that aims to pin an ethereum or other blockchain Smart Contract to an OBP "User".

In the future, it might be possible to be more specific and pin specific actors (wallets) that are acting within the smart contract, but so far, one smart contract acts on behalf of one User.

Thus, if a smart contract "X" calls the OBP API using the DAuth header, OBP will get or create a user called X and the call will proceed in the context of that User "X".

DAuth is invoked by the REST client (caller) including a specific header (see step 3 below) in any OBP REST call.

When OBP receives the DAuth token, it creates or gets a User with a username based on the smart_contract_address and the provider based on the network_name. The combination of username and provider is unique in OBP.

If you are calling OBP-API via an API3 Airnode, the Airnode will take care of constructing the required header.

When OBP detects a DAuth header / token it first checks if the Consumer is allowed to make such a call. OBP will validate the Consumer ip address and signature etc.

Note: The DAuth flow does not require an explicit POST like Direct Login to create the token.

Permissions may be assigned to an OBP User at any time, via the UserAuthContext, Views, Entitlements to Roles or Consents.

Note: DAuth is NOT enabled on this instance!

Note: The DAuth client is responsible for creating a token which will be trusted by OBP absolutely!

To use DAuth:

1) Configure OBP API to accept DAuth.

Set up properties in your props file

# -- DAuth --------------------------------------
# Define secret used to validate JWT token
# jwt.public_key_rsa=path-to-the-pem-file
# Enable/Disable DAuth communication at all
# In case isn't defined default value is false
# allow_dauth=false
# Define comma separated list of allowed IP addresses
# dauth.host=127.0.0.1
# -------------------------------------- DAuth--

Please keep in mind that property jwt.public_key_rsa is used to validate JWT token to check it is not changed or corrupted during transport.

2) Create / have access to a JWT

The following videos are available:
* DAuth in local environment

HEADER:ALGORITHM & TOKEN TYPE

{
  "alg": "RS256",
  "typ": "JWT"
}

PAYLOAD:DATA

{
  "smart_contract_address": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
  "network_name": "AIRNODE.TESTNET.ETHEREUM",
  "msg_sender": "0xe12340927f1725E7734CE288F8367e1Bb143E90fhku767",
  "consumer_key": "0x1234a4ec31e89cea54d1f125db7536e874ab4a96b4d4f6438668b6bb10a6adb",
  "timestamp": "2021-11-04T14:13:40Z",
  "request_id": "0Xe876987694328763492876348928736497869273649"
}

VERIFY SIGNATURE

RSASHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),

) your-RSA-key-pair

Here is an example token:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k

3) Try a REST call using the header

Using your favorite http client:

GET https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current

Body

Leave Empty!

Headers:

   DAuth: your-jwt-from-step-above

Here is it all together:

GET https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.47.0
Accept: /
DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k

CURL example

curl -v -H 'DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k' https://obp-api-sandbox.nmbbank.co.tz/obp/v3.0.0/users/current

You should receive a response like:

{
    "user_id": "4c4d3175-1e5c-4cfd-9b08-dcdc209d8221",
    "email": "",
    "provider_id": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
    "provider": "ETHEREUM",
    "username": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224",
    "entitlements": {
        "list": []
    }
}

Under the hood

The file, dauth.scala handles the DAuth,

We:

-> Check if Props allow_dauth is true
  -> Check if DAuth header exists
    -> Check if getRemoteIpAddress is OK
      -> Look for "token"
        -> parse the JWT token and getOrCreate the user
          -> get the data of the user

More information

Parameter names and values are case sensitive.
Each parameter MUST NOT appear more than once per request.


Authentication is Mandatory

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "list":[{ "entitlement_id":"no-example-provided", "role_name":"no-example-provided", "bank_id":"gh.29.uk", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1" }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-10001: Incorrect json format.
  • OBP-10007: Incorrect Role name:
  • OBP-30205: This entitlement is a Bank Role. Please set bank_id to a valid bank id.
  • OBP-30206: This entitlement is a System Role. Please set bank_id to empty string.
  • OBP-30216: Entitlement already exists for the user.
  • OBP-20103: Invalid DAuth User Provider.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by createUserWithRoles, operation_id: OBPv4.0.0-createUserWithRoles Tags: Role, Entitlement, User, New-Style, DAuth,

Create Entitlement Request for current User

Create Entitlement Request.

Any logged in User can use this endpoint to request an Entitlement

Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)

For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""

For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"

Authentication is Mandatory

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "entitlement_request_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "user":{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }, "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk", "created":"2017-09-19T00:00:00Z" }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-10001: Incorrect json format.
  • OBP-10007: Incorrect Role name:
  • OBP-30205: This entitlement is a Bank Role. Please set bank_id to a valid bank id.
  • OBP-30206: This entitlement is a System Role. Please set bank_id to empty string.
  • OBP-30214: Entitlement Request already exists for the user.
  • OBP-30217: Entitlement Request cannot be added.
  • OBP-50000: Unknown Error.
Version: OBPv3.0.0, function_name: by addEntitlementRequest, operation_id: OBPv3.0.0-addEntitlementRequest Tags: Role, Entitlement, User, New-Style,

Delete Entitlement

Delete Entitlement specified by ENTITLEMENT_ID for an user specified by USER_ID

Authentication is required and the user needs to be a Super Admin.
Super Admins are listed in the Props file.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "jsonString":"{}" }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-30212: EntitlementId not found
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv2.0.0, function_name: by deleteEntitlement, operation_id: OBPv2.0.0-deleteEntitlement Tags: Role, User, Entitlement, New-Style,

Delete Entitlement Request

Delete the Entitlement Request specified by ENTITLEMENT_REQUEST_ID for a user specified by USER_ID

Authentication is Mandatory

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "jsonString":"{}" }
Required Roles:
  • CanDeleteEntitlementRequestsAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
  • OBP-20006: User is missing one or more roles:
Connector Methods:
Version: OBPv3.0.0, function_name: by deleteEntitlementRequest, operation_id: OBPv3.0.0-deleteEntitlementRequest Tags: Role, Entitlement, User, New-Style,

Get Entitlement Requests for a User

Get Entitlement Requests for a User.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "entitlement_requests":[{ "entitlement_request_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "user":{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }, "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk", "created":"2017-09-19T00:00:00Z" }] }
Required Roles:
  • CanGetEntitlementRequestsAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
  • OBP-20006: User is missing one or more roles:
Connector Methods:
Version: OBPv3.0.0, function_name: by getEntitlementRequests, operation_id: OBPv3.0.0-getEntitlementRequests Tags: Role, Entitlement, User, New-Style,

Get Entitlement Requests for the current User

Get Entitlement Requests for the current User.

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "entitlement_requests":[{ "entitlement_request_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "user":{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }, "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk", "created":"2017-09-19T00:00:00Z" }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv3.0.0, function_name: by getEntitlementRequestsForCurrentUser, operation_id: OBPv3.0.0-getEntitlementRequestsForCurrentUser Tags: Role, Entitlement, User, New-Style,

Get Entitlements for One Bank

Authentication is Mandatory

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "list":[{ "entitlement_id":"no-example-provided", "role_name":"no-example-provided", "bank_id":"gh.29.uk", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1" }] }
Required Roles:
  • CanGetEntitlementsForOneBank - Please login to request this Role
  • CanGetEntitlementsForAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getEntitlementsForBank, operation_id: OBPv4.0.0-getEntitlementsForBank Tags: Role, Entitlement, User, New-Style,

Get Entitlements for User

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "list":[{ "entitlement_id":"no-example-provided", "role_name":"no-example-provided", "bank_id":"gh.29.uk", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1" }] }
Required Roles:
  • CanGetEntitlementsForAnyUserAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getEntitlements, operation_id: OBPv4.0.0-getEntitlements Tags: Role, Entitlement, User, New-Style,

Get Entitlements for User at Bank

Get Entitlements specified by BANK_ID and USER_ID

Authentication is Mandatory

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }
Required Roles:
  • CanGetEntitlementsForAnyUserAtOneBank - Please login to request this Role
  • CanGetEntitlementsForAnyUserAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Version: OBPv2.1.0, function_name: by getEntitlementsByBankAndUser, operation_id: OBPv2.1.0-getEntitlementsByBankAndUser Tags: Role, Entitlement, User, New-Style,

Get Entitlements for the current User

Get Entitlements for the current User.

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv3.0.0, function_name: by getEntitlementsForCurrentUser, operation_id: OBPv3.0.0-getEntitlementsForCurrentUser Tags: Role, Entitlement, User, New-Style,

Get all Entitlement Requests

Get all Entitlement Requests

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "entitlement_requests":[{ "entitlement_request_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "user":{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }, "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk", "created":"2017-09-19T00:00:00Z" }] }
Required Roles:
  • CanGetEntitlementRequestsAtAnyBank - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
  • OBP-20006: User is missing one or more roles:
Connector Methods:
Version: OBPv3.0.0, function_name: by getAllEntitlementRequests, operation_id: OBPv3.0.0-getAllEntitlementRequests Tags: Role, Entitlement, User, New-Style,

Answer Auth Context Update Challenge

Answer Auth Context Update Challenge.

Authentication is Mandatory

URL Parameters:

JSON request body fields:

JSON response body fields:

  • key: CustomerNumber

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

  • value: 5987953

Typical Successful Response:

								
									
{ "user_auth_context_update_id":"613c83ea-80f9-4560-8404-b9cd4ec42a7f", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "key":"CUSTOMER_NUMBER", "value":"78987432", "status":"INITIATED" }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
  • OBP-10001: Incorrect json format.
  • OBP-50200: Connector cannot return the data we requested.
  • OBP-50000: Unknown Error.
Version: OBPv3.1.0, function_name: by answerUserAuthContextUpdateChallenge, operation_id: OBPv3.1.0-answerUserAuthContextUpdateChallenge Tags: User, New-Style,

Create User

Creates OBP user.
No authorisation (currently) required.

Mimics current webform to Register.

Requires username(email) and password.

Returns 409 error if username not unique.

May require validation of email address.

Authentication is Mandatory

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-10001: Incorrect json format.
  • OBP-30207: Invalid Password Format. Your password should EITHER be at least 10 characters long and contain mixed numbers and both upper and lower case letters and at least one special character, OR the length should be > 16 and <= 512.
  • Error occurred during user creation.
  • User with the same username already exists.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv2.0.0, function_name: by createUser, operation_id: OBPv2.0.0-createUser Tags: User, Onboarding,

Create User Auth Context

Create User Auth Context. These key value pairs will be propagated over connector to adapter. Normally used for mapping OBP user and
Bank User/Customer.
Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON request body fields:

JSON response body fields:

  • key: CustomerNumber

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

  • value: 5987953

Typical Successful Response:

								
									
{ "user_auth_context_id":"613c83ea-80f9-4560-8404-b9cd4ec42a7f", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "key":"CUSTOMER_NUMBER", "value":"78987432" }
Required Roles:
  • CanCreateUserAuthContext - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-10001: Incorrect json format.
  • OBP-30053: Could not insert the UserAuthContext
  • OBP-50000: Unknown Error.
  • OBP-20006: User is missing one or more roles:
Version: OBPv3.1.0, function_name: by createUserAuthContext, operation_id: OBPv3.1.0-createUserAuthContext Tags: User, New-Style,

Create User Auth Context Update Request

Create User Auth Context Update Request.
Authentication is Mandatory

A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.

URL Parameters:

JSON request body fields:

JSON response body fields:

  • key: CustomerNumber

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

  • value: 5987953

Typical Successful Response:

								
									
{ "user_auth_context_update_id":"613c83ea-80f9-4560-8404-b9cd4ec42a7f", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "key":"CUSTOMER_NUMBER", "value":"78987432", "status":"INITIATED" }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-10001: Incorrect json format.
  • OBP-30053: Could not insert the UserAuthContext
  • OBP-50000: Unknown Error.
Version: OBPv3.1.0, function_name: by createUserAuthContextUpdateRequest, operation_id: OBPv3.1.0-createUserAuthContextUpdateRequest Tags: User, New-Style,

Create password reset url

Create password reset url.

Authentication is Mandatory

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "reset_password_url":"https://apisandbox.openbankproject.com/user_mgt/reset_password/QOL1CPNJPCZ4BRMPX3Z01DPOX1HMGU3L" }
Required Roles:
  • CanCreateResetPasswordUrl - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-10001: Incorrect json format.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by resetPasswordUrl, operation_id: OBPv4.0.0-resetPasswordUrl Tags: User, New-Style,

Delete User Auth Context

Delete a User AuthContext of the User specified by USER_AUTH_CONTEXT_ID.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "jsonString":"{}" }
Required Roles:
  • CanDeleteUserAuthContext - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Version: OBPv3.1.0, function_name: by deleteUserAuthContextById, operation_id: OBPv3.1.0-deleteUserAuthContextById Tags: User, New-Style,

Delete User's Auth Contexts

Delete the Auth Contexts of a User specified by USER_ID.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "jsonString":"{}" }
Required Roles:
  • CanDeleteUserAuthContext - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Version: OBPv3.1.0, function_name: by deleteUserAuthContexts, operation_id: OBPv3.1.0-deleteUserAuthContexts Tags: User, New-Style,

Delete a User

Delete a User.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
Required Roles:
  • CanDeleteUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by deleteUser, operation_id: OBPv4.0.0-deleteUser Tags: User, New-Style,

Get the Logout Link

Authentication is Mandatory

JSON response body fields:

Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Version: OBPv4.0.0, function_name: by getLogoutLink, operation_id: OBPv4.0.0-getLogoutLink Tags: User, New-Style,

Get My Spaces

Get My Spaces.

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "bank_ids":["gh.29.uk"] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getMySpaces, operation_id: OBPv4.0.0-getMySpaces Tags: User, New-Style,

Get User (Current)

Get the logged in user

Authentication is Mandatory

JSON response body fields:

Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] } }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv3.0.0, function_name: by getCurrentUser, operation_id: OBPv3.0.0-getCurrentUser Tags: User, New-Style,

Get User Auth Contexts

Get User Auth Contexts for a User.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

  • key: CustomerNumber

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

  • value: 5987953

Typical Successful Response:

								
									
{ "user_auth_contexts":[{ "user_auth_context_id":"613c83ea-80f9-4560-8404-b9cd4ec42a7f", "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "key":"CUSTOMER_NUMBER", "value":"78987432" }] }
Required Roles:
  • CanGetUserAuthContext - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Version: OBPv3.1.0, function_name: by getUserAuthContexts, operation_id: OBPv3.1.0-getUserAuthContexts Tags: User, New-Style,

Get User Id (Current)

Get the USER_ID of the logged in user

Authentication is Mandatory

JSON response body fields:

  • user_id: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1
Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1" }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getCurrentUserId, operation_id: OBPv4.0.0-getCurrentUserId Tags: User, New-Style,

Get User Lock Status

Get User Login Status.
Authentication is Mandatory

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "username":"felixsmith", "bad_attempts_since_last_success_or_reset":0, "last_failure_date":"2017-09-19T00:00:00Z" }
Required Roles:
  • CanReadUserLockedStatus - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20027: User not found by username.
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv3.1.0, function_name: by getBadLoginStatus, operation_id: OBPv3.1.0-getBadLoginStatus Tags: User, New-Style,

Get User by USERNAME

Get user by USERNAME

Authentication is Mandatory

CanGetAnyUser entitlement is required,

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }, "is_deleted":false, "last_marketing_agreement_signed_date":"2017-09-19T00:00:00Z" }
Required Roles:
  • CanGetAnyUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-20027: User not found by username.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getUserByUsername, operation_id: OBPv4.0.0-getUserByUsername Tags: User, New-Style,

Get User by USER_ID

Get user by USER_ID

Authentication is Mandatory
CanGetAnyUser entitlement is required,

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON response body fields:

Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }, "agreements":[], "is_deleted":false, "last_marketing_agreement_signed_date":"2017-09-19T00:00:00Z" }
Required Roles:
  • CanGetAnyUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-20005: User not found. Please specify a valid value for USER_ID.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getUserByUserId, operation_id: OBPv4.0.0-getUserByUserId Tags: User, New-Style,

Get Users by Email Address

Get users by email address

Authentication is Mandatory
CanGetAnyUser entitlement is required,

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "users":[{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }, "is_deleted":false, "last_marketing_agreement_signed_date":"2017-09-19T00:00:00Z" }] }
Required Roles:
  • CanGetAnyUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-20007: User not found by email.
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getUsersByEmail, operation_id: OBPv4.0.0-getUsersByEmail Tags: User, New-Style,

Get all Users

Get all users

Authentication is Mandatory

CanGetAnyUser entitlement is required,

Possible custom url parameters for pagination:

  • limit=NUMBER ==> default value: 50
  • offset=NUMBER ==> default value: 0

eg1:?limit=100&offset=0

  • sort_direction=ASC/DESC ==> default value: DESC.

eg2:?limit=100&offset=0&sort_direction=ASC

  • locked_status (if null ignore)

JSON response body fields:

Typical Successful Response:

								
									
{ "users":[{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "email":"felixsmith@example.com", "provider_id":"Chris", "provider":"http://127.0.0.1:8080", "username":"felixsmith", "entitlements":{ "list":[{ "entitlement_id":"6fb17583-1e49-4435-bb74-a14fe0996723", "role_name":"CanQueryOtherUser", "bank_id":"gh.29.uk" }] }, "is_deleted":false, "last_marketing_agreement_signed_date":"2017-09-19T00:00:00Z" }] }
Required Roles:
  • CanGetAnyUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by getUsers, operation_id: OBPv4.0.0-getUsers Tags: User, New-Style,

Lock the user

Lock a User.

Authentication is Mandatory

URL Parameters:

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "user_id":"9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1", "type_of_lock":"lock_via_api", "last_lock_date":"2017-09-19T00:00:00Z" }
Required Roles:
  • CanLockUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20027: User not found by username.
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv4.0.0, function_name: by lockUser, operation_id: OBPv4.0.0-lockUser Tags: User, New-Style,

Refresh User

The endpoint is used for updating the accounts, views, account holders for the user.
As to the Json body, you can leave it as Empty.
This call will get data from backend, no need to prepare the json body in api side.

Authentication is Mandatory

URL Parameters:

  • USER_ID: 9ca9a7e4-6d02-40e3-a129-0b2bf89de9b1

JSON request body fields:

JSON response body fields:

Typical Successful Response:

								
									
{ "duration_time":"10 ms" }
Required Roles:
  • CanRefreshUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
  • OBP-20001: User not logged in. Authentication is required!
Connector Methods:
Version: OBPv3.1.0, function_name: by refreshUser, operation_id: OBPv3.1.0-refreshUser Tags: User, New-Style,

Unlock the user

Unlock a User.

(Perhaps the user was locked due to multiple failed login attempts)

Authentication is Mandatory

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "username":"felixsmith", "bad_attempts_since_last_success_or_reset":0, "last_failure_date":"2017-09-19T00:00:00Z" }
Required Roles:
  • CanUnlockUser - Please login to request this Role
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-20027: User not found by username.
  • OBP-20006: User is missing one or more roles:
  • OBP-50000: Unknown Error.
Connector Methods:
Version: OBPv3.1.0, function_name: by unlockUser, operation_id: OBPv3.1.0-unlockUser Tags: User, New-Style,

Get Account access for User

Returns the list of the views at BANK_ID for account ACCOUNT_ID that a user identified by PROVIDER_ID at their provider PROVIDER has access to.
All url parameters must be %-encoded, which is often especially relevant for USER_ID and PROVIDER.

Authentication is Mandatory

The user needs to have access to the owner view.

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "views":[{ "id":"1234", "short_name":"short_name", "description":"description", "metadata_view":"owner", "is_public":true, "is_system":true, "alias":"No", "hide_metadata_if_alias_used":true, "can_add_comment":true, "can_add_corporate_location":true, "can_add_image":true, "can_add_image_url":true, "can_add_more_info":true, "can_add_open_corporates_url":true, "can_add_physical_location":true, "can_add_private_alias":true, "can_add_public_alias":true, "can_add_tag":true, "can_add_url":true, "can_add_where_tag":true, "can_delete_comment":true, "can_add_counterparty":true, "can_delete_corporate_location":true, "can_delete_image":true, "can_delete_physical_location":true, "can_delete_tag":true, "can_delete_where_tag":true, "can_edit_owner_comment":true, "can_see_bank_account_balance":true, "can_query_available_funds":true, "can_see_bank_account_bank_name":true, "can_see_bank_account_currency":true, "can_see_bank_account_iban":true, "can_see_bank_account_label":true, "can_see_bank_account_national_identifier":true, "can_see_bank_account_number":true, "can_see_bank_account_owners":true, "can_see_bank_account_swift_bic":true, "can_see_bank_account_type":true, "can_see_comments":true, "can_see_corporate_location":true, "can_see_image_url":true, "can_see_images":true, "can_see_more_info":true, "can_see_open_corporates_url":true, "can_see_other_account_bank_name":true, "can_see_other_account_iban":true, "can_see_other_account_kind":true, "can_see_other_account_metadata":true, "can_see_other_account_national_identifier":true, "can_see_other_account_number":true, "can_see_other_account_swift_bic":true, "can_see_owner_comment":true, "can_see_physical_location":true, "can_see_private_alias":true, "can_see_public_alias":true, "can_see_tags":true, "can_see_transaction_amount":true, "can_see_transaction_balance":true, "can_see_transaction_currency":true, "can_see_transaction_description":true, "can_see_transaction_finish_date":true, "can_see_transaction_metadata":true, "can_see_transaction_other_bank_account":true, "can_see_transaction_start_date":true, "can_see_transaction_this_bank_account":true, "can_see_transaction_type":true, "can_see_url":true, "can_see_where_tag":true, "can_see_bank_routing_scheme":true, "can_see_bank_routing_address":true, "can_see_bank_account_routing_scheme":true, "can_see_bank_account_routing_address":true, "can_see_other_bank_routing_scheme":true, "can_see_other_bank_routing_address":true, "can_see_other_account_routing_scheme":true, "can_see_other_account_routing_address":true, "can_add_transaction_request_to_own_account":true, "can_add_transaction_request_to_any_account":true, "can_see_bank_account_credit_limit":true, "can_create_direct_debit":true, "can_create_standing_order":true }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
  • OBP-30003: Account not found. Please specify a valid value for ACCOUNT_ID.
  • OBP-50000: Unknown Error.
Version: OBPv3.0.0, function_name: by getPermissionForUserForBankAccount, operation_id: OBPv3.0.0-getPermissionForUserForBankAccount Tags: View-Custom, Account, User, New-Style,

Get access

Returns the list of the permissions at BANK_ID for account ACCOUNT_ID, with each time a pair composed of the user and the views that he has access to.

Authentication is Mandatory
and the user needs to have access to the owner view.

URL Parameters:

JSON response body fields:

Typical Successful Response:

								
									
{ "permissions":[{ "user":{ "id":"5995d6a2-01b3-423c-a173-5481df49bdaf", "provider":"http://127.0.0.1:8080", "display_name":"OBP" }, "views":[{ "id":"123", "short_name":"short_name", "description":"description", "is_public":true, "alias":"None", "hide_metadata_if_alias_used":true, "can_add_comment":true, "can_add_corporate_location":true, "can_add_image":true, "can_add_image_url":true, "can_add_more_info":true, "can_add_open_corporates_url":true, "can_add_physical_location":true, "can_add_private_alias":true, "can_add_public_alias":true, "can_add_tag":true, "can_add_url":true, "can_add_where_tag":true, "can_delete_comment":true, "can_delete_corporate_location":true, "can_delete_image":true, "can_delete_physical_location":true, "can_delete_tag":true, "can_delete_where_tag":true, "can_edit_owner_comment":true, "can_see_bank_account_balance":true, "can_see_bank_account_bank_name":true, "can_see_bank_account_currency":true, "can_see_bank_account_iban":true, "can_see_bank_account_label":true, "can_see_bank_account_national_identifier":true, "can_see_bank_account_number":true, "can_see_bank_account_owners":true, "can_see_bank_account_swift_bic":true, "can_see_bank_account_type":true, "can_see_comments":true, "can_see_corporate_location":true, "can_see_image_url":true, "can_see_images":true, "can_see_more_info":true, "can_see_open_corporates_url":true, "can_see_other_account_bank_name":true, "can_see_other_account_iban":true, "can_see_other_account_kind":true, "can_see_other_account_metadata":true, "can_see_other_account_national_identifier":true, "can_see_other_account_number":true, "can_see_other_account_swift_bic":true, "can_see_owner_comment":true, "can_see_physical_location":true, "can_see_private_alias":true, "can_see_public_alias":true, "can_see_tags":true, "can_see_transaction_amount":true, "can_see_transaction_balance":true, "can_see_transaction_currency":true, "can_see_transaction_description":true, "can_see_transaction_finish_date":true, "can_see_transaction_metadata":true, "can_see_transaction_other_bank_account":true, "can_see_transaction_start_date":true, "can_see_transaction_this_bank_account":true, "can_see_transaction_type":true, "can_see_url":true, "can_see_where_tag":true }] }] }
Validations:
  • Required JSON Validation: No
  • Allowed Authentication Types: Not set
Possible Errors:
  • OBP-20001: User not logged in. Authentication is required!
  • OBP-30001: Bank not found. Please specify a valid value for BANK_ID.
  • OBP-30003: Account not found. Please specify a valid value for ACCOUNT_ID.
  • OBP-50000: Unknown Error.
Version: OBPv2.0.0, function_name: by getPermissionsForBankAccount, operation_id: OBPv2.0.0-getPermissionsForBankAccount Tags: View-Custom, Account, User, Entitlement, New-Style,