There should be more documentation
This API requires System API level authentication (OAuth2.0 Client Credentials). Consumer must supply a valid access token (Bearer).
For example: Authorization:Bearer cbc77598e7777898a9fcbbeee24adfa4
This API also expects an OCC Client ID representing a Sovereign entity such as dealer or employee. For example, Dealer John Smith has client id = 000023112.
This OCC ID should be passed in as a http header in x-occapi-request-by-client=000023112. This API will only return the requested data if the client
(1) is an employee defined in OCC backend or
(2) has been defined as a key person for an originator that originated the loan application.
When the mentioned header is unset, API will return 400 with an error message: Http header:x-occapi-request-by-client is required for this API.
There should be more documentation
Http-Method: PUT Content-Type: application/json Headers: {Authorization=[Bearer 4f1ccf54a09fb92031b67c54f9b45011], Content-Type=[application/json], x-occapi-request-by-client=[0030037496]}Address: http://mobile-banking-server.com/rsservice/v1/public/contact_us
There should be more documentation
This API supports two OAuth 2.0 flows: Customer API level authentication (OAuth2.0 Resource Owner Flow) and System API level authentication (OAuth2.0 Client Crendentials).
Note Resource Owner is the preferred way, as its much safer to restrict access based on who actually signed in -- the resource owner.
Client Credentials authentication is supported but NOT recommended -- the trusted client uses the header x-occapi-request-by-client to inform the API who is accessing it.
That means the authenticated client can impersonate any customer. Allow this only when the client can be completely trusted -- ie an authorized channel partner who holds its own certificates and credentials etc.
API Consumer must supply a valid username password to the tokenAPI in exchange for an access token (Bearer) to access this API
The access token must be supplied in the header as a Bearer token. For example: Authorization:Bearer cbc77598e7777898a9fcbbeee24adfa4
When Resource Owner flow is used, authorisation is done based on the user's permission. The access token issued by the token API identifies the user. So the API will make sure only operations associated with that user will be allowed.
For example, Customer A will not be able to transfer money from account B that he has no authorities to access.
When Client Credential flow is used, authorisation is checked against the x-occapi-request-by-client header value.
Http-Method: GET Content-Type: application/json Headers: {Authorization=[Bearer 4f1ccf54a09fb92031b67c54f9b45011], Content-Type=[application/json], x-occapi-request-by-client=[0030037496]}Address: http://occ-api-server.com/rsservice/v1/public/mobile_general_data?uuid=123&deviceType=123&mobileAppId=123&mobileAppVersion=123&
There should be more documentation
This API supports two OAuth 2.0 flows: Customer API level authentication (OAuth2.0 Resource Owner Flow) and System API level authentication (OAuth2.0 Client Crendentials).
Note Resource Owner is the preferred way, as its much safer to restrict access based on who actually signed in -- the resource owner.
Client Credentials authentication is supported but NOT recommended -- the trusted client uses the header x-occapi-request-by-client to inform the API who is accessing it.
That means the authenticated client can impersonate any customer. Allow this only when the client can be completely trusted -- ie an authorized channel partner who holds its own certificates and credentials etc.
API Consumer must supply a valid username password to the tokenAPI in exchange for an access token (Bearer) to access this API
The access token must be supplied in the header as a Bearer token. For example: Authorization:Bearer cbc77598e7777898a9fcbbeee24adfa4
When Resource Owner flow is used, authorisation is done based on the user's permission. The access token issued by the token API identifies the user. So the API will make sure only operations associated with that user will be allowed.
For example, Customer A will not be able to transfer money from account B that he has no authorities to access.
When Client Credential flow is used, authorisation is checked against the x-occapi-request-by-client header value.
Http-Method: GET Content-Type: application/json Headers: {Authorization=[Bearer 4f1ccf54a09fb92031b67c54f9b45011], Content-Type=[application/json], x-occapi-request-by-client=[0030037496]}Address: http://occ-api-server.com/rsservice/v1/public/payment_frequency?mobileAppId=123
Http-Method: GET Content-Type: application/json This API returns a list of IRD Payment Info which describes how IRD wants bill payment to be formatted for different tax types. This API supports two OAuth 2.0 flows: Customer API level authentication (OAuth2.0 Resource Owner Flow) and System API level authentication (OAuth2.0 Client Crendentials). Note Resource Owner is the preferred way, as its much safer to restrict access based on who actually signed in -- the resource owner. Client Credentials authentication is supported but NOT recommended -- the trusted client uses the header x-occapi-request-by-client to inform the API who is accessing it. That means the authenticated client can impersonate any customer. Allow this only when the client can be completely trusted -- ie an authorized channel partner who holds its own certificates and credentials etc. API Consumer must supply a valid username password to the tokenAPI in exchange for an access token (Bearer) to access this API The access token must be supplied in the header as a Bearer token. For example: please read the model 'IRDPaymentInfo' swagger docs for detailed explanation of how the formatting works. HttpMethod: GET Headers:{Authorization=Bearer 1b6dbfe7641f87d62d324fdff94a65c, Accept=*/*, content-type=application/json, cache-control=no-cache, Content-Length=61} Allows the webapp to validate users password without sending to the password backend. This API requires a valid token. Standard OAuth security applies. Http-Method: GET Content-Type: application/json Headers: {Authorization=[Bearer 4f1ccf54a09fb92031b67c54f9b45011], Content-Type=[application/json], x-occapi-request-by-client=[0030037496]} This API reset password for provided user id. This API supports two OAuth 2.0 flows: Customer API level authentication (OAuth2.0 Resource Owner Flow) and System API level authentication (OAuth2.0 Client Crendentials). Note Resource Owner is the preferred way, as its much safer to restrict access based on who actually signed in -- the resource owner. Client Credentials authentication is supported but NOT recommended -- the trusted client uses the header x-occapi-request-by-client to inform the API who is accessing it. That means the authenticated client can impersonate any customer. Allow this only when the client can be completely trusted -- ie an authorized channel partner who holds its own certificates and credentials etc. API Consumer must supply a valid username password to the tokenAPI in exchange for an access token (Bearer) to access this API The access token must be supplied in the header as a Bearer token. For example: HttpMethod: POST Headers:{Authorization=Bearer 1b6dbfe7641f87d62d324fdff94a65c, Accept=*/*, content-type=application/json, cache-control=no-cache, Content-Length=61}Address: http://occ-api-server.com/rsservice/v1/public/tipsSample Response:
\n```json \n{\n \"message\": \"Cards Tip: You can reset your card PIN under Cards.\"\n}\n```\n","operationId":"getWelcomeTips","consumes":["application/json"],"produces":["application/json"],"parameters":[],"responses":{"200":{"description":"OK","schema":{"$ref":"#/definitions/AutomaticPaymentFrequencyList"}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Not found"},"405":{"description":"Method Not Allowed"},"406":{"description":"Not Acceptable"},"429":{"description":"Too Many Requests"},"500":{"description":"Internal Server Error"}}}},"/ird_payment_info":{"get":{"tags":["IRD"],"summary":"This API return a list of IRD Tax Payment Info.","description":"Summary:
Security:
Authorization:Bearer cbc77598e7777898a9fcbbeee24adfa4Function Detail:
Sample request:
Address: http://localhost:8021/SovSE_Mobile_Banking_Server/rsservice/v1/private/ird_payment_infoSample Response:
\n```json \n{\n \"irdPaymentInfoList\": [\n {\n \"taxCode\": \"AIL\",\n \"taxDescription\": \"Approved Issuer Levy\",\n \"periodEndDateRequired\": \"Y\",\n \"validDates\": \"31/*\"\n },\n {\n \"taxCode\": \"AIP\",\n \"taxDescription\": \"Account Information Provider\",\n \"periodEndDateRequired\": \"Y\",\n \"validDates\": \"31/03\"\n },\n {\n \"taxCode\": \"ARR\",\n \"taxDescription\": \"Tax Under Arrangement\",\n \"periodEndDateRequired\": \"N\",\n \"validDates\": \"\"\n }```\n","operationId":"get","consumes":["application/json"],"produces":["application/json"],"parameters":[{"name":"Authorization","in":"header","description":"The Access Token; must use bear token, for example: Bearer xxxxxxxxx","required":false,"type":"string"},{"name":"x-occapi-request-by-client","in":"header","description":"The client number who requests","required":false,"type":"string","x-example":"0003023022"}],"responses":{"200":{"description":"OK","schema":{"$ref":"#/definitions/IRDPaymentInfoList"}},"400":{"description":"Bad request"},"401":{"description":"Unauthorized"},"404":{"description":"Not found"},"405":{"description":"Method Not Allowed"},"406":{"description":"Not Acceptable"},"429":{"description":"Too Many Requests"},"500":{"description":"Internal Server Error"}}}},"/password_change_expired":{"post":{"tags":["Password"],"summary":"This API allows callee to update an expired password that is less than 24 hours","description":"","operationId":"changePassword","consumes":["application/json"],"produces":["application/json"],"parameters":[{"in":"body","name":"body","required":false,"schema":{"$ref":"#/definitions/PasswordChangeExpiredRequest"}},{"name":"Authorization","in":"header","description":"The Access Token; must use bear token, for example: Bearer xxxxxxxxx","required":false,"type":"string"},{"name":"x-occapi-request-by-client","in":"header","description":"The client number who requests","required":false,"type":"string","x-example":"0003023022"}],"security":[{"customerAPIAuthentication":[]},{"systemAPIAuthentication":[]}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad request","schema":{"$ref":"#/definitions/ErrorResponse"}},"401":{"description":"Unauthorized","schema":{"$ref":"#/definitions/ErrorResponse"}},"403":{"description":"Forbidden"},"404":{"description":"Not found"},"405":{"description":"Method Not Allowed"},"406":{"description":"Not Acceptable"},"429":{"description":"Too Many Requests"},"500":{"description":"Internal Server Error"}}}},"/ppolicies":{"get":{"tags":["Password"],"summary":"This API fetches the password policies","description":"Summary:
Security:
Sample request:
Address: http://mobile-banking-server.com/rsservice/v1/private/ppolicies```json \n{\n \"minLength\": 5,\n \"maxLength\": 16,\n \"priorPasswords\": 0,\n \"maxRepeatingCharacters\": 3,\n \"checkIdCardNumberOrSurname\": true,\n \"checkMixCase\": true,\n \"checkNonAlpha\": true\n}\n```","operationId":"fetchPasswordPolicies","produces":["application/json"],"parameters":[{"name":"Authorization","in":"header","description":"The Access Token; must use bear token, for example: Bearer xxxxxxxxx","required":false,"type":"string"},{"name":"x-occapi-request-by-client","in":"header","description":"The client number who requests","required":false,"type":"string","x-example":"0003023022"}],"security":[{"customerAPIAuthentication":[]},{"systemAPIAuthentication":[]}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Not found"},"405":{"description":"Method Not Allowed"},"406":{"description":"Not Acceptable"},"429":{"description":"Too Many Requests"},"500":{"description":"Internal Server Error"}}}},"/password_reset":{"post":{"tags":["Password"],"summary":"This API reset password for provided user id.","description":"Summary:
Security:
Authorization:Bearer cbc77598e7777898a9fcbbeee24adfa4Sample request:
Address: http://mobile-banking-server.com/rsservice/v1/public/password-reset\n```json \n{\n \"userId\": \"3123456\",\n \"email\": \"test@test.com\"\nn```Sample Response:
(No response body)\n","operationId":"resetPassword","consumes":["application/json"],"produces":["application/json"],"parameters":[{"in":"body","name":"body","required":false,"schema":{"$ref":"#/definitions/PasswordResetRequest"}},{"name":"Authorization","in":"header","description":"The Access Token; must use bear token, for example: Bearer xxxxxxxxx","required":false,"type":"string"},{"name":"x-occapi-request-by-client","in":"header","description":"The client number who requests","required":false,"type":"string","x-example":"0003023022"}],"responses":{"200":{"description":"OK"},"400":{"description":"Bad request"},"401":{"description":"Unauthorized"},"403":{"description":"Forbidden"},"404":{"description":"Not found"},"405":{"description":"Method Not Allowed"},"406":{"description":"Not Acceptable"},"429":{"description":"Too Many Requests"},"500":{"description":"Internal Server Error"}}}}},"securityDefinitions":{"systemAPIAuthentication":{"description":"OAuth2 login using grant type 'Client Credentials'","type":"oauth2","tokenUrl":" http://localhost:802/SovSE_Mobile_Banking_Server/rsservice/v1/public/token","flow":"application"},"customerAPIAuthentication":{"description":"OAuth2 login using grant type 'Username/Password Credentials'","type":"oauth2","tokenUrl":"http://mobile-banking-server.com/rsservice/v1/public/token","flow":"password"}},"definitions":{"ContactUsDetail":{"type":"object","properties":{"contactDescription":{"type":"string","description":"Contact Description"},"phone":{"type":"string","description":"Phone"},"email":{"type":"string","description":"E-Mail"},"webUrl":{"type":"string","description":"Web URL"},"remark":{"type":"string","description":"Remark"}},"description":"Represents 'contact us' details"},"ContactUsInfo":{"type":"object","properties":{"contactUsDetails":{"type":"array","description":"Contact us details","items":{"$ref":"#/definitions/ContactUsDetail"}}},"description":"Represents a 'contact us' info"},"AutomaticPaymentFrequency":{"type":"object","properties":{"code":{"type":"string","description":"Automatic payment code"},"description":{"type":"string","description":"Automatic payment description"}},"description":"Represents an automatic payment frequency"},"AutomaticPaymentFrequencyList":{"type":"object","properties":{"automaticPaymentFrequencies":{"type":"array","description":"Collection of automatic payment frequencies","items":{"$ref":"#/definitions/AutomaticPaymentFrequency"}}},"description":"Represents a collection of automatic payment frequencies"},"LoginID":{"type":"object","properties":{"userId":{"type":"string","description":"User ID is the name used to login to mobile banking. It is a Alpha-numeric string set by the client using client portal."},"clientNumber":{"type":"string","description":"The Sovereign Client Number"},"primary":{"type":"boolean","description":"Weather or not this login is a primary ID. Only Primary ID can setup biometric logins. "},"pinEnabled":{"type":"boolean"}}},"MobileGeneralData":{"type":"object","properties":{"deviceType":{"type":"string","description":"Device Type is used to describe the mobile device. Maybe used for blacklist/whitelist and user control"},"maxRows":{"type":"integer","format":"int32","description":"Maximum rows to return"},"contactUsUrl":{"type":"string","description":"Contact us URL"},"termsAndConditionsUrl":{"type":"string","description":"Terms and conditions URL"},"maxAttempts":{"type":"integer","format":"int32","description":"Maximum login attempts"},"runDate":{"type":"string","format":"date-time","description":"Sovereign run date"},"registered":{"type":"boolean","description":"Is user registerd to proceed?"},"allowProceed":{"type":"boolean","description":"Is user allowed to proceed?"},"requireSecurityQuestion":{"type":"boolean","description":"Is security question required? True means when login with username password, the user must enter 'keep safe' questions, false to bypass."},"warningMessage":{"type":"string","description":"Warning message"},"adBannerURL":{"type":"string","description":"Ad Banner URL"},"adBannerImage":{"type":"array","description":"Ad Banner Image","items":{"type":"string","format":"byte"}},"automaticPaymentFrequencyList":{"description":"List of Payment Frequencies","$ref":"#/definitions/AutomaticPaymentFrequencyList"},"registeredLogins":{"type":"array","description":"Users who are associated with this device.","items":{"$ref":"#/definitions/LoginID"}},"multiUserProfileFeatureEnabled":{"type":"boolean","description":"Weather or not the Mobile Banking Server has the multiple login feature turned on. If not, do not show users screen, no biometrics login. "},"createCardURL":{"type":"string","description":"Create card URL"},"forgetPasswordURL":{"type":"string","description":"Forget password URL"},"uuid":{"type":"string"}},"description":"Represents mobile general data"},"WelcomeTip":{"type":"object","properties":{"message":{"type":"string"}}},"IRDPaymentInfo":{"type":"object","properties":{"taxCode":{"type":"string","description":"Tax Type Code"},"taxDescription":{"type":"string","description":"Tax Type description"},"periodEndDateRequired":{"type":"string","description":"Y/N flag for the given tax code, if it requires the period end date to append to the reference field"},"validDates":{"type":"string","description":"Some tax types may require month ends date only, some may require mid month, or only a particular date. This field describes the pattern. Empty means no restrictions, 31/* means last day of every month is allowed, 31/03 means March 31st is the only allowed date.","enum":["31/*","31/03"]}},"description":"Describes how IRD requires billpayment to be formatted for different types of taxes. "},"IRDPaymentInfoList":{"type":"object","properties":{"irdPayeeName":{"type":"string","description":"The payee name to show when using the IRD payment function."},"bankAccountNumber":{"type":"string","description":"Tax Type description"},"irdPaymentInfoList":{"type":"array","items":{"$ref":"#/definitions/IRDPaymentInfo"}},"irdPayeeID":{"type":"string"}},"description":"List of IRD Payment Info which describes how IRD wants bill payment to be formatted for different tax types."},"ErrorResponse":{"type":"object","properties":{"id":{"type":"string","description":"ID of the error response, nullable"},"type":{"type":"string","description":"Type of the error response, for example, BadRequest, ServerError, NotFound."},"messages":{"description":"Error Messages, could be more than one message.","$ref":"#/definitions/Messages"}},"description":"Represents an Error response."},"MessageItem":{"type":"object","properties":{"code":{"type":"string","description":"Message code"},"type":{"type":"string","description":"Message type"},"description":{"type":"string","description":"Message description"}},"description":"Represents a message item"},"Messages":{"type":"object","properties":{"headerNarrative":{"type":"string","description":"Header narrative"},"messageItems":{"type":"array","description":"Collection of message items, can be empty.","items":{"$ref":"#/definitions/MessageItem"}}},"description":"Represents a message"},"PasswordChangeExpiredRequest":{"type":"object","required":["expiredPassword","newPassword","userId"],"properties":{"expiredPassword":{"type":"string","description":"Current expired Password, must be expired less than 24 hours to now "},"newPassword":{"type":"string","description":"New Password, must satisfy password policy"},"userId":{"type":"string","description":"Client number or login name"}},"description":"Change Expired Password Request"},"PasswordPoliciesResponse":{"type":"object","properties":{"minLength":{"type":"integer","format":"int32","description":"Password minimum length"},"maxLength":{"type":"integer","format":"int32","description":"Password maximum length"},"priorPasswords":{"type":"integer","format":"int32","description":"Number of prior passwords"},"maxRepeatingCharacters":{"type":"integer","format":"int32","description":"Maximum allowable repeating characters"},"checkIdCardNumberOrSurname":{"type":"boolean","description":"Check ID, card number, or surname "},"checkMixCase":{"type":"boolean","description":"Check for mixed case"},"checkNonAlpha":{"type":"boolean","description":"Check for special characters"}},"description":"Password Policies Response"},"PasswordResetRequest":{"type":"object","required":["email","userId"],"properties":{"userId":{"type":"string","description":"User id"},"email":{"type":"string","description":"Client email"}},"description":"Reset Password Request"}}}