Api documentation
Learn how to get started with our Api documentation
API Reference - AuthorizationAPI 1 Json Yaml Try
Authorization API enables authorization of sensitive actions performed by customers or agents using 2nd factor authentication. Sensitive action authorizations can be explicitly requested by applications or they can be initiated by APIs during authorization checking. Support for 4 eyes verification and separation of duties will be added in future.
Provides authorization levels for a corporate
GET /v1/authorization/authorization-levels
| Parameter | Type/Format | Description |
|---|---|---|
accountID
|
Query / String |
AccountID to filter on |
amount
|
Query / Number |
Amount to authorize |
authorizationType
|
Query / String |
|
bankId
|
Query / String |
Bank ID |
currency
|
Query / String |
Currency code to filter on |
identifier
|
Query / String |
Corporate ID (for corporate customers) or CIF (for detecting joints) |
transactionType
|
Query / String |
Transaction Type |
Response
400 - bad input parameter
200 - search results matching criteria
{
"searchCriteria": {
"identifier": "CORP001",
"amount": "15000.22999999999956344254314899444580078125",
"ccy": "EUR",
"accountID": "1234567891213123",
"bankID": "1",
"transactionType": "PMT",
"authorizationType": "N/A"
},
"Authorizations": {
"type": "PAYMENT",
"EnforceHierarchy": false,
"levels": [
{
"level": "1",
"authorizationCount": "1",
"currency": "EUR",
"account": "1234567891213123",
"users": [
{
"name": "JONJ001"
}
]
}
]
}
}Evaluates the user for signing and accepts signature if user is allowed and/or valid.
POST /v1/authorization/evaluate-user
Evaluates the user for signing and accepts signature if user is allowed and/or valid.
| Parameter | Type/Format | Description |
|---|---|---|
command
|
Body / |
Request with details required for checking the signing rules and inserting a signature if user is allowed to sign the payload. |
Response
200 - OK
{
"reason": "string"
}Evaluates the existing signatures from supplied payload and calling context against signing rules defined.
POST /v1/authorization/evaluate-signatures
Evaluates the existing signatures from supplied payload and calling context against signing rules defined.
| Parameter | Type/Format | Description |
|---|---|---|
command
|
Body / |
Request with details required for status of signing resource. |
Response
200 - OK
{
"reason": "string",
"signatures": [
{
"entity": "string",
"required": "integer",
"existing": "integer"
}
]
}Verify OCRA response
POST /v1/authorization/ocra/verify
Verifies OCRA response to previously generated challenge
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Request with details to verify OCRA response |
Response
440 - Your request was well constructed but OCRA response could not be verified. Consider the following possible problems and look into response for more details: - [bad-response]() - [replayed-response]() - [no-such-challenge]()
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
204 - No content - OCRA response is valid
Generate OCRA challenge
POST /v1/authorization/ocra/challenge
Generates OCRA challenge based on optional data for signature provided by application or random seed
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Request with details to generate OCRA challenge |
Response
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
200 - OK - OCRA challenge generated
440 - Your request was well constructed but OCRA challenge could not be generated. Consider the following possible problems and look into response for more details: - [no-such-user]()
{
"challenge-id": "string",
"challenge-code": "string"
}Working with one-time passwords
Verify OATH compliant one-time password
POST /v1/authorization/otp/oath/verify
Verifies TOTP or HOTP one-time password entered by user identified with `user-id`
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Request with details to verify HOTP or TOTP |
Response
204 - No content - OTP is valid
440 - Your request was well constructed but OTP could not be verified. Consider the following possible problems and look into response for more details: - [bad-otp]() - [replayed-otp]() - [no-such-user]()
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
Verify email one-time password
POST /v1/authorization/otp/email/verify
Verifies one-time password entered by user for verification in progress
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Request with details to verify email OTP |
Response
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
440 - Your request was well constructed but OTP coul not be verified. Consider the following possible problems and look into response for more details: - [bad-otp]() - [replayed-otp]() - [no-such-verification]()
204 - No content - OTP is valid
Generate and send email with one-time password
POST /v1/authorization/otp/email/send
Generates one-time password and sends it to receipient specified in `user-id` or `email`
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Command with details to send OTP email |
Response
202 - Accepted - Email sent
440 - Your request was well constructed but it could not be processed. Consider the following possible problems and look into response for more details: - [no-such-user]()
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
{}Verify SMS one-time password
POST /v1/authorization/otp/sms/verify
Verifies one-time password entered by user for verification in progress
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Request with details to verify SMS OTP |
Response
204 - No content - OTP is valid
440 - Your request was well constructed but OTP was be verified. Consider the following possible problems and look into response for more details: - [bad-otp]() - [replayed-otp]() - [no-such-verification]()
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
Generate and send SMS one-time password
POST /v1/authorization/otp/sms/send
Generates one-time password and sends it to receipient specified in `user-id` or `phone-number`
| Parameter | Type/Format | Description |
|---|---|---|
cmd
|
Body / |
Command with details to send SMS OTP |
Response
202 - Accepted - SMS sent
440 - Your request was well constructed but it could not be processed. Consider the following possible problems and look into response for more details: - [no-such-user]()
default - Besides specific status codes above, other standard http [status codes](http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html) can be returned for each request. To learn more see general guidance on [error handling](common-getstarted.html#error-handling)
{}