{"swagger":"2.0","info":{"title":"Open Bank Project API","description":"An Open Source API for Banks. (c) TESOBE GmbH. 2011 - 2024. Licensed under the AGPL and commercial licences.","contact":{"name":"TESOBE GmbH. / Open Bank Project","url":"https://openbankproject.com","email":"contact@tesobe.com"},"version":"v5.1.0"},"host":"api3.openbankproject.com","basePath":"/","schemes":["http","https"],"securityDefinitions":{"directLogin":{"type":"apiKey","description":"https://github.com/OpenBankProject/OBP-API/wiki/Direct-Login","in":"header","name":"Authorization"},"gatewayLogin":{"type":"apiKey","description":"https://github.com/OpenBankProject/OBP-API/wiki/Gateway-Login","in":"header","name":"Authorization"}},"security":[{"directLogin":[],"gatewayLogin":[]}],"paths":{"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}":{"put":{"tags":["Account","Onboarding"],"summary":"Create Account","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"
Create Account at bank specified by BANK_ID with Id specified by ACCOUNT_ID.
The User can create an Account for themself - or - the User that has the USER_ID specified in the POST body.
If the PUT body USER_ID is specified, the logged in user must have the Role canCreateAccount. Once created, the Account will be owned by the User specified by USER_ID.
If the PUT body USER_ID is not specified, the account will be owned by the logged in User.
The 'product_code' field SHOULD be a product_code from Product.
If the 'product_code' matches a product_code from Product, account attributes will be created that match the Product Attributes.
Note: The Amount MUST be zero.
Authentication is Mandatory
","operationId":"createAccount","parameters":[{"in":"body","name":"body","description":"CreateAccountRequestJsonV500 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/CreateAccountRequestJsonV500"}},{"in":"path","name":"ACCOUNT_ID","description":"The account id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CreateAccountResponseJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorInvalidJsonFormat"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}/account-access":{"put":{"tags":["Account-Access","View-Custom","Account","User","OwnerViewRequired"],"summary":"Revoke/Grant User access to View","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Revoke/Grant the logged in User access to the views identified by json.
Authentication is Mandatory and the user needs to be an account holder or has owner view access.
","operationId":"revokeGrantUserAccessToViews","parameters":[{"in":"body","name":"body","description":"PostRevokeGrantAccountAccessJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostRevokeGrantAccountAccessJsonV400"}},{"in":"path","name":"ACCOUNT_ID","description":"The account id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/RevokedJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}/account-access/grant":{"post":{"tags":["Account-Access","View-Custom","Account","User","OwnerViewRequired"],"summary":"Grant User access to View","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Grants the User identified by USER_ID access to the view identified by VIEW_ID.
Authentication is Mandatory and the user needs to be account holder.
","operationId":"grantUserAccessToView","parameters":[{"in":"body","name":"body","description":"PostAccountAccessJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostAccountAccessJsonV400"}},{"in":"path","name":"ACCOUNT_ID","description":"The account id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ViewJsonV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}/account-access/revoke":{"post":{"tags":["Account-Access","View-Custom","Account","User","OwnerViewRequired"],"summary":"Revoke User access to View","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Revoke the User identified by USER_ID access to the view identified by VIEW_ID.
Authentication is Mandatory and the user needs to be account holder.
","operationId":"revokeUserAccessToView","parameters":[{"in":"body","name":"body","description":"PostAccountAccessJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostAccountAccessJsonV400"}},{"in":"path","name":"ACCOUNT_ID","description":"The account id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/RevokedJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}/permissions":{"get":{"tags":["View-Custom","Account","User","Entitlement"],"summary":"Get access","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Returns the list of the permissions at BANK_ID for account ACCOUNT_ID, with each time a pair composed of the user and the views that he has access to.
Authentication is Mandatory
and the user needs to have access to the owner view.
Returns the list of the views at BANK_ID for account ACCOUNT_ID that a user identified by PROVIDER_ID at their provider PROVIDER has access to.
All url parameters must be %-encoded, which is often especially relevant for USER_ID and PROVIDER.
Authentication is Mandatory
The user needs to have access to the owner view.
","operationId":"getPermissionForUserForBankAccount","parameters":[{"in":"path","name":"PROVIDER","description":"the user PROVIDER","required":true,"type":"string"},{"in":"path","name":"PROVIDER_ID","description":"The provider id","required":true,"type":"string"},{"in":"path","name":"ACCOUNT_ID","description":"The account id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ViewsJsonV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/accounts/{ACCOUNT_ID}/user-account-access":{"post":{"tags":["Account-Access","View-Custom","Account","User","OwnerViewRequired","DAuth"],"summary":"Create (DAuth) User with Account Access","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint is used as part of the DAuth solution to grant access to account and transaction data to a smart contract on the blockchain.
Put the smart contract address in username
For provider use "dauth"
This endpoint will create the (DAuth) User with username and provider if the User does not already exist.
Authentication is Mandatory and the logged in user needs to be account holder.
For information about DAuth see below:
DAuth is an experimental authentication mechanism that aims to pin an ethereum or other blockchain Smart Contract to an OBP "User".
In the future, it might be possible to be more specific and pin specific actors (wallets) that are acting within the smart contract, but so far, one smart contract acts on behalf of one User.
Thus, if a smart contract "X" calls the OBP API using the DAuth header, OBP will get or create a user called X and the call will proceed in the context of that User "X".
DAuth is invoked by the REST client (caller) including a specific header (see step 3 below) in any OBP REST call.
When OBP receives the DAuth token, it creates or gets a User with a username based on the smart_contract_address and the provider based on the network_name. The combination of username and provider is unique in OBP.
If you are calling OBP-API via an API3 Airnode, the Airnode will take care of constructing the required header.
When OBP detects a DAuth header / token it first checks if the Consumer is allowed to make such a call. OBP will validate the Consumer ip address and signature etc.
Note: The DAuth flow does not require an explicit POST like Direct Login to create the token.
Permissions may be assigned to an OBP User at any time, via the UserAuthContext, Views, Entitlements to Roles or Consents.
Note: DAuth is enabled.
Note: The DAuth client is responsible for creating a token which will be trusted by OBP absolutely!
To use DAuth:
Set up properties in your props file
# -- DAuth --------------------------------------# Define secret used to validate JWT token# jwt.public_key_rsa=path-to-the-pem-file# Enable/Disable DAuth communication at all# In case isn't defined default value is false# allow_dauth=false# Define comma separated list of allowed IP addresses# dauth.host=127.0.0.1# -------------------------------------- DAuth--
Please keep in mind that property jwt.public_key_rsa is used to validate JWT token to check it is not changed or corrupted during transport.
The following videos are available:
* DAuth in local environment
HEADER:ALGORITHM & TOKEN TYPE
{ "alg": "RS256", "typ": "JWT"}
PAYLOAD:DATA
{ "smart_contract_address": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "network_name": "AIRNODE.TESTNET.ETHEREUM", "msg_sender": "0xe12340927f1725E7734CE288F8367e1Bb143E90fhku767", "consumer_key": "0x1234a4ec31e89cea54d1f125db7536e874ab4a96b4d4f6438668b6bb10a6adb", "timestamp": "2021-11-04T14:13:40Z", "request_id": "0Xe876987694328763492876348928736497869273649"}
VERIFY SIGNATURE
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload),) your-RSA-key-pair
Here is an example token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k
Using your favorite http client:
GET https://api3.openbankproject.com/obp/v3.0.0/users/current
Body
Leave Empty!
Headers:
DAuth: your-jwt-from-step-above
Here is it all together:
GET https://api3.openbankproject.com/obp/v3.0.0/users/current HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.47.0
Accept: /
DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k
CURL example
curl -v -H 'DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k' https://api3.openbankproject.com/obp/v3.0.0/users/current
You should receive a response like:
{ "user_id": "4c4d3175-1e5c-4cfd-9b08-dcdc209d8221", "email": "", "provider_id": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "provider": "ETHEREUM", "username": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "entitlements": { "list": [] }}
The file, dauth.scala handles the DAuth,
We:
-> Check if Props allow_dauth is true -> Check if DAuth header exists -> Check if getRemoteIpAddress is OK -> Look for "token" -> parse the JWT token and getOrCreate the user -> get the data of the user
Parameter names and values are case sensitive.
Each parameter MUST NOT appear more than once per request.
Revoke Consent specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
","operationId":"revokeConsentAtBank","parameters":[{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"204":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"put":{"tags":["Consent","Account Information Service (AIS)"],"summary":"Update Consent Status","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint is used to update the Status of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
","operationId":"updateConsentStatus","parameters":[{"in":"body","name":"body","description":"PutConsentStatusJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PutConsentStatusJsonV400"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/consents/{CONSENT_ID}/challenge":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Answer Consent Challenge","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
This endpoint is used to confirm a Consent previously created.
The User must supply a code that was sent out of band (OOB) for example via an SMS.
Authentication is Mandatory
","operationId":"answerConsentChallenge","parameters":[{"in":"body","name":"body","description":"PostConsentChallengeJsonV310 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostConsentChallengeJsonV310"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/consents/{CONSENT_ID}/user-update-request":{"put":{"tags":["Consent","Account Information Service (AIS)"],"summary":"Add User to a Consent","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint is used to add the User of Consent.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Authentication is Mandatory
","operationId":"addConsentUser","parameters":[{"in":"body","name":"body","description":"PutConsentUserJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PutConsentUserJsonV400"}},{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentChallengeJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/customers":{"get":{"tags":["Customer","User"],"summary":"Get Customers at Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Customers at Bank.
Authentication is Mandatory
","operationId":"getCustomersAtOneBank","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomerJSONsV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/customers-minimal":{"get":{"tags":["Customer","User"],"summary":"Get Customers Minimal at Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Customers Minimal at Bank.
Authentication is Mandatory
","operationId":"getCustomersMinimalAtOneBank","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomersMinimalJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserCustomerLinksNotFoundForUser"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/entitlements":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlements for One Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Authentication is Mandatory
","operationId":"getEntitlementsForBank","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementsJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/my/consent-infos":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consents Info","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consents that the current User created.
Authentication is Mandatory
","operationId":"getConsentInfos","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentInfosJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/my/consents":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consents","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consents that the current User created.
Authentication is Mandatory
","operationId":"getConsents","parameters":[{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentsJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/my/consents/{CONSENT_ID}/revoke":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Revoke Consent","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Revoke Consent for current user specified by CONSENT_ID
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
Please note that this endpoint only supports the case:: "The user explicitly wishes to revoke the application’s access"
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
","operationId":"revokeConsent","parameters":[{"in":"path","name":"CONSENT_ID","description":"the consent id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/my/consents/EMAIL":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent (EMAIL)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
This endpoint starts the process of creating a Consent.
The Consent is created in an INITIATED state.
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.
An OBP Consent allows the holder of the Consent to call one or more endpoints.
Consents must be created and authorisied using SCA (Strong Customer Authentication).
That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.
Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, REVOKED, RECEIVED, VALID, REVOKEDBYPSU, EXPIRED, TERMINATEDBYTPP, AUTHORISED, AWAITINGAUTHORISATION.
Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key.
For example:
GET /obp/v4.0.0/users/current HTTP/1.1
Host: 127.0.0.1:8080
Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn
1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj
EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml
zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY
tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg
Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk
cache-control: no-cache
Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.
Example of POST JSON:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com",
"valid_from": "2020-02-07T08:43:34Z",
"time_to_live": 3600
}
Please note that only optional fields are: consumer_id, valid_from and time_to_live.
In case you omit they the default values are used:
consumer_id = consumer of current user
valid_from = current time
time_to_live = consents.max_time_to_live
Authentication is Mandatory
Example 1:
{
"everything": true,
"views": [],
"entitlements": [],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Please note that consumer_id is optional field
Example 2:
{
"everything": true,
"views": [],
"entitlements": [],
"email": "eveline@example.com"
}
Please note if everything=false you need to explicitly specify views and entitlements
Example 3:
{
"everything": false,
"views": [
{
"bank_id": "GENODEM1GLS",
"account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0",
"view_id": "owner"
}
],
"entitlements": [
{
"bank_id": "GENODEM1GLS",
"role_name": "CanGetCustomer"
}
],
"consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh",
"email": "eveline@example.com"
}
Link a User to a Customer
Authentication is Mandatory
","operationId":"createUserCustomerLinks","parameters":[{"in":"body","name":"body","description":"CreateUserCustomerLinkJson object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/CreateUserCustomerLinkJson"}},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserCustomerLinkJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/users/{USER_ID}/entitlements":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlements for User at Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Entitlements specified by BANK_ID and USER_ID
Authentication is Mandatory
","operationId":"getEntitlementsByBankAndUser","parameters":[{"in":"body","name":"body","description":"EmptyClassJson object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/EmptyClassJson"}},{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementJSONs"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/users/current/auth-context-updates/{AUTH_CONTEXT_UPDATE_ID}/challenge":{"post":{"tags":["User"],"summary":"Answer User Auth Context Update Challenge","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Answer User Auth Context Update Challenge.
Authentication is Mandatory
","operationId":"answerUserAuthContextUpdateChallenge","parameters":[{"in":"body","name":"body","description":"PostUserAuthContextUpdateJsonV310 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostUserAuthContextUpdateJsonV310"}},{"in":"path","name":"AUTH_CONTEXT_UPDATE_ID","description":"the auth context update id","required":true,"type":"string"},{"in":"path","name":"BANK_ID","description":"The bank id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserAuthContextUpdateJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/banks/{BANK_ID}/users/current/auth-context-updates/{SCA_METHOD}":{"post":{"tags":["User"],"summary":"Create User Auth Context Update Request","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create User Auth Context Update Request.
Authentication is Mandatory
A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD
SCA_METHOD is typically "SMS" or "EMAIL". "EMAIL" is used for testing purposes.
Client Authentication (mandatory)
It is used when applications request an access token to access their own resources, not on behalf of a user.
The client needs to authenticate themselves for this request.
In case of public client we use client_id and private kew to obtain access token, otherwise we use client_id and client_secret.
The obtained access token is used in the HTTP Bearer auth header of our request.
Example:
Authorization: Bearer eXtneO-THbQtn3zvK_kQtXXfvOZyZFdBCItlPDbR2Bk.dOWqtXCtFX-tqGTVR0YrIjvAolPIVg7GZ-jz83y6nA0
Authentication is Optional
","operationId":"createConsentRequest","parameters":[{"in":"body","name":"body","description":"PostConsentRequestJsonV500 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostConsentRequestJsonV500"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentRequestResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorBankNotFound"}}}}},"/obp/v5.1.0/consumer/consent-requests/CONSENT_REQUEST_ID":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consent Request","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Authentication is Optional
","operationId":"getConsentRequest","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentRequestResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorBankNotFound"}}}}},"/obp/v5.1.0/consumer/consent-requests/CONSENT_REQUEST_ID/EMAIL/consents":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent By CONSENT_REQUEST_ID (EMAIL)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
","operationId":"createConsentByConsentRequestIdEmail","parameters":[],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/consumer/consent-requests/CONSENT_REQUEST_ID/SMS/consents":{"post":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Create Consent By CONSENT_REQUEST_ID (SMS)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint continues the process of creating a Consent. It starts the SCA flow which changes the status of the consent from INITIATED to ACCEPTED or REJECTED.
Please note that the Consent cannot elevate the privileges logged in user already have.
Authentication is Mandatory
","operationId":"createConsentByConsentRequestIdSms","parameters":[],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/consumer/consent-requests/CONSENT_REQUEST_ID/consents":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Get Consent By Consent Request Id","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint gets the Consent By consent request id.
Authentication is Mandatory
","operationId":"getConsentByConsentRequestId","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/customers":{"get":{"tags":["Customer","User"],"summary":"Get Customers at Any Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Customers at Any Bank.
Authentication is Mandatory
","operationId":"getCustomersAtAnyBank","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomerJSONsV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/customers-minimal":{"get":{"tags":["Customer","User"],"summary":"Get Customers Minimal at Any Bank","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Customers Minimal at Any Bank.
Authentication is Mandatory
","operationId":"getCustomersMinimalAtAnyBank","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomersMinimalJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/entitlement-requests":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get all Entitlement Requests","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get all Entitlement Requests
Authentication is Mandatory
","operationId":"getAllEntitlementRequests","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementRequestsJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"post":{"tags":["Role","Entitlement","User"],"summary":"Create Entitlement Request for current User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create Entitlement Request.
Any logged in User can use this endpoint to request an Entitlement
Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)
For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""
For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"
Authentication is Mandatory
","operationId":"addEntitlementRequest","parameters":[{"in":"body","name":"body","description":"CreateEntitlementJSON object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/CreateEntitlementJSON"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementRequestJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/entitlement-requests/{ENTITLEMENT_REQUEST_ID}":{"delete":{"tags":["Role","Entitlement","User"],"summary":"Delete Entitlement Request","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Delete the Entitlement Request specified by ENTITLEMENT_REQUEST_ID for a user specified by USER_ID
Authentication is Mandatory
","operationId":"deleteEntitlementRequest","parameters":[{"in":"path","name":"ENTITLEMENT_REQUEST_ID","description":"the entitlement request id","required":true,"type":"string"}],"responses":{"204":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/entitlements":{"get":{"tags":["Role","Entitlement"],"summary":"Get all Entitlements","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Login is required.
Possible filter on the role field:
eg: /entitlements?role=CanGetCustomer
Authentication is Mandatory
","operationId":"getAllEntitlements","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementJSONs"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/management/user/reset-password-url":{"post":{"tags":["User"],"summary":"Create password reset url","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create password reset url.
Authentication is Mandatory
","operationId":"resetPasswordUrl","parameters":[{"in":"body","name":"body","description":"PostResetPasswordUrlJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostResetPasswordUrlJsonV400"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/ResetPasswordUrlJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/consent/current":{"delete":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Revoke Consent used in the Current Call","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Revoke Consent specified by Consent-Id at Request Header
There are a few reasons you might need to revoke an application’s access to a user’s account:
- The user explicitly wishes to revoke the application’s access
- You as the service provider have determined an application is compromised or malicious, and want to disable it
- etc.
OBP as a resource server stores access tokens in a database, then it is relatively easy to revoke some token that belongs to a particular user.
The status of the token is changed to "REVOKED" so the next time the revoked client makes a request, their token will fail to validate.
Authentication is Mandatory
","operationId":"selfRevokeConsent","parameters":[],"responses":{"204":{"description":"Success","schema":{"$ref":"#/definitions/ConsentJsonV310"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/customers":{"get":{"tags":["Customer","User"],"summary":"Get My Customers","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Gets all Customers that are linked to me.
Authentication via OAuth is required.
Authentication is Mandatory
","operationId":"getMyCustomersAtAnyBank","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomerJsonV210"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/entitlement-requests":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlement Requests for the current User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Entitlement Requests for the current User.
Authentication is Mandatory
","operationId":"getEntitlementRequestsForCurrentUser","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementRequestsJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/entitlements":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlements for the current User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Entitlements for the current User.
Authentication is Mandatory
","operationId":"getEntitlementsForCurrentUser","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementJSONs"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/mtls/certificate/current":{"get":{"tags":["Consent","Account Information Service (AIS)","PSD2"],"summary":"Provide client's certificate info of a current call","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Provide client's certificate info of a current call specified by PSD2-CERT value at Request Header
Authentication is Mandatory
","operationId":"mtlsClientCertificateInfo","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CertificateInfoJsonV510"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/spaces":{"get":{"tags":["User"],"summary":"Get My Spaces","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get My Spaces.
Authentication is Mandatory
","operationId":"getMySpaces","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/MySpaces"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/user/attributes":{"get":{"tags":["User"],"summary":"Get My Personal User Attributes","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get My Personal User Attributes.
Authentication is Mandatory
","operationId":"getMyPersonalUserAttributes","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserAttributesResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"post":{"tags":["User"],"summary":"Create My Personal User Attribute","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create My Personal User Attribute
The type
field must be one of "STRING", "INTEGER", "DOUBLE" or DATE_WITH_DAY"
Authentication is Mandatory
","operationId":"createMyPersonalUserAttribute","parameters":[{"in":"body","name":"body","description":"UserAttributeJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/UserAttributeJsonV400"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserAttributeResponseJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/my/user/attributes/USER_ATTRIBUTE_ID":{"put":{"tags":["User"],"summary":"Update My Personal User Attribute","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Update My Personal User Attribute for current user by USER_ATTRIBUTE_ID
The type field must be one of "STRING", "INTEGER", "DOUBLE" or DATE_WITH_DAY"
Authentication is Mandatory
","operationId":"updateMyPersonalUserAttribute","parameters":[{"in":"body","name":"body","description":"UserAttributeJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/UserAttributeJsonV400"}}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserAttributeResponseJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/roles":{"get":{"tags":["Role"],"summary":"Get Roles","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Returns all available roles
Authentication is Mandatory
","operationId":"getRoles","parameters":[{"in":"body","name":"body","description":"EmptyClassJson object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/EmptyClassJson"}}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/AvailableRolesJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/user-entitlements":{"post":{"tags":["Role","Entitlement","User","DAuth"],"summary":"Create (DAuth) User with Roles","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"This endpoint is used as part of the DAuth solution to grant Entitlements for Roles to a smart contract on the blockchain.
Put the smart contract address in username
For provider use "dauth"
This endpoint will create the User with username and provider if the User does not already exist.
Then it will create Entitlements i.e. grant Roles to the User.
Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)
i.e. Entitlements are used to create / consume system or bank level resources where as views / account access are used to consume / create customer level resources.
For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""
For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"
Note: The Roles actually granted will depend on the Roles that the calling user has.
If you try to grant Entitlements to a user that already exist (duplicate entitilements) you will get an error.
For information about DAuth see below:
DAuth is an experimental authentication mechanism that aims to pin an ethereum or other blockchain Smart Contract to an OBP "User".
In the future, it might be possible to be more specific and pin specific actors (wallets) that are acting within the smart contract, but so far, one smart contract acts on behalf of one User.
Thus, if a smart contract "X" calls the OBP API using the DAuth header, OBP will get or create a user called X and the call will proceed in the context of that User "X".
DAuth is invoked by the REST client (caller) including a specific header (see step 3 below) in any OBP REST call.
When OBP receives the DAuth token, it creates or gets a User with a username based on the smart_contract_address and the provider based on the network_name. The combination of username and provider is unique in OBP.
If you are calling OBP-API via an API3 Airnode, the Airnode will take care of constructing the required header.
When OBP detects a DAuth header / token it first checks if the Consumer is allowed to make such a call. OBP will validate the Consumer ip address and signature etc.
Note: The DAuth flow does not require an explicit POST like Direct Login to create the token.
Permissions may be assigned to an OBP User at any time, via the UserAuthContext, Views, Entitlements to Roles or Consents.
Note: DAuth is enabled.
Note: The DAuth client is responsible for creating a token which will be trusted by OBP absolutely!
To use DAuth:
Set up properties in your props file
# -- DAuth --------------------------------------# Define secret used to validate JWT token# jwt.public_key_rsa=path-to-the-pem-file# Enable/Disable DAuth communication at all# In case isn't defined default value is false# allow_dauth=false# Define comma separated list of allowed IP addresses# dauth.host=127.0.0.1# -------------------------------------- DAuth--
Please keep in mind that property jwt.public_key_rsa is used to validate JWT token to check it is not changed or corrupted during transport.
The following videos are available:
* DAuth in local environment
HEADER:ALGORITHM & TOKEN TYPE
{ "alg": "RS256", "typ": "JWT"}
PAYLOAD:DATA
{ "smart_contract_address": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "network_name": "AIRNODE.TESTNET.ETHEREUM", "msg_sender": "0xe12340927f1725E7734CE288F8367e1Bb143E90fhku767", "consumer_key": "0x1234a4ec31e89cea54d1f125db7536e874ab4a96b4d4f6438668b6bb10a6adb", "timestamp": "2021-11-04T14:13:40Z", "request_id": "0Xe876987694328763492876348928736497869273649"}
VERIFY SIGNATURE
RSASHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload),) your-RSA-key-pair
Here is an example token:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k
Using your favorite http client:
GET https://api3.openbankproject.com/obp/v3.0.0/users/current
Body
Leave Empty!
Headers:
DAuth: your-jwt-from-step-above
Here is it all together:
GET https://api3.openbankproject.com/obp/v3.0.0/users/current HTTP/1.1
Host: localhost:8080
User-Agent: curl/7.47.0
Accept: /
DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k
CURL example
curl -v -H 'DAuth: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzbWFydF9jb250cmFjdF9hZGRyZXNzIjoiMHhlMTIzNDI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGJiM0YwNTEyMjQiLCJuZXR3b3JrX25hbWUiOiJFVEhFUkVVTSIsIm1zZ19zZW5kZXIiOiIweGUxMjM0MDkyN2YxNzI1RTc3MzRDRTI4OEY4MzY3ZTFCYjE0M0U5MGZoa3U3NjciLCJjb25zdW1lcl9rZXkiOiIweDEyMzRhNGVjMzFlODljZWE1NGQxZjEyNWRiNzUzNmU4NzRhYjRhOTZiNGQ0ZjY0Mzg2NjhiNmJiMTBhNmFkYiIsInRpbWVzdGFtcCI6IjIwMjEtMTEtMDRUMTQ6MTM6NDBaIiwicmVxdWVzdF9pZCI6IjBYZTg3Njk4NzY5NDMyODc2MzQ5Mjg3NjM0ODkyODczNjQ5Nzg2OTI3MzY0OSJ9.XSiQxjEVyCouf7zT8MubEKsbOBZuReGVhnt9uck6z6k' https://api3.openbankproject.com/obp/v3.0.0/users/current
You should receive a response like:
{ "user_id": "4c4d3175-1e5c-4cfd-9b08-dcdc209d8221", "email": "", "provider_id": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "provider": "ETHEREUM", "username": "0xe123425E7734CE288F8367e1Bb143E90bb3F051224", "entitlements": { "list": [] }}
The file, dauth.scala handles the DAuth,
We:
-> Check if Props allow_dauth is true -> Check if DAuth header exists -> Check if getRemoteIpAddress is OK -> Look for "token" -> parse the JWT token and getOrCreate the user -> get the data of the user
Parameter names and values are case sensitive.
Each parameter MUST NOT appear more than once per request.
Authentication is Mandatory
","operationId":"createUserWithRoles","parameters":[{"in":"body","name":"body","description":"PostCreateUserWithRolesJsonV400 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/PostCreateUserWithRolesJsonV400"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementsJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users":{"get":{"tags":["User"],"summary":"Get all Users","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get all users
Authentication is Mandatory
CanGetAnyUser entitlement is required,
Possible custom url parameters for pagination:
eg1:?limit=100&offset=0
eg2:?limit=100&offset=0&sort_direction=ASC
Creates OBP user.
No authorisation (currently) required.
Mimics current webform to Register.
Requires username(email) and password.
Returns 409 error if username not unique.
May require validation of email address.
Authentication is Mandatory
","operationId":"createUser","parameters":[{"in":"body","name":"body","description":"CreateUserJson object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/CreateUserJson"}}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserJsonV200"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{PROVIDER}/{USERNAME}/lock-status":{"get":{"tags":["User"],"summary":"Get User Lock Status","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get User Login Status.
Authentication is Mandatory
Unlock a User.
(Perhaps the user was locked due to multiple failed login attempts)
Authentication is Mandatory
","operationId":"unlockUserByProviderAndUsername","parameters":[{"in":"path","name":"PROVIDER","description":"the user PROVIDER","required":true,"type":"string"},{"in":"path","name":"USERNAME","description":"the user name","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/BadLoginStatusJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{PROVIDER}/{USERNAME}/locks":{"post":{"tags":["User"],"summary":"Lock the user","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Lock a User.
Authentication is Mandatory
","operationId":"lockUserByProviderAndUsername","parameters":[{"in":"path","name":"PROVIDER","description":"the user PROVIDER","required":true,"type":"string"},{"in":"path","name":"USERNAME","description":"the user name","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserLockStatusJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}":{"delete":{"tags":["User"],"summary":"Delete a User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Delete a User.
Authentication is Mandatory
","operationId":"deleteUser","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"204":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/attributes":{"get":{"tags":["User"],"summary":"Get User with Attributes by USER_ID","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get User Attributes for the user defined via USER_ID.
Authentication is Mandatory
","operationId":"getUserWithAttributes","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserWithAttributesResponseJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/auth-context":{"delete":{"tags":["User"],"summary":"Delete User's Auth Contexts","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Delete the Auth Contexts of a User specified by USER_ID.
Authentication is Mandatory
","operationId":"deleteUserAuthContexts","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"204":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"get":{"tags":["User"],"summary":"Get User Auth Contexts","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get User Auth Contexts for a User.
Authentication is Mandatory
","operationId":"getUserAuthContexts","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserAuthContextJsonV500"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"post":{"tags":["User"],"summary":"Create User Auth Context","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create User Auth Context. These key value pairs will be propagated over connector to adapter. Normally used for mapping OBP user and
Bank User/Customer.
Authentication is Mandatory
Delete a User AuthContext of the User specified by USER_AUTH_CONTEXT_ID.
Authentication is Mandatory
","operationId":"deleteUserAuthContextById","parameters":[{"in":"path","name":"USER_AUTH_CONTEXT_ID","description":"the user auth context id","required":true,"type":"string"},{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"204":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/entitlement-requests":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlement Requests for a User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Entitlement Requests for a User.
Authentication is Mandatory
","operationId":"getEntitlementRequests","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementRequestsJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/entitlement/{ENTITLEMENT_ID}":{"delete":{"tags":["Role","User","Entitlement"],"summary":"Delete Entitlement","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Delete Entitlement specified by ENTITLEMENT_ID for an user specified by USER_ID
Authentication is required and the user needs to be a Super Admin.
Super Admins are listed in the Props file.
Authentication is Mandatory
","operationId":"deleteEntitlement","parameters":[{"in":"body","name":"body","description":"EmptyClassJson object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/EmptyClassJson"}},{"in":"path","name":"ENTITLEMENT_ID","description":"The entitblement id","required":true,"type":"string"},{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"204":{"description":"Success","schema":{"$ref":"#/definitions/EmptyClassJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/entitlements":{"get":{"tags":["Role","Entitlement","User"],"summary":"Get Entitlements for User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Authentication is Mandatory
","operationId":"getEntitlements","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementsJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"post":{"tags":["Role","Entitlement","User"],"summary":"Add Entitlement for a User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create Entitlement. Grant Role to User.
Entitlements are used to grant System or Bank level roles to Users. (For Account level privileges, see Views)
For a System level Role (.e.g CanGetAnyUser), set bank_id to an empty string i.e. "bank_id":""
For a Bank level Role (e.g. CanCreateAccount), set bank_id to a valid value e.g. "bank_id":"my-bank-id"
Authentication is required and the user needs to be a Super Admin. Super Admins are listed in the Props file.
Authentication is Mandatory
","operationId":"addEntitlement","parameters":[{"in":"body","name":"body","description":"CreateEntitlementJSON object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/CreateEntitlementJSON"}},{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/EntitlementJSON"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/non-personal/attributes":{"get":{"tags":["User"],"summary":"Get Non Personal User Attributes","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get Non Personal User Attribute for a user specified by USER_ID
Authentication is Mandatory
","operationId":"getNonPersonalUserAttributes","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"200":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}},"post":{"tags":["User"],"summary":"Create Non Personal User Attribute","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Create Non Personal User Attribute
The type field must be one of "STRING", "INTEGER", "DOUBLE" or DATE_WITH_DAY"
Authentication is Mandatory
","operationId":"createNonPersonalUserAttribute","parameters":[{"in":"body","name":"body","description":"UserAttributeJsonV510 object that needs to be added.","required":true,"schema":{"$ref":"#/definitions/UserAttributeJsonV510"}},{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/UserAttributeResponseJsonV510"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/non-personal/attributes/USER_ATTRIBUTE_ID":{"delete":{"tags":["User"],"summary":"Delete Non Personal User Attribute","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Delete the Non Personal User Attribute specified by ENTITLEMENT_REQUEST_ID for a user specified by USER_ID
Authentication is Mandatory
","operationId":"deleteNonPersonalUserAttribute","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"204":{"description":"Success"},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/{USER_ID}/refresh":{"post":{"tags":["User"],"summary":"Refresh User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"The endpoint is used for updating the accounts, views, account holders for the user.
As to the Json body, you can leave it as Empty.
This call will get data from backend, no need to prepare the json body in api side.
Authentication is Mandatory
","operationId":"refreshUser","parameters":[{"in":"path","name":"USER_ID","description":"The user id","required":true,"type":"string"}],"responses":{"201":{"description":"Success","schema":{"$ref":"#/definitions/RefreshUserJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserHasMissingRoles"}}}}},"/obp/v5.1.0/users/current":{"get":{"tags":["User"],"summary":"Get User (Current)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get the logged in user
Authentication is Mandatory
","operationId":"getCurrentUser","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserJsonV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/current/customers":{"get":{"tags":["Customer","User"],"summary":"Get Customers for Current User","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Gets all Customers that are linked to a User.
Authentication is Mandatory
","operationId":"getCustomersForUser","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/CustomersWithAttributesJsonV300"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/current/logout-link":{"get":{"tags":["User"],"summary":"Get Logout Link","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get the Logout Link
Authentication is Mandatory
","operationId":"getLogoutLink","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/LogoutLinkJson"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/current/user_id":{"get":{"tags":["User"],"summary":"Get User Id (Current)","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get the USER_ID of the logged in user
Authentication is Mandatory
","operationId":"getCurrentUserId","parameters":[],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserIdJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/email/EMAIL/terminator":{"get":{"tags":["User"],"summary":"Get Users by Email Address","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get users by email address
Authentication is Mandatory
CanGetAnyUser entitlement is required,
Get user by PROVIDER and USERNAME
Authentication is Mandatory
CanGetAnyUser entitlement is required,
","operationId":"getUserByProviderAndUsername","parameters":[{"in":"path","name":"PROVIDER","description":"the user PROVIDER","required":true,"type":"string"},{"in":"path","name":"USERNAME","description":"the user name","required":true,"type":"string"}],"responses":{"200":{"description":"Success","schema":{"$ref":"#/definitions/UserJsonV400"}},"400":{"description":"Error","schema":{"$ref":"#/definitions/ErrorUserNotLoggedIn"}}}}},"/obp/v5.1.0/users/user_id/{USER_ID}":{"get":{"tags":["User"],"summary":"Get User by USER_ID","security":[{"directLogin":[],"gatewayLogin":[]}],"description":"Get user by USER_ID
Authentication is Mandatory
CanGetAnyUser entitlement is required,