Account Information (AISP) API | RAML Definition

(0 reviews)

API Notebook

Banking AISP Experience API

This API exposes endpoints for external applications to retrieve account information (general information, balance, transactions).

License Agreement

Note that using this template is subject to the conditions of this License Agreement.

Please review the terms of the license before downloading and using this template. In short, you are allowed to use the template for free with Mule ESB Enterprise Edition, CloudHub, or as a trial in Anypoint Studio.

APIs security considerations

This Experience API is meant to be deployed to CloudHub and managed using the API Platform Manager. All endpoints use HTTPS.

In order to retrieve the information, the third party application must be first registered with the bank's authorization server (AS) to obtain application credentials (client_id and client_secret). With possession of this information, classic OAuth 2.0 /authorize request on AS with authorization code response type can be made (it is required to provide client_id, redirect_uri set during registration and response_type=code or response_type=token). User then enters username and password to grant access to his/her account. User is then redirected to the specified redirect_uri along with the authorization code. Application then sends POST request to the AS OAuth 2.0 /token endpoint with required information (client_id, client_secret, authorization_code, redirect_uri) and the response will contain the access_token. If response_type=token was used, the access_token is provided right away. This token must be used in the Authorization header (Authorization: Bearer ) in order to access this API. The token is signed and encrypted JWT.

This API cannot be deployed standalone, you must apply and configure Oauth 2.0 JWE access token enforcement policy which takes care of the validation of provided access_token. If no token is provided or the token is not valid, the request is rejected. Follow the instructions on the provided link on how to configure the policy.

This API consumes the Banking accounts process API which is secured by Client ID Enforcement Policy using Basic Authenication. Therefore the Banking AISP Experience API needs to request client ID and client secret from Banking accounts process API developer portal.

Banking AISP Experience API demo

Create the Banking AISP Expereince API client

First we need to create the API client using the global method API.createClient to access the defined operations in the RAML.

API.createClient accepts two parameters: client name and RAML URL. The client name will become a global variable with the client object, and the URL is referencing to the RAML specification of the Banking AISP Expereince API in the public API portal.

User authorization

User needs to authenticate to Authorization Server (AS) to get the JWT token that contains his/her information. As we presume that AISP Experience API is registered with the bank's AS we have a client_id and client_secret.

NOTE: When asked for login, use the following

username: test-user
password: testpassword

Getting accounts information

To retrieve accounts information the following request is needed: GET https://banking-aisp-experience-api-host/api/info along with Authorization header containing valid access token retrieved from the AS after user authorization (eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh).

Getting accounts balance information

To retrieve accounts balance information the following request is needed: GET https://banking-aisp-experience-api-host/api/balance along with Authorization header containing valid access token retrieved from the AS after user authorization eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh.

Getting transactions information

To retrieve transactions information the following request is needed: GET https://banking-aisp-experience-api-host/api/transactions along with Authorization header containing valid access token retrieved from the AS after user authorization eg. Authorization: Bearer abcdefghijklmnop154.ds45c4a5sd67c8a5.54sd3a54d35s4ad4adefgeraghthsh.


Reviews

TypeREST API
OrganizationMulesoft
Published by
MuleSoft Organization
Published onJun 15, 2019
Asset overview

Asset versions for 2.0.x

Asset versions
VersionActions
2.0.2

Tags