Featured API Endpoints

.

By API_COLLECTION_ID.

Get the OAuth2 server's public Well Known URIs.

This endpoint gets the Consents created by the current User.

Get user by PROVIDER and USERNAME

Get a User by their authentication provider and username.

for the currently authenticated user.

Returns Personal Data Fields (IsPersonal=true) that are managed by the user.

Get all entitlements that have been granted from a specific group.

This returns all entitlements where the group_id matches the specified GROUP_ID.

Get the bank specified by BANK_ID Returns information about a single bank specified by BANK_ID including:

- bank_id: The unique identifier of this bank - Short and full name of bank - Logo URL - Website

When using ACCOUNT, the payee is set in the request body.

Money goes into the BANK_ID and ACCOUNT_ID specified in the request body.

For sandbox mode, it will use the Cardano Preprod Network. The accountId can be the wallet_id for now, as it uses cardano-wallet in the backend.

Get all System Dynamic Entities with record counts.

Each dynamic entity in the response includes a record_count field showing how many data records exist for that entity.

This v6.0.0 endpoint returns snake_case field names and an explicit entity_name field.

Get the list of authentication providers that have been used to create users on this OBP instance.

This endpoint returns a distinct list of provider values from the resource_user table.

These message docs provide example messages sent by OBP to the (RabbitMq) message queue for processing by the Core Banking / Payment system Adapter - together with an example expected response and possible error codes. Integrators can use these messages to build Adapters that provide core banking services to OBP.

Note: API Explorer provides a Message Docs page where these messages are displayed. CONNECTOR: rest_vMar2019, stored_procedure_vDec2019 ...

Returns the operation IDs of the 50 most popular endpoints based on usage metrics.

This endpoint is public and does not require authentication.

The response contains a simple list of operation_id strings, ordered by popularity (most called first).

Get API Glossary

Returns the glossary of the API.

The glossary content is static and only changes when the API is redeployed. This endpoint supports HTTP caching:

The response includes a Cache-Control header (max-age=3600) indicating clients should cache for 1 hour. The response includes an ETag header. Clients can send If-None-Match with the ETag value on subsequent requests to receive a 304 Not Modified if the content has not changed.

Clients and agents are encouraged to cache the glossary response locally.

This endpoint starts the process of creating a Consent.

The Consent is created in an INITIATED state.

A One Time Password (OTP) (AKA security challenge) is sent Out of Band (OOB) to the User via the transport defined in SCA_METHOD SCA_METHOD is typically "SMS","EMAIL" or "IMPLICIT". "EMAIL" is used for testing purposes. OBP mapped mode "IMPLICIT" is "EMAIL". Other mode, bank can decide it in the connector method 'getConsentImplicitSCA'.

When the Consent is created, OBP (or a backend system) stores the challenge so it can be checked later against the value supplied by the User with the Answer Consent Challenge endpoint.

An OBP Consent allows the holder of the Consent to call one or more endpoints.

Consents must be created and authorisied using SCA (Strong Customer Authentication).

That is, Consents can be created by an authorised User via the OBP REST API but they must be confirmed via an out of band (OOB) mechanism such as a code sent to a mobile phone.

Each Consent has one of the following states: INITIATED, ACCEPTED, REJECTED, rejected, REVOKED, EXPIRED, received, valid, revokedByPsu, expired, terminatedByTpp, AUTHORISED, AWAITINGAUTHORISATION.

Each Consent is bound to a consumer i.e. you need to identify yourself over request header value Consumer-Key. For example: GET /obp/v4.0.0/users/current HTTP/1.1 Host: 127.0.0.1:8080 Consent-JWT: eyJhbGciOiJIUzI1NiJ9.eyJlbnRpdGxlbWVudHMiOlt7InJvbGVfbmFtZSI6IkNhbkdldEFueVVzZXIiLCJiYW5rX2lkIjoiIn 1dLCJjcmVhdGVkQnlVc2VySWQiOiJhYjY1MzlhOS1iMTA1LTQ0ODktYTg4My0wYWQ4ZDZjNjE2NTciLCJzdWIiOiIzNDc1MDEzZi03YmY5LTQyNj EtOWUxYy0xZTdlNWZjZTJlN2UiLCJhdWQiOiI4MTVhMGVmMS00YjZhLTQyMDUtYjExMi1lNDVmZDZmNGQzYWQiLCJuYmYiOjE1ODA3NDE2NjcsIml zcyI6Imh0dHA6XC9cLzEyNy4wLjAuMTo4MDgwIiwiZXhwIjoxNTgwNzQ1MjY3LCJpYXQiOjE1ODA3NDE2NjcsImp0aSI6ImJkYzVjZTk5LTE2ZTY tNDM4Yi1hNjllLTU3MTAzN2RhMTg3OCIsInZpZXdzIjpbXX0.L3fEEEhdCVr3qnmyRKBBUaIQ7dk1VjiFaEBW8hUNjfg

Consumer-Key: ejznk505d132ryomnhbx1qmtohurbsbb0kijajsk cache-control: no-cache

Maximum time to live of the token is specified over props value consents.max_time_to_live. In case isn't defined default value is 3600 seconds.

Example of POST JSON: { "everything": false, "views": [ { "bank_id": "GENODEM1GLS", "account_id": "8ca8a7e4-6d02-40e3-a129-0b2bf89de9f0", "view_id": "owner" } ], "entitlements": [ { "bank_id": "GENODEM1GLS", "role_name": "CanGetCustomersAtOneBank" } ], "consumer_id": "7uy8a7e4-6d02-40e3-a129-0b2bf89de8uh", "email": "eveline@example.com", "valid_from": "2020-02-07T08:43:34Z", "time_to_live": 3600 } Please note that only optional fields are: consumer_id, valid_from and time_to_live.

Get the list of all available connector method names.

These are the method names that can be used in Method Routing configuration.

Data Source

The data comes from scanning the actual Scala connector code at runtime using reflection, NOT from a database or configuration file.

The endpoint: 1. Reads the connector name from props (e.g., connector=mapped) 2. Gets the connector instance (e.g., LocalMappedConnector, KafkaConnector, StarConnector) 3. Uses Scala reflection to scan all public methods that override the base Connector trait 4. Filters for valid connector methods (public, has parameters, overrides base trait) 5. Returns the method names as a sorted list

Which Connector?

Depends on your connector property: connector=mapped → Returns methods from LocalMappedConnector connector=kafka_vSept2018 → Returns methods from KafkaConnector connector=star → Returns methods from StarConnector connector=rest_vMar2019 → Returns methods from RestConnector

When Does It Change?

The list only changes when: Code is deployed with new/modified connector methods The connector property is changed to point to a different connector

Performance

This endpoint uses caching (default: 1 hour) because Scala reflection is expensive. Configure via: getConnectorMethodNames.cache.ttl.seconds=3600

Use Case

Use this endpoint to discover which connector methods are available when configuring Method Routing. These method names are different from API endpoint operation IDs (which you get from /resource-docs).

Get API metrics rows. These are records of each REST API call.

require CanReadMetrics role

NOTE: Automatic from_date Default

If you do not provide a from_date parameter, this endpoint will automatically set it to: now - 9 minutes ago

This prevents accidentally querying all metrics since Unix Epoch and ensures reasonable response times. For historical/reporting queries, always explicitly specify your desired from_date.