Log In / Register

API Consumer Identity Types

The APIs in the Apiture Digital Banking API catalog are defined using documents which adhere to the OpenAPI Specification (OAS). You may download the OpenAPI document for each API in either JSON or YAML format from the catalog.

An OpenAPI document may have additional metadata using Specification Extensions of OAS. Apiture APIs use Specificiation Extensions to describe the intended API consumer for each API.

For example, the Platform Encryption API defines the getPublicEncryptionKey operation, which allows a client to obtain a public encryption key in order to encrypt sensitive data (such as personally identifiable information or PII) before transmitting such data to an Apiture API service. This operation is documents the following

This operation is designed to be called from the following identity types:

  • Banking customer
  • Secure service client

That is, this operation may be used from two possible client application contexts:

  • A banking application used by a banking customer who is logged in (authenticated) with their financial institution
  • A secure service (back office) application which uses Client Credentials rather than a banking customer identity.

Downloading the openapi.yaml OpenAPI source for the Platform Encryption API shows the use of the x-apiture-identity-types specification extension within the getPublicEncryptionKey operation:

      x-apiture-identity-types:
        - bankingCustomer
        - serviceClient

The x-apiture-identity-types specification extension contains a list of values which indicates which identity may use the operation. This annotation supports the following identity types:

  • apitureAdmin : API is invoked from an administrative client application on behalf of an Apiture administrator who has authenticated with OAuth2 Authorization Code Flow
  • apitureSystem : API is invoked from a client application on behalf of the Apiture Digital Banking system
  • bankingCustomer : API is invoked from a client application on behalf of a banking customer who has authenticated with OAuth2 Authorization Code Flow
  • operator : API is invoked from an administrative client application on behalf of a financial institution operator who has authenticated with OAuth2 Authorization Code Flow
  • serviceClient : API is invoked from a client application on behalf of an secure service client, authenticated with Client Credentials

The x-apiture-identity-types specification extension may appear at the top-level of an OpenAPI document to indicate that the default identity types for all operations in the API. However, if the x-apiture-identity-types specification extension appears within an API operation object within the OpenAPI document, that operation follows the identity types defined there instead of at the top of the OpenAPI document. That is, operations within an API may override the identity types defined for that API.