Apiture Developers Apiture Developers

Menu

  • Explore API Banking
    • API Digital Banking
    • Embedded Banking
    • Contact Us
  • Developers
    • Quick Start Guide
    • Embedded Banking
    • Events Reference
    • Authenticated Portal
  • API Documentation
    • Reference
Log In / Register
Apiture Developers Apiture Developers
Log In / Register
Apiture Developers

Menu

  • Explore API Banking
    • API Digital Banking
    • Embedded Banking
    • Contact Us
  • Developers
    • Quick Start Guide
    • Embedded Banking
    • Events Reference
    • Authenticated Portal
  • API Documentation
    • Reference

API Documentation

  • folder icon closed folder iconGetting Started
  • folder icon closed folder iconConcepts
    • API Keys
    • Authorization and Authentication
    • Access Tokens
    • Resources and URI Structure
    • Resource Collections
    • Resource Sets
    • Scopes & Entitlements
    • Error Responses
    • Error Types
    • Dry Runs
    • Markdown
    • Idempotent Operations
    • Collection Pagination
    • Collection Filtering
    • Transfers
    • Business Transfers
    • Cutoff Times
    • Identity Challenges
  • folder icon closed folder iconGuides
    • Authenticate Users in your App using OpenID Connect with PKCE
    • Authenticate using OAuth 2.0 Client Credentials Flow
    • Getting a List of Accounts
    • Listing the Balances for Accounts
    • Using Pagination
    • Creating a One-Time Transfer
    • Listing Transfers
    • Retrieving Business Transfer Information
    • Completing an Identity Challenge
  • folder icon closed folder iconAPI Reference
  • folder icon closed folder iconRelease Notes

Scopes & Entitlements

  • folder icon closed folder iconAPI Documentation
    • Getting Started
    • Concepts
      • API Keys
      • Authorization and Authentication
      • Access Tokens
      • Resources and URI Structure
      • Resource Collections
      • Resource Sets
      • Scopes & Entitlements
      • Error Responses
      • Error Types
      • Dry Runs
      • Markdown
      • Idempotent Operations
      • Collection Pagination
      • Collection Filtering
      • Transfers
      • Business Transfers
      • Cutoff Times
      • Identity Challenges
    • Guides
      • Authenticate Users in your App using OpenID Connect with PKCE
      • Authenticate using OAuth 2.0 Client Credentials Flow
      • Getting a List of Accounts
      • Listing the Balances for Accounts
      • Using Pagination
      • Creating a One-Time Transfer
      • Listing Transfers
      • Retrieving Business Transfer Information
      • Completing an Identity Challenge
    • API Reference
    • Release Notes
  • folder icon closed folder iconAuthenticated Portal
    • Getting Started
      • Registration
      • Profile
    • Concepts
      • Environments
      • Products
    • Managing your Applications
      • Creating Applications
      • Creating Data Direct: Real-Time Webhooks
      • Editing Applications
      • Application Owners
      • Getting Application Keys and IDs
      • Continue your Project
    • Release Notes
      • Developer Portal 1.0
      • Developer Portal 1.1
  • folder icon closed folder iconEmbedded Banking
    • Getting Started
    • Concepts
      • Overview
      • Managing User Credentials
      • Components
      • Registering your Application
      • Terminology
      • Encryption and Authentication
    • Guides
      • Component Customization
      • Customization Examples
      • Initializing Components
      • Event Handling and Data Processing
    • Release Notes
      • EB v1.0 Release Notes
      • EB v1.2.2 Release Notes
      • EB v1.3 Release Notes
      • Developer Portal 1.0 Update
  • folder icon closed folder iconEvents
    • Introduction
    • Guides
      • General Structure
      • Field Annotations
      • Customer Onboarding Data Direct: Real-Time
    • Data Delivery
      • Flat File Delivery
      • Snowflake Delivery
      • Event History API
      • Real-time / Webhooks

Scopes & Entitlements

For security purposes, applications and users should only be able to perform actions that they are authorized to do. An application that views transactions should not be able to change the customer’s profile. Similarly, a customer with many accounts may not be allowed to transfer money out of every account, only a select few.

Scopes define which API operations a client application can call. Entitlements define which data an authenticated user can access when performing operations. While these two concepts are similar, scopes only apply to digital applications while entitlements apply to human users.

Scopes

Scopes are the abilities the application is authorized to access. If an application is not authorized to perform an operation, it will never be able to do so regardless of any user entitlements.

If an application is not authorized with a specific scope, the operation fails with a 403 error. For more information on Authorization and Authentication, see this article.

When a scope is needed to use a function, it is noted in the API documentation. For example, the listAccounts function requires the banking/read scope. This is noted in the API with the note:

This operation requires authentication by one of the following methods:

  • accessToken using scope banking/read

Scope

 

Description

 

Operations

 

profile/read

Read access to customer and business profile information.

 

profile/write

Create, write, and delete access to customer and business profile information.

 

 banking/read

Read access to banking data and resources related to customer’s accounts.

  • getAccount

  • getTransfer

  • listAccountBalances

  • listAccounts

  • listTransactions

  • listTransfers

banking/write

Read, write, and delete access to banking data and resources related to customer’s accounts.

 

moneyMovement/write

Create and write access to move money to and from customer’s accounts.

  • createTransfer

  • deleteTransfer

  • patchTransfer

data/read

Read access to other non-account, non-banking, non-profile data, such as financial institution data and settings.

  • listTransferSchedule

  • lookUpInstitutionByLocator

Entitlements

Entitlements are the abilities authenticated users have while using their online bank.  For instance, a user may have the ability to make transfers into one financial account, but not make transfers into a different account. The customer is only given the entitlement to make transfers on specific accounts, and will not be able to make a transfer to accounts if they do not have the entitlement for those account.

Entitlement checks often occur in the context of an account or other banking resource, such as a business payment batch. Each entitlement is granted individually to a customer. There is no way to group entitlements together.

The API documentation notes what entitlements are required for API operations. The documentation also covers how to check if the currently authenticated customer has those entitlements. Typically, this is documented in an allows property that contains a permissions schema unique to that resource. For example for an account there is an account.allows property that has an accountPermsisions schema.

Example entitlements may look like:

{ ...
{ "approve": false, "edit": false, "submit": true, "delete": false},
...}

How can we help?

Get support for your issues.

Explore API Banking

  • API Digital Banking
  • Embedded Banking
  • Contact Us

Developers

  • Get Started Guide
  • API Reference
  • Embedded Banking

More

  • Apiture.com

Privacy Policy

© 2023 Apiture Inc.   |   All Rights Reserved