Bank authorization

to authorize actions in DCM

The Bank should implement a service authorizing DCM actions. JWT specifies "who" (subject) intends to do with "what" (object). The content of JWT must comply with the requirements (see JWT format).

May I use my own JWT?

Yes! You can use your own JWT, but remember to share your public key with us.

The token format is described below. It should be sent in the headerCX-Authorization.

Please note we do not check any permission rules for requests with your own JWT: authorization is done on your side.

If the service found out that the subject is permitted to manipulate the object, a successful response (see details below) should be sent. Otherwise an HTTP 401 (Unauthorized) should be used.

Callback methods

All URIs are relative to main host.

Method

Path

Purpose

"obj" content

GET

/user_auth

user data based on "obj"

Customer Login

GET

/key

user secret key

external id

GET

/external_id

authentication

external id

It is expected for each method to respond within 1 second.

1. GET /user_auth

Request example:

curl "https://{bank's auth host}/user_auth" --header "X-Session-ID:token"

Response example:

{
"external_id":"123456789", // up to 500 symbols
"first_name":"mock",
"last_name":"mock",
"email":"mock@email.com",
"phone":"+12345678901",
"key":"secret"
}

Attributes external_id and key are obligatory in response.

2. GET /key

Request example:

curl "https://{bank's auth host}/key" --header "X-Session-ID:token"

Response example:

{
"key":"secret"
}

3. GET /external_id

Request example:

curl "https://{bank's auth host}/external_id" --header "X-Session-ID:token"

Response example:

{
"external_id":"123456789"
}

PreviousAuthorization via JWT NextJWT format

Last updated 1 year ago