Fidor API for Developers - Patrick Gruban - Pirates of Banking, Fidor Developer Day 2014, Munich
-
Upload
fidor-bank-ag -
Category
Economy & Finance
-
view
114 -
download
1
description
Transcript of Fidor API for Developers - Patrick Gruban - Pirates of Banking, Fidor Developer Day 2014, Munich
Fidor API for Developers
Current APIs
2
• Payment API
• Connect API
• Reservation API
• Legacy APIs for Partners
Goals for our APIs
3
• Easy to understand • Easy to setup • Easy to use • Powerful
Standardized Approach
4
APIs Version 1: Objects
5
Account
User
Customer
Transaction
Transfer Batch Transfer
Batch Direct Debit
SEPA Mandate
1:1
1:1
1:11:n
1:n
1:n
1:n
1:n
Endpoints: User and Customers
6
{ !! "id": "5232",!! "email": "[email protected]"!}
GET /users/current
{!! "customers": [!! ! {!! ! ! "id": "16696412",!! ! ! "title": "Herr",!! ! ! "firstname": "Patrick",!! ! ! "lastname": "Gruban"!! ! }!! ! ]!}
GET /users/current/customers
Endpoints: Accounts
7
{ !! "id": "16696412",!! "number": "0271626878",!! "iban": "DE13700222000271626878",!! "balance": "28.70",!! "balance_available": "20.70",!! "preauth_amount": "8.70",!! ! "customers": [!! ! ! {!! ! ! ! "id": "16696412",!! ! ! ! "title": "Herr",!! ! ! ! "firstname": "Patrick",!! ! ! ! "lastname": "Gruban"!! ! ! }!! ! ! ]!! }!}
GET /users/accounts/16696412
Different detail levels defined by scopes
Scopes - Example: Accounts
8
{! "read_account_number" : {! "context" : "accounts",! "privileges" : ["index", "show"],! "fields" : ["iban", "number"]! },!! "read_account_balance" : {! "context" : "accounts",! "privileges" : ["index", "show"],! "fields" : ["balance", "balance_available", "preauth_amount", ! ! ! ! "cash_flow_per_year"]! },!! "read_account_state" : {! "context" : "accounts",! "privileges" : ["index", "show"],! "fields" : ["is_trust", "is_locked"]! }!}
Possible API Actions
Accessible Fields
Rules for accessing 3rd Party Accounts
9
• Request only the minimal set of data you need • Some permissions will make a review of the application necessary • The users has to understand what he is giving permission to
(OAuth-Screen) • The user can only accept or deny the whole set • Every change in the requested permissions means that the user has
to accept again • The user can revoke his permissions at any time
Application Manager
10
Application Manager for Developers
11
Add/Edit an Application Browse the Documentation
Set the Permissions
Make Security Settings
Create a Token
Download the SdK
Edit Texts and Upload Icon
Test EndpointsAdd a API Package
Statistics
Security
12
• Restrict Access by IP-Address
• Define Domain for OAuth flow and callbacks
• Enable Call Signing
• JWT - JSON Web Token (Bearer Token)
Future Endpoints Version 2 (tbc)
13
Object Actions Description
Customer (updated) create, validate email Create a customer (which will also create user and account)
Transaction (updated) assign project, return Mark a transaction for crowd funding or return an incoming transaction
Transfer (updated) confirm by mtan After a transfer is created the owner of the account has to enter a mtan
KYC Verification show, list, create Upload KYC verfication data an document scans
Debit Transfer list, show, create, destroy Like Transfer but for direct debit
Funding Project list, show, create, destroy Add and update projects for crowdfunding and crowdfinancing platforms
Future Endpoints Version 3 (tbc)
14
Object Actions Description
Finance Status show Data from the Finance Status page of the user
Transfer (updated) borrowing
E-Box show
Reservation show, create, update, create transfer
see Reservation Payment API
Checkout show, create Checkout API
Community: Newsstream list, show, create
Community: Money Q&A list, show, create