=begin #Cybrid Bank API ## Welcome Welcome to the Cybrid platform; enabling turnkey crypto banking services! In these documents, you will find information on the operations provided by our platform, as well as details on how our REST API operates more generally. Our complete set of APIs allows you to manage all your resources: your Organization, your banks and your identities. The complete set of APIs can be found on the following pages: | API | Description | |----------------------------------------------------------------|------------------------------| | [Organization API](https://organization.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage organizations | | [Bank API](https://bank.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage banks | | [Identities API](https://id.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage identities | When you're ready, [request access](https://www.cybrid.xyz/access) to your Dashboard to view and administer your Organization. Once you've logged in, you can begin creating Banks, either for sandbox or production usage, and start enabling your customers to leverage DeFi and web3 with confidence. If you have any questions, please contact [Support](mailto:support@cybrid.app) at any time so that we can help. ## Authentication The Cybrid Platform uses OAuth 2.0 Bearer Tokens to authenticate requests to the platform. Credentials to create Organization and Bank tokens can be generated via your Dashboard ([request access](https://www.cybrid.xyz/access)). An Organization Token applies broadly to the whole Organization and all of its Banks, whereas, a Bank Token is specific to an individual Bank. Both Organization and Bank tokens can be created using the OAuth Client Credential Grant flow. Each Organization and Bank has its own unique Client ID and Secret that allows for machine-to-machine authentication. **Never share your Client ID or Secret publicly or in your source code repository** Your Client ID and Secret can be exchanged for a time-limited Bearer Token by interacting with the Cybrid Identity Provider or through interacting with the **Authorize** button in this document: ``` curl -X POST https://id.demo.cybrid.app/oauth/token -d '{ \"grant_type\": \"client_credentials\", \"client_id\": \"\", \"client_secret\": \"\", \"scope\": \"\" }' -H \"Content-Type: application/json\" ``` ## Scopes The Cybrid platform supports the use of scopes to control the level of access a token is limited to. Scopes do not grant access to resources; instead, they provide limits, in support of the least privilege principal. The following scopes are available on the platform and can be requested when generating either an Organization or a Bank token. Generally speaking, the _Read_ scope is required to read and list resources, the _Write_ scope is required to update a resource and the _Execute_ scope is required to create a resource. | Resource | Read scope | Write scope | Execute scope | Token Type | |---------------|--------------------|----------------------|-------------------|--------------------| | Organizations | organizations:read | organizations:write | | Organization/ Bank | | Banks | banks:read | banks:write | banks:execute | Organization/ Bank | | Customers | customers:read | customers:write | customers:execute | Bank | | Assets | prices:read | | | Bank | | Accounts | accounts:read | | accounts:execute | Bank | | Prices | prices:read | | | Bank | | Symbols | prices:read | | | Bank | | Quotes | quotes:read | | quotes:execute | Bank | | Trades | trades:read | | trades:execute | Bank | ## Organizations An Organization is meant to model the organization partnering with Cybrid to use our platform. An Organization does not directly interact with customers. Instead, an Organization has one or more banks, which encompass the financial service offerings of the platform. ## Banks A Bank is owned by an Organization and can be thought of as an environment or container for Customers and product offerings. An example of a Bank would be your customer facing banking website, or an internal staging environment for testing and integration. An Organization can have multiple banks, in sandbox or production environments. A sandbox Bank will be backed by stubbed data and process flows. For instance, identity record and funding source processes will be simulated rather than performed. ## Customers Customers represent your banking users on the platform. At present, we offer support for Individuals as Customers. Customers must be verified in our system before they can play any part on the platform. See the Identity Records section for more details on how a customer can be verified. Customers must also have an account to be able to transact. See the Accounts APIs for more details on setting up accounts for the customer. The version of the OpenAPI document: v0.18.8 Contact: support@cybrid.app Generated by: https://openapi-generator.tech OpenAPI Generator version: 5.4.0 =end require 'cgi' module CybridApiBank class IdentityRecordsBankApi attr_accessor :api_client def initialize(api_client = ApiClient.default) @api_client = api_client end # Create Identity Record # Creates an identity record. ## Identity Records Identity Records verify an individual for inclusion on the platform. This know-your-customer (KYC) process is a requirement for individuals to be able to transact. At present, we offer support for Attestation Identity Records. Once an Identity Record has been submitted, it will be reviewed by our system and transit through a lifecycle before ultimately being `verified` or `failed`. If an Identity Record is ends up `failed`, contextual information as to the reason may be provided on the resource and additional attempts can be made. ## Attestation Identity Records An Attestation Identity Record is a confirmation of fact that the Organization has completed their own KYC process and can vouch for its correctness. Prior to uploading `verified` attestation identity records, an Organization must register their signing public key with their Bank through the create Verification Key API. To create an attestation identity record, a signed JWT is required as proof that the Customer's identity has been verified by the Organization. When creating the JWT, the Organization must use the RS512 signing algorithm. The JWT must contain the following headers: - **alg**: The RS512 algorithm value, e.g., 'RS512'. - **kid**: Set to the guid of the verification key that has been registered for the Bank The JWT must contain the following claims: - **iss**: Set to http://api.cybrid.app/banks/{bank_guid} - **aud**: Set to http://api.cybrid.app - **sub**: Set to http://api.cybrid.app/customers/{customer_guid} - **iat**: Set to the time at which the JWT was issued - **exp**: Set to the time after which the JWT expires - **jti**: Set to a unique identifier for the JWT Example code (python) for generating an Attestation Identity Record JWT token: ```python # Assumes an RSA private key has been generated (`private_key`), a Verification Key has been created and a `verification_key_guid` is available. # # `customer_guid` should be set to the guid assigned to a Customer that has been created. # `bank_guid` should be set to the guid of your bank # import uuid from datetime import datetime, timezone, timedelta from jwcrypto import jwt, jwk from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.serialization import load_pem_private_key algorithm = 'RS512' issued_at = datetime.now(timezone.utc) expired_at = issued_at + timedelta(days=365) with open(\"verification_key.pem\", 'rb') as pem_in: pem_lines = pem_in.read() private_key = load_pem_private_key(pem_lines, None) ### DISCLAIMER:- Since NO ENCRYPTION is used in the key storage/formatting. Please DO NOT use this code in production environment. signing_key = jwk.JWK.from_pem( private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) signing_key.update({\"kid\": verification_key_guid}) attestation_jwt = jwt.JWT( header={ \"alg\": algorithm, \"kid\": verification_key_guid }, claims={ \"iss\": f\"http://api.cybrid.app/banks/{bank_guid}\", \"aud\": \"http://api.cybrid.app\", \"sub\": f\"http://api.cybrid.app/customers/{customer_guid}\", \"iat\": int(issued_at.timestamp()), \"exp\": int(expired_at.timestamp()), \"jti\": str(uuid.uuid4()) }, key=signing_key, algs=[algorithm] ) attestation_jwt.make_signed_token(signing_key) token = attestation_jwt.serialize(compact=True) print(\"Token is : \", token) ``` ## Attestation State | State | Description | |-------|-------------| | storing | The Platform is storing the attestation in our private store | | pending | The Platform is verifying the attestation's JWT | | verified | The Platform has verified the attestation and the customer is able to transact | | failed | The Platform was not able to verify the attestation and the customer is not able to transact | Required scope: **customers:write** # @param post_identity_record_bank_model [PostIdentityRecordBankModel] # @param [Hash] opts the optional parameters # @return [IdentityRecordBankModel] def create_identity_record(post_identity_record_bank_model, opts = {}) data, _status_code, _headers = create_identity_record_with_http_info(post_identity_record_bank_model, opts) data end # Create Identity Record # Creates an identity record. ## Identity Records Identity Records verify an individual for inclusion on the platform. This know-your-customer (KYC) process is a requirement for individuals to be able to transact. At present, we offer support for Attestation Identity Records. Once an Identity Record has been submitted, it will be reviewed by our system and transit through a lifecycle before ultimately being `verified` or `failed`. If an Identity Record is ends up `failed`, contextual information as to the reason may be provided on the resource and additional attempts can be made. ## Attestation Identity Records An Attestation Identity Record is a confirmation of fact that the Organization has completed their own KYC process and can vouch for its correctness. Prior to uploading `verified` attestation identity records, an Organization must register their signing public key with their Bank through the create Verification Key API. To create an attestation identity record, a signed JWT is required as proof that the Customer's identity has been verified by the Organization. When creating the JWT, the Organization must use the RS512 signing algorithm. The JWT must contain the following headers: - **alg**: The RS512 algorithm value, e.g., 'RS512'. - **kid**: Set to the guid of the verification key that has been registered for the Bank The JWT must contain the following claims: - **iss**: Set to http://api.cybrid.app/banks/{bank_guid} - **aud**: Set to http://api.cybrid.app - **sub**: Set to http://api.cybrid.app/customers/{customer_guid} - **iat**: Set to the time at which the JWT was issued - **exp**: Set to the time after which the JWT expires - **jti**: Set to a unique identifier for the JWT Example code (python) for generating an Attestation Identity Record JWT token: ```python # Assumes an RSA private key has been generated (`private_key`), a Verification Key has been created and a `verification_key_guid` is available. # # `customer_guid` should be set to the guid assigned to a Customer that has been created. # `bank_guid` should be set to the guid of your bank # import uuid from datetime import datetime, timezone, timedelta from jwcrypto import jwt, jwk from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.serialization import load_pem_private_key algorithm = 'RS512' issued_at = datetime.now(timezone.utc) expired_at = issued_at + timedelta(days=365) with open(\"verification_key.pem\", 'rb') as pem_in: pem_lines = pem_in.read() private_key = load_pem_private_key(pem_lines, None) ### DISCLAIMER:- Since NO ENCRYPTION is used in the key storage/formatting. Please DO NOT use this code in production environment. signing_key = jwk.JWK.from_pem( private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) signing_key.update({\"kid\": verification_key_guid}) attestation_jwt = jwt.JWT( header={ \"alg\": algorithm, \"kid\": verification_key_guid }, claims={ \"iss\": f\"http://api.cybrid.app/banks/{bank_guid}\", \"aud\": \"http://api.cybrid.app\", \"sub\": f\"http://api.cybrid.app/customers/{customer_guid}\", \"iat\": int(issued_at.timestamp()), \"exp\": int(expired_at.timestamp()), \"jti\": str(uuid.uuid4()) }, key=signing_key, algs=[algorithm] ) attestation_jwt.make_signed_token(signing_key) token = attestation_jwt.serialize(compact=True) print(\"Token is : \", token) ``` ## Attestation State | State | Description | |-------|-------------| | storing | The Platform is storing the attestation in our private store | | pending | The Platform is verifying the attestation's JWT | | verified | The Platform has verified the attestation and the customer is able to transact | | failed | The Platform was not able to verify the attestation and the customer is not able to transact | Required scope: **customers:write** # @param post_identity_record_bank_model [PostIdentityRecordBankModel] # @param [Hash] opts the optional parameters # @return [Array<(IdentityRecordBankModel, Integer, Hash)>] IdentityRecordBankModel data, response status code and response headers def create_identity_record_with_http_info(post_identity_record_bank_model, opts = {}) if @api_client.config.debugging @api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.create_identity_record ...' end # verify the required parameter 'post_identity_record_bank_model' is set if @api_client.config.client_side_validation && post_identity_record_bank_model.nil? fail ArgumentError, "Missing the required parameter 'post_identity_record_bank_model' when calling IdentityRecordsBankApi.create_identity_record" end # resource path local_var_path = '/api/identity_records' # query parameters query_params = opts[:query_params] || {} # header parameters header_params = opts[:header_params] || {} # HTTP header 'Accept' (if needed) header_params['Accept'] = @api_client.select_header_accept(['application/json']) # HTTP header 'Content-Type' content_type = @api_client.select_header_content_type(['application/json']) if !content_type.nil? header_params['Content-Type'] = content_type end # form parameters form_params = opts[:form_params] || {} # http body (model) post_body = opts[:debug_body] || @api_client.object_to_http_body(post_identity_record_bank_model) # return_type return_type = opts[:debug_return_type] || 'IdentityRecordBankModel' # auth_names auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2'] new_options = opts.merge( :operation => :"IdentityRecordsBankApi.create_identity_record", :header_params => header_params, :query_params => query_params, :form_params => form_params, :body => post_body, :auth_names => auth_names, :return_type => return_type ) data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options) if @api_client.config.debugging @api_client.config.logger.debug "API called: IdentityRecordsBankApi#create_identity_record\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end # Get Identity Record # Retrieves an identity record. Required scope: **customers:read** # @param identity_record_guid [String] Identifier for the identity record. # @param [Hash] opts the optional parameters # @return [IdentityRecordBankModel] def get_identity_record(identity_record_guid, opts = {}) data, _status_code, _headers = get_identity_record_with_http_info(identity_record_guid, opts) data end # Get Identity Record # Retrieves an identity record. Required scope: **customers:read** # @param identity_record_guid [String] Identifier for the identity record. # @param [Hash] opts the optional parameters # @return [Array<(IdentityRecordBankModel, Integer, Hash)>] IdentityRecordBankModel data, response status code and response headers def get_identity_record_with_http_info(identity_record_guid, opts = {}) if @api_client.config.debugging @api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.get_identity_record ...' end # verify the required parameter 'identity_record_guid' is set if @api_client.config.client_side_validation && identity_record_guid.nil? fail ArgumentError, "Missing the required parameter 'identity_record_guid' when calling IdentityRecordsBankApi.get_identity_record" end # resource path local_var_path = '/api/identity_records/{identity_record_guid}'.sub('{' + 'identity_record_guid' + '}', CGI.escape(identity_record_guid.to_s)) # query parameters query_params = opts[:query_params] || {} # header parameters header_params = opts[:header_params] || {} # HTTP header 'Accept' (if needed) header_params['Accept'] = @api_client.select_header_accept(['application/json']) # form parameters form_params = opts[:form_params] || {} # http body (model) post_body = opts[:debug_body] # return_type return_type = opts[:debug_return_type] || 'IdentityRecordBankModel' # auth_names auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2'] new_options = opts.merge( :operation => :"IdentityRecordsBankApi.get_identity_record", :header_params => header_params, :query_params => query_params, :form_params => form_params, :body => post_body, :auth_names => auth_names, :return_type => return_type ) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging @api_client.config.logger.debug "API called: IdentityRecordsBankApi#get_identity_record\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end # List Identity Records # Retrieves a listing of identity records for a bank. Required scope: **customers:read** # @param [Hash] opts the optional parameters # @option opts [String] :customer_guid Comma separated customer identifier to list identity records for. # @option opts [Integer] :page (default to 0) # @option opts [Integer] :per_page (default to 10) # @return [IdentityRecordListBankModel] def list_identity_records(opts = {}) data, _status_code, _headers = list_identity_records_with_http_info(opts) data end # List Identity Records # Retrieves a listing of identity records for a bank. Required scope: **customers:read** # @param [Hash] opts the optional parameters # @option opts [String] :customer_guid Comma separated customer identifier to list identity records for. # @option opts [Integer] :page # @option opts [Integer] :per_page # @return [Array<(IdentityRecordListBankModel, Integer, Hash)>] IdentityRecordListBankModel data, response status code and response headers def list_identity_records_with_http_info(opts = {}) if @api_client.config.debugging @api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.list_identity_records ...' end if @api_client.config.client_side_validation && !opts[:'page'].nil? && opts[:'page'] < 0 fail ArgumentError, 'invalid value for "opts[:"page"]" when calling IdentityRecordsBankApi.list_identity_records, must be greater than or equal to 0.' end if @api_client.config.client_side_validation && !opts[:'per_page'].nil? && opts[:'per_page'] > 100 fail ArgumentError, 'invalid value for "opts[:"per_page"]" when calling IdentityRecordsBankApi.list_identity_records, must be smaller than or equal to 100.' end if @api_client.config.client_side_validation && !opts[:'per_page'].nil? && opts[:'per_page'] < 1 fail ArgumentError, 'invalid value for "opts[:"per_page"]" when calling IdentityRecordsBankApi.list_identity_records, must be greater than or equal to 1.' end # resource path local_var_path = '/api/identity_records' # query parameters query_params = opts[:query_params] || {} query_params[:'customer_guid'] = opts[:'customer_guid'] if !opts[:'customer_guid'].nil? query_params[:'page'] = opts[:'page'] if !opts[:'page'].nil? query_params[:'per_page'] = opts[:'per_page'] if !opts[:'per_page'].nil? # header parameters header_params = opts[:header_params] || {} # HTTP header 'Accept' (if needed) header_params['Accept'] = @api_client.select_header_accept(['application/json']) # form parameters form_params = opts[:form_params] || {} # http body (model) post_body = opts[:debug_body] # return_type return_type = opts[:debug_return_type] || 'IdentityRecordListBankModel' # auth_names auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2'] new_options = opts.merge( :operation => :"IdentityRecordsBankApi.list_identity_records", :header_params => header_params, :query_params => query_params, :form_params => form_params, :body => post_body, :auth_names => auth_names, :return_type => return_type ) data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options) if @api_client.config.debugging @api_client.config.logger.debug "API called: IdentityRecordsBankApi#list_identity_records\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}" end return data, status_code, headers end end end