=begin
#Cybrid Bank API
## Cybrid API documentation Welcome to Cybrid, an all-in-one crypto platform that enables you to easily **build** and **launch** white-label crypto products or services. In these documents, you'll find details on how our REST API operates and generally how our platform functions. If you're looking for our UI SDK Widgets for Web or Mobile (iOS/Android), generated API clients, or demo applications, head over to our [Github repo](https://github.com/Cybrid-app). 💡 We recommend bookmarking the [Cybrid LinkTree](https://linktr.ee/cybridtechnologies) which contains many helpful links to platform resources. ## Getting Started This is Cybrid's public interactive API documentation, which allows you to fully test our APIs. If you'd like to use a different tool to exercise our APIs, you can download the [Open API 3.0 yaml](https://bank.demo.cybrid.app/api/schema/v1/swagger.yaml) for import. If you're new to our APIs and the Cybrid Platform, follow the below guides to get set up and familiar with the platform: 1. [Getting Started in the Cybrid Sandbox](https://www.cybrid.xyz/guides/getting-started) 2. [Getting Ready for Trading](https://www.cybrid.xyz/guides/getting-ready-for-trading) 3. [Running the Web Demo App](https://www.cybrid.xyz/guides/running-the-cybrid-web-demo-crypto-app) (or, alternatively, [Testing with Hosted Web Demo App](https://www.cybrid.xyz/guides/testing-with-the-web-demo-crypo-app)) In [Getting Started in the Cybrid Sandbox](https://www.cybrid.xyz/guides/getting-started), we walk you through how to use the [Cybrid Sandbox](https://id.demo.cybrid.app/) to create a test bank, generate API keys, and set banks fees. In [Getting Ready for Trading](https://www.cybrid.xyz/guides/getting-ready-for-trading), we walk through creating customers, customer identities, accounts, as well as executing quotes and trades. If you've already run through the first two guides, you can follow the [Running the Web Demo App](https://www.cybrid.xyz/guides/running-the-cybrid-web-demo-crypto-app) guide to test our web SDK with your sandbox `bank` and `customer`. ## Working with the Cybrid Platform There are three primary ways you can interact with the Cybrid platform: 1. Directly via our RESTful API (this documentation) 2. Using our API clients available in a variety of languages ([Angular](https://github.com/Cybrid-app/cybrid-api-bank-angular), [Java](https://github.com/Cybrid-app/cybrid-api-bank-java), [Kotlin](https://github.com/Cybrid-app/cybrid-api-bank-kotlin), [Python](https://github.com/Cybrid-app/cybrid-api-bank-python), [Ruby](https://github.com/Cybrid-app/cybrid-api-bank-ruby), [Swift](https://github.com/Cybrid-app/cybrid-api-bank-swift) or [Typescript](https://github.com/Cybrid-app/cybrid-api-bank-typescript)) 3. Integrating a platform specific SDK ([Web](https://github.com/Cybrid-app/cybrid-sdk-web), [Android](https://github.com/Cybrid-app/cybrid-sdk-android), [iOS](https://github.com/Cybrid-app/cybrid-sdk-ios)) Our complete set of APIs allows you to manage resources across three distinct areas: your `Organization`, your `Banks` and your `Identities`. For most of your testing and interaction you'll be using the `Bank` API, which is where the majority of APIs reside. *The complete set of APIs can be found on the following pages:* | API | Description | |------------------------------------------------------------------|-------------------------------------------------------------| | [Organization API](https://organization.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage organizations | | [Bank API](https://bank.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage banks (and all downstream customer activity) | | [Identities API](https://id.demo.cybrid.app/api/schema/swagger-ui) | APIs to manage organization and bank identities | For questions please contact [Support](mailto:support@cybrid.xyz) at any time for assistance, or contact the [Product Team](mailto:product@cybrid.xyz) for product suggestions. ## Authenticating with the API The Cybrid Platform uses OAuth 2.0 Bearer Tokens to authenticate requests to the platform. Credentials to create `Organization` and `Bank` tokens can be generated via the [Cybrid Sandbox](https://id.demo.cybrid.app). Access tokens can be generated for a `Customer` as well via the [Cybrid IdP](https://id.demo.cybrid.app) as well. An `Organization` access token applies broadly to the whole Organization and all of its `Banks`, whereas, a `Bank` access token is specific to an individual Bank. `Customer` tokens, similarly, are scoped to a specific customer in a bank. Both `Organization` and `Bank` tokens can be created using the OAuth Client Credential Grant flow. Each Organization and Bank has its own unique `Client ID` and `Secret` that allows for machine-to-machine authentication. A `Bank` can then generate `Customer` access tokens via API using our [Identities API](https://id.demo.cybrid.app/api/schema/swagger-ui). **⚠️ Never share your Client ID or Secret publicly or in your source code repository.** Your `Client ID` and `Secret` can be exchanged for a time-limited `Bearer Token` by interacting with the Cybrid Identity Provider or through interacting with the **Authorize** button in this document. The following curl command can be used to quickly generate a `Bearer Token` for use in testing the API or demo applications. ``` # Example request when using Bank credentials curl -X POST https://id.demo.cybrid.app/oauth/token -d '{ \"grant_type\": \"client_credentials\", \"client_id\": \"\", \"client_secret\": \"\", \"scope\": \"banks:read banks:write accounts:read accounts:execute customers:read customers:write customers:execute prices:read quotes:execute quotes:read trades:execute trades:read transfers:execute transfers:read rewards:execute rewards:read external_bank_accounts:read external_bank_accounts:write external_bank_accounts:execute workflows:read workflows:execute deposit_addresses:read deposit_addresses:execute\" }' -H \"Content-Type: application/json\" # When using Organization credentials set `scope` to 'organizations:read organizations:write banks:read banks:write banks:execute customers:read accounts:read quotes:read trades:read transfers:read external_bank_accounts:read workflows:read deposit_addresses:read' ``` **⚠️ Note: The above curl will create a bearer token with full scope access. Delete scopes if you'd like to restrict access.** ## Authentication Scopes The Cybrid platform supports the use of scopes to control the level of access a token is limited to. Scopes do not grant access to resources; instead, they provide limits, in support of the least privilege principal. The following scopes are available on the platform and can be requested when generating either an Organization, Bank or Customer token. Generally speaking, the _Read_ scope is required to read and list resources, the _Write_ scope is required to update a resource and the _Execute_ scope is required to create a resource. | Resource | Read scope (Token Type) | Write scope (Token Type) | Execute scope (Token Type) | |-----------------------|------------------------------------------------------------|-----------------------------------------------|-------------------------------------------------| | Account | accounts:read (Organization, Bank, Customer) | | accounts:execute (Bank, Customer) | | Bank | banks:read (Organization, Bank) | banks:write (Organization, Bank) | banks:execute (Organization) | | Customer | customers:read (Organization, Bank, Customer) | customers:write (Bank, Customer) | customers:execute (Bank) | | Deposit Address | deposit_addresses:read (Organization, Bank, Customer) | deposit_addresses:write (Bank, Customer) | deposit_addresses:execute (Bank, Customer) | | External Bank Account | external_bank_accounts:read (Organization, Bank, Customer) | external_bank_accounts:write (Bank, Customer) | external_bank_accounts:execute (Bank, Customer) | | Organization | organizations:read (Organization) | organizations:write (Organization) | | | Price | prices:read (Bank, Customer) | | | | Quote | quotes:read (Organization, Bank, Customer) | | quotes:execute (Bank, Customer) | | Reward | rewards:read (Bank, Customer) | | rewards:execute (Bank) | | Trade | trades:read (Organization, Bank, Customer) | | trades:execute (Bank, Customer) | | Transfer | transfers:read (Organization, Bank, Customer) | | transfers:execute (Bank, Customer) | | Workflow | workflows:read (Organization, Bank, Customer) | | workflows:execute (Bank, Customer) | ## Available Endpoints The available APIs for the [Identity](https://id.demo.cybrid.app/api/schema/swagger-ui), [Organization](https://organization.demo.cybrid.app/api/schema/swagger-ui) and [Bank](https://bank.demo.cybrid.app/api/schema/swagger-ui) API services are listed below: | API Service | Model | API Endpoint Path | Description | |--------------|----------------------|--------------------------------|---------------------------------------------------------------------------------------------------| | Identity | Bank | /api/bank_applications | Create and list banks | | Identity | CustomerToken | /api/customer_tokens | Create customer JWT access tokens | | Identity | Organization | /api/organization_applications | Create and list organizations | | Organization | Organization | /api/organizations | APIs to retrieve and update organization name | | Bank | Account | /api/accounts | Create and list accounts, which hold a specific asset for a customers | | Bank | Asset | /api/assets | Get a list of assets supported by the platform (ex: BTC, ETH) | | Bank | Bank | /api/banks | Create, update and list banks, the parent to customers, accounts, etc | | Bank | BankVerificationKey | /api/bank_verification_keys | Create, list and retrive verification keys, used for signing identities | | Bank | Customer | /api/customers | Create and list customers | | Bank | DepositAddress | /api/deposit_addresses | Create, get and list deposit addresses | | Bank | ExternalBankAccount | /api/external_bank_accounts | Create, get and list external bank accounts, which connect customer bank accounts to the platform | | Bank | FeeConfiguration | /api/fee_configurations | Create and list bank fees (spread or fixed) | | Bank | IdentityRecord | /api/identity_records | Create and list identity records, which are attached to customers for KYC | | Bank | IdentityVerification | /api/identity_verifications | Create and list identity verifications, which are performed on customers for KYC | | Bank | Price | /api/prices | Get the current prices for assets on the platform | | Bank | Quote | /api/quotes | Create and list quotes, which are required to execute trades | | Bank | Reward | /api/rewards | Create a new reward (automates quote/trade for simplicity) | | Bank | Symbol | /api/symbols | Get a list of symbols supported for trade (ex: BTC-USD) | | Bank | Trade | /api/trades | Create and list trades, which buy or sell cryptocurrency | | Bank | Transfer | /api/transfers | Create, get and list transfers (e.g., funding, book) | | Bank | Workflow | /api/workflows | Create, get and list workflows | ## Understanding Object Models & Endpoints **Organizations** An `Organization` is meant to represent the organization partnering with Cybrid to use our platform. An `Organization` does not directly interact with `customers`. Instead, an Organization has one or more `banks`, which encompass the financial service offerings of the platform. **Banks** A `Bank` is owned by an `Organization` and can be thought of as an environment or container for `customers` and product offerings. Banks are created in either `Sandbox` or `Production` mode, where `Sandbox` is the environment that you would test, prototype and build in prior to moving to `Production`. An `Organization` can have multiple `banks`, in either `Sandbox` or `Production` environments. A `Sandbox Bank` will be backed by stubbed data and process flows. For instance, funding source transfer processes as well as trades will be simulated rather than performed, however asset prices are representative of real-world values. You have an unlimited amount of simulated fiat currency for testing purposes. **Customers** `Customers` represent your banking users on the platform. At present, we offer support for `Individuals` as Customers. `Customers` must be verified (i.e., KYC'd) in our system before they can play any part on the platform, which means they must have an associated and valid `Identity Record`. See the Identity Records section for more details on how a customer can be verified. `Customers` must also have an `Account` to be able to transact, in the desired asset class. See the Accounts APIs for more details on setting up accounts for the customer.
The version of the OpenAPI document: v0.62.25
Contact: support@cybrid.app
Generated by: https://openapi-generator.tech
OpenAPI Generator version: 6.0.0
=end
require 'cgi'
module CybridApiBank
class IdentityRecordsBankApi
attr_accessor :api_client
def initialize(api_client = ApiClient.default)
@api_client = api_client
end
# Create Identity Record
# Creates an identity record. ## Identity Records Identity Records verify an individual for inclusion on the platform. This know-your-customer (KYC) process is a requirement for individuals to be able to transact. At present, we offer support for Attestation Identity Records. Once an Identity Record has been submitted, it will be reviewed by our system and transit through a lifecycle before ultimately being `verified` or `failed`. If an Identity Record is ends up `failed`, contextual information as to the reason may be provided on the resource and additional attempts can be made. ## Attestation Identity Records An Attestation Identity Record is a confirmation of fact that the Organization has completed their own KYC process and can vouch for its correctness. Prior to uploading `verified` attestation identity records, an Organization must register their signing public key with their Bank through the create Verification Key API. To create an attestation identity record, a signed JWT is required as proof that the Customer's identity has been verified by the Organization. When creating the JWT, the Organization must use the RS512 signing algorithm. The JWT must contain the following headers: - **alg**: The RS512 algorithm value, e.g., 'RS512'. - **kid**: Set to the guid of the verification key that has been registered for the Bank The JWT must contain the following claims: - **iss**: Set to http://api.cybrid.app/banks/{bank_guid} - **aud**: Set to http://api.cybrid.app - **sub**: Set to http://api.cybrid.app/customers/{customer_guid} - **iat**: Set to the time at which the JWT was issued - **exp**: Set to the time after which the JWT expires - **jti**: Set to a unique identifier for the JWT Example code (python) for generating an Attestation Identity Record JWT token: ```python # Assumes an RSA private key has been generated (`private_key`), a Verification Key has been created and a `verification_key_guid` is available. # # `customer_guid` should be set to the guid assigned to a Customer that has been created. # `bank_guid` should be set to the guid of your bank # import uuid from datetime import datetime, timezone, timedelta from jwcrypto import jwt, jwk from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.serialization import load_pem_private_key algorithm = 'RS512' issued_at = datetime.now(timezone.utc) expired_at = issued_at + timedelta(days=365) with open(\"verification_key.pem\", 'rb') as pem_in: pem_lines = pem_in.read() private_key = load_pem_private_key(pem_lines, None) ### DISCLAIMER:- Since NO ENCRYPTION is used in the key storage/formatting. Please DO NOT use this code in production environment. signing_key = jwk.JWK.from_pem( private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) signing_key.update({\"kid\": verification_key_guid}) attestation_jwt = jwt.JWT( header={ \"alg\": algorithm, \"kid\": verification_key_guid }, claims={ \"iss\": f\"http://api.cybrid.app/banks/{bank_guid}\", \"aud\": \"http://api.cybrid.app\", \"sub\": f\"http://api.cybrid.app/customers/{customer_guid}\", \"iat\": int(issued_at.timestamp()), \"exp\": int(expired_at.timestamp()), \"jti\": str(uuid.uuid4()) }, key=signing_key, algs=[algorithm] ) attestation_jwt.make_signed_token(signing_key) token = attestation_jwt.serialize(compact=True) print(\"Token is : \", token) ``` ## Default Attestation Signing Key The Cybrid Sandbox environment comes provisioned with a default signing key that can be used to perform identity record attestation. The default identity signing key provides a convenient starting point for testing Sandbox flows that require identity attestation, such as executing trades. The signing key can be loaded directly into a client application by passing its PEM encoded value as an environment variable. ``` -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZ75nSfJy/eeuj 4f7EK7i+n4FUDE8BsD/acCdk9Pn56suuDc3SFcMoyjBIoDLZkbRsVfmBEcPDNJOp GNqzoaXa7qe7Yw0qpK9MbNbAYxiyAfxwVHM+ZpwP6M/r3LmsCRFXgNdCjfOzok7u V59hDjfHMMQm/M9ztGVhaJpgozY/7DKk+R6qY/DEBs63eXwfcHE0u0NbS8Y9Qp+6 7cB2f1iuy++5Uut1vx4qdgZ4UFMkwIdTWl/e6LDcdXhk3///T5WOnDlI+S4rhGUO xsAOfOa+T9uqYBr2hbQR9emTEYmwF1lgZ7VU4S9sSjAMKpB/TVlVVOsNhdNSGg6f 6hu7fuadAgMBAAECggEBAMUJL1VyfHVRUY5VoPTTYrBVnaPTjQrFwrVHeRZ5thgS BBxVNqSeMFgMlSLUU6UJasoX4QCkgw1V17qmUfTeTQlnhBaTMzA+vI6oSHCgJ4+o 5AbbE2Zzdt2ba4Cfiu7TM+6c+gGePZtHP32Vku84340jtfRZ1WWSz6YF4K1GYqHe y7I4POotHu2WcSTXYKs2zTu5KAO7gvx7yITVytaiUGUHk9FNyZPDIh0u7e9CAEti BangdYTfvbXAIx9lrg3XQ4gtFXTd0aY/3R9K3SE+s5iWh/SabjV4U7x+MuHZS5kv 8rcLCPQ5kUgiF4bQMy7QznUuNso65SbRJKHaU8UAuIECgYEA7+bNdz/uiN/JxUJY 3xwjD+CG4vXOyEmCioBjllYBeXQyB/VrsdzVrdF2JiECnStPRH6/6nd7/wUcLORv NyrQqnCa5/O8Kv9Z3t4TmxYf+ECIgx+gazehQHptUkr8QWtxceorUC9pu4cUJ8z3 nQLCggHYQ3g7xj73LLZ+5QQBC8kCgYEA6I91Dgs+HZWDMMcGbKV2cMkXK8BTOgZZ 6B6i6flO4tf9U2CPBZsjYLBN5EEuxxy9Yl7rlV7CxAhnnjdIKk2jQbzTPI0qmJfp 397rvdR8bur1OkALj2Tb39fz8z1Qy7AcN8siqXuortZZ5OI9XRWgnG/3B4gUFOnW 4Mr0dhfaxjUCgYEAmVcricehjneMnrtz1thDSQi47yUzES57dE/wV82Nj7ZHrHKg bcW8ByhVnrWG2DMwrZVe0l2hMjZv9fnlZJvHWMo1GYHfipRBO4UzfvO7Z5DIMRfs D9w1A+O9MNahOqeUkb2eBdjoemcy6OXId+Gltje7phSaEHN6xme34GaYzJECgYBP eRbLYdQsT/exJ5JudmzvRgkBDoxie+EljbKmumfW5XDQmWLGy6lfVWCI7C2MJaoi f8WKGgP88dJXIxUqP7XWtSyKuMMhumhV9Nwi1wZe8TQ0X8aTjigFassXCJEfymMa PfTubi/K771wlk/aC5YDX8/PZxVVwEOKNlEsOiKtMQKBgQDqRv5AUHhabqcMfbs7 DTeo/fS/eXJv8MN+CUU2RSrNUKjEdHT2R5KP550TyXr1JXLKpEEZu8wvvaQDV4Dw p0Eij6bKsh03X38NR+C5SxonXPosdvoiXR8uUgya2f/aJYV+aWZ9euFgYZAXf/0Q MnWdKylfZlV50XP2KFn07wPs7w== -----END PRIVATE KEY----- ``` A corresponding public verification key can be retrieved from the Cybrid Banks API using the `/api/bank_verification_keys` endpoint. Performing a `get` request to this endpoint returns the available Verification Key records, the first of which is the provisioned default. The endpoint can be hit directly or by using the Cybrid Banks API client: ```python ... api_client = cybrid_api_bank.ApiClient(configuration) api_instance = verification_keys_bank_api.VerificationKeysBankApi(api_client) verification_keys = api_instance.list_verification_keys() verification_key = verification_keys.objects[0] ``` Once available to the application, the signing key and Verification Key record can be used in conjunction to create the attestation JWT. The Verification Key's GUID is passed as the JWT's `kid` while the signing key is used to sign the JWT. ## Attestation State | State | Description | |-------|-------------| | storing | The Platform is storing the attestation in our private store | | pending | The Platform is verifying the attestation's JWT | | verified | The Platform has verified the attestation and the customer is able to transact | | failed | The Platform was not able to verify the attestation and the customer is not able to transact | Required scope: **customers:write**
# @param post_identity_record_bank_model [PostIdentityRecordBankModel]
# @param [Hash] opts the optional parameters
# @return [IdentityRecordBankModel]
def create_identity_record(post_identity_record_bank_model, opts = {})
data, _status_code, _headers = create_identity_record_with_http_info(post_identity_record_bank_model, opts)
data
end
# Create Identity Record
# Creates an identity record. ## Identity Records Identity Records verify an individual for inclusion on the platform. This know-your-customer (KYC) process is a requirement for individuals to be able to transact. At present, we offer support for Attestation Identity Records. Once an Identity Record has been submitted, it will be reviewed by our system and transit through a lifecycle before ultimately being `verified` or `failed`. If an Identity Record is ends up `failed`, contextual information as to the reason may be provided on the resource and additional attempts can be made. ## Attestation Identity Records An Attestation Identity Record is a confirmation of fact that the Organization has completed their own KYC process and can vouch for its correctness. Prior to uploading `verified` attestation identity records, an Organization must register their signing public key with their Bank through the create Verification Key API. To create an attestation identity record, a signed JWT is required as proof that the Customer's identity has been verified by the Organization. When creating the JWT, the Organization must use the RS512 signing algorithm. The JWT must contain the following headers: - **alg**: The RS512 algorithm value, e.g., 'RS512'. - **kid**: Set to the guid of the verification key that has been registered for the Bank The JWT must contain the following claims: - **iss**: Set to http://api.cybrid.app/banks/{bank_guid} - **aud**: Set to http://api.cybrid.app - **sub**: Set to http://api.cybrid.app/customers/{customer_guid} - **iat**: Set to the time at which the JWT was issued - **exp**: Set to the time after which the JWT expires - **jti**: Set to a unique identifier for the JWT Example code (python) for generating an Attestation Identity Record JWT token: ```python # Assumes an RSA private key has been generated (`private_key`), a Verification Key has been created and a `verification_key_guid` is available. # # `customer_guid` should be set to the guid assigned to a Customer that has been created. # `bank_guid` should be set to the guid of your bank # import uuid from datetime import datetime, timezone, timedelta from jwcrypto import jwt, jwk from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.serialization import load_pem_private_key algorithm = 'RS512' issued_at = datetime.now(timezone.utc) expired_at = issued_at + timedelta(days=365) with open(\"verification_key.pem\", 'rb') as pem_in: pem_lines = pem_in.read() private_key = load_pem_private_key(pem_lines, None) ### DISCLAIMER:- Since NO ENCRYPTION is used in the key storage/formatting. Please DO NOT use this code in production environment. signing_key = jwk.JWK.from_pem( private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) signing_key.update({\"kid\": verification_key_guid}) attestation_jwt = jwt.JWT( header={ \"alg\": algorithm, \"kid\": verification_key_guid }, claims={ \"iss\": f\"http://api.cybrid.app/banks/{bank_guid}\", \"aud\": \"http://api.cybrid.app\", \"sub\": f\"http://api.cybrid.app/customers/{customer_guid}\", \"iat\": int(issued_at.timestamp()), \"exp\": int(expired_at.timestamp()), \"jti\": str(uuid.uuid4()) }, key=signing_key, algs=[algorithm] ) attestation_jwt.make_signed_token(signing_key) token = attestation_jwt.serialize(compact=True) print(\"Token is : \", token) ``` ## Default Attestation Signing Key The Cybrid Sandbox environment comes provisioned with a default signing key that can be used to perform identity record attestation. The default identity signing key provides a convenient starting point for testing Sandbox flows that require identity attestation, such as executing trades. The signing key can be loaded directly into a client application by passing its PEM encoded value as an environment variable. ``` -----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDZ75nSfJy/eeuj 4f7EK7i+n4FUDE8BsD/acCdk9Pn56suuDc3SFcMoyjBIoDLZkbRsVfmBEcPDNJOp GNqzoaXa7qe7Yw0qpK9MbNbAYxiyAfxwVHM+ZpwP6M/r3LmsCRFXgNdCjfOzok7u V59hDjfHMMQm/M9ztGVhaJpgozY/7DKk+R6qY/DEBs63eXwfcHE0u0NbS8Y9Qp+6 7cB2f1iuy++5Uut1vx4qdgZ4UFMkwIdTWl/e6LDcdXhk3///T5WOnDlI+S4rhGUO xsAOfOa+T9uqYBr2hbQR9emTEYmwF1lgZ7VU4S9sSjAMKpB/TVlVVOsNhdNSGg6f 6hu7fuadAgMBAAECggEBAMUJL1VyfHVRUY5VoPTTYrBVnaPTjQrFwrVHeRZ5thgS BBxVNqSeMFgMlSLUU6UJasoX4QCkgw1V17qmUfTeTQlnhBaTMzA+vI6oSHCgJ4+o 5AbbE2Zzdt2ba4Cfiu7TM+6c+gGePZtHP32Vku84340jtfRZ1WWSz6YF4K1GYqHe y7I4POotHu2WcSTXYKs2zTu5KAO7gvx7yITVytaiUGUHk9FNyZPDIh0u7e9CAEti BangdYTfvbXAIx9lrg3XQ4gtFXTd0aY/3R9K3SE+s5iWh/SabjV4U7x+MuHZS5kv 8rcLCPQ5kUgiF4bQMy7QznUuNso65SbRJKHaU8UAuIECgYEA7+bNdz/uiN/JxUJY 3xwjD+CG4vXOyEmCioBjllYBeXQyB/VrsdzVrdF2JiECnStPRH6/6nd7/wUcLORv NyrQqnCa5/O8Kv9Z3t4TmxYf+ECIgx+gazehQHptUkr8QWtxceorUC9pu4cUJ8z3 nQLCggHYQ3g7xj73LLZ+5QQBC8kCgYEA6I91Dgs+HZWDMMcGbKV2cMkXK8BTOgZZ 6B6i6flO4tf9U2CPBZsjYLBN5EEuxxy9Yl7rlV7CxAhnnjdIKk2jQbzTPI0qmJfp 397rvdR8bur1OkALj2Tb39fz8z1Qy7AcN8siqXuortZZ5OI9XRWgnG/3B4gUFOnW 4Mr0dhfaxjUCgYEAmVcricehjneMnrtz1thDSQi47yUzES57dE/wV82Nj7ZHrHKg bcW8ByhVnrWG2DMwrZVe0l2hMjZv9fnlZJvHWMo1GYHfipRBO4UzfvO7Z5DIMRfs D9w1A+O9MNahOqeUkb2eBdjoemcy6OXId+Gltje7phSaEHN6xme34GaYzJECgYBP eRbLYdQsT/exJ5JudmzvRgkBDoxie+EljbKmumfW5XDQmWLGy6lfVWCI7C2MJaoi f8WKGgP88dJXIxUqP7XWtSyKuMMhumhV9Nwi1wZe8TQ0X8aTjigFassXCJEfymMa PfTubi/K771wlk/aC5YDX8/PZxVVwEOKNlEsOiKtMQKBgQDqRv5AUHhabqcMfbs7 DTeo/fS/eXJv8MN+CUU2RSrNUKjEdHT2R5KP550TyXr1JXLKpEEZu8wvvaQDV4Dw p0Eij6bKsh03X38NR+C5SxonXPosdvoiXR8uUgya2f/aJYV+aWZ9euFgYZAXf/0Q MnWdKylfZlV50XP2KFn07wPs7w== -----END PRIVATE KEY----- ``` A corresponding public verification key can be retrieved from the Cybrid Banks API using the `/api/bank_verification_keys` endpoint. Performing a `get` request to this endpoint returns the available Verification Key records, the first of which is the provisioned default. The endpoint can be hit directly or by using the Cybrid Banks API client: ```python ... api_client = cybrid_api_bank.ApiClient(configuration) api_instance = verification_keys_bank_api.VerificationKeysBankApi(api_client) verification_keys = api_instance.list_verification_keys() verification_key = verification_keys.objects[0] ``` Once available to the application, the signing key and Verification Key record can be used in conjunction to create the attestation JWT. The Verification Key's GUID is passed as the JWT's `kid` while the signing key is used to sign the JWT. ## Attestation State | State | Description | |-------|-------------| | storing | The Platform is storing the attestation in our private store | | pending | The Platform is verifying the attestation's JWT | | verified | The Platform has verified the attestation and the customer is able to transact | | failed | The Platform was not able to verify the attestation and the customer is not able to transact | Required scope: **customers:write**
# @param post_identity_record_bank_model [PostIdentityRecordBankModel]
# @param [Hash] opts the optional parameters
# @return [Array<(IdentityRecordBankModel, Integer, Hash)>] IdentityRecordBankModel data, response status code and response headers
def create_identity_record_with_http_info(post_identity_record_bank_model, opts = {})
if @api_client.config.debugging
@api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.create_identity_record ...'
end
# verify the required parameter 'post_identity_record_bank_model' is set
if @api_client.config.client_side_validation && post_identity_record_bank_model.nil?
fail ArgumentError, "Missing the required parameter 'post_identity_record_bank_model' when calling IdentityRecordsBankApi.create_identity_record"
end
# resource path
local_var_path = '/api/identity_records'
# query parameters
query_params = opts[:query_params] || {}
# header parameters
header_params = opts[:header_params] || {}
# HTTP header 'Accept' (if needed)
header_params['Accept'] = @api_client.select_header_accept(['application/json'])
# HTTP header 'Content-Type'
content_type = @api_client.select_header_content_type(['application/json'])
if !content_type.nil?
header_params['Content-Type'] = content_type
end
# form parameters
form_params = opts[:form_params] || {}
# http body (model)
post_body = opts[:debug_body] || @api_client.object_to_http_body(post_identity_record_bank_model)
# return_type
return_type = opts[:debug_return_type] || 'IdentityRecordBankModel'
# auth_names
auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2']
new_options = opts.merge(
:operation => :"IdentityRecordsBankApi.create_identity_record",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
:body => post_body,
:auth_names => auth_names,
:return_type => return_type
)
data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
if @api_client.config.debugging
@api_client.config.logger.debug "API called: IdentityRecordsBankApi#create_identity_record\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
# Get Identity Record
# Retrieves an identity record. Required scope: **customers:read**
# @param identity_record_guid [String] Identifier for the identity record.
# @param [Hash] opts the optional parameters
# @return [IdentityRecordBankModel]
def get_identity_record(identity_record_guid, opts = {})
data, _status_code, _headers = get_identity_record_with_http_info(identity_record_guid, opts)
data
end
# Get Identity Record
# Retrieves an identity record. Required scope: **customers:read**
# @param identity_record_guid [String] Identifier for the identity record.
# @param [Hash] opts the optional parameters
# @return [Array<(IdentityRecordBankModel, Integer, Hash)>] IdentityRecordBankModel data, response status code and response headers
def get_identity_record_with_http_info(identity_record_guid, opts = {})
if @api_client.config.debugging
@api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.get_identity_record ...'
end
# verify the required parameter 'identity_record_guid' is set
if @api_client.config.client_side_validation && identity_record_guid.nil?
fail ArgumentError, "Missing the required parameter 'identity_record_guid' when calling IdentityRecordsBankApi.get_identity_record"
end
# resource path
local_var_path = '/api/identity_records/{identity_record_guid}'.sub('{' + 'identity_record_guid' + '}', CGI.escape(identity_record_guid.to_s))
# query parameters
query_params = opts[:query_params] || {}
# header parameters
header_params = opts[:header_params] || {}
# HTTP header 'Accept' (if needed)
header_params['Accept'] = @api_client.select_header_accept(['application/json'])
# form parameters
form_params = opts[:form_params] || {}
# http body (model)
post_body = opts[:debug_body]
# return_type
return_type = opts[:debug_return_type] || 'IdentityRecordBankModel'
# auth_names
auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2']
new_options = opts.merge(
:operation => :"IdentityRecordsBankApi.get_identity_record",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
:body => post_body,
:auth_names => auth_names,
:return_type => return_type
)
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
@api_client.config.logger.debug "API called: IdentityRecordsBankApi#get_identity_record\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
# List Identity Records
# Retrieves a listing of identity records for a bank. Required scope: **customers:read**
# @param [Hash] opts the optional parameters
# @option opts [String] :customer_guid Comma separated customer identifier to list identity records for.
# @option opts [Integer] :page
# @option opts [Integer] :per_page
# @return [IdentityRecordListBankModel]
def list_identity_records(opts = {})
data, _status_code, _headers = list_identity_records_with_http_info(opts)
data
end
# List Identity Records
# Retrieves a listing of identity records for a bank. Required scope: **customers:read**
# @param [Hash] opts the optional parameters
# @option opts [String] :customer_guid Comma separated customer identifier to list identity records for.
# @option opts [Integer] :page
# @option opts [Integer] :per_page
# @return [Array<(IdentityRecordListBankModel, Integer, Hash)>] IdentityRecordListBankModel data, response status code and response headers
def list_identity_records_with_http_info(opts = {})
if @api_client.config.debugging
@api_client.config.logger.debug 'Calling API: IdentityRecordsBankApi.list_identity_records ...'
end
if @api_client.config.client_side_validation && !opts[:'page'].nil? && opts[:'page'] < 0
fail ArgumentError, 'invalid value for "opts[:"page"]" when calling IdentityRecordsBankApi.list_identity_records, must be greater than or equal to 0.'
end
if @api_client.config.client_side_validation && !opts[:'per_page'].nil? && opts[:'per_page'] > 100
fail ArgumentError, 'invalid value for "opts[:"per_page"]" when calling IdentityRecordsBankApi.list_identity_records, must be smaller than or equal to 100.'
end
if @api_client.config.client_side_validation && !opts[:'per_page'].nil? && opts[:'per_page'] < 1
fail ArgumentError, 'invalid value for "opts[:"per_page"]" when calling IdentityRecordsBankApi.list_identity_records, must be greater than or equal to 1.'
end
# resource path
local_var_path = '/api/identity_records'
# query parameters
query_params = opts[:query_params] || {}
query_params[:'customer_guid'] = opts[:'customer_guid'] if !opts[:'customer_guid'].nil?
query_params[:'page'] = opts[:'page'] if !opts[:'page'].nil?
query_params[:'per_page'] = opts[:'per_page'] if !opts[:'per_page'].nil?
# header parameters
header_params = opts[:header_params] || {}
# HTTP header 'Accept' (if needed)
header_params['Accept'] = @api_client.select_header_accept(['application/json'])
# form parameters
form_params = opts[:form_params] || {}
# http body (model)
post_body = opts[:debug_body]
# return_type
return_type = opts[:debug_return_type] || 'IdentityRecordListBankModel'
# auth_names
auth_names = opts[:debug_auth_names] || ['BearerAuth', 'oauth2']
new_options = opts.merge(
:operation => :"IdentityRecordsBankApi.list_identity_records",
:header_params => header_params,
:query_params => query_params,
:form_params => form_params,
:body => post_body,
:auth_names => auth_names,
:return_type => return_type
)
data, status_code, headers = @api_client.call_api(:GET, local_var_path, new_options)
if @api_client.config.debugging
@api_client.config.logger.debug "API called: IdentityRecordsBankApi#list_identity_records\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
end
return data, status_code, headers
end
end
end