# CybridApiBank::IdentityRecordsBankApi All URIs are relative to *https://bank.demo.cybrid.app* | Method | HTTP request | Description | | ------ | ------------ | ----------- | | [**create_identity_record**](IdentityRecordsBankApi.md#create_identity_record) | **POST** /api/identity_records | Create Identity Record | | [**get_identity_record**](IdentityRecordsBankApi.md#get_identity_record) | **GET** /api/identity_records/{identity_record_guid} | Get Identity Record | | [**list_identity_records**](IdentityRecordsBankApi.md#list_identity_records) | **GET** /api/identity_records | List Identity Records | ## create_identity_record > create_identity_record(post_identity_record_bank_model) Create Identity Record Creates an identity record. ## Identity Records Identity Records verify an individual for inclusion on the platform. This know-your-customer (KYC) process is a requirement for individuals to be able to transact. At present, we offer support for Attestation Identity Records. Once an Identity Record has been submitted, it will be reviewed by our system and transit through a lifecycle before ultimately being `verified` or `failed`. If an Identity Record is ends up `failed`, contextual information as to the reason may be provided on the resource and additional attempts can be made. ## Attestation Identity Records An Attestation Identity Record is a confirmation of fact that the Organization has completed their own KYC process and can vouch for its correctness. Prior to uploading `verified` attestation identity records, an Organization must register their signing public key with their Bank through the create Verification Key API. To create an attestation identity record, a signed JWT is required as proof that the Customer's identity has been verified by the Organization. When creating the JWT, the Organization must use the RS512 signing algorithm. The JWT must contain the following headers: - **alg**: The RS512 algorithm value, e.g., 'RS512'. - **kid**: Set to the guid of the verification key that has been registered for the Bank The JWT must contain the following claims: - **iss**: Set to http://api.cybrid.app/banks/{bank_guid} - **aud**: Set to http://api.cybrid.app - **sub**: Set to http://api.cybrid.app/customers/{customer_guid} - **iat**: Set to the time at which the JWT was issued - **exp**: Set to the time after which the JWT expires - **jti**: Set to a unique identifier for the JWT Example code (python) for generating an Attestation Identity Record JWT token: ```python # Assumes an RSA private key has been generated (`private_key`), a Verification Key has been created and a `verification_key_guid` is available. # # `customer_guid` should be set to the guid assigned to a Customer that has been created. # `bank_guid` should be set to the guid of your bank # import uuid from datetime import datetime, timezone, timedelta from jwcrypto import jwt, jwk from cryptography.hazmat.primitives import serialization from cryptography.hazmat.primitives.serialization import load_pem_private_key algorithm = 'RS512' issued_at = datetime.now(timezone.utc) expired_at = issued_at + timedelta(days=365) with open(\"verification_key.pem\", 'rb') as pem_in: pem_lines = pem_in.read() private_key = load_pem_private_key(pem_lines, None) ### DISCLAIMER:- Since NO ENCRYPTION is used in the key storage/formatting. Please DO NOT use this code in production environment. signing_key = jwk.JWK.from_pem( private_key.private_bytes( encoding=serialization.Encoding.PEM, format=serialization.PrivateFormat.PKCS8, encryption_algorithm=serialization.NoEncryption() ) ) signing_key.update({\"kid\": verification_key_guid}) attestation_jwt = jwt.JWT( header={ \"alg\": algorithm, \"kid\": verification_key_guid }, claims={ \"iss\": f\"http://api.cybrid.app/banks/{bank_guid}\", \"aud\": \"http://api.cybrid.app\", \"sub\": f\"http://api.cybrid.app/customers/{customer_guid}\", \"iat\": int(issued_at.timestamp()), \"exp\": int(expired_at.timestamp()), \"jti\": str(uuid.uuid4()) }, key=signing_key, algs=[algorithm] ) attestation_jwt.make_signed_token(signing_key) token = attestation_jwt.serialize(compact=True) print(\"Token is : \", token) ``` ## Attestation State | State | Description | |-------|-------------| | storing | The Platform is storing the attestation in our private store | | pending | The Platform is verifying the attestation's JWT | | verified | The Platform has verified the attestation and the customer is able to transact | | failed | The Platform was not able to verify the attestation and the customer is not able to transact | Required scope: **customers:write** ### Examples ```ruby require 'time' require 'cybrid_api_bank_ruby' # setup authorization CybridApiBank.configure do |config| # Configure Bearer authorization (JWT): BearerAuth config.access_token = 'YOUR_BEARER_TOKEN' # Configure OAuth2 access token for authorization: oauth2 config.access_token = 'YOUR ACCESS TOKEN' end api_instance = CybridApiBank::IdentityRecordsBankApi.new post_identity_record_bank_model = CybridApiBank::PostIdentityRecordBankModel.new({customer_guid: 'customer_guid_example', type: 'attestation', attestation_details: CybridApiBank::PostIdentityRecordAttestationDetailsBankModel.new}) # PostIdentityRecordBankModel | begin # Create Identity Record result = api_instance.create_identity_record(post_identity_record_bank_model) p result rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->create_identity_record: #{e}" end ``` #### Using the create_identity_record_with_http_info variant This returns an Array which contains the response data, status code and headers. > , Integer, Hash)> create_identity_record_with_http_info(post_identity_record_bank_model) ```ruby begin # Create Identity Record data, status_code, headers = api_instance.create_identity_record_with_http_info(post_identity_record_bank_model) p status_code # => 2xx p headers # => { ... } p data # => rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->create_identity_record_with_http_info: #{e}" end ``` ### Parameters | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | | **post_identity_record_bank_model** | [**PostIdentityRecordBankModel**](PostIdentityRecordBankModel.md) | | | ### Return type [**IdentityRecordBankModel**](IdentityRecordBankModel.md) ### Authorization [BearerAuth](../README.md#BearerAuth), [oauth2](../README.md#oauth2) ### HTTP request headers - **Content-Type**: application/json - **Accept**: application/json ## get_identity_record > get_identity_record(identity_record_guid) Get Identity Record Retrieves an identity record. Required scope: **customers:read** ### Examples ```ruby require 'time' require 'cybrid_api_bank_ruby' # setup authorization CybridApiBank.configure do |config| # Configure Bearer authorization (JWT): BearerAuth config.access_token = 'YOUR_BEARER_TOKEN' # Configure OAuth2 access token for authorization: oauth2 config.access_token = 'YOUR ACCESS TOKEN' end api_instance = CybridApiBank::IdentityRecordsBankApi.new identity_record_guid = 'identity_record_guid_example' # String | Identifier for the identity record. begin # Get Identity Record result = api_instance.get_identity_record(identity_record_guid) p result rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->get_identity_record: #{e}" end ``` #### Using the get_identity_record_with_http_info variant This returns an Array which contains the response data, status code and headers. > , Integer, Hash)> get_identity_record_with_http_info(identity_record_guid) ```ruby begin # Get Identity Record data, status_code, headers = api_instance.get_identity_record_with_http_info(identity_record_guid) p status_code # => 2xx p headers # => { ... } p data # => rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->get_identity_record_with_http_info: #{e}" end ``` ### Parameters | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | | **identity_record_guid** | **String** | Identifier for the identity record. | | ### Return type [**IdentityRecordBankModel**](IdentityRecordBankModel.md) ### Authorization [BearerAuth](../README.md#BearerAuth), [oauth2](../README.md#oauth2) ### HTTP request headers - **Content-Type**: Not defined - **Accept**: application/json ## list_identity_records > list_identity_records(opts) List Identity Records Retrieves a listing of identity records for a bank. Required scope: **customers:read** ### Examples ```ruby require 'time' require 'cybrid_api_bank_ruby' # setup authorization CybridApiBank.configure do |config| # Configure Bearer authorization (JWT): BearerAuth config.access_token = 'YOUR_BEARER_TOKEN' # Configure OAuth2 access token for authorization: oauth2 config.access_token = 'YOUR ACCESS TOKEN' end api_instance = CybridApiBank::IdentityRecordsBankApi.new opts = { customer_guid: 'customer_guid_example', # String | Comma separated customer identifier to list identity records for. page: 56, # Integer | per_page: 56 # Integer | } begin # List Identity Records result = api_instance.list_identity_records(opts) p result rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->list_identity_records: #{e}" end ``` #### Using the list_identity_records_with_http_info variant This returns an Array which contains the response data, status code and headers. > , Integer, Hash)> list_identity_records_with_http_info(opts) ```ruby begin # List Identity Records data, status_code, headers = api_instance.list_identity_records_with_http_info(opts) p status_code # => 2xx p headers # => { ... } p data # => rescue CybridApiBank::ApiError => e puts "Error when calling IdentityRecordsBankApi->list_identity_records_with_http_info: #{e}" end ``` ### Parameters | Name | Type | Description | Notes | | ---- | ---- | ----------- | ----- | | **customer_guid** | **String** | Comma separated customer identifier to list identity records for. | [optional] | | **page** | **Integer** | | [optional] | | **per_page** | **Integer** | | [optional] | ### Return type [**IdentityRecordListBankModel**](IdentityRecordListBankModel.md) ### Authorization [BearerAuth](../README.md#BearerAuth), [oauth2](../README.md#oauth2) ### HTTP request headers - **Content-Type**: Not defined - **Accept**: application/json