Loans API
home
Loans Experience API
Base URLs
Description
This document covers the scope of Loan Interface. Loan interface deals with the services :
- Get loan details
- Get loan schedule details
- Get loan Past Dues
- Get New Loan Simulation
- Create Loan Simulation
- Update Loan Simulation
- Create Loan Disbursement
- Get Existing Liabilities
- Get Existing Collateral
- Get Schedule Projection
- Create Collateral Right
- Create Collateral Right Amendment
- Get Eligible Loan Products
- Get Guarantor Details
- Get Active Lending Products
- Get Insurance Company Details
- Get Global Child Limits
- Get Effective Interest Rate
- Get Purpose Facility
- Get TML List
- Lookup Services
- Get Car Types
- LOS Get Floating Rates
- LOS Get Periodic Rates
- Get CustomerAcct interest Details
- LOS Create PD Loan
High Level Architecture
Flowchart
Technical Specifications
Headers
Below are the headers that are set with every HTTP Request
| Header Name | Sample Value | Optional? |
|---|---|---|
| client_id | 9712801dbaaffg90d43a0b09c59fdaf21e65524235436 | Mandatory |
| client_secret | 234d8AeC33e34bE1b3eiud31b2887cD4 | Optional |
| Authorization | Bearer afdca88b-9ed0-344b-8af0-b2195e382574 | Mandatory |
| x-channel-id | DEVCHL | Mandatory |
| x-corrleation-id | 13243564564 | Mandatory, Unique - use for idempotent filter,Max 50 chars. |
| x-bank-id | CBOJ | Mandatory |
| x-debug-flag | 0 | Optional (enum - 0 or 1) |
| x-customer-id | 2100122 | Optional (mandatory for customer facing channels) |
| x-user-id | 1234 | Optional |
| x-sub-channel-id | omnichannel | Optional |
Error handling
HTTP Status:
The HTTP error codes are:
- 400 - Bad Request: An error in the client request (Mostly due to validations)
- 401 - Unauthorized: User can't be authenticated
- 403 - Forbidden: The server cannot give access to the resource
- 404 - Not Found: The resource defined in the URL doesn't exist
- 405 - Method Not Allowed
- 406 - Not Acceptable
- 415 - Unsupported Media Type
- 500 - Internal Server Error: The server encountered an unexpected condition
- 501 - Not Implemented
Error Response
A REST API should reply with an error code and a message to be shown to the consumer.
{
"status": {
"success": false,
"code": "400",
"reasonCode": "BadRequest",
"arabicMessage": "لم يتم العثور على سجلات تطابق محددات البحث",
"englishMessage": "No records were found that matched the selection criteria",
"backendError": "No records were found that matched the selection criteria",
"backendCode": "T24003790"
}
}Api Security
Below polices are applied.
| Name | Description | Example |
|---|---|---|
| Client ID Enforcement | It restricts access to a protected resource | client_id: 9d41a8940c5e4181aace6fc5e6cfffc3 client_secret: aB9D5Bd7450d49F584F23250D96872fD |
| Rate limiting | Limits no.of request | 1000 requests per minute |
| OAuth | It protects user data by providing access to the data without revealing the user's identity | Bearer afdca88b-9ed0-344b-8af0-b2195e382574 |
OAuth on Mulesoft API (Future scope):
Redhat SSO will be used as Oauth Provider. OAuth 2.0 is implemented on Mulesoft APIs. Redhat is configured as Client provider on Anypoint Platform - Access Management with various scopes and roles configured for different levels of access on the APIs. Authorization Token URL will be provided by Redhat which must be used to generate Token for accessing the APIs. Token validity is . Mulesoft API will be provided for channels to get the token.
Mulesoft will expose an API to provide the token for the user who wants to access the APIs.
It is optional for the channels.
Once a token is received from Mulesoft API, it must be sent as “Authorization Bearer ” to access the APIs exposed. Mulesoft API Gateway (API Manager) can validate the access token with Redhat and if valid, then the request is processed and the response would be sent back. If the token is not valid, then the error response of “Token has been revoked” will be sent back.
