third-party-exp-api icon

third-party-exp-api

1.0.x
(0 reviews)

Third Party Experience API

Base URLS:

EnvironmentBase URLs
Mockhttps://eu1.anypoint.mulesoft.com/mocking/api/v1/sources/exchange/assets/4be2e19f-42da-4571-80fd-19077a31ce58/third-party-exp-api/1.0.19/m
Devhttps://maictrlstg.capitalbank.jo/third-party-api/v1/
Staginghttps://maictrlstg.capitalbank.jo/third-party-api/v1/
UATNA
ProdNA

Description:

Third Party Mule Experience API communicates with Third Party process API. Mulesoft exposes the REST endpoints for the following operations :

  1. Get Customer Cash Flows
  2. Get Customer Rating
  3. Get Financial Statement
  4. Loyalty Gain Points
  5. Loyalty Redeem Points
  6. Loyalty Submit Cash Back
  7. Get Court Cases
  8. Print Customer Court Cases
  9. Loyalty Get Profile
  10. Loyalty Get Steps Info
  11. Loyalty Get Transaction History
  12. Loyalty Calculate Amount
  13. CI Confirm Capital Invest Accounts Link Request
  14. CI Get Capital Invest Accounts
  15. CI Get Capital Invest Accounts Transactions
  16. CI Remove Capital Invest Accounts Link
  17. CI Request Capital Invest Accounts Link
  18. Submit Customer Data IBAN to SSC
  19. Western Union - Get State List
  20. Western Union- Get Delivery Services
  21. Western Union - Transaction Inquiry
  22. Western Union - Refund Search
  23. Western Union - Refund Store
  24. Western Union - Get DeliveryOptionTemplate
  25. GMT Print Card
  26. Capital Invest - Submit Payment
  27. Capital Invest - Submit Withdrawal
  28. Capital Invest - Confirm Withdrawal
  29. GateToPay - Cash Deposit
  30. GateToPay - Cash Withdrawal
  31. GateToPay - Reversal
  32. Aramex- Create Shipment
  33. CI Portfolio Market Value and Balance

Flow Diagram:

resources/Third%20Party%20flow%20diagram-Flow%20Diagram-bc38bcbf-4b4f-42b3-918f-87bb327b8f60.jpg

API Led Diagram:

resources/Third%20Party%20API%20Led%20diagram-6e89d0ba-9d6a-4bfa-8be5-afb6c8f06ec4.jpg

Technical Specifications

Headers

Below are the mandatory/optional headers that are set with every HTTP Request from Mule Exp API.

HeaderNameSample ValueOptional?
client_id9712801dbaaffg90d43a0b09c59fdaf21e65524235436Mandatory
client_secret234d8AeC33e34bE1b3eiud31b2887cD4Optional
AuthorizationBearer afdca88b-9ed0-344b-8af0-b2195e382574Mandatory
x-user-idIIBUserOptional
x-channel-idDEVCHLMandatory
x-sub-channel-iddevChannelOptional
x-correlation-id13243564564Mandatory, Unique - use for idempotent filter.
x-bank-idCBOJMandatory
x-debug-flag0Optional (enum - 0 or 1)
x-customer-id2100122Optional (mandatory for customer facing channels)

Error handling

HTTP Status

The HTTP error codes are:

  • 400 - Bad Request: An error in the client request (Mostly due to validations)
  • 401 - Unauthorized: User can't be authenticated
  • 403 - Forbidden: The server cannot give access to the resource
  • 404 - Not Found: The resource defined in the URL doesn't exist
  • 405 - Method Not Allowed
  • 406 - Not Acceptable
  • 415 - Unsupported Media Type
  • 500 - Internal Server Error: The server encountered an unexpected condition
  • 501 - Not Implemented

Error Response

A REST API should reply with an error code and a message to be shown to the consumer.

{
    "status": {
        "success": false,
        "code": "400",
        "reasonCode": "BadRequest",
        "arabicMessage": "",
        "englishMessage": "No records were found that matched the selection criteria",
        "errorCode": "",
        "backendErrorMessage": ""
    }
}

Below fields should be given back to Channel if x-debug flag = 1

    "errorCode": "",
    "backendErrorMessage": "",

Api Security

Below polices are applied.

NameDescriptionExample
Client ID EnforcementIt restricts access to a protected resourceclient_id: 9d41a8940c5e4181aace6fc5e6cfffc3 client_secret: aB9D5Bd7450d49F584F23250D96872fD
Rate limitingLimits no.of request1000 requests per minute
OAuthIt protects user data by providing access to the data without revealing the user's identityBearer afdca88b-9ed0-344b-8af0-b2195e382574

OAuth on Mulesoft API:

Redhat SSO will be used as Oauth Provider. OAuth 2.0 is implemented on Mulesoft APIs. Redhat is configured as Client provider on Anypoint Platform - Access Management with various scopes and roles configured for different levels of access on the APIs. Authorization Token URL will be provided by Redhat which must be used to generate Token for accessing the APIs. Token validity is . Mulesoft API will be provided for channels to get the token.

resources/OAuth1-e9e381fc-245b-49fc-b9c9-42eac375ab6e.png

Mulesoft will expose an API to provide the token for the user who wants to access the APIs.

Once a token is received from Mulesoft API, it must be sent as “Authorization Bearer ” to access the APIs exposed. Mulesoft API Gateway (API Manager) can validate the access token with Redhat and if valid, then the request is processed and the response would be sent back. If the token is not valid, then the error response of “Token has been revoked” will be sent back.

resources/OAuth2-98edc969-d78e-4b95-9ddf-8b8f80688624.png

Reviews