Alert & Messaging

API - V 2.5

Download Swagger Spec

Introduction

The Alerts API allows financial institutions to provide their customers and members with the ability to set, manage and receive alerts about important account, transaction and other information.

The service type in the developer portal is Alerts and Messaging, and the service subType is db-messaging-services.

This service uses a v2 authentication token and requires the token to be generated with scopes as alertMgmt:read, alertMgmt:write for alerts type and template. 

For alert preferences, the required scopes are alertPref:read, alertPref:write

For publishing events, the required scope is alerts:publish

To view the alert history, the required scope is alertHist:read.

Alerts are managed through a suite of APIs, including:

  • Alert Type APIs
  • Alert Templates APIs
  • Alert Preferences APIs
  • Alert History APIs
  • Alert Events APIs

    Financial institutions use the Alert Types APIs and Alert Templates APIs to establish which alerts are available to end users.

    Example: Low balance, high balance or large transaction alert and the content of those alerts by channel, such as SMS or email.

    The Alert Preferences API allows end users to set an alert.

    Example: A user can choose to be alerted when their checking balance is below $100.

    The Alert Events API is the bridge between the event occurring and the alert being sent. An alert that has been defined is published using this API.

    Example: Bill's checking balance is below $100. He set an alert to send an SMS when this occurs. Here is the template of what to send via email, Send the alert.

    The Alert History API can be used to retrieve alerts that have been published using avariety of parameters.

    Example: By account, date range, status, etc.

Alert Types API

  • To the financial institution: 
    Setting up a suite of alert types gives your end users a robust set of options to select for alert notifications. It also simplifies the process of user alert creation. The user can choose from the suite of configured alert types.
  • To the developer: 
    This API, in conjunction with the suite of alert capabilities, supports the creation, retrieval, updating and deletion of all alert types set for a given financial institution.

Alert Templates API

  • To the financial institution:    
    Setting up a suite of alert templates assigns the content and context of the communication for each event type and channel. The template is then called up and used for each event occurrence that matches the type and user preference setting.
  • To the developer:
    In conjunction with the suite of alert capabilities, this API supports the creation, retrieval, updating and deletion of all alert templates for a given financial institution.

Alert Preferences API

  • To the financial institution:    
    This service allows the end user to create multiple alerts based on how they want to manage their finances.
  • To the developer:
    In conjunction with the suite of Alert capabilities, this API supports the creation, retrieval, updating and deleting of all alert preferences for the customer or member of a financial institution.

Alert Events API

  • To the financial institution:    
    This is where the rubber meets the road—the link between an event and the alert sent to the end user. The Alert Types API, Alert Templates API and Alert Preferences API come together when an event uses this API to trigger the communication.
  • To the developer:
    In conjunction with the suite of alert capabilities, this API is called by an application based on a condition set to trigger an alert.

Alert History API

  • To the financial institution:    
    Retrieving alert history can be used to determine if correct alerts are being sent, to determine if an end user has been properly alerted, to determine patterns of alert activity and for other analysis and reporting needs.
  • To the developer:
    Building alert systems for the financial institution and the end user will be enhanced by the ability to retrieve alert history data.

What is Supported?

The Alert Types API provides methods for carrying out the following tasks:
Create: The create method of the API establishes a particular alert type.

  • The type is set for a given financial institution, set to a unique ID value, named and set to active (available for use) or inactive (not available for use).
  • The specific alert type available in the system is set (e.g., ATM withdrawal or Visa low balance).
  • The broad domain of alert event is set (e.g., an account event, a transaction event or a notification event).
  • The category of event is set (e.g., balance or payment).
  • The account types that can use this event type are enumerated.
  • The channels the event notification can use are identified (e.g., email or SMS).
  • If the alert type is for an external vendor event, the vendor ID is set.

Read:A list of all created alert types can be retrieved using this method.

  • The values set for each alert type stored are sent in the response.
  • All types created (active or inactive) are retrieved.

Update: Values forexisting alert type records can be updated and modified.

Delete: Specific alert types that are no longer needed can be deleted fromthe database.

The Alert Templates API provides methods for carrying out the following tasks:

Create: The create method of the API establishes a particular alerttemplate.

  • The template is set for a particular financial institution, given a unique ID value, named and set to be in draft, archived or published state.
  • The types of content the template can be used with are identified (e.g., email subject, email body, SMS body, etc.).
  • The channel through which the template can be used is identified (e.g., email, SMS or push).
  • If the template is for an event initiated by a third party, the TPV is named.
  • The language (e.g., locale) of the template is identified (e.g., U.S. English, Spanish, etc.).

Read: A list of all created alert templates can be retrievedusing this method.

  • The values set for each alert template stored are sent in the response.
  • All templates created, whether in draft, archived or published state, are retrieved.

Update: Values for existing alert template records can be updatedand modified.

Delete: Specific alert templates that are no longer needed can be deletedfrom the database.

The Alert Preferences API provides methods forcarrying out the following tasks:

Create: The create method of this API establishes an alert the end user wantsto be triggered for a particular event.Some characteristics of an alert preference are:

  • A unique ID for the preference record, financial institution ID, customer ID, the name of the alert and a flag to set the alert preferences as a default for a particular event.
  • The channels the alert is to use for communication (e.g., email, SMS or push).
  • If the event will come from an external vendor, the ID of the external vendor.
  • The account to be watched for an event identified by the financial institution’s account number, card number or external account number.

Read: This call can be used by the end user to call up and review some or all created preferences. It can also be used to read and use the preferences set by the end user when an event occurs.

  • The call can be filtered by a variety of criteria, including alert type, account and institution ID.

Update: Values for existing alert preferences records can be updated and modified.

Delete: Specific alert preferences are no longer needed and can be deleted from the database.

The Alert Events API provides only one method, a call to indicate an event has occurred. The API then, in turn, takes the data passed in the request and initiates sending the alert. It uses the resources previously established—the alert type and its associated template and the end user’s preferences—to send the alert notification.

The inbound call to this API will indicate the event is one of two possible types:

An event: Related to the end user’s accounts or transactions (e.g., the checking account balance is below a set threshold or a payment exceeds a set threshold).

A notification: A message sent by an external party (such as Visa) that requires no processing by the alerts system itself that must be sent to the end user.

The Alert History API provides methods for carrying out the following tasks:

  • Read: Get alert history data using parameters (e.g.,     account, date, etc.).
  • Read: Get alert history data using content, history or event IDs.

      Getting Started

      Candescent’s APIs support financial institutions worldwide. They can empower financial institutions and their partners to build valuable digital banking experiences.

      It’s important to work with your Candescent representative to get officially onboarded to DevX for access to these APIs. Once onboarded, you’ll be able to implement your application, access shared and secret keys and begin testing the APIs.

      After all the legal and compliance partnership agreements are in place, we'll set you up with your Authentication API client account. This will grant you access to a unique secret key that will be your ticket to the authentication API and staging and production environments.

      The service available through the Candescent Digital Banking Developer Portal provides a token for the grant type:

      Client Credentials

      • Used for trusted server-side applications
      • Sending a request passes a key-and-secret pair assigned to your application
      • Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
      • Response provides the Bearer Token to be used to call other DevEx APIs

      Steps to getting started:

      • Sign up and/or Login in for authentication

        To make your first API request, you'll need toself-register by clicking the Sign Up button. Then, click the link in your welcomeemail to verify your emailaddress.

      • Review API documentation and request postman collections

        Your Candescent representative will be able to email you the Postman collection for an API you are interested in. You may reach out directly or add the specific API to your favorites to alert your representative.
      • Test APIs in Postman

        In addition to the sample apps, a test drive environment is available to help you visualize the APIs. Using the JSONcollection and Postman, you’ll be able to see API requests working in action and view the information required to make them.

        This will also allow you to experience actual API behavior prior to beginning your integration. For a deeper dive into Postman, view additional reference material here.

      Authentication

      Authentication proves that you are who you say you are. Authentication tokens identify a user (the person using the app or site).

      You‘ll need the following items to set up basic authentication:

      Info Alert
      Note
                Visit our guide on authentication to learn more.
      • Developer Experience account
      • Sandbox environment with an organization
      • Shared Key
      • Secret Key

      Generating your Secret Key

      You’ll need a bearer token or an API security key to authenticate API calls. A secret key serves as a secure token to authenticate and authorize requests. Unauthorized use of a secret key could potentially cause a security breach. Thes ecret key holds the error token used to access real data through the API.

      Visit our guide on authentication  to learn more.

      Before you begin, you‘ll require a unique client_id and client_secret for your app. Notify your implementation manager or PossibleNOW Support atsupport@possiblenow.com to request an OAuth client_id and client_secret. Include your My Preferences Client ID and the environment (staging (sandbox) or production) for which you want to generate the credentials in your request.

      These credentials must be treated securely. 

        Getting Started

        While the technical documentation in the API Specs section describes the endpoints (or ways to call the API with different parameters to execute different actions), the following provides a simplified list of use cases for Authentication:

        The service available through the Candescent Digital Banking Developer Portal (providestokens for two different grant types:

        Client Credentials

        • Used for trusted server-side applications
        • Sending a request passes a key-and-secret pair assigned to your application
        • Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
        • Response provides the Bearer Token to be used to call other DevEx APIs

        Password

        • Best for first-party native applications (such as the FI’s own mobile application)
        • Request is sent with key-and-secret pair plus the customer’s username and password
        • Response provides Bearer Token to be used to call other DevEx APIs
        Info Alert
        Note
        NOTE: As of March 2020, the Authentication Service contains two proxies: one to retrieve the Bearer Token for DevEx V1 APIs and another for DevEx V2 APIs. Please see the last section of this documentation for a list of V1 and V2 APIs currently exposed in the Developer Portal.
        close

        Sign in now!

        Please sign up or sign in to add to watchlist

        Sign in

        Don’t have an account? 

        Sign up
        close

        Added to watchlist!

        Your interest has been noted. An NCR Voyix Rep
        will contact you with further details soon.