.png)
Introduction
In order to access the E-Statement API, the following scopes are needed:
accounts:read - A user with this role may get and find Accounts API.
disclosures:read - A user with this role may get and find nstitution Disclosure Service.
disclosures:write - A user with this role to update opt-in/out
e-statement.institution-users:read - A user with this scope may check if the customer is active or not.
The E-Statement API features a set of services used to opt in for e-statement or paper statement preferences for a customer's account at a specified financial institution. A customer's current preferences can also be retrieved to verify the same.
An example of such a disclosure is the request for a customer’s acceptance of Terms or Conditions when enrolling for Online Banking. Another would be signing up for electronic banking statements.
The E-Statement API enables customers to:
- opt in and opt out of e-statement preference
- ensure the desired preference is activated
What is supported?
- E-statement opt-in/out feature for an account level is supported.
- View e-statement opt-in status for a given user account.
- Supported institution user types are RETAIL and PRIMARY.
- Multi-OLS disclosure should be created for the account ID for the APIs to work.
The E-Statement API interfaces with Users API, Disclosures API, and Accounts API.
Getting Started
Candescent’s APIs support financial institutions worldwide. They can empower financial institutions and their partners to build valuable digital banking experiences.
It’s important to work with your Candescent representative to get officially onboarded to DevX for access to these APIs. Once onboarded, you’ll be able to implement your application, access shared and secret keys and begin testing the APIs.
After all the legal and compliance partnership agreements are in place, we'll set you up with your Authentication API client account. This will grant you access to a unique secret key that will be your ticket to the authentication API and staging and production environments.
The service available through the Candescent Digital Banking Developer Portal provides a token for the grant type:
Client Credentials
- Used for trusted server-side applications
- Sending a request passes a key-and-secret pair assigned to your application
- Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
- Response provides the Bearer Token to be used to call other DevEx APIs
Steps to getting started:
- Sign up and/or Login in for authentication
To make your first API request, you'll need toself-register by clicking the Sign Up button. Then, click the link in your welcomeemail to verify your emailaddress. - Review API documentation and request postman collections
Your Candescent representative will be able to email you the Postman collection for an API you are interested in. You may reach out directly or add the specific API to your favorites to alert your representative.
- Test APIs in Postman
In addition to the sample apps, a test drive environment is available to help you visualize the APIs. Using the JSONcollection and Postman, you’ll be able to see API requests working in action and view the information required to make them.
This will also allow you to experience actual API behavior prior to beginning your integration. For a deeper dive into Postman, view additional reference material here.
Authentication
Authentication proves that you are who you say you are. Authentication tokens identify a user (the person using the app or site).
You‘ll need the following items to set up basic authentication:
- Developer Experience account
- Sandbox environment with an organization
- Shared Key
- Secret Key
Generating your Secret Key
You’ll need a bearer token or an API security key to authenticate API calls. A secret key serves as a secure token to authenticate and authorize requests. Unauthorized use of a secret key could potentially cause a security breach. Thes ecret key holds the error token used to access real data through the API.
Visit our guide on authentication to learn more.
Before you begin, you‘ll require a unique client_id and client_secret for your app. Notify your implementation manager or PossibleNOW Support atsupport@possiblenow.com to request an OAuth client_id and client_secret. Include your My Preferences Client ID and the environment (staging (sandbox) or production) for which you want to generate the credentials in your request.
These credentials must be treated securely.
Getting Started
While the technical documentation in the API Specs section describes the endpoints (or ways to call the API with different parameters to execute different actions), the following provides a simplified list of use cases for Authentication:
The service available through the Candescent Digital Banking Developer Portal (providestokens for two different grant types:
Client Credentials
- Used for trusted server-side applications
- Sending a request passes a key-and-secret pair assigned to your application
- Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
- Response provides the Bearer Token to be used to call other DevEx APIs
Password
- Best for first-party native applications (such as the FI’s own mobile application)
- Request is sent with key-and-secret pair plus the customer’s username and password
- Response provides Bearer Token to be used to call other DevEx APIs
