Open banking client API specifications

Replace VPN with Public Key Infrastructure

These methods must be developed with PKI,(Contis has used x509 certificates to implement PKI. There will be 2 pairs of PKI certificates (Public & Private)

  1. Client certificates.
  2. Contis certificates

Client must share their certificate/public key with Contis, the certificate can be provided by you, alternatively Contis can generate the certificate pair. Contis will encrypt the sensitive field data using client’s public key and then whole request payload will be used to generate digital signature using Contis’ private key. This signature will be passed in request header as “x-signature” field.

Contis will share certificate/public key to client(s) to verify the signature generated & passed in each request by Contis. This public key will be used to verify the digital signature which can be found in request header as “x-signature” field at client end. This key can be used to encrypt any sensitive field(s) such as password, OTP etc. if it is passed in response. If any such fields found in response, Contis will decrypt those using Contis’ private key for further use.

For example:

Client certificate pair:

-----BEGIN RSA PRIVATE KEY-----

MIIEpAIBAAKCAQEAhsPMmR2RizzAE63kdKJRCjn/MZH8memnxJUEsvP/pvIChZMM
xXY7sSHUQa+zb0iR0kZrHx/QuHQAea/E1QAHzo9U3dM0I5+bEXObuVkJq9owJ//Q
eZxXrpSyccFX3pdSLQuIdg1QVCvZrSxVvIna4sa5qBNbdR7nQhxoVdLi3Hv9uyyI
3tk4bK1d/klyY9XP7cL/3JeCZf/kbOfyb3KcgKuB2bi/fgdJhifvJGMj4ayVmBfe
gJEfCu9SXZQvJJ/ZPuO0HVWMRVV65rJvhtgovezbYHErBqtwarvG4zyz9S60VOYC
maA4OzvejgjU86MY/sALVcDvv3I+ekq1QW8EPwIDAQABAoIBADsqVjZ41U+4bamW
JCESrBqdyMyWB7z46Kd1Nxlr5zb/tBy5qRc+J8nGDN6DyXbXePHE6b3B5Yw9nYHP
Kc7L0yGcKsmysobbSSS5yUnv7b+NrKu682eYvKQQc2Fe3XmDnNfa4t/VS4mQsOIG
/2MlcLw0PAku6m26khQjzai0S9Y5U7xVBLujMZSX9htxXA3vBOsae4V/ZT/kFOeK
eIBc5MHYDRco4ePjRU/8XLj9GofAWSGHIDTz931TvF3jQjV7T3fmv1OltVeO3zYY
t+HMUQG3psUFs7HXbLptFg2uGnAH5HOKf6J06J0ZSC1XHjfkAdSuyddOrSPKxUh0
XwkF/YkCgYEAys+Rp2ZbbU+bOAr6LV19sMvtYkNEfDTbfJHh1m+SRmqBanjeKd2e
XqciP4HWFCW6+a/H9VshsT8p6q9Es6vZOoJQ68eYi2tJZr6zweqhiq17Fr73xoEk
4qB285WLx5YRPvNPUKzVDfJz56FSKjn4p8YqhaxHjWiOf8j2nzjJq9cCgYEAqhu4
RKqNnGwGohweJ/V4PO/zvtk/kV8HC8+fe2vGnOTw++oolTy2lLlzkkU9wkd9z4Nu
avMQzR/YTkcbzQ3gyIRQM47oewGKb97pj3c5o8xdWmhkrXiJ7ys60Oc8gAANbzqw
kk3XaWuKKAqlazYRJ/nfzmElrG7DGYdOA4GDHdkCgYEAtX37Qmr+9lt+9DAeoepA
SK61yHGaH+zNXjTOfS9rH0jAd5+icKS6zMmUhHCUO4NoR3le39ql1BBKWpJuULtA
snNcJyN/B4UDMscF5ksqNQf6Vuieoy1+7K/cwy7Y38sTs9nY6MFCCDEoN+jNtqwa
MUnNU8JQZeNjYkddLC+NihECgYEAnT3qY27UYBdrOkaLiZxafNnBklT3ccVJmh1d
6pSBj14BdJvKz8jDbU7QChF/OSsknMF9O9dbXIFnTVRl2nJNqozEJiSfubR+51JC
y58F5OdwE7YT+lZGCpMHVzuorRlfUcYKmfLigEwr9T+CEUx1J2LPAtLCJFZuehac
gpkhPmECgYB/euG3LxhlwG/J9RKg8s/56Zw1+mfKrGKlfIYBOeeLadS90cyZLVp/
jttfbgTJ3CDLxA3haMHODR7ghLGgcfyp+8uVLWSZ4nVmOwuMXyttNb1DkB+ANx4R
KOZ54R6PHnH/dBIQtxEikNzEjDoIyqKJfJKRTdWzVz2b47eQrIaqtA==

-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsPMmR2RizzAE63kdKJR
Cjn/MZH8memnxJUEsvP/pvIChZMMxXY7sSHUQa+zb0iR0kZrHx/QuHQAea/E1QAH
zo9U3dM0I5+bEXObuVkJq9owJ//QeZxXrpSyccFX3pdSLQuIdg1QVCvZrSxVvIna
4sa5qBNbdR7nQhxoVdLi3Hv9uyyI3tk4bK1d/klyY9XP7cL/3JeCZf/kbOfyb3Kc
gKuB2bi/fgdJhifvJGMj4ayVmBfegJEfCu9SXZQvJJ/ZPuO0HVWMRVV65rJvhtgo
vezbYHErBqtwarvG4zyz9S60VOYCmaA4OzvejgjU86MY/sALVcDvv3I+ekq1QW8E
PwIDAQAB

-----END PUBLIC KEY-----

Contis certificate pair:

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAnsaZAhnm+x+2UvABvNdfkp/yOG5A6jvGakRR781Qij+flg2o
R3jwgWekUmNExsddVPWfjDFRUbtzxkg8wlRMaU61/Wcdi8MUNGGsFVmz1yDpg7um
y7sW3Nev+/spHN/kbZqBf8P5z1C+d/hcPHYxEKM71b60gS5+SCVP+x54AlE2U0cC
2WPqXjCgHrQFF/x+XsRoIhvlyngn/uBLumV3m2DFBYb6BB7QflLdSBd74KLxr80F
UGB0r7tSLi9brHJf4sa4HPCf+x0UV4UZiA0nI564Iy+qmOfWAfd6Tdn1o2ZK2pDM
dg28cUKX06C4pgN4fV2JFZe0Xk2vUsyAa0D68QIDAQABAoIBABgmZHEDoBSrzOde
DqGaz7RlZCoNqQ2HpIUW2bCkFb9FcKBZ+PHQFSLVsRJ/+17RxaItzwP7n18TaEdt
RuKXAF1XJcrCk6WluS3DenFv6LEM1j/de8AKt65FF0U4PVdhPaUnJlHY7OcJ5MKq
MdtXbdyWO3xmKp3ohLg0Bq+PQZk2ZDsivFBsSIbulo+kOlFMRnR8FrCadYeoDPBO
S8l6N3qIkWkjA36NyXkBbIB1fmE2YxUwuGGTpCWcz53AO3yPtYUpiyLSZrgdxTml
WzTT0vyWTAUbaGNPKxmLOsz74fQkE+qhELj5QyuIFyZjkdIgNT6Eb4uJ5XbdTPwT
NdJN3f0CgYEAzDb8iuT899ShffUQFvbI05WJOUJ41rw5TmivOHGTQnC77ao4Q5LS
UNYo+9EyMfA1b2lto3+ipK5bfSDH74EVgqYYigaJO/cqM/GHvnIfF93Uudldd20s
W//kJDJltRYLVsiUR5QqYV0PgAbJdWThQgktuyYdfBSzl3j9ROyFXQUCgYEAxwnY
kn4UD8BAXKcjfCrN6Q6fH+9RcIBTxyhOpS5A48tsB1gCY+M1XyssmKqtGgz3SGL/
7atfzlET/SB2rX0/7o5dhP2qSJs54jevCzLSJGXgk9WdLjPJ2QY74O+n7M3XQCWB
PRhVVu/GxsM5UoEWG3GlZGXYWwCTekWndFCpaf0CgYEAk4GcRQ9GEhVKWNrstkmn
of0/U1bKRgFLO3GuLw0Km1EmzXLIlTa2J6GplMr0gNHLJyB2C0UkS+ONPgKxqDQL
P4WN8BTsh53uo/pwXIW+I9Ud1OhG9P6srf9V4Tdt87Fqm1LimBlTy2QW0BkW527o
rnRGzgmn/npNhrnj5ycY5akCgYAxyHyq524NIoD2q7dsbyhhio6yZiFwiihqP+Kr
3g3M7CxxCcpPQZ0v2JSm+smhIm0XZeutfpfP+ueNAHmumw1KlcE+alQVJP4tXtAh
dOyqvfCWCW/vBnUOG0kO0eKmkDWujbLtnRB7Vi3ZuSq1QCRPaPV9Txv2ZwZ8Jr/j
j+lP4QKBgBVDTqWIe0e6OYsBY1m4epUq9malh+L3434JJ88YzwE/Ue81WhkaHcWP
OAcpKMPTRbBOeH5irzaJ64si+/NiAseFFZle8aTV0MRbhGweguprDbZYFwLSeX2C
p3kGkLTXJbDpjiUhsphVCuSCfxRnnF6SCuRQmv6bY2QkVt5yCKrZ
-----END RSA PRIVATE KEY-----

-----BEGIN PUBLIC KEY-----

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnsaZAhnm+x+2UvABvNdf
kp/yOG5A6jvGakRR781Qij+flg2oR3jwgWekUmNExsddVPWfjDFRUbtzxkg8wlRM
aU61/Wcdi8MUNGGsFVmz1yDpg7umy7sW3Nev+/spHN/kbZqBf8P5z1C+d/hcPHYx
EKM71b60gS5+SCVP+x54AlE2U0cC2WPqXjCgHrQFF/x+XsRoIhvlyngn/uBLumV3
m2DFBYb6BB7QflLdSBd74KLxr80FUGB0r7tSLi9brHJf4sa4HPCf+x0UV4UZiA0n
I564Iy+qmOfWAfd6Tdn1o2ZK2pDMdg28cUKX06C4pgN4fV2JFZe0Xk2vUsyAa0D6
8QIDAQAB

-----END PUBLIC KEY-----

Specifications:

M = Mandatory O= Optional

Client API

VerifyToken

Request object: VerifyTokenReq
DataMember Type Required M/O Remarks
DecryptedToken String minimum: 8 maximum: 36 M Decrypted token received from client in callback
RequestID String(60) M Unique request id received from TokenIO, Contis will pass this to clients on their landing page.
RequestReference String(50) M Reference number in each API request for tracking/auditing purpose of actions performed at contis platform.
Response object: VerifyTokenRes
DataMember Type Required M/O Remarks
ConsumerID integer M ConsumerID provided by Contis at time of creating new Consumer.
UserName String(100) M User name of PSU
ResponseCode enum M Any of response code provided by Contis.
ResponseMessage string (200) O Response message in case of error/success description.
RequestReference string (50) M Should provide reference number in each API request for tracking/auditing purpose of actions performed at contis platform.
Custom Enum DataType:
Enum ResponseCode
0 Success
200 Invalid Credential
500 Internal Error
400 Invalid Request
404 Consumer Not Found

For Example

Encrypted token received from Client:
Hi5ehQvnfenN5psQHFGWI/pPnTvcDfT9bVV8jsGnGexoS7uXJjKZonWiXgBBFxcMyV7GmAx1SgvkL8Kp8
+yXxGZgPNzxmE+YPvytd3fOakOB/3ZDO46EeyBIhFsk8nph6BP2pBfeANfAHgtsJJ+ZMBMEESFI/OVgeU
WmL1s2h/TMov89mr1ulHDcByHna0AuesVtCfGVxsDUkE1wKbRLnStz/5LXU22kxn3ugHsuCM2Uic9PmpL
k3IJ9rx7Hn2GzYOoOns+33kr0llDFU3DwIZhs+14dLe9iuT8GwXu15uFBoCwKi+Dnt2wQCpaCofDmQFVi
1bD8FbczkdEcfR9etw==

Request:

{
    "DecryptedToken" : "TOKEN18062021:18.12.53",
    "RequestID" : "rq:4VptJ2gqaFY1toMzrbCfwBKtmWmU:5zKtXEAq",
    "RequestReference" : "Test Request"
}

Signature:

OIrj2uH/it6ZeMZIQ89Ou/qXk5hw8AY04f8AYrnE4wIE/6oRGn8gXGJbn/U9CKlQC/xf9kyHei2rEM+owrV
+OxmlFmUfFXXXiyn4JM4ziYk6l7F4QSotAc56TfmjZTsUW6fdfK7FVqjxnvF6TMvaykKQ4r8H7kJT6orduo
MLI5CinxAVcte6GD3IyRssS79dtC6Wi/K1adN/YjxySl0EV4n5UXmRSENoS2xA8hoySeddPcR2WhnhJCOFS
FvYru12o/JHNgu+SMCwSxDmtU6FM+MpqPy4IrHGf4rEtOTqZR/cmscI44OUuJ8oq/jsN2s5SUDmKIsIJ0kA
aNo2COKbsQ==

Response:

{
    "ConsumerID": 55320,
    "UserName": "testUser",
    "ResponseCode": 0,
    "ResponseMessage": "Valid consumer details.",
    "RequestReference": "Test Request"
}

Signature:

HyWcnYfy16bNDUF/SMX9SV+zZnRWl8+JbC3agSbOetaA7LajOHnb7QKUyZ4DEqOuGsxAKHeum83rVzvBouFq
hmzeOZiSgqoyGdo8Gh9794PzfrXdyjXlGnVHb+G2zxuj88vUe4//9X4oWGp3P+Bm3wsXVpq9W57KtEGXUxQh
SCVZ+c7Xzr5uVtj9i16Q8CXyRyOb3F66VcDsrumstinEbZf3RcDe4inisHeZWvZHoWFb4jH1ICun6C8/yx3G
GarenyXn0SaByfbj/KxFehvzQhxkcPWje8SuW8W3a24DJPTMLXRxXLIC2gElD/UYYPf2VAAO/2nEH8GL6YZc
IWJ6lw==