owned this note
owned this note
Published
Linked with GitHub
# Nanibank
## Convention
The params that needed for the request will be provided in `querystring` and `body` if the method is `GET` or `other` perspective.
All requests are required `timestamp` header that specified the time when request sent.
Request always return two field `Status` and `Message` for describing the state of the request, the information in **Return** only describe the extra information when the request was successfully.
## Middleware
Most of information for satifying the middleware is placed in the header
### Time validation
For determining if the request is deprecated. Time validation required unix timestamp.
**Note that time validation is applied to all request**
**Header**
<pre>
- timestamp: request's sending time
</pre>
### User validation
Required access-token
**Header**
<pre>
- access-token: access token that could be obtained via login
</pre>
### Otp validation
Otp validation for transaction or important request.
Each otp has 30 seconds time expire.
**Header**
<pre>
- access-token: access-token obtained via login or specified request
- key: key obtained via create otp
- otp: otp obtained via create otp
</pre>
## Customer
### Get customer information
Return the information of a specified customer id or username, only one param is needed. If both are filled, customer id will be used instead
**Prerequisite**: `User validation`
**Path**: `users/customer/info`
**Method**: `GET`
**Param**:
<pre>
- customer_id (1): id of the customer
- username (1) : username of the customer
</pre>
**Return**:
<pre>
- Info
</pre>
### Login
**Path**:`/users/customer/login`
**Method**: `POST`
**Param**:
<pre>
- username
- password
</pre>
**Return**:
<pre>
- Token::string : access-token (expired after 15mins)
- Customer::Data: information of the customer
</pre>
### Refresh
Refresh a specified access token. Both access token and refresh token is needed due to security.
**Path**: `/users/customer/refresh`
**Method**: `POST`
**Param**:
<pre>
- access_token
- refresh_token
</pre>
**Return**:
<pre>
- Token: new access token
</pre>
### Register
**Path**:`/users/customer/`
**Method**: `POST`
**Param**:
<pre>
- username::string: login name of the account
- password::string : password of the account
- name
- email
- phone
</pre>
**Return**:
<pre>
- Status::bool : status of the request
- Message::string : description for the request
- User::Data : result of the registration
</pre>
### Forgot Password
Forgot password need a chains of action for resetting the current password. Due to user does not have access token thus `s-create` is needed for creating access token.
**Prerequisite**: OTP
**Path**: `/users/password/reset`
**Method**: `POST`
**Param**:
<pre>
- username
- email
- new_password
</pre>
### Change Password
Change password require old, new password and username of the account
**Prerequisite**: `User validation`
**Path**: `/users/password/change`
**Method**: `POST`
**Param**:
<pre>
- old_password
- new_password
- username
</pre>
## Receiver
Receiver provides 3 methods: `GET`, `POST`, `DELETE` perspective with the usage
**Prerequisite**: `User Validation`
**Path**: `/users/customer/receiver`
**Method**: `POST`, `GET`, `DELETE`
**Param**:
<pre>
POST:
- customer_id: id of the customer
- receiver: account number of the receiver
- remind_name: remind name
GET:
- customer_id: id of the customer
DELETE:
- customer_id: id of the customer
- receiver: account number of the receiver
</pre>
**Return**:
<pre>
- Receiver (GET and POST): information of the receiver
</pre>
## Debt
Debt provides 3 methods: `GET`, `POST`, `DELETE` perspective with the usage.
A debt is distinguished by the creditor and the debt's name thus a creditor cannot have 2 debt with the same name.
**Prerequisite**: `User Validation`
**Path**: `/debt/`
**Method**: `POST`, `GET`, `DELETE`
**Param**:
<pre>
POST:
- creditor::int64: customer id of the creditor
- debtor::int64: customer id of the debtor
- name::string: debt's name
- amount::float: amount of money
- issue_date::unix-timestamp: time when the debt expired.
GET:
- customer_id::int64: id of the customer that related to any debt
DELETE:
- id: id of the debt
</pre>
**Return**:
<pre>
- Debt (POST AND GET): debt information
</pre>
### Pay Debt
Order to pay a debt, debtor must have enough money in the debit account to pay.
**Prerequisite**: `User Validation`, `OTP`
**Path**: `/debt/pay`
**Method**: `POST`
**Param**:
<pre>
POST:
- id::int64: id of the debt need to be paid.
GET:
- customer_id::int64: id of the customer that related to any debt
DELETE:
- id: id of the debt
</pre>
**Return**:
<pre>
- Debt (POST AND GET): debt information
</pre>
## Transaction
Transaction include charge, draw and transfer for debit account
### Charge
**Prerequisite**: `User Validation`, `OTP`
**Path**: `/transaction/charge`
**Method**: `POST`
**Param**:
<pre>
- id: account id of the debit account that need to be charged.
- amount: amount of money for charging to the account
</pre>
**Return**:
<pre>
- Account: account information after charge
</pre>
### Draw
**Prerequisite**: `User Validation`, `OTP`
**Path**: `/transaction/draw`
**Method**: `POST`
**Param**:
<pre>
- id: account id of the debit account that need to be drawed.
- amount: amount of money for drawing from the account
</pre>
**Return**:
<pre>
- Account: account information after draw
</pre>
### Transfer
**Prerequisite**: `User Validation`, `OTP`
**Path**: `/transaction/transfer`
**Method**: `POST`
**Param**:
<pre>
- from: debit account id of the sender
- to: debit account id of the receiver
- amount: amount of money need to be transfered
- message: message to the receiver
</pre>
### History
**Path**: `/transaction/history`
**Method**: `GET`
**Param**:
<pre>
- id: account id
- filter (optional) (default by "both"): filter type, include "both", "receiver", "sender".
</pre>
**Return**:
<pre>
- Histories: list of related histories
</pre>
## Employee
### Login
**Path**: `/users/employee/login`
**Method**: `POST`
**Param**: same as Customer [Login](#1-login)
### Create
**Path**: `/users/employee/create`
**Method**: `POST`
**Param**: same as Customer [Register](#register)
## Admin
### Login
**Path**: `/users/admin/login`
**Method**: `POST`
**Param**: same as Customer [Login](#1-login)
## Common User
### Login
Login to a specified account in any role, the priority is customer -> admin -> employee
**Path**: `/users/login`
**Method**: `POST`
**Param**: sae as Customer [Login](#1-login)
**Return**:
<pre>
- type: type of account, 1, 6, 9 for customer, admin, employee perspective
</pre>
### Create
**Path**: `/users/admin/create`
**Method**: `POST`
**Param**: same as Customer [Register](#register)
## Otp
### Create
Create an OTP and send the OTP to the email of the user
**Prerequisite**: `User Validation`
**Path**: `/otp/create`
**Method**: `GET`
**Param**:
<pre>
- customer_id: id of the customer
</pre>
**Return**:
<pre>
- Otp
- Key
</pre>
### Specified Create
Create an OTP in emergency case, only need the username
**Path**: `/otp/s-create`
**Method**: `GET`
**Param**:
<pre>
- username: username of the customer
</pre>
**Return**:
<pre>
- Otp
- Key
- Access Token
</pre>
## Partner
### Transfer
Transfer money to specified account of Nanibank
**Prerequisite**: `Hash validation`, `Partner Validation`, `Signature Validation`
**Path**: `/partner/transfer`
**Method**: `POST`
**Param**:
<pre>
- id: id of the debit account in Nanibank
- amount: amount of money need to be transfered
</pre>
**Return**:
<pre>
- signature
</pre>
### Get Partner Key
Get key of a specified partner
**Prerequisite**: `User Validation`
**Path**: `/partner/key`
**Method**: `GET`
**Param**:
<pre>
- partner_name: name of the partner
</pre>
**Return**:
<pre>
- Key
</pre>
### Get User information from Debit Account id
Get information of a specified user by providing the debit account id.
**Prerequisite**: `Partner Validation`
**Path**: `/partner/`
**Method**: `POST`
**Return**:
<pre>
- Info: include public information of the user
</pre>
## Debit
### Get debit account
Return a debit account by provide debit account id or id of the owner, only one param is needed, if both are filled debit_id will be used.
**Path**: `/debit/`
**Method**: `GET`
**Param**:
<pre>
- debit_id: id of the debit account
- owner: id of the owner
</pre>
## Saving account
### Get a specified saving account
Return a specified account by name and owner
**Prerequisite**: `User validation`
**Path**: `/saving/`
**Method**: `GET`
**Param**:
<pre>
- name: name of the saving account
- owner: customer id of the owner
</pre>
**Return**:
<pre>
- Saving
</pre>
### Get saving accounts of a specified user
Return saving accounts of a specified user
**Prerequisite**: `User validation`
**Path**: `/saving/s`
**Method**: `GET`
**Param**:
<pre>
- owner: customer id of the owner
</pre>
**Return**:
<pre>
- Saving
</pre>