API Docs. Elcoin Ltd

IB Sign POST

Document sign (Get sign token) or authorize client to sign some document

Request MFA code using existing access_token.

Note!!! Before signing the document, you should login Internetbank.

# ENDPOINT

/oauth/v2/sign

# REQUEST BODY

Schema: sign

response_type = sign_token - is a constatnt for request
state = [ session security value ]
scope = CUSTOMER:PAYMENT:CREATE - (customer action scope one of the list from scopeEnum)
audience = [api call url]
nonce = base64 encoded request boby of document

Type: object

Variable	Name	Type	Usage	Description
audience	Audience	string	M	API call URL for saving the signed document
client_code	Client code	string		Unique client identifier. Issued automatically by the System upon new Customer registration.
nonce	Nonce	string	M	Base64 encoded request body (data field) of document
response_type	Response Type	string	M	Indicates that your server expects to receive an authorization code. Values: "access_token","code","sign_token"
scope	Scope of Access	string	M	Scope of access
source_system	Source system	string		Source system. For Internetbank please setup "IB"
state	State	string	M	Client server session id (to prevent MITM requests)

# REQUEST BODY EXAMPLE

							{
    "response_type":"sign_token",
    "state":"5e982a097260d146803b5da13b1a19c2",
    "scope":"CUSTOMER:PAYMENT:CREATE",
    "audience":"https:\/\/api.n0.elcoin.co.uk\/api\/model\/paymentOutward\/putDb",
    "nonce":"eyJpZCI6IjYxNCIsInV1aWQiOiI2OWQ0Y2ZkYy05YmIyLTQyOWItODM1OS1kZmYzMDBjYjAyMjIiLCJjbGllbnRfY29kZSI6IkVOMDAwMDBDWSIsImRvY3VtZW50SWRQYXJlbnQiOiIwIiwicGFja2FnZUlkIjo1NjcsInRlbXBsYXRlSWQiOiIwIiwiYWJzSWQiOiIwIiwiZG9jdW1lbnRUeXBlIjoiSU5URVJOQUwiLCJzdGF0dXMiOiJSRUFEWV9GT1JfU0lHTiIsImNyZWF0ZURhdGUiOiIyMVwvMDdcLzIwMjEgMTI6MjAiLCJtb2RpZnlEYXRlIjoiMjFcLzA3XC8yMDIxIDEyOjIwIiwibW9kaWZpZWQiOiIyMVwvMDdcLzIwMjEgMTI6MjAiLCJkb2N1bWVudCI6eyJzY29wZSI6InBheW1lbnQiLCJsYWJlbCI6IkJhbmsgaW50ZXJuYWwgcGF5bWVudCIsImljb24iOiJpY29uLWhvbWUiLCJmb3JtTmFtZSI6IkNsaWVudFBheW1lbnRJbnRlcm5hbEZvcm0iLCJlbmFibGUiOnRydWUsImRpc3BsYXlJbkxpc3QiOnRydWUsImJhbm5lciI6ZmFsc2UsInNjZW5hcmlvRGF0YSI6W10sImNvbW1pc3Npb24iOltdLCJhY2Nlc3MiOnsiY2xpZW50U3RhdHVzIjpbIkFDVElWRSJdLCJjbGllbnRHcm91cCI6WyJDTElFTlQiXSwiYWN0b3JSb2xlcyI6eyJ2aWV3IjpbIlBBWU1FTlQ6QU5ZOlZJRVciXSwibW9kaWZ5IjpbIlBBWU1FTlQ6QU5ZOk1PRElGWSJdfX0sInZhbHVlIjoiSU5URVJOQUwifSwiZG9jdW1lbnRTdGF0dXMiOnsibGFiZWwiOiJEcmFmdCIsImNvbG9yIjoiYmx1ZSIsImluUHJvZ3Jlc3MiOmZhbHNlLCJhY3Rpb25SZXBlYXQiOmZhbHNlLCJhY3Rpb25DYW5jZWwiOmZhbHNlLCJhY3Rpb25SZXR1cm4iOmZhbHNlLCJ2YWx1ZSI6IkRSQUZUIn0sImRhdGEiOnsiZG9jdW1lbnRUeXBlIjoiSU5URVJOQUwiLCJhY2NvdW50IjoiR0IwNVRFU1QzNTExNjE0OTM3NDk4NSIsImFtb3VudCI6IjEuMDAiLCJhbW91bnRDY3kiOiJFVVIiLCJiZW5lZmljaWFyeUFjY291bnQiOiJHQjMyVEVTVDc0MTYxNDg2MzI0Mjg0IiwiYmVuZWZpY2lhcnlDb3VudHJ5IjoiZ2IiLCJiZW5lZmljaWFyeU5hbWUiOiJFTENPSU4gTFREIC0gREVWIiwiY29tbWlzc2lvbkFtb3VudCI6IjciLCJjb21taXNzaW9uQ2N5IjoiRVVSIiwiZGF0ZSI6IjIxXC8wN1wvMjAyMSIsImRldGFpbHMiOiJaZW5ubyBBcGkgdGVzdCIsImRvY3VtZW50TnVtYmVyIjoiUDAwMDM5NCIsImxhbmd1YWdlIjoiZW4iLCJwYXltZW50VHlwZSI6IklOVEVSTkFMIn0sImRhdGFQcmVwYXJlZCI6eyJlcnJvcl9kZXNjcmlwdGlvbiI6IiIsImFtb3VudCI6MSwiY3VycmVuY3kiOiJFVVIiLCJvdXRnb2luZ19jaGFuZWwiOiIiLCJ1cmdlbmN5IjoiIiwiY2hhcmdlc190eXBlIjoiT1VSIiwidmFsdWVfZGF0ZSI6bnVsbCwic291cmNlX3N5c3RlbSI6IklCIiwic3lzdGVtIjoiUkFJTFNCQU5LIiwibWVzc2FnZV90eXBlIjoiIiwidWx0aW1hdGVfZGVidG9yX25hbWUiOiIiLCJ1bHRpbWF0ZV9jcmVkaXRvcl9uYW1lIjoiIiwiZGVidG9yX25hbWUiOiJBVkFMT04gTElNSVRFRCIsImRlYnRvcl9hZGRyZXNzIjoiIiwiZGVidG9yX2NvdW50cnkiOiJHQiIsImRlYnRvcl9ld2FsbGV0IjoiNjEwMDAwMEMwMDA4IiwiZGVidG9yX2FjY291bnRfbnVtYmVyIjoiR0IwNVRFU1QzNTExNjE0OTM3NDk4NSIsImRlYnRvcl9hY2NvdW50IjoiNjEwMDAwMEMwMDBFVVJVIiwiZGVidG9yX2FjY291bnRfaWJhbiI6IkdCMDVURVNUMzUxMTYxNDkzNzQ5ODUiLCJkZWJ0b3JfYWNjb3VudF9kb21lc3RpYyI6IjQ5Mzc0OTg1IiwiZGVidG9yX25hdGlvbmFsX2lkIjoiIiwiZGVidG9yX2FnZW50X25hbWUiOiJFeGFtcGxlIEJhbmsiLCJkZWJ0b3JfYWdlbnRfYWRkcmVzcyI6IiIsImRlYnRvcl9hZ2VudF9jb3VudHJ5IjoiR0IiLCJkZWJ0b3JfYWdlbnRfYmljX3N3aWZ0IjoiVEVTVEdCMjEiLCJkZWJ0b3JfYWdlbnRfY29kZSI6IjM1MTE2MSIsImRlYnRvcl9hZ2VudF9jb2RlX3R5cGUiOiJzb3J0Q29kZSIsImNyZWRpdG9yX2VudGl0eV90eXBlIjoiQlVTSU5FU1MiLCJjcmVkaXRvcl9uYW1lIjoiRUxDT0lOIExURCAtIERFViIsImNyZWRpdG9yX2ZpcnN0X25hbWUiOiJFTENPSU4gTFREIC0gREVWIiwiY3JlZGl0b3JfbGFzdF9uYW1lIjoiIiwiY3JlZGl0b3JfYWRkcmVzcyI6IiIsImNyZWRpdG9yX2FkZHJlc3Nfc3RyZWV0IjoiIiwiY3JlZGl0b3JfYWRkcmVzc19yZWdpb24iOiIiLCJjcmVkaXRvcl9jaXR5IjoiIiwiY3JlZGl0b3JfcG9zdF9jb2RlIjoiIiwiY3JlZGl0b3JfY291bnRyeSI6IkdCIiwiY3JlZGl0b3JfZGF0ZV9vZl9iaXJ0aCI6bnVsbCwiY3JlZGl0b3JfbmF0aW9uYWxfaWQiOiIiLCJjcmVkaXRvcl9ld2FsbGV0IjoiVFJBTlNJVC5FVVIuUkIiLCJjcmVkaXRvcl9hY2NvdW50X251bWJlciI6IkdCMzJURVNUNzQxNjE0ODYzMjQyODQiLCJjcmVkaXRvcl9hY2NvdW50IjoiVFJBTlNJVC5FVVIuUkIiLCJjcmVkaXRvcl9hY2NvdW50X2liYW4iOiJHQjMyVEVTVDc0MTYxNDg2MzI0Mjg0IiwiY3JlZGl0b3JfYWNjb3VudF9kb21lc3RpYyI6Ijg2MzI0Mjg0IiwiY3JlZGl0b3JfYWdlbnRfbmFtZSI6IkV4YW1wbGUgQmFuayIsImNyZWRpdG9yX2FnZW50X2FkZHJlc3MiOiIiLCJjcmVkaXRvcl9hZ2VudF9jb3VudHJ5IjoiR0IiLCJjcmVkaXRvcl9hZ2VudF9iaWNfc3dpZnQiOiJURVNUR0IyMSIsImNyZWRpdG9yX2FnZW50X2NvZGUiOiI3NDE2MTQiLCJjcmVkaXRvcl9hZ2VudF9jb2RlX3R5cGUiOiJzb3J0Q29kZSIsImRlYmV0X2dsIjowLCJjcmVkaXRfZ2wiOjAsImZlZV9hbW91bnQiOjcsImZlZV9jdXJyZW5jeSI6IkVVUiIsImZlZV9hY2NvdW50IjoiNjEwMDAwMEMwMDBFVVJVIiwiZmVlX2lkIjo1LCJmZWVfZGV0YWlscyI6IlBheW1lbnQgZmVlIGZvciAiLCJmZWVfcmV2ZW51ZV9nbCI6NjAyMzUwMDAsImZlZV9yZXZlbnVlX2FjY291bnQiOiJGRUVSQUlMUy1JTlQoQikiLCJwYXltZW50X2ZlZV9pZCI6MCwibm9zdHJvX2FjY291bnQiOiIiLCJub3N0cm9fbmFtZSI6IiIsInBheW1lbnRfcmVmZXJlbmNlIjoiUDAwMDM5NCIsInBheW1lbnRfYXR0YWNobWVudHMiOiIiLCJzZW5kX2Ftb3VudCI6MCwic2VuZF9jdXJyZW5jeSI6IiIsInJhdGUiOjAsImZpeGVkX3NpZGUiOiIiLCJyYXRlX3RpbWVzdGFtcCI6bnVsbCwiYW1vdW50X3NpZ25hdHVyZSI6IiIsImF1dGhvcmlzZV9kYXRlIjpudWxsLCJhdXRob3Jpc2VfdXNlciI6IiIsImF1dGhvcmlzZV9zdGF0dXMiOiIiLCJvYXV0aF9hY2Nlc3NfdG9rZW4iOiIiLCJmZWVfYWNjb3VudF9pYmFuIjoiR0IwNVRFU1QzNTExNjE0OTM3NDk4NSIsInBheW1lbnRfZGF0ZSI6IjIwMjEtMDctMjEiLCJwYXltZW50X3R5cGUiOiJJTlRFUk5BTCIsImRvY3VtZW50X2lkIjowLCJkb2N1bWVudF9yZWZlcmVuY2UiOiIiLCJkZXRhaWxzIjoiWmVubm8gQXBpIHRlc3QiLCJkZWJ0b3JfY2xpZW50X2NvZGUiOiJFTjAwMDAwQ1kiLCJjcmVkaXRvcl9jbGllbnRfY29kZSI6IkVOMDAwMDAyRiIsImRlYnRvcl9jb3VudGVycGFydHlfaWQiOjAsImRlYnRvcl9hY2NvdW50X3JlZmVyZW5jZV9pZCI6MCwiY3JlZGl0b3JfY291bnRlcnBhcnR5X2lkIjowLCJjcmVkaXRvcl9hY2NvdW50X3JlZmVyZW5jZV9pZCI6MCwiZmluYW5jaWFsX2luc3RpdHV0aW9uIjoiNjEwMCIsIm9yaWdpbmFsX3JlZmVyZW5jZSI6IiIsInRyYW5zYWN0aW9uX3R5cGUiOiIiLCJkb2N1bWVudF90eXBlIjoiSU5URVJOQUwiLCJvbGRfcHJvY2Vzc2luZ19zdGF0dXMiOiIiLCJvbGRfcHJvY2Vzc2luZ19zdGVwIjoiIiwicHJvY2Vzc2luZ19zdGVwIjoiTk9STUFMIiwicHJvY2Vzc2luZ19zdGF0dXMiOiJQUkVQQVJFIiwidWlkIjoiIiwiaWQiOjAsInZlcnNpb24iOjAsInN0YXRlIjowLCJjcmVhdGVfdXNlciI6IiIsImNyZWF0ZV9kYXRlIjpudWxsLCJtb2RpZnlfdXNlciI6IiIsIm1vZGlmeV9kYXRlIjpudWxsfX0=",
    "client_code":"EN00000CY"
}

# POSITIVE RESPONSE

200 - Response successfully when status is OK

Schema: HeaderResponseStatusOkSign

Type: application/json

Variable	Name	Type	Description
error	Error Code	string	Error code
error_description	Error Description	string	Description of error
expires_in	expires_in	string	expiration time
mfa_token	MFA Token	string	Multi-factorÂ authentication token
sign_token	Sign Token	string	Sign token
code	Verification code	integer	The verification code that was sent to the MFA device

# RESPONSE POSITIVE EXAMPLE

							{
"sign_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6IiJ9.eyJpc3MiOiJodHRwczpcL1wvYXBpLm4wLmVsY29pbi5jby51a1wvIiwic3ViIjoiRU4wMDAwMENZIiwiYWN0Ijp7InN1YiI6IkVOMDAwMDBDWSJ9LCJleHAiOjE2MjY4NTU4NTAsImp0aSI6ImI0OTFlZmVhLWJiZWEtMmViYi04MzE0LTMxZjNiMDQ0MmYxMSIsInNpZCI6ImI0OTFlZmVhLWJiZWEtMmViYi04MzE0LTI4ZjNiMDFiZjg4MyIsImFtciI6Im9vYjplbWFpbDpiKjFAZ21haWwuY29tIiwiY2xpZW50X2lkIjoiaWJfbG9jYWxob3N0Iiwic2NvcGUiOiJtZmFfdG9rZW46ODI3NyIsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJleHBpcmVzIjoiMjAyMS0wNy0yMVQwODoyNDoxMC4wMDAtMDA6MDAiLCJpc3N1ZWRfYXQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwLjAwMC0wMDowMCJ9.ptuPZcZ7Sujf68JWTu8jtiFqf5Za6B1qRDo0GdbwgL0",
   "expires_in":1800
}
OR (if MFA requiered)
{
    "mfa_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiIsImN0eSI6IiJ9.eyJpc3MiOiJodHRwczpcL1wvYXBpLm4wLmVsY29pbi5jby51a1wvIiwic3ViIjoiRU4wMDAwMENZIiwiYWN0Ijp7InN1YiI6IkVOMDAwMDBDWSJ9LCJleHAiOjE2MjY5NjMyNTUsImp0aSI6ImNiMDk1ZmI4LWE5NzUtODQ5My04NDE0LWJhMDZhOGM2NjM3ZiIsInNpZCI6ImNiMDk1ZmI4LWE5NzUtODQ5My04NDE0LWJhMDY5MGVlNWQ3ZiIsImFtciI6Im9vYjplbWFpbDpiKjFAZ21haWwuY29tIiwiY2xpZW50X2lkIjoiaWJfbG9jYWxob3N0Iiwic2NvcGUiOiJtZmFfdG9rZW46ODMzMCIsInRva2VuX3R5cGUiOiJiZWFyZXIiLCJleHBpcmVzIjoiMjAyMS0wNy0yMlQxNDoxNDoxNS4wMDAtMDA6MDAiLCJpc3N1ZWRfYXQiOiIxOTcwLTAxLTAxVDAwOjAwOjAwLjAwMC0wMDowMCJ9.k1kKlu4N5xRnv5E2psNCt7hMoQRIo7zPHi8NeOBRD2E",
    "code": "8330",
    "error": "mfa_code_required",
    "error_description": "Please confirm challenge with sent code"
}

# NEGATIVE RESPONSE

400 - Response with error when status is ERROR

Schema: HeaderResponseStatusErrorOAuth

Type: object

Variable	Name	Type	Format	Description
error_description	Error Description	string		Description of error
error	Error Code	string		Error code

# RESPONSE NEGATIVE EXAMPLE

							{
    "error": "invalid-authorization-token",
    "error_description": "Unknown error. The resource owner or authorization server denied the request."
}

# Other endpoints

Name	Endpoint
Fetch Access / Refresh Token	/oauth/v2/token
oAuth. Fetch role by request	/api/oAuthRepresentativeRole/getData/oAuthRepresentativeRoleSearchRequest
IB Password Restore	/oauth/v2/passwordRestore
IB Login	/oauth/v2/login
IB Challenge	/oauth/v2/challenge
oAuth. Change password by request	/api/oAuthSecurity/changePassword/oAuthChangePasswordRequest
oAuth. Fetch device by request	/api/oAuthDevice/getData/oAuthDeviceSearchRequest
oAuth. Create/update device	/model/oAuthDevice/putDb
oAuth. Set device status by Request	/api/oAuthDevice/setDeviceStatus/oAuthDeviceStatusRequest
IB Password Restore Reset	/oauth/v2/passwordRestoreReset
IB Password Restore Verification	/oauth/v2/passwordRestoreVerification