get-private-kyc.rst (9864B)
1 .. http:GET:: [/instances/$INSTANCE]/private/kyc 2 .. http:GET:: /management/instances/$INSTANCE/kyc 3 4 Check KYC status of a particular payment target. 5 Prompts the exchange to inquire with the bank 6 as to the KYC status of the respective account 7 and returns the result. 8 9 **Required permission:** ``instances-kyc-read`` 10 11 **Request:** 12 13 *Accept*: 14 The client may specify the desired MIME-type for the result. 15 Supported are the usual "application/json", but also 16 "text/plain". 17 18 :query h_wire=H_WIRE: *Optional*. If specified, the KYC check should 19 return the KYC status only for this wire account. Otherwise, for all wire accounts. 20 :query exchange_url=URL: *Optional*. If specified, the KYC check should 21 return the KYC status only for the given exchange. Otherwise, for all exchanges we interacted with. 22 :query lpt=TARGET: *Optional*. 23 Specifies what status change we are long-polling for. 24 Use 1 to wait for the KYC auth transfer (access token available), 25 2 to wait for an AML investigation to be done, 26 and 3 to wait for the KYC status to be OK. 27 If multiple accounts or exchanges match the query, 28 any account reaching the TARGET state will cause 29 the response to be returned. 30 @since protocol **v17**. @deprecated with **v25**, use ``lp_*``-query parameters instead. 31 :query lp_status=STATUS: *Optional*. 32 Specifies what status change we are long-polling for. 33 If specified, the endpoint will only return once the status *matches* the given value. 34 If multiple accounts or exchanges match the query, 35 any account reaching the STATUS will cause the response to be returned. 36 @since protocol **v25**. 37 :query lp_not_status=STATUS: *Optional*. 38 Specifies what status change we are long-polling for. 39 If specified, the endpoint will only return once the status no longer matches the given value. 40 If multiple accounts or exchanges *no longer matches* the given STATUS 41 will cause the response to be returned. 42 @since protocol **v25**. 43 :query lp_not_etag=ETAG: *Optional*. 44 Specifies what status change we are long-polling for. 45 If specified, the endpoint will only return once the returned "Etag" 46 would differ from the ETAG specified by the client. The "Etag" 47 is computed over the entire response body, and thus assured to change 48 whenever any data point in the response changes. This is ideal for 49 clients that want to learn about any change in the response. Clients 50 using this query parameter should probably also set a "If-none-match" 51 HTTP header so that if the ``timeout_ms`` expires, they can get back 52 a "304 Not modified" with an empty body if nothing changed. 53 @since protocol **v25**. 54 :query timeout_ms=NUMBER: *Optional.* If specified, the merchant will 55 wait up to ``timeout_ms`` milliseconds for the exchanges to confirm completion of the KYC process(es). 56 57 **Response:** 58 59 If different exchanges cause different errors when processing 60 the request, the largest HTTP status code that is applicable 61 is returned. 62 63 :http:statuscode:`200 Ok`: 64 The user may be redirected to the provided locations to perform 65 KYC checks. 66 The response will be a `MerchantAccountKycRedirectsResponse` object. 67 Uses this status code and format only since protocol **v17**. 68 :http:statuscode:`204 No content`: 69 No possibilities for KYC operations exist. 70 @since protocol **v25** only returned if this instance has no bank 71 accounts or no exchanges are configured for the merchant backend. 72 :http:statuscode:`304 Not modified`: 73 The ``ETag`` in the response did not change compared to the one 74 given in the ``If-none-match`` HTTP header specified by the client. 75 @since protocol **v25**. 76 :http:statuscode:`400 Bad Request`: 77 A query parameter is malformed. 78 Returned with ``TALER_EC_GENERIC_PARAMETER_MALFORMED``. 79 :http:statuscode:`401 Unauthorized`: 80 The request is unauthorized. 81 Returned with ``TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED``. 82 :http:statuscode:`404 Not found`: 83 The instance is unknown to the backend. 84 Returned with ``TALER_EC_MERCHANT_GENERIC_INSTANCE_UNKNOWN``. 85 :http:statuscode:`406 Not acceptable`: 86 The merchant backend could not produce a response in the desired format. 87 :http:statuscode:`500 Internal Server Error`: 88 The server experienced an internal failure. 89 Returned with ``TALER_EC_GENERIC_DB_FETCH_FAILED``. 90 :http:statuscode:`503 Service unavailable`: 91 The merchant backend is temporarily unable to process the request. 92 93 **Details:** 94 95 .. ts:def:: MerchantAccountKycRedirectsResponse 96 97 interface MerchantAccountKycRedirectsResponse { 98 99 // Array of KYC status information for 100 // the exchanges and bank accounts selected 101 // by the query. 102 kyc_data: MerchantAccountKycRedirect[]; 103 104 } 105 106 .. ts:def:: MerchantAccountKycRedirect 107 108 interface MerchantAccountKycRedirect { 109 110 // Summary of the status of the KYC process. Possible values are: 111 // 112 // o "unsupported-account": this exchange does not support the given account (this is unlikely to change automatically, but could be perfectly normal if the account is supported by at least one other exchange). @since protocol **v25**. 113 // o "no-exchange-keys": we do not (yet) have the /keys of the exchange 114 // - "kyc-wire-impossible": KYC auth transfer needed but not possible 115 // (see also: auth_conflict). 116 // @ "kyc-wire-required": KYC auth transfer still needed and possible 117 // @ "kyc-required": merchant must supply KYC data to proceed (incl. 118 // in case of exposed zero-limits on deposit/aggregation) 119 // + "awaiting-aml-review": account under review by payment provider 120 // + "ready": everything is fine, account can be fully used 121 // - "logic-bug": merchant backend logic bug 122 // o "merchant-internal-error": merchant had an internal error 123 // o "exchange-internal-error": exchange had an internal error 124 // o "exchange-gateway-timeout": network timeout at gateway 125 // o "exchange-unreachable": exchange did not respond at all to our KYC status inquiry 126 // this can be briefly the case even if an exchange is online, as any HTTP request 127 // takes time to be processed; as a result, the KYC status for this account is unknown 128 // - "exchange-status-invalid": exchange violated protocol in reply 129 // 130 // "+" are perfectly normal states, "@" are states where the user 131 // must performn an action (show link!); "o" are reasonable transient 132 // states that could happen and are we are expected to likely recover 133 // from automatically but that we should inform the user about 134 // (show in yellow?), "-" are hard error states from which 135 // there is likely no good automatic recovery from (show in red?). 136 status: string; 137 138 // Full payto URI of the bank wire account this is about. 139 payto_uri: string; 140 141 // Currency used by the exchange. 142 // @since protocol **v25**. 143 exchange_currency: string; 144 145 // Hash of the salted payto://-URI of our bank wire 146 // account this is about. 147 // @since protocol **v17**. 148 h_wire: string; 149 150 // Base URL of the exchange this is about. 151 exchange_url: string; 152 153 // HTTP status code returned by the exchange when we asked for 154 // information about the KYC status. 155 // @since protocol **v17**. 156 exchange_http_status: Integer; 157 158 // True if we did not get a ``/keys`` response from 159 // the exchange and thus cannot do certain checks, such as 160 // determining default account limits or account eligibility. 161 no_keys: boolean; 162 163 // True if the given account cannot do KYC at the 164 // given exchange because no wire method exists that could 165 // be used to do the KYC auth wire transfer. 166 auth_conflict: boolean; 167 168 // Numeric `error code <error-codes>` indicating errors the exchange 169 // returned, or TALER_EC_INVALID for none. 170 // Optional (as there may not always have 171 // been an error code). 172 // @since protocol **v17**. 173 exchange_code?: Integer; 174 175 // Access token needed to open the KYC SPA and/or 176 // access the ``/kyc-info/`` endpoint. 177 // Optional as without the KYC auth wire transfer we 178 // may simply not have an access token yet. 179 access_token?: AccountAccessToken; 180 181 // Array with limitations that currently apply to this 182 // account and that may be increased or lifted if the 183 // KYC check is passed. 184 // Note that additional limits *may* exist and not be 185 // communicated to the client. If such limits are 186 // reached, this *may* be indicated by the account 187 // going into ``aml_review`` state. However, it is 188 // also possible that the exchange may legally have 189 // to deny operations without being allowed to provide 190 // any justification. 191 // The limits should be used by the client to 192 // possibly structure their operations (e.g. withdraw 193 // what is possible below the limit, ask the user to 194 // pass KYC checks or withdraw the rest after the time 195 // limit is passed, warn the user to not withdraw too 196 // much or even prevent the user from generating a 197 // request that would cause it to exceed hard limits). 198 limits?: AccountLimit[]; 199 200 // Array of full payto://-URIs with 201 // wire transfer instructions (including 202 // optional amount and subject) for a KYC auth wire 203 // transfer. Set only if this is (still) required 204 // to get the given exchange working. 205 // Array because the exchange may have multiple 206 // bank accounts, in which case any of these 207 // accounts will do. 208 // Optional. 209 // @since protocol **v17**. 210 payto_kycauths?: string[]; 211 212 }