get-private-kyc.rst (10559B)
1 .. http:GET:: [/instances/$INSTANCE]/private/kyc 2 .. http:GET:: /management/instances/$INSTANCE/kyc 3 4 Check KYC status of a particular payment target. 5 Prompts the merchant to inquire with the exchange 6 as to the KYC status of the respective account 7 and returns the result. 8 9 **Required permission:** ``instances-kyc-read`` 10 11 **Request:** 12 13 *Accept*: 14 The client may specify the desired MIME-type for the result. 15 Supported are the usual "application/json", but also 16 "text/plain". 17 18 :query h_wire=H_WIRE: *Optional*. If specified, the KYC check should 19 return the KYC status only for this wire account. Otherwise, for all wire accounts. 20 :query exchange_url=URL: *Optional*. If specified, the KYC check should 21 return the KYC status only for the given exchange. Otherwise, for all exchanges we interacted with. 22 :query lpt=TARGET: *Optional*. 23 Specifies what status change we are long-polling for. 24 Use 1 to wait for the KYC auth transfer (access token available), 25 2 to wait for an AML investigation to be done, 26 and 3 to wait for the KYC status to be OK. 27 If multiple accounts or exchanges match the query, 28 any account reaching the TARGET state will cause 29 the response to be returned. 30 @since protocol **v17**. @deprecated with **v25**, use ``lp_*``-query parameters instead. 31 :query lp_status=STATUS: *Optional*. 32 Specifies what status change we are long-polling for. 33 If specified, the endpoint will only return once the status *matches* the given value. 34 If multiple accounts or exchanges match the query, 35 any account reaching the STATUS will cause the response to be returned. 36 @since protocol **v25**. 37 :query lp_not_status=STATUS: *Optional*. 38 Specifies what status change we are long-polling for. 39 If specified, the endpoint will only return once the status no longer matches the given value. 40 If multiple accounts or exchanges *no longer matches* the given STATUS 41 will cause the response to be returned. 42 @since protocol **v25**. 43 :query lp_not_etag=ETAG: *Optional*. 44 Specifies what status change we are long-polling for. 45 If specified, the endpoint will only return once the returned "Etag" 46 would differ from the ETAG specified by the client. The "Etag" 47 is computed over the entire response body, and thus assured to change 48 whenever any data point in the response changes. This is ideal for 49 clients that want to learn about any change in the response. Clients 50 using this query parameter should probably also set a "If-none-match" 51 HTTP header so that if the ``timeout_ms`` expires, they can get back 52 a "304 Not modified" with an empty body if nothing changed. 53 @since protocol **v25**. 54 :query timeout_ms=NUMBER: *Optional.* If specified, the merchant will 55 wait up to ``timeout_ms`` milliseconds for the exchanges to confirm completion of the KYC process(es). 56 57 **Response:** 58 59 :http:statuscode:`200 Ok`: 60 The user may be redirected to the provided locations to perform 61 KYC checks. 62 The response will be a `MerchantAccountKycRedirectsResponse` object. 63 Uses this status code and format only since protocol **v17**. 64 :http:statuscode:`204 No content`: 65 No possibilities for KYC operations exist. 66 @since protocol **v25** only returned if this instance has no bank 67 accounts or no exchanges are configured for the merchant backend. 68 :http:statuscode:`304 Not modified`: 69 The ``ETag`` in the response did not change compared to the one 70 given in the ``If-none-match`` HTTP header specified by the client. 71 @since protocol **v25**. 72 :http:statuscode:`400 Bad Request`: 73 A query parameter is malformed. 74 Returned with ``TALER_EC_GENERIC_PARAMETER_MALFORMED``. 75 :http:statuscode:`401 Unauthorized`: 76 The request is unauthorized. 77 Returned with ``TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED``. 78 :http:statuscode:`404 Not found`: 79 The instance is unknown to the backend. 80 Returned with ``TALER_EC_MERCHANT_GENERIC_INSTANCE_UNKNOWN``. 81 :http:statuscode:`406 Not acceptable`: 82 The merchant backend could not produce a response in the desired format. 83 No error code is returned in this case. 84 :http:statuscode:`500 Internal Server Error`: 85 The server experienced an internal failure. 86 Returned with ``TALER_EC_GENERIC_DB_FETCH_FAILED``. 87 :http:statuscode:`503 Service unavailable`: 88 The merchant backend is temporarily unable to process the request. 89 90 **Details:** 91 92 .. ts:def:: MerchantAccountKycRedirectsResponse 93 94 interface MerchantAccountKycRedirectsResponse { 95 96 // Array of KYC status information for 97 // the exchanges and bank accounts selected 98 // by the query. 99 kyc_data: MerchantAccountKycRedirect[]; 100 101 } 102 103 .. ts:def:: MerchantAccountKycRedirect 104 105 interface MerchantAccountKycRedirect { 106 107 // Summary of the status of the KYC process. Possible values are: 108 // 109 // o "unsupported-account": this exchange does not support the given account (this is unlikely to change automatically, but could be perfectly normal if the account is supported by at least one other exchange). @since protocol **v25**. 110 // o "no-exchange-keys": we do not (yet) have the /keys of the exchange 111 // - "kyc-wire-impossible": KYC auth transfer needed but not possible 112 // (see also: auth_conflict). 113 // @ "kyc-wire-required": KYC auth transfer still needed and possible 114 // @ "kyc-required": merchant must supply KYC data to proceed (incl. 115 // in case of exposed zero-limits on deposit/aggregation) 116 // + "awaiting-aml-review": account under review by payment provider 117 // + "ready": everything is fine, account can be fully used 118 // - "logic-bug": merchant backend logic bug 119 // o "merchant-internal-error": merchant had an internal error 120 // o "exchange-internal-error": exchange had an internal error 121 // o "exchange-gateway-timeout": network timeout at gateway 122 // o "exchange-unreachable": exchange did not respond at all to our KYC status inquiry 123 // this can be briefly the case even if an exchange is online, as any HTTP request 124 // takes time to be processed; as a result, the KYC status for this account is unknown 125 // - "exchange-status-invalid": exchange violated protocol in reply 126 // 127 // "+" are perfectly normal states, "@" are states where the user 128 // must performn an action (show link!); "o" are reasonable transient 129 // states that could happen and are we are expected to likely recover 130 // from automatically but that we should inform the user about 131 // (show in yellow?), "-" are hard error states from which 132 // there is likely no good automatic recovery from (show in red?). 133 status: string; 134 135 // Full payto URI of the bank wire account this is about. 136 payto_uri: string; 137 138 // Currency used by the exchange. 139 // @since protocol **v25**. 140 exchange_currency: string; 141 142 // Hash of the salted payto://-URI of our bank wire 143 // account this is about. 144 // @since protocol **v17**. 145 h_wire: string; 146 147 // Base URL of the exchange this is about. 148 exchange_url: string; 149 150 // HTTP status code returned by the exchange when we asked for 151 // information about the KYC status. 152 // @since protocol **v17**. 153 exchange_http_status: Integer; 154 155 // True if we did not get a ``/keys`` response from 156 // the exchange and thus cannot do certain checks, such as 157 // determining default account limits or account eligibility. 158 no_keys: boolean; 159 160 // True if the given account cannot do KYC at the 161 // given exchange because no wire method exists that could 162 // be used to do the KYC auth wire transfer. 163 auth_conflict: boolean; 164 165 // Numeric `error code <error-codes>` indicating errors the exchange 166 // returned, or TALER_EC_INVALID for none. 167 // Optional (as there may not always have 168 // been an error code). 169 // @since protocol **v17**. 170 exchange_code?: Integer; 171 172 // Access token needed to open the KYC SPA and/or 173 // access the ``/kyc-info/`` endpoint. 174 // Optional as without the KYC auth wire transfer we 175 // may simply not have an access token yet. 176 access_token?: AccountAccessToken; 177 178 // Array with limitations that currently apply to this 179 // account and that may be increased or lifted if the 180 // KYC check is passed. 181 // Note that additional limits *may* exist and not be 182 // communicated to the client. If such limits are 183 // reached, this *may* be indicated by the account 184 // going into ``aml_review`` state. However, it is 185 // also possible that the exchange may legally have 186 // to deny operations without being allowed to provide 187 // any justification. 188 // The limits should be used by the client to 189 // possibly structure their operations (e.g. withdraw 190 // what is possible below the limit, ask the user to 191 // pass KYC checks or withdraw the rest after the time 192 // limit is passed, warn the user to not withdraw too 193 // much or even prevent the user from generating a 194 // request that would cause it to exceed hard limits). 195 limits?: AccountLimit[]; 196 197 // Array of full payto://-URIs with 198 // wire transfer instructions (including 199 // optional amount and subject) for a KYC auth wire 200 // transfer. Set only if this is (still) required 201 // to get the given exchange working. 202 // Array because the exchange may have multiple 203 // bank accounts, in which case any of these 204 // accounts will do. 205 // Optional. 206 // @since protocol **v17**. 207 payto_kycauths?: string[]; 208 209 // Forwarded value of the ``kyc_swap_tos_acceptance`` flag 210 // that the merchant backend observed in the exchange's 211 // ``/keys`` response. Signals to the frontend that it 212 // should swap the terms-of-service and KYC auth 213 // authentication steps in the user experience. 214 // Optional, defaults to false if not given. 215 // @since protocol **v31**. 216 kyc_swap_tos_acceptance?: boolean; 217 218 // ``Taler-Terms-Version`` (see exchange's ``/terms`` 219 // endpoint) of the terms of service that were already 220 // accepted by the user for this exchange. Optional, 221 // absent if no version has been accepted yet by the 222 // user via ``POST /private/accept-tos-early``. 223 // @since protocol **v31**. 224 tos_accepted_early?: string; 225 226 227 }