Backend API Overview¶
Important Note
-
The registration of client applications is handled through a business process.
To request access, please contact the relevant business representative. -
All API clients must include the following request headers in every call:
Content-Type: application/jsonAccept: application/jsontraceid: xxxxxxx
API Overview¶
- Microservices architecture
- REST APIs
- Spring Boot + Spring Web
Base URL¶
https://devserver
| API NAME | DESCRIPTION |
|---|---|
| App Login API | Authenticates users and returns an access token for authorized requests. |
| Account Balance API | Retrieves current balance and account status for a user. |
| Account User Details API | Returns account holder personal and address information. |
| Update Account User Details API | Updates user account and personal details. |
| Transaction History API | Retrieves the last 10 transactions for a user. |
| Cash Withdrawal API | Withdraws funds and returns updated balance. |
| Cash Deposit API | Deposits funds and updates account balance. |
| Transfer Amount API | Transfers funds between accounts securely. |
OAuth2 Security (JWT)¶
The Stroller application secures its APIs using the OAuth 2.0 protocol with JSON Web Tokens (JWT).
An external identity provider, Auth0, is responsible for handling authentication and issuing access tokens.
Authentication Flow¶
- A client authenticates with Auth0 using valid credentials
- Upon successful authentication, Auth0 issues a signed JWT access token
- The client uses this token to access protected API endpoints
Using the Access Token¶
All protected API requests must include the JWT in the HTTP Authorization header:
```http
Authorization: Bearer