get-private-kyc.rst (9652B)
1 .. http:GET:: [/instances/$INSTANCE]/private/kyc 2 .. http:GET:: /management/instances/$INSTANCE/kyc 3 4 Check KYC status of a particular payment target. 5 Prompts the exchange to inquire with the bank 6 as to the KYC status of the respective account 7 and returns the result. 8 9 **Required permission:** ``instances-kyc-read`` 10 11 **Request:** 12 13 *Accept*: 14 The client may specify the desired MIME-type for the result. 15 Supported are the usual "application/json", but also 16 "text/plain". 17 18 :query h_wire=H_WIRE: *Optional*. If specified, the KYC check should 19 return the KYC status only for this wire account. Otherwise, for all wire accounts. 20 :query exchange_url=URL: *Optional*. If specified, the KYC check should 21 return the KYC status only for the given exchange. Otherwise, for all exchanges we interacted with. 22 :query lpt=TARGET: *Optional*. 23 Specifies what status change we are long-polling for. 24 Use 1 to wait for the KYC auth transfer (access token available), 25 2 to wait for an AML investigation to be done, 26 and 3 to wait for the KYC status to be OK. 27 If multiple accounts or exchanges match the query, 28 any account reaching the TARGET state will cause 29 the response to be returned. 30 @since protocol **v17**. @deprecated with **v25**, use ``lp_*``-query parameters instead. 31 :query lp_status=STATUS: *Optional*. 32 Specifies what status change we are long-polling for. 33 If specified, the endpoint will only return once the status *matches* the given value. 34 If multiple accounts or exchanges match the query, 35 any account reaching the STATUS will cause the response to be returned. 36 @since protocol **v25**. 37 :query lp_not_status=STATUS: *Optional*. 38 Specifies what status change we are long-polling for. 39 If specified, the endpoint will only return once the status no longer matches the given value. 40 If multiple accounts or exchanges *no longer matches* the given STATUS 41 will cause the response to be returned. 42 @since protocol **v25**. 43 :query lp_not_etag=ETAG: *Optional*. 44 Specifies what status change we are long-polling for. 45 If specified, the endpoint will only return once the returned "Etag" 46 would differ from the ETAG specified by the client. The "Etag" 47 is computed over the entire response body, and thus assured to change 48 whenever any data point in the response changes. This is ideal for 49 clients that want to learn about any change in the response. Clients 50 using this query parameter should probably also set a "If-none-match" 51 HTTP header so that if the ``timeout_ms`` expires, they can get back 52 a "304 Not modified" with an empty body if nothing changed. 53 @since protocol **v25**. 54 :query timeout_ms=NUMBER: *Optional.* If specified, the merchant will 55 wait up to ``timeout_ms`` milliseconds for the exchanges to confirm completion of the KYC process(es). 56 57 **Response:** 58 59 If different exchanges cause different errors when processing 60 the request, the largest HTTP status code that is applicable 61 is returned. 62 63 :http:statuscode:`200 Ok`: 64 The user may be redirected to the provided locations to perform 65 KYC checks. 66 The response will be a `MerchantAccountKycRedirectsResponse` object. 67 Uses this status code and format only since protocol **v17**. 68 :http:statuscode:`204 No content`: 69 No possibilities for KYC operations exist. 70 @since protocol **v25** only returned if this instance has no bank 71 accounts or no exchanges are configured for the merchant backend. 72 :http:statuscode:`304 Not modified`: 73 The ``ETag`` in the response did not change compared to the one 74 given in the ``If-none-match`` HTTP header specified by the client. 75 @since protocol **v25**. 76 :http:statuscode:`400 Bad Request`: 77 A query parameter is malformed. 78 :http:statuscode:`401 Unauthorized`: 79 The request is unauthorized. 80 Returned with ``TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED``. 81 :http:statuscode:`404 Not found`: 82 The instance is unknown to the backend. 83 Returned with ``TALER_EC_MERCHANT_GENERIC_INSTANCE_UNKNOWN``. 84 :http:statuscode:`406 Not acceptable`: 85 The merchant backend could not produce a response in the desired format. 86 :http:statuscode:`503 Service unavailable`: 87 The merchant backend is temporarily unable to process the request. 88 89 **Details:** 90 91 .. ts:def:: MerchantAccountKycRedirectsResponse 92 93 interface MerchantAccountKycRedirectsResponse { 94 95 // Array of KYC status information for 96 // the exchanges and bank accounts selected 97 // by the query. 98 kyc_data: MerchantAccountKycRedirect[]; 99 100 } 101 102 .. ts:def:: MerchantAccountKycRedirect 103 104 interface MerchantAccountKycRedirect { 105 106 // Summary of the status of the KYC process. Possible values are: 107 // 108 // o "unsupported-account": this exchange does not support the given account (this is unlikely to change automatically, but could be perfectly normal if the account is supported by at least one other exchange). @since protocol **v25**. 109 // o "no-exchange-keys": we do not (yet) have the /keys of the exchange 110 // - "kyc-wire-impossible": KYC auth transfer needed but not possible 111 // (see also: auth_conflict). 112 // @ "kyc-wire-required": KYC auth transfer still needed and possible 113 // @ "kyc-required": merchant must supply KYC data to proceed (incl. 114 // in case of exposed zero-limits on deposit/aggregation) 115 // + "awaiting-aml-review": account under review by payment provider 116 // + "ready": everything is fine, account can be fully used 117 // - "logic-bug": merchant backend logic bug 118 // o "merchant-internal-error": merchant had an internal error 119 // o "exchange-internal-error": exchange had an internal error 120 // o "exchange-gateway-timeout": network timeout at gateway 121 // o "exchange-unreachable": exchange did not respond at all to our KYC status inquiry 122 // this can be briefly the case even if an exchange is online, as any HTTP request 123 // takes time to be processed; as a result, the KYC status for this account is unknown 124 // - "exchange-status-invalid": exchange violated protocol in reply 125 // 126 // "+" are perfectly normal states, "@" are states where the user 127 // must performn an action (show link!); "o" are reasonable transient 128 // states that could happen and are we are expected to likely recover 129 // from automatically but that we should inform the user about 130 // (show in yellow?), "-" are hard error states from which 131 // there is likely no good automatic recovery from (show in red?). 132 status: string; 133 134 // Full payto URI of the bank wire account this is about. 135 payto_uri: string; 136 137 // Currency used by the exchange. 138 // @since protocol **v25**. 139 exchange_currency: string; 140 141 // Hash of the salted payto://-URI of our bank wire 142 // account this is about. 143 // @since protocol **v17**. 144 h_wire: string; 145 146 // Base URL of the exchange this is about. 147 exchange_url: string; 148 149 // HTTP status code returned by the exchange when we asked for 150 // information about the KYC status. 151 // @since protocol **v17**. 152 exchange_http_status: Integer; 153 154 // True if we did not get a ``/keys`` response from 155 // the exchange and thus cannot do certain checks, such as 156 // determining default account limits or account eligibility. 157 no_keys: boolean; 158 159 // True if the given account cannot do KYC at the 160 // given exchange because no wire method exists that could 161 // be used to do the KYC auth wire transfer. 162 auth_conflict: boolean; 163 164 // Numeric `error code <error-codes>` indicating errors the exchange 165 // returned, or TALER_EC_INVALID for none. 166 // Optional (as there may not always have 167 // been an error code). 168 // @since protocol **v17**. 169 exchange_code?: Integer; 170 171 // Access token needed to open the KYC SPA and/or 172 // access the ``/kyc-info/`` endpoint. 173 // Optional as without the KYC auth wire transfer we 174 // may simply not have an access token yet. 175 access_token?: AccountAccessToken; 176 177 // Array with limitations that currently apply to this 178 // account and that may be increased or lifted if the 179 // KYC check is passed. 180 // Note that additional limits *may* exist and not be 181 // communicated to the client. If such limits are 182 // reached, this *may* be indicated by the account 183 // going into ``aml_review`` state. However, it is 184 // also possible that the exchange may legally have 185 // to deny operations without being allowed to provide 186 // any justification. 187 // The limits should be used by the client to 188 // possibly structure their operations (e.g. withdraw 189 // what is possible below the limit, ask the user to 190 // pass KYC checks or withdraw the rest after the time 191 // limit is passed, warn the user to not withdraw too 192 // much or even prevent the user from generating a 193 // request that would cause it to exceed hard limits). 194 limits?: AccountLimit[]; 195 196 // Array of full payto://-URIs with 197 // wire transfer instructions (including 198 // optional amount and subject) for a KYC auth wire 199 // transfer. Set only if this is (still) required 200 // to get the given exchange working. 201 // Array because the exchange may have multiple 202 // bank accounts, in which case any of these 203 // accounts will do. 204 // Optional. 205 // @since protocol **v17**. 206 payto_kycauths?: string[]; 207 208 }