Allows different users(Managers, Bank Tellers, and Customers) to perform different bank activities from an API
The preferred response format should be JSON. The JSON object to be returned by the API should be structured as follows:
{
"user": {
"email": "[email protected]",
"username": "johndoe",
"is_activated": True/False
"token": "jwt.token.here",
}
}
{
"transaction": {
"type": [topup, transfer, withdraw],
"performed_by": user: {
"name": name,
"id": user_id
},
"timestamp": "When the transaction happened",
"status": "Success/Failure"
}
}
{
"transactions":
[{
"id": 1,
"type": [topup, transfer, withdraw],
"performed_by": user: {
"name": name,
"id": user_id
},
"timestamp": "When the transaction happened",
"status": "Success/Failure"
}],
"transactions_count": 1
}
If a request fails any validations, errors should be expected in the following format:
{
"errors":{
"email": [
"User with this email already exists"
]
}
}
401 for Unauthorized requests, when a request requires authentication but it isn't provided
403 for Forbidden requests, when a request may be valid but the user doesn't have permissions to perform the action
404 for Not found requests, when a resource can't be found to fulfill the request
POST /api/register
Example request body:
{
"username": "Jacob",
"email": "[email protected]",
"confirm_email": "[email protected]",
"password": "jakejake"
}
Only a Manager or a Bank Teller can access this endpoint i.e If the request is successful, the user details will be returned.
Required fields: email, confirm_email, username, password
The registered user will have to change their accounts password once they are logged in the first time.
POST /api/login
Example request body:
{
"email": "[email protected]",
"password": "jakejake"
}
No authentication required. On successful login, a JWT will be returned that will be used to access other secure endpoints.
Required fields: email, password
POST /api/transactions
Example request body
{
"type": "withdraw/deposit/transfer",
"amount": "20000",
"timestamp": "11/30/2018 @ 11:09am (UTC)",
"performed_by": {
"user": {
"name": "Kimotho",
"account_type": "customer",
"user_id": 10,
}
},
"status": "Success/Failure"
}
GET /api/users/managers
Authentication will be required for this endpoint. Only Users with Manager permissions can access this endpoint.
Response should be a list of all available managers
Sample response
{
"managers":
[
{
"username": "John",
"email": "[email protected]",
"user_id": 10,
"account_type": "manager"
},
{
"username": "Mike",
"email": "[email protected]",
"user_id": 20,
"account_type": "manager"
},
]
}
GET /api/users/tellers
Authentication will be required for this endpoint. Only Users with manager and teller permissions can access this endpoint. Response should be a list of all available tellers.
Sample response
{
"tellers":
[
{
"username": "John",
"email": "[email protected]",
"user_id": 10,
"account_type": "teller"
},
{
"username": "Mike",
"email": "[email protected]",
"user_id": 20,
"account_type": "teller"
},
]
}
GET /api/users/customers
Authentication will be required for this endpoint. Only Users with manager and teller permissions can access this endpoint. Response should be a list of all available customers.
Sample response
{
"customers":
[
{
"username": "John",
"email": "[email protected]",
"user_id": 10,
"account_type": "customer"
},
{
"username": "Mike",
"email": "[email protected]",
"user_id": 20,
"account_type": "customer"
},
]
}
All users will have access to their accounts where they can perform updates on their accounts. Managers can access all accounts belonging to tellers and customers.
They however can not update the users passwords.
Tellers can access all accounts belonging to customers but can not update their passwords.
Endpoint to access a user
GET api/users/managers/username
PUT api/users/managers/username
GET api/users/tellers/username
PUT api/users/tellers/username
GET api/users/customers/username
PUT api/users/customers/username