fineract-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adi Raju" <adi.r...@confluxtechnologies.com>
Subject RE: Using Self-Service APIs to return accounts of only one client
Date Mon, 26 Sep 2016 09:23:42 GMT
Self Service APIs were created not only with end customer in mind. These APIs are created to
support agent banking, field staff and other scenarios as well. Basic idea is that the data
and operations are restricted as compared to a bank staff.
Design decisions and the approach is documented here https://mifosforge.jira.com/wiki/display/MIFOSX/Customer+Self+Service
, https://mifosforge.jira.com/wiki/display/MIFOSX/Customer+Self+Service+-+Phase+2


Gist of the document:
1. App user and roles/permissions is reused. A self-service user is created/managed using
the user APIs, https://demo.openmf.org/api-docs/apiLive.htm#users_create, by passing additional
params isSelfServiceUser and clients params while creating an app user.
2. A Self Service User would have access to all the clients' information that are provided
as part of clients param. In case of agent banking scenario, there can be more than 1 client,
who might be able to perform operations on behalf of a client. In case of individual client,
the clients list would be only 1.
3. As part of user authentication response, if it is a self-service user, list of clients
data is sent. If clients list contains only one client, then the end user app need not use
/self/clients end point. They can start using the /self/clients/{clientId} directly. So the
intelligence is expected in the self-service app, based on the scenario it would be used.

Regards,
Adi

-----Original Message-----
From: Ed Cable [mailto:edcable@mifos.org] 
Sent: 24 September 2016 04:44
To: dev@fineract.incubator.apache.org
Cc: Antuan Ariel Castillo; Vishwajeet Srivastava
Subject: Using Self-Service APIs to return accounts of only one client

Adi,

Can you give guidance to the community via the mailing list on how to properly use the self-service
APIs. The primary use case and what they were designed for is for an individual client to
authenticate his or herself and only have access to his/her individual accounts.

Both Vishwajeet and a user on Gitter @AntuanC (see message below) have had issues in using
the API in such a manner whereby they return a list of multiple clients and not just the accounts
for that one client.


@AntuanC
"Hello everyone,
I want to create a user for customers, so they may login and check your statements.
However I find no way to link a user to a specific customer, so that only you can see their
accounts and not those of all customers.
Can you help me?"


--
*Ed Cable*
Director of Community Programs, Mifos Initiative edcable@mifos.org | Skype: edcable | Mobile:
+1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org <http://facebook.com/mifos>
 <http://www.twitter.com/mifos>


Mime
View raw message