Reset Password

API - V 2.5

Download Swagger Spec

Introduction

In order to access the Reset Password API, you will need a user with one of the following scopes:

institution-users:read - A user with this scope may get and find the contact methods for a customer.

institution-users:write - A user with this scope may trigger the sending of a one-time passcode to a customer for resetting their password.

The Reset Password API features basic services for resetting the password for a specified financial institution’s customer or member. The person’s contact methods may be retrieved, and the desired contact method may be used to send a one-time passcode to reset the password.

The Reset Password API enables end users to:

  • Search for the available contact methods.
  • Receive a one-time passcode at the preferred destination (e.g., mobile number) to reset the password.

Enables developers to:

  • Quickly validate the existing customer or member.
  • Provide the customer or member with a quick review of their contact methods.
  • Send a one-time passcode to the customer's or member’s mobile number for resetting their password.

What is Supported?

The Reset Password API supports the following uses:

  • Verifying that a customer or member exists at a specified financial institution.
  • Providing a list of contact methods for an existing customer or member at a specified financial institution.
  • Sending a one-time passcode to the customer's or member’s desired contact method for resetting their password.

Getting Started

Candescent’s APIs support financial institutions worldwide. They can empower financial institutions and their partners to build valuable digital banking experiences.

It’s important to work with your Candescent representative to get officially onboarded to DevX for access to these APIs. Once onboarded, you’ll be able to implement your application, access shared and secret keys and begin testing the APIs.

After all the legal and compliance partnership agreements are in place, we'll set you up with your Authentication API client account. This will grant you access to a unique secret key that will be your ticket to the authentication API and staging and production environments.

The service available through the Candescent Digital Banking Developer Portal provides a token for the grant type:

Client Credentials

  • Used for trusted server-side applications
  • Sending a request passes a key-and-secret pair assigned to your application
  • Since the token is issued in the context of a Financial Institution (FI) rather than a user, no end-user login is required
  • Response provides the Bearer Token to be used to call other DevEx APIs

Steps to getting started:

  • Sign up and/or Login in for authentication

    To make your first API request, you'll need toself-register by clicking the Sign Up button. Then, click the link in your welcomeemail to verify your emailaddress.

  • Review API documentation and request postman collections

    Your Candescent representative will be able to email you the Postman collection for an API you are interested in. You may reach out directly or add the specific API to your favorites to alert your representative.
  • Test APIs in Postman

    In addition to the sample apps, a test drive environment is available to help you visualize the APIs. Using the JSONcollection and Postman, you’ll be able to see API requests working in action and view the information required to make them.

    This will also allow you to experience actual API behavior prior to beginning your integration. For a deeper dive into Postman, view additional reference material here.

Authentication

Authentication proves that you are who you say you are. Authentication tokens identify a user (the person using the app or site).

You‘ll need the following items to set up basic authentication:

Info Alert
Note
          Visit our guide on authentication to learn more.
  • Developer Experience account
  • Sandbox environment with an organization
  • Shared Key
  • Secret Key

Generating your Secret Key

You’ll need a bearer token or an API security key to authenticate API calls. A secret key serves as a secure token to authenticate and authorize requests. Unauthorized use of a secret key could potentially cause a security breach. Thes ecret key holds the error token used to access real data through the API.

Visit our guide on authentication  to learn more.

Before you begin, you‘ll require a unique client_id and client_secret for your app. Notify your implementation manager or PossibleNOW Support atsupport@possiblenow.com to request an OAuth client_id and client_secret. Include your My Preferences Client ID and the environment (staging (sandbox) or production) for which you want to generate the credentials in your request.

These credentials must be treated securely. 

    Use Cases & Examples

    The end user wants to get the list of accounts from the bill pay system, or the user wants to get a specific account from the bill pay system.The user in this case is the customer of financial institution (FI).

    Gets the accounts for the given institution customer

    • Get list of accounts GET /db-accounts/v1/accounts
    • Request -> Query Parameters:
      hostUserId: The specific identifier for that customer
    • Headers:
      Authorization: The bearer access token from the Authentication API
      TransactionId: A UUID string used as unique identifier for this token request

    Get the specified account for the given user

      • Get the accounts GET /db-accounts/v1/accounts/{accountId}
      • Request:
        Headers:
        Authorization: The access token from the Authentication APITransactionId: A UUID string used as unique identifier for this token request
        close

        Sign in now!

        Please sign up or sign in to add to watchlist

        Sign in

        Don’t have an account? 

        Sign up
        close

        Added to watchlist!

        Your interest has been noted. An NCR Voyix Rep
        will contact you with further details soon.