Getting Started
Authentication
ClientIpAddress is required for each API call.
Basic Authentication
Basic authentication is required for all Ria API calls that do not need customer authentication. It is obtained by using your API username and password provided by RIA, combining them so that you have a string like username:password, then Base 64 encoding it.
For Example, if my Ria API username is: 'MySampleUser' and my password is: 'MySamplePassword', you would obtain the basic authentication header by base 64 encoding the string 'MySampleUser:MySamplePassword' to produce the value: TXlTYW1wbGVVc2VyOk15U2FtcGxlUGFzc3dvcmQ=
Then you would pass this in as a header value: Authorization Basic TXlTYW1wbGVVc2VyOk15U2FtcGxlUGFzc3dvcmQ=
Sample (C#):
using (var httpClient = new HttpClient { BaseAddress = new Uri(ConfigConstants.ApiBaseUri) })
{
httpClient.DefaultRequestHeaders.Add("ClientIpAddress", IpAddressHelper.GetIpAddress().ToString());
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(Encoding.ASCII.GetBytes("MySampleUser:MySamplePassword")));
...
}
Customer Authentication
API calls that deal with customer-specific data require customer authentication. This is obtained by providing the customer's username and password (in conjunction with basic authentication from above) to the /Authenticate endpoint to get a customer token.
The customer token is then added to the header for every subsequent API call, identifying you and the customer to the Ria API. The tokens are unique and expire after 15 minutes, providing a mock "session" to the RESTful Ria API.
Sample (C#):
using (var httpClient = new HttpClient { BaseAddress = new Uri(ConfigConstants.ApiBaseUri) })
{
httpClient.DefaultRequestHeaders.Add("ClientIpAddress", IpAddressHelper.GetIpAddress().ToString());
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(Encoding.ASCII.GetBytes("MySampleUser:MySamplePassword")));
httpClient.DefaultRequestHeaders.Add("CustomerId", username);
httpClient.DefaultRequestHeaders.Add("CustomerPassword", password);
var httpResponseMessage = httpClient.GetAsync("/Authenticate").Result;
var token = httpResponseMessage.Headers.GetValues("Token").Single();
}
The token is returned in the response body of /Authenticate. Once the customer token is obtained, pass it into the authorization header following the word 'Session' to receive a response from API calls that require it.
Sample (C#):
using (var httpClient = new HttpClient { BaseAddress = new Uri(ConfigConstants.ApiBaseUri) })
{
httpClient.DefaultRequestHeaders.Add("ClientIpAddress", IpAddressHelper.GetIpAddress().ToString());
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Session", Token);
...
}
Sample Calls
Here are a few simple sample calls to help get you up and running.
Get available send-to countries (C#):
using (var httpClient = new HttpClient { BaseAddress = new Uri(ConfigConstants.ApiBaseUri) })
{
httpClient.DefaultRequestHeaders.Add("ClientIpAddress", IpAddressHelper.GetIpAddress().ToString());
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic",
Convert.ToBase64String(Encoding.ASCII.GetBytes("MySampleUser:MySamplePassword")));
var httpResponseMessage = httpClient.GetAsync("Location/GetSendToCountries").Result;
string rawResponse = httpResponseMessage.Content.ReadAsStringAsync().Result;
var countries = JsonConvert.DeserializeObject<CountryResponse>(rawResponse);
}
Get previous orders for a customer (C#):
using (var httpClient = new HttpClient { BaseAddress = new Uri(ConfigConstants.ApiBaseUri) })
{
httpClient.DefaultRequestHeaders.Add("ClientIpAddress", IpAddressHelper.GetIpAddress().ToString());
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Session", Token);
var httpResponseMessage = httpClient.GetAsync("Payment/GetAvailablePaymentMethods").Result;
string rawResponse = httpResponseMessage.Content.ReadAsStringAsync().Result;
var customerPaymentAccounts = JsonConvert.DeserializeObject<CustomerPaymentAccountsResponse>(rawResponse);
}
Error Codes
Endpoints
= Customer authentication is required
PushNotification
Location
Gets all countries with at least one send to agent. Does not take into account restrictions or filtering.
Returns a list of available currencies that the country pays out in
Returns a list of available delivery methods that a country supports
Returns a list of cities where correpsondent locations are present for a given country. This method may be made obsolete by SearchAgentPayoutCities. This query does NOT include CityId in the result.
Returns a list of available payout cities where correpsondent locations are present for a given country. This query includes CityId in the result.
Returns a collapsed list of agent locations. For example, if a given brand contains 20 locations in a given city the results list will contain one entry with LocationCount = 20
Returns an expanded list of agent locations. For example, if a given brand contains 20 locations in a given city the results list will contain 20 entries
Search for agents based off of lat/long and get a list back sorted by nearest distance
Get the percentage of agents with good geolocation data for a given country
Pass in as much as you can about an address and get a lat/long value back
Returns business hours for an individual location
Get agent locations from core API This endpoint should not be in use, as references to them were removed from Public API and CST
Ping
General
Payment
Gets available payment methods for use to fund a transaction
Gets all payment accounts associated with the current customer
Gets the base payment account information by ID associated with the current customer
Checks if the payment account can be added to the customer's account or not. Will throw an exception if the account cannot be added, explaining why not.
Verifies the bank account belongs to the customer via micro deposits
Gets information about a card (ex. debit or credit) using BIN (first six numbers).
Increments a payment account's AccountVerificationAttemtps count. Throws a PaymentAccountDisabledException if the payment account has exceeded the maximum number of attempts configured from 'maxAccountVerificationAttempts' in the Agents.config
Resets a payment account's AccountVerificationAttemtps count.
Resets a payment account's itemloginrequired status
Partner
Ensure that the money transfer order is valid. This will create a pre-order audit and return an identifier to be passed into the order creation call.
Take the pre-order values generated from the validate order call, and insert an order with those details.
FeaturesFlag
Preview Enforce feature flag refresh status
Pricing
Calculate the fee required for the customer to send the given transaction
Uses the exchange rate to calculate a pay-out amount given an amount to send
Uses the exchange rate to calculate a pay-in amount given an amount to receive
Validate the agent against the passed parameters. This will check limits and blocks.
Bank
Searches for a bank in a given country. Either BankName (partial like 'ban' is ok) or BankCode (CLABE, routing number, swift code, IFSC) can be used
Searches for bank locations given a specific BankId and Country, State, City
Search for bank information and throw an exception if a matching bank is not found
Validate that a bank code (CLABE, IFSC, routing number, etc) exists in the Ria database and can be used for bank deposit
Customer
Get any special requirements or fields for customer registration.
Get any special requirements or fields for recipient registration.
Request for a password reset if the customer is locked out of their account. Will send an email with password reset instructions
Request for a password reset if the customer is locked out of their account. Will send an email with password reset instructions
This new endpoint is to make reset password backwards compatible with RMT2.0 FE and Mobile app. Request for a password reset if the customer is locked out of their account. Will send an email with password reset instructions
After a password reset request has been made, use the customer code sent in email and the customer's new password to reset their password
Validates a customer support code that is entered into the user's notes field. This is used during forgot password for customer's that don't have 3 security questions and can't get identity verification questions
Change an account password with email, and old password (provide new password)
Load recipients for the current logged in customer filtered by CountryTo
Update the given recipient attached to the currently authenticated customer
Update the given recipient attached to the currently authenticated customer
Save (insert or update) the recipient bank deposit details. Will also validate bank deposit details.
Load the security questions tied to the customer account. Used for unathenticated request
Load the compliance questions for registration (e.g. PoliticallyExposedPersons, PEP).
Get the customer email from their unique user code (GUID)
Load the security questions tied to the current customer. Customer identity is read from authenticated token
Load the occupations available. Used for customer profile.
Load the occupations available based on the countryId.
Verify the customer's security question/answer combination
Verify a customer's security question/answer combination
Register a temporary customer. The customer can become a real customer through the customer matching process.
Send verification code for an already authenticated user.
Add the current customer's personal information like name, date of birth, address and phone number.
Update the current customer's personal information like address and phone number.
Validates a customer to ensure that they have filled out the required information to make an order. If no exceptions are thrown the customer is validated to make a money transfer online.
For registraiton: quickly checks to see if an email address is available or if it already belongs to a customer in our system.
Pass in some fields to attempt to match this customer with an offline customer that has created ordres through a physical store
Verify the customer's authentication code to ensure the device they received the code on is theirs
Check the status/progress of the customer's authentication code verification.
Generates a random customer's authentication code (to be sent to customer's mobile device which he/she can enter on the website for confirmation)
Validates customer personal info, used on expired fields update process
Logging
Logs all the Segment Events in Private API coming from external sources
Order
Gets the recipient-specific fields required for a money transfer order
Gets the recipients for the current logged in customer filtered by CountryTo and the recipient-specific fields required for a money transfer order
Gets the current fields required to enter or modify a new recipient for a bank deposit money transfer order
Gets the orders for the current customer between the date range provided
Gets the details of an order with the credentials of a logged in customer for use on track a transfer page
Checks if an order is eligible to edit the recipient name
Run the order through all of the back end validation logic. Fraud checks, agent limits, etc.
Initiates a Direct Bank Transaction, an offsite payment url will be returned with this call to complete payment.
Saves in cache the status for the transaction with a specific externalTransactionId.
Initiates a Fintoc Transaction, a Widget Token be returned with this call to complete payment.
Get the status of the payment intent for Fintoc Direct Bank.
The main way to create a money transfer order. This must be called after order validation to receive a transaction id to pass into this endpoint. This will be obsolete when RMT2, Incomm are migrated over to RMT3.
Endpoint to complete the creation of order for a client-side authorized transaction.
The main way to create a money transfer order. This must be called after order validation to receive a transaction id to pass into this endpoint.
Logs the client side card authorization request. Returns logId
Cancel incomplete money transfer order initiated by the client automatically.
Endpoint to complete the indefinite ACH order which is deemed not ER by accertify.
Cancel incomplete ACH ER money transfer order initiated by the client automatically.
End point to Cancel Adyen Order , called from remittance webhook this is when capture settlement fails
IdentityVerification
Gets the result of the answers to the identity verification questions
Verifies customer documentation (ex. picture of a driver license)
Check to see if the current customer's ID is past expiration or is invalid in any way
Get details about id document types for the given conditions If you don't know the generic type yet, use GetAvailableDocumentTypes()
Gets a list of provider-specific document types to be used for upload
Sends an email for a user that has the SendEmail claim (to be used by core IT)