Functionality
<br>
This API will allow third party applications to obtain information, in the customer's name, about the pre-approved loans that Santander could offer to a customer and that customer could contract.
<br>
To get this information, previously the client have to give his consent to the third party application to obtain his information in his name. So the client have to complete the consent process and obtain an OAuth Access Token which allows the application to use the API. The security requirements are detailed in the next section.
<br><br>
Security
<br>
The security of the API is based on the use of the OAuth protocol. Specifically, the Authorization Code flow is used for requesting the Access Token . To obtain this token, the steps to be follown are:
<br><br>
1. Request Authorization: Call the Authorize API and follow the consent flow to obtain the CODE (See Authorize API documentation)
2. Get Access Token: Call the OAuth Server for exchanging the CODE for an Access Token and a Refresh Token:
Sandbox: POST https://auth-sandbox.bancosantander.es/oauth/token
Live: POST https://auth.bancosantander.es/oauth/token
<br>
Type | Name | Value | Observations |
---|---|---|---|
Header | Authorization | Basic TOKEN | ClientID:ClientSecret in BASE64 |
Parameter | grant_type | authorization_code | Fixed value |
Parameter | redirect_uri | REDIRECT_URI | Indicated when the application is registered |
Parameter | code | CODE | Obtained in the consent process |
<br>
3. Renew Access Token: Access Tokens expires in 10 minutes so for getting a new one the OAuth Server have to be called again for exchanging the Refresh Token for an Access Token:
Sandbox: POST https://auth-sandbox.bancosantander.es/oauth/token
Live: POST https://auth.bancosantander.es/oauth/token
<br>
Type | Name | Value | Observations |
---|---|---|---|
Header | Authorization | Basic TOKEN | ClientID:ClientSecret in BASE64 |
Parameter | grant_type | refresh_token | Fixed value |
Parameter | refresh_token | REFRESH_TOKEN | Obtained at step 2 |
<br><br>
Scopes
The scopes are the permission which a third party application could request to the client and are used when the Authorize API is called. Then the scopes available for this API are shown: <br>
- loancheck.read: Allows to get the pre-approved loans information for a specific client.
<br><br>
Sandbox Response
Because this is a test environment, the API's behaviour is the following: <br>
- The security flow have to be fully completed. This means that an existing Sandbox user is necessary to log into the Santander application and finish the consent process. This Sandbox user is not a real one and it could be only used in this environment.
- The response is as close as possible to the real response, but the urls to contract the loans and the values aren't necessarily real. The API get the possible loans that could be contracted for the user who logged into the Santander application.
<br><br>
Live Response
In a live environment the API's behaviour is the following: <br>
- The security flow have to be fully completed. This means that a valid Live user is necessary to log into the Santander application and finish the consent process.
- The response is the one expected in a Live environment. The API get the possible loans that could be contracted for the user who logged into the Santander application. The user have to be a real one that is registered in Santander website.
<br><br>
Paths
/pre-approved_loan_check
Endpoint to get available loans
Endpoint that retrieves the pre-approved loans that a client could contract. The result of this endpoint is a list of each type of loan that a customer is allowed to contract and the maximum amount that the customer could take.
Security header that contains the Oauth Access Token
200 OK
401 Unauthorized
404 Not Found
{
"schema": {
"type": "object"
}
}
429 Too Many Requests
{
"schema": {
"type": "object"
}
}
500 Internal Server Error
Service Unavailable
Definitions
The API response format
{
"properties": {
"HaveLoan": {
"type": "string",
"description": "Value that indicates if a client has or not any loan to contract. The allowed values are Y (Yes) and N (No)",
"example": "Y"
},
"PreApprovedLoansList": {
"$ref": "#/definitions/preApprovedLoansList",
"description": "List of loans for a specified user"
}
},
"additionalProperties": false
}
Loans list that the user is allowed to contract
{
"type": "array",
"items": {
"$ref": "#/definitions/preApprovedLoanDetails"
}
}
The information of a single loan
{
"properties": {
"PreApprovedLoanTypeID": {
"type": "string",
"description": "Loan type ID. There are four type ID's (1001 , 1002, 2001 and 3001)",
"example": "2001"
},
"PreApprovedLoanTypeDescription": {
"type": "string",
"description": "Type of loan. There are four types of loan to offer (Loans, Small Loans, Credit Cards and Credit Accounts)",
"example": "Credit Cards"
},
"PreApprovedLoanAmountMax": {
"type": "number",
"format": "double",
"description": "Maximum pre-approved loan amount for a given loan type",
"example": 1000
},
"PreApprovedLoanAmountCurrency": {
"type": "string",
"description": "Currency of the amount values",
"example": "EUR"
},
"LoanRequestURL": {
"type": "string",
"description": "Url that redirects the customer to a personalized page of his Santander bank and where he will be able to start the process to hire a loan",
"example": "https://apiws.santander.pre.corp/credito.html"
}
},
"additionalProperties": false
}
The errors occured
{
"properties": {
"errors": {
"$ref": "#/definitions/errorList",
"description": "List of errors to be shown"
}
},
"additionalProperties": false,
"required": [
"errors"
]
}
Single error information
{
"properties": {
"code": {
"type": "string",
"description": "Alphanumeric error code"
},
"message": {
"type": "string",
"description": "Biref summary of the issue"
},
"level": {
"type": "string",
"description": "Level of the issue (info, warning, error)"
},
"description": {
"type": "string",
"description": "Details of the issue"
}
},
"additionalProperties": false
}
List of errors
{
"type": "array",
"items": {
"$ref": "#/definitions/error"
}
}