2. Rest API Services - Overview

2.1 Introduction

Oracle FLEXCUBE Investor Servicing has adopted the industry standard of providing light-weight services through Representational State Transfer (popularly known as REST) services. These lightweight services support the current trend of mobile/tablet based applications. These services help to improve the response time for tablet/mobile applications, as these applications are very chatty, involves numerous hits to the server and the expected response time is minimal for each of the requests. The REST service requests can either use GET or POST methods.

The REST services using GET methods are listed as follows:

• Fetch Unitholder details by ID
• Fetch customer
• Fetch the transaction details
• Fetch Standing Instructions details
• Fetch Fund details
• Fetch Fund Price details
• Fetch Broker details

The following are the services using POST methods:

• Create Unitholder
• Create a Transaction
• Create a Standing Instruction
• Create a Policy

Each of the services listed above will be a URL. These URLs can be tested using any of the available browser plug-ins (For instance, Postman, RestEasy etc.) or these services can also be integrated with an API manager depending on its use. Below is the format of a Get unitholder service example which will take the unitholder ID as the input.

http://( IP) :( Port) /Unitholder/QueryUnitholder/unitholderid/{unitholderid}

The input for the GET services is passed as a part of the URL and if more than one input needs to be passed they should be separated by a forward slash (/). Apart from passing the unitholder ID as a part of the URL, the services also expect a few header parameters to be passed to the service.

The following are the header parameters passed:

• userId : FLEXCUBE Investor Servicing login user ID
• password : Encrypted FLEXCUBE Investor Servicing password of the user
• branch : The branch to which the user belongs
• msgId : A alphanumeric input from the consumer
• source : Source of the request whether it is FCUBS or an external system
• Content-Type: This mentions the format of the input /output. Since we are using the JSON format we will give the content-type as application/json.

UserId, password and msgId are for authenticating the user accessing the service. More information on authentication can be found in Section 2.

For the POST services we need to provide data input in JSON format. An example of JSON input is shown below. The output of REST services will also be in JSON format.

2.1.1 Rest Services Security/ Authentication Scheme

Security in Restful Services is implemented using the Oracle FLEXCUBE Investor Servicing SMS Authentication system. All requests to the Restful services needs to contain the headers as follows:

• userId - Oracle FLEXCUBE Investor Servicing login user name
• password – Encrypted Oracle FLEXCUBE Investor Servicing login password
• msgId –This message ID will be a unique id to identify the request

The userId and password headers should contain the userId and password that is created in the Oracle FLEXCUBE Investor Servicing application. The password field should be encrypted with the msgId as the key. The Rest API application will decrypt the password and validate the same against the Oracle FLEXCUBE Investor Servicing SMS maintenance, and will service the request only if the validation succeeds.

2.1.2 Rest HTTP Headers

The following are the headers that are expected in all the requests that are sent to the Rest API application.

• userId - Oracle FLEXCUBE Investor Servicing login user name
• password - Encrypted Oracle FLEXCUBE Investor Servicing login password
• msgId –This message id will be a unique id to identify the request
• branch - The branch code from where the request is sent
• source - The source code of the external system