API Overview
- Auth API
- Underwriting API
- Portal
- Prospect Adobe
- Prospect Document
- Prospect Dropbox Files
- Prospect Entities
- Prospect Extras
- Prospect Generate PDF
- Prospect Integration
- Prospect Logs
- Prospect Messages
- Prospect Ofac Search
- Prospect Plaid Email
- Prospect Resellers
- Prospects
- Prospect Scores
- Prospect Scores Average Bank Balance
- Prospect Scores Business Types
- Prospect Scores Equifax Owner Credit
- Prospect Scores Tax Id
- Prospects Scores Average Bank Balances Plaid Transaction
- Prospect Status
- Process API
- Main API
- API Onboarding Tutorial
- Verify API
Roles - Auth API
Introduction
Roles Auth APIs allow you to perform the activities related to Roles operations.
The Roles - Auth API and their functionalities are given below:
|
API End Point
|
API Functionality
|
|
GET /roles
|
Get a list of roles
|
|
GET /roles/{id}/EffectivePermissionsGetById
|
Get effective permissions that belong to a specific role (the role is identified by its ID)
|
|
GET /roles/{name}
|
Returns role by name
|
|
GET /roles/{name}/ChildRoles
|
Return a set of child roles associated with a specific parent role (parent role identified by its role name)
|
|
GET /roles/{id}/EffectivePermissions
|
Get effective permissions by role name
|
|
GET /roles/{name}/Permissions
|
Get direct permissions assigned to a role (the role is identified by its role name)
|
|
GET /roles/{name}/Users
|
Return users that have been assigned a specific role
|
|
GET /roles/ByAudience
|
Get a list of all roles (ordered by the audiences that they belong to)
|
|
GET /roles/Tree
|
Get tree of roles by parent name
|
|
POST /roles
|
Create a new role
|
|
POST /roles/{name}/DefaultSettings
|
Assign default settings to all users in a role
|
|
POST /roles/{name}/Permissions
|
Assign permission to a specific role by the role's name
|
|
POST /roles/ChildRoles
|
Creates a child role and assigns it to a parent role
|
|
PUT /roles/{name}
|
Update a role by name
|
|
PUT /roles/{name}/DefaultSettings
|
Modify default settings assigned to a given role
|
|
DELETE /roles/{name}
|
Delete a specific role (defined by role name)
|
|
DELETE /roles/{name}/DefaultSettings
|
Remove user default settings associated to a given role
|
|
DELETE /roles/{name}/Permissions
|
Drop permission and array of permission names that belong to a specific role
|
|
DELETE /roles/ChildRoles
|
Remove child role(s) associated to a given parent role
|
iCG Authentication Service
iCG APIs are secured by OAuth 2.0 ROPC grant type. The external application must obtain user authorization before it executes an endpoint call incase this API chooses to use OAuth 2.0 ROPC Grant. This authorization includes the following steps:
- You must first exchange the user's credentials for an access token.
- The access token is an object containing information for authorizing client requests and refreshing the token itself.
The end-to-end authorization request is represented in the below diagram.
sequenceDiagram
participant Merchant
participant ICG (token URL)
autonumber
Merchant ->>ICG (token URL): Client ID, username, password
ICG (token URL)->>Merchant: id_token, access token, refresh token
The above step is to generate access token using the iCG provided Client id and with Merchant's user credentials.
Key Request Parameters
Once you receive the Client ID, and the user credentials, the next step is call the OAuth 2.0 ROPC endpoint to generate the access token.
| Element | Value |
| Method | POST |
| Authorization Type | OAuth 2.0 ROPC |
| Auth URI | https://auth.icheckdev.com/ |
| Client ID | *****(iCG application audience ID) |
| Username | {username} |
| Password | {password} |
| grant_type | password |
Sample cURL Request
curl -X POST \
--url 'https://auth.icheckdev.com/Login' \
--header 'Accept: application/json' \
--data 'grant_type=password' \
--data 'username={USERNAME}' \
--data 'password={PASSWORD}' \
--data 'client_id={iCG APPLICATION AUDIENCE ID}' \
On receiving the requests, iCG Authorization system validates all the parameters in the request and, if the request pass through the validation process, then it will generate your access token and return it in the response.
Sample Response Body
{
"access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYW1laWQiOiJjNjFhY2JhYy02NjA4LTQ3Y2YtYWIxOS0wZWQ2YmY3NTI5MTciLCJ1bmlxdWVfbmFtZSI6IlN1c2VlbGEiLCJlbmNyeXB0ZWRfZW1haWwiOiJGcGJnZ1RqbTNkbXl2cFlWVlVZNnJzcHBDKzcweFIwWGoyeTR1Mm8rc1ZRPSIsInR5cGUiOiIiLCJpc3MiOiJodHRwczovL2F1dGguaWNoZWNrZGV2LmNvbS8iLCJhdWQiOiJmMWZhN2ZmZi05MmU0LTQxMzMtOGQxMC0zNjg2OGM0OTg3YWQiLCJleHAiOjE3MDQ5MDY1MjAsIm5iZiI6MTcwNDgyMDEyMH0.Q03E-HrXto9CBzHcC43qn2wZG5VpUV4hzIfcCuRGWu4"
"token_type":"bearer"
"expires_in":86399
}
The response parameters and their descriptions are:
| Parameter | Description |
| access_token | The access token to be used to call the functional APIs |
| token_type | Bearer |
| expires_in | The number of seconds until the access token expires |
To view our list of APIs, please visit the Auth API page.