LFP APIs allow you to interact with LFP system programmatically from your own application. Using the APIs you interact with Resources like:
Products
Accounts
Customers
CompanyRepresentation
LegalEntity
Authentication
All API requests require authentication.You need to pass a X-AUTH-TOKEN parameter and a CLIENT_ID parameter via header.
If X-AUTH-TOKEN or CLIENT_ID is invalid or omitted, then an error message will be returned with status code 401
You also need to add the accesstoken in your request header with a name "ACCESS-TOKEN".
The access token could be got from the LFP authertication APIs by the following steps.
Step one,call the init authentication API GET /api/v2/authentication/{ssn} . In the response AuthenticationResponse , there are orderRef and autoStartToken
Step two,use AutoStartToken to launch “BankID Säkerhetsprogram” or “BankID Säkerhetsapp”.Please see more reference in GRP_API.
Step three,call GET /api/v2/authentication/login/verify with a query parameter "orderRef" you got from the step one.
Get the accesstoken in the response AuthenticationVerification.
If the progressStatus from AuthenticationVerification is COMPLETE, the access token will be cached.
The access token will be expired in 30 mintues. If it is expired you need to get a new one
Status in Response
There are mainly two status: 200 and 1000: 200 means success, 1000 means fail.
When return 1000, a json containing fail type and fail message detail will show. Following is the illustration about the api fail type.
1.ParamError:The related object could not be found in lfp system by the input param. The input does not fit in the lfp business logical.
2.CacheNotExist:The result from accessToken does not match the data in lfp cache.
3.Incorrect{ObjectName}: such as IncorrectLegalentity. The object results from the input param does not match the data in lfp system.
4.*Exception:The exception from lfp system when processing the business.
5.WrongProgressStatus:The customer has not finish login bankid when verify login status.
6.MatchError:The input serial id, such customer serial id, company representative serial id, account id, does not match accesstoken in header.