payment-backoffice-api

This project acts like an authentication proxy. Each route will call the desired API.

For payload and params validation, please refer to specific API documentation.

versions

v0.5.0

requirements

• node.js
• postgres

Developers will probably need to run docker

environment variables

The project needs some environment variables to run properly. In development mode, you can use a .env file to define them.

• ACCOUNTING_API_URL : accounting api url
• ACCOUNTING_API_SHARED_KEY : accounting api shared key without ending slash
• AUTH_HEADER_KEY=oyst-authorization
• AUTH_HEADER_PREFIX=Oyst
• BO_PAY_FRONT_URL: url of payment-backoffice-front
• DATABASE_URL: Databse connection string
• MAIL_FROM_ADDR="no-reply@oyst.com"
• MAIL_FROM_ALIAS="OYST Validator"
• MAIL_SUPPORT_TO: email address to which the support message will be sent
• MAIL_VALIDATION_TO: email address to which the validation email will be sent
• MERCHANT_API_SHARED_KEY: Shared key for merchant-api
• MERCHANT_API_URL: Merchant's API endpoint
• PAYMENT_API_URL: Payment's API endpoint
• PAYMENT_API_SHARED_KEY: Shared key for payment-api
• SENDGRID_API_KEY: API key for sendgrid
• SHARED_KEY: Shared encryption key used to sign and verify JsonWebToken
• SWAGGER_HOST(optional): define the URL used by Swagger to test APIs. eg: localhost:8080
• USER_API_URL: User API endpoint

install

$ npm install

run the project

In development mode, be sure docker is running postgres:

$ docker-compose up -d

Then, in development mode:

$ $(npm bin)/gulp serve

Or, in production mode:

$ $(npm bin)/npm run start

routes

Auth protected routes

If a route needs authentication, you have to provide an auth header

AUTH_HEADER_KEY: AUTH_HEADER_PREFIX jwt_token

Signup

• POST /users

  • needs auth: FALSE

  • payload

  Joi.object({
    email: Joi.string().email().required(),
    password: Joi.string().min(8).max(20).required(),
    password_confirmation: Joi.any()
      .valid(Joi.ref('password'))
      .required().options({language: {any: {allowOnly: 'must match password'}}})
      .strip(),
    phone: phoneValidator.phone().mobile().required()
  })

  • return

  {
    "token": "JWT token used for authentication",
    "user": {
      "created_at": "",
      "email": "",
      "id": "",
      "merchants": ["merchantID"],
      "phone": "",
      "scopes": ["USER"],
      "updated_at": ""
    }
  }

Signin

• POST /sessions

  • needs auth: FALSE

  • payload

  Joi.object({
    email: Joi.string().email().required(),
    password: Joi.string().required()
  })

  • return

  {
    "token": "JWT token used for authentication",
    "merchant": {},
    "user": {
      "created_at": "",
      "email": "",
      "id": "",
      "merchants": ["merchantID"],
      "phone": "",
      "scopes": ["USER"],
      "updated_at": ""
    }
  }

Check if user is authenticated

• GET /sessions/{token}

  • needs auth: TRUE

  • return

    • 404 Bad token
    • 401 Not authenticated
    • 200 authenticated

      {
        "token": "JWT token used for authentication",
        "user": {
          "created_at": "",
          "email": "",
          "id": "",
          "merchants": ["merchantID"],
          "phone": "",
          "scopes": ["USER"],
          "updated_at": ""
        }
      }

Update user infos

• PUT /users/{id}

  • needs auth: TRUE
  • payload:

    Joi.object().keys({
      email: Joi.string().email(),
      password: Joi.string().min(8),
      password_confirmation: Joi.any()
        .valid(Joi.ref('password'))
        .required().options({language: {any: {allowOnly: 'must match password'}}})
        .strip().optional(),
      phone: phoneValidator.phone().mobile()
    }).or(
      'email',
      'password',
      'password_confirmation',
      'phone'
    )

  • return

    {
      "statusCode": 200,
      "success": true,
      "user": {
        "created_at": "",
        "email": "",
        "id": "",
        "merchants": ["merchantID"],
        "phone": "",
        "scopes": ["USER"],
        "updated_at": ""
      }
    }

Support

• POST /support/mail

  • needs auth: FALSE
  • payload:

    Joi.object({
      email: Joi.string().email().required(),
      message: Joi.string().required(),
      subject: Joi.string().required()
    })

  • return

    {
      "statusCode": 200,
      "success": true
    }

Change password

• PATCH /users/password

  • needs auth: TRUE
  • payload:

    Joi.object({
      current: Joi.string().min(8).max(20).required(),
      password: Joi.string().min(8).max(20).required(),
      password_confirmation: Joi.any()
        .valid(Joi.ref('password'))
        .required().options({language: {any: {allowOnly: 'must match password'}}})
        .strip()
    })

  • return

    {
      "statusCode": 200,
      "success": true
    }

Forgot password

Step 1

• POST /users/password/forgot

  • needs auth: FALSE
  • payload:

    Joi.object({
      email: Joi.string().email().required()
    })

  • return

    {
      "statusCode": 200,
      "success": true
    }

Step 2

• GET /users/password/checkToken

  • needs auth: FALSE
  • querystring:

    Joi.object({
      id: Joi.string().guid().required(),
      token: jwt.required()
    })

  • return

    {
      "statusCode": 200,
      "success": true
    }

Step 3

• PATCH /users/password/new

  • needs auth: FALSE
  • payload:

    Joi.object({
      password: Joi.string().min(8).max(20).required(),
      password_confirmation: Joi.any()
        .valid(Joi.ref('password'))
        .required().options({language: {any: {allowOnly: 'must match password'}}})
        .strip()
    })

  • querystring:

    Joi.object({
      id: Joi.string().guid().required(),
      token: jwt.required()
    })

  • return

    {
      "token": "JWT token used for authentication",
      "user": {
        "created_at": "",
        "email": "",
        "id": "",
        "merchants": ["merchantID"],
        "phone": "",
        "scopes": ["USER"],
        "updated_at": ""
      }
    }

Merchant-API calls

GET /merchants/{id}/activate/{token}

Activate a merchant using link provided by email (OYST side)

• needs auth: FALSE

• params

  {
    id: Joi.string().guid().required(),
    token: jwt.required()
  }

• remote endpoint: PATCH /merchants/{id}/activate

merchant-api route

GET /merchants/{id}/deactivate/{token}

Deactivate a merchant using link provided by email (OYST side)

• needs auth: FALSE

• params

  {
    id: Joi.string().guid().required(),
    token: jwt.required()
  }

• remote endpoint: PATCH /merchants/{id}/deactivate

merchant-api route

POST /merchants

Create a merchant

• needs auth: TRUE

merchant-api route

GET /merchants

Get merchant's informations based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: GET /merchants/{id}

merchant-api route

PUT /merchants

Update merchant's informations based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: PUT /merchants/{id}

merchant-api route

PUT /merchants/upload/{type}

Upload merchant's CGV/logo based on logged in user's merchantID

• needs auth: TRUE

• params

  {
    type: Joi.string().valid([
      'cgv',
      'logo'
    ])
  }

• remote endpoint: PUT /merchants/{id}/upload/{type}

merchant-api route

Payment-API calls

GET /payments

Get all transactions with pagination based on logged in user's merchantID

• needs auth: TRUE

• query params

  {
    page: Joi.number().integer().min(1).default(1),
    per_page: Joi.number().integer().max(100).default(10)
  }

• remote endpoint: GET /merchants/{merchant_id}/payments

payment-api route

POST /payments/{id}/cancel

Cancel desired transaction based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: POST /merchants/{merchant_id}/payments/{id}/cancel

payment-api route

POST /payments/{id}/refund

Refund desired transaction based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: POST /merchants/{merchant_id}/payments/{id}/refund

payment-api route

GET /payments/{id}

Get desired transaction based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: */!\ Not yet implemented /!*

GET /payments/overview

Get overview for transactions based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: /merchants/{merchant_id}/payments/overview

payment-api route

Accounting-API calls

GET /accounting/overview

Get merchant's account's overview based on logged in user's merchantID

• needs auth: TRUE

• remote endpoint: /merchants/${merchant_id}/payments/overview

accounting-api route

Payout calls

POST /payouts

Create new payout

• needs auth: TRUE

• remote endpoint: POST /merchants/{merchant_id}/payouts/submit

payment-api route

GET /payouts

Get all payouts from current logged in merchant

• needs auth: TRUE

• remote endpoint: GET /merchants/{merchant_id}/payouts

payment-api route

Changelog

• v0.8.0

  • Feature get all payouts from merchant
  • New route
    • GET /payouts
  • Update README
  • New tests
  • Update to v0.8.0

• v0.7.0

  • Feature change result from merchant's activation
  • Return Validated or Refused

• v0.6.0

  • Feature create payout
    • New class Payout
    • New route POST /payouts
    • New tests
    • Update README
    • Update to v0.6.0

• v0.5.0

  • Return also merchant infos on check token
    • GET /sessions/token

• v0.4.1

  • Fix bug on login when no merchant created

• v0.4.0

  • Returns merchant's infos on login
  • Force https on activate/deactivate routes