Callbacks and polling status
There are two ways to get information regarding the loan status - to poll the loan application reference or to register a callbackURL which will automatically send you an update when a change is made to the status.
The following events will trigger a callback; CREDIT_DECISION_UPDATED, SIGNED, WAITING_FOR_ADDITION and PAID_OUT.
Below is both methods explained with example requests & responses.
Important!In order to test callback properly, you’ll need to use your specific webservice-credentials that has been sent to you. testse, testno, testdk, testfi will not work, since integrators will overwrite eachothers callback-url.
Retrieve status change with callback
Register the callback-URL
To set a callbackURL, you send in the desired URL in xml-format. The callbackUrl is to be sent in only once! See example below.
There is also an option to set credentials for the callback, this is optional. The auth methods are either BASIC and BEARER, with a base 64 encoded credentials
setCallback-example request
<setCallback>
<callbackConfiguration>
<callbackUrl>http://agent.com/url-to-callback</callbackUrl>
<callbackCredentials>#The base64 encoded credentials#</callbackCredentials>
<callbackAuthMethod>(BASIC|BEARER)</callbackAuthMethod>
</callbackConfiguration>
</setCallback>
setCallback-example response
<setCallbackResponse>
<setCallbackResult>
<callbackSet>true</callbackSet>
<message>Set callback successful</message>
</setCallbackResult>
</setCallbackResponse>
How to trigger a callback in test environment with Postman-example
On the following Swagger-link, you can find how to setup the triggering of a callback with a GET - https://cl-callback-test-util.integration.resurs.com/api_docs
To trigger a specific callback, the applicationReference from the submitApplicationExt-response must be provided.
If you run your test thru Postman, simply configure GET and insert the end point; no authorization nor body is required - see the example below;
NOTE! Once one or more callbacks has been triggered, the application may not be treated as normal since there can be side effects due the “manual” triggering
Example callbacks - all sent in JSON-format
SIGNED – when the signed agreement is received
SIGNED
{ "externalApplicationEvent" : { "applicationReference" : "ABC-123", "applicationEventType" : "SIGNED" }, "jwsData" : "eyJOXAiOLADikz.eyJpc3MiJgbDQrm4.djjft4CP-mbW1" }
CREDIT_DECISION_UPDATED – APPROVED – when initial credit decision manual_inspection is changed to approved
CREDIT_DECISION_UPDATED – APPROVED
{ "externalApplicationEvent" : { "applicationReference" : "abc-123-def-567", "applicationEventType" : "CREDIT_DECISION_UPDATED", "creditDecision" : { "creditDecision" : "APPROVED", "approvedAmount" : 10000, "interest" : 12.3, "tenor" : 12, "effectiveInterest" : 23.3, "monthlyCost" : 1234, "consolidationDemand" : 2300, "adminFee" : 199, "arrangementFee" : 599.99, "totalRepaymentAmount" : 13000, "monthlyAccountFee" : 0, "totalFeesAndInterest": 3000.00, "documentTypes" : [ "ID", "PAYMENT_SLIP" ] } }, "jwsData" : " eyJOXAiOLADikz.eyJpc3MiJgbDQrm4.djjft4CP-mbW1" }
CREDIT_DECISION_UPDATED – REJECTED – when initial credit decision manual_inspection is changed to rejected
CREDIT_DECISION_UPDATED – REJECTED
{ "externalApplicationEvent" : { "applicationReference" : "abc-123-def-567", "applicationEventType" : "CREDIT_DECISION_UPDATED", "creditDecision" : { "creditDecision" : "REJECTED", "approvedAmount" : 0 } }, "jwsData" : " eyJOXAiOLADikz.eyJpc3MiJgbDQrm4.djjft4CP-mbW1" }
WAITING_FOR_ADDITION – when we are awaiting additional information from the customer
WAITING_FOR_ADDITION
{ "externalApplicationEvent" : { "requiredDocuments" : [ "ID" ], "applicationReference" : "abc-123-def-567", "applicationEventType" : "WAITING_FOR_ADDITION" }, "jwsData" : " eyJOXAiOLADikz.eyJpc3MiJgbDQrm4.djjft4CP-mbW1" }
PAID_OUT - When Resurs has paid out the loan. (Disclaimer! This callback cannot be generated in test environment)
PAID_OUT
{ "externalApplicationEvent" : { "applicationReference" : "ABC-123", "applicationEventType" : "PAID_OUT" }, "jwsData" : " eyJOXAiOLADikz.eyJpc3MiJgbDQrm4.djjft4CP-mbW1" }
jwsData
ObserveUsing jwsData is optional!All questions regarding jwsData or API-key is to be sent to support@resurs.se, not our usual email onboarding@resurs.se
The value in jwsData is a signed and serialized JWT, known as a JWS (JSON Web Signature). jwsData is a data structure cryptographically securing a JWS Header and a JWS Payload with a JWS Signature (graphically explained below).
If you want to verify the JWS, you are to download our public keys from https://apigw.resurs.com/api/auth_service/jwks. Note that you must use an API-key, which is handed out by us, in order to call the mentioned URL.
For test environment, you can download the public key from https://apigw.integration.resurs.com/api/auth_service/jwks.
Below is an example of verification
Example-request for verification
curl -X GET "https://apigw.integration.resurs.com/api/auth_service/jwks" -H "accept: application/json" -H "apikey: e3331b3687xxxxxxxxxxd9d4197f30b9
Found below is an example layout of a public key.
Example layout of a public key
{
"keys": [
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "1cb06a4a-3465-4f11-ac3d-d8bb2bdb1eb7",
"alg": "RS256",
"n": "lLtFi6baHG0yJfWKCFlfY5hMlqUoqvTWwFyjsKckuI62WVwv-GJ1vTPnCk9cptRjqGltQ4IJxv8FYOPPjaRi98li53BnaHRmg6pITF68OAIbnTpMn3_hqctSS_6XM2s-PFMfctbFuSj_W4IzC2f1FmCXJSONz16zxy6kvlyC-ZVBLbN1WpWsheufGqR7tWibj780lgA8nwTQNHUXhdlydOU3CVfGEgs9IRx8vB53n0nTHwBdMI5i5ta9wEe2f7r6I4YqganJL_q_ilYfrbAB2yOCQz4AiWOpQzrhZCV54tiSGfz4lVfVS_oJOy17LapdSqxnBmJwX_R4uTR0g7BLWw"
},
{
"kty": "RSA",
"e": "AQAB",
"use": "sig",
"kid": "e434a27b-e1fb-4f7f-89d6-fb4e95619aac",
"alg": "RS256",
"n": "vUUYiYxqYwCHreCGlCBn0YjCBoLa-jrqfEhSLAWafCxaGFs5mAXrzb6Zzc_cfzNptNQMtA4x2qhF68copSbGyXxq8ZQl-10J0cjLJ2HW98-5jJiGit3MIR5cEGEjMrRzdaltCFiGSIeussdJMOvNtJk7-OGMQgxMVMJ6PK5zARsNauj85WuB2UyOg6EDBRP7pfmQ9V4bBRGM-s3PQZbBCD- Mcr1K0tQTc60wftRiC78AxlVubF60jpj6l1bcvpsdld8uF1wVIrU8gjh65CL9KTXMmb261PLrv-op8TSjFMT-DPw4Jb54RxqjbEO9ze6b6BJo-0eU7_suqzitMT4JaQ"
}
]
}
To poll the application reference
Simply enter the application reference, which was retrieved in the submitApplicationExt-response, to see whether an update has been made. See example request & response below.
getApplicationStatus-request
<getApplicationStatus>
<applicationReference>14321-21234-445674-434344-345445</applicationReference>
</getApplicationStatus>
getApplicationStatusResponse-example
<getApplicationStatusResponse>
<waitingForAddition>true|false</waitingForAddition>
<signedWithMethod>E_SIGN|ANALOG</signedWithMethod>
<requestedSigningMethod>E_SIGN|MANUAL</requestedSigningMethod>
<paidOut>true|false</paidOut>
</getApplicationStatusResponse>