RemitWeb Image Pull API
The RemitPlus Express and RemitWeb Image API is built to conform to the JSON API 1.0 specification employing OpenID and OAuth 2.0.
OAuth 2.0 Authorization Steps
- Authorize user: Request the user's authorization and redirect back to your app with an authorization code.
- Request tokens: Exchange your authorization code for tokens.
- Call API: Use the retrieved Access Token to call your API.
- Refresh tokens: Use a Refresh Token to request new tokens when the existing ones expire.
AUTHORIZE USER
To begin the flow, you'll need to get the user's authorization. This step may include one or more of the following processes:
Authorization URL
https://API_URL.com/remitidserver/connect/authorize?response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https://YOUR_APP/callback&scope=SCOPE&code_challenge=CodeChallengeValue&code_challenge_method=CodeChallengeMethodValue
| Name | Description |
|---|---|
| response_type | Code requests an authorization code(required) Denotes the kind of credential that Auth0 will return (code or token). For this flow, the value must be code. |
| client_id | Identifier of the client (required). Your application's Client ID. This is a 36 character guid assigned by RemitPlus. Only one simultaneous client_Id allowed. |
| redirect_uri | Must exactly match one of the allowed redirect URIs for that client (required). The URL to which Auth0 will redirect the browser after authorization has been granted by the user. The Authorization Code will be available in the code URL parameter. You must specify this URL as a valid callback URL in your Application Settings. |
| scope | remitapi.read offline_access one or more registered scopes (required). Specifies the scopes for which you want to request authorization, which dictate which user attributes you want returned. In this version API only supports scope=remitapi.read offline_access |
| code_challenge | Sends the code challenge for PKCE (required) |
| code_challenge_method | S256 indicates the challenge is hashed with SHA256 (required) |
The RemitAPI should redirect the 3rd party application to the authentication/login page and where you’ll get the code after successful authentication.
Response
If all goes well, you'll receive a response. The authorization code is included at the end of the URL: http://YOUR_APP/callback?code=AUTHORIZATION_CODE
REQUEST TOKENS
Now that you have an Authorization Code, you must exchange it for tokens. Using the extracted Authorization Code from the previous step, you will need to POST to the token URL
POST https://API_URL.com/RemitIDServer/connect/token \
grant_type=authorization_code \
code=<code from previous step> \
client_id=< YOUR_CLIENT_ID > \
client_secret=<YOUR_CLIENT_SECRET> \
redirect_uri=https://YOUR_APP/complete\
scope=<SCOPE>\
code_verifier=<CODE_VERIFIER>
| Name | Description |
|---|---|
| grant_type | authorization_code set this to authorization_code (required). |
| code | The authorization_code retrieved in the previous step (required). |
| client_id | client identifier (required). Your application's Client ID. This is a 36 character guid assigned by RemitPlus. |
| client_secret | Your application's Client Secret (required). client secret either in the post body, or as a basic authentication header. Assigned by RemitPlus. |
| redirect_uri | This must exactly match the redirect_uri passed to the authorization URL in the previous step (required). |
| scope | remitapi.read offline_access one or more registered scopes (optional). |
| code_verifier | PKCE proof key (required) |
Response
If all goes well, you'll receive an HTTP 200 response with a payload containing access_token, refresh_token, expires_in (In seconds), and token_type values. Use the access token for all API requests by passing it in the authorization header, using the Bearer authentication scheme.
API USAGE
To call your API from a regular web application, the application must pass the retrieved Access Token as a Bearer token in the Authorization header of your HTTP request.
Get page1 images by itemId
GET 'Authorization: Bearer <TOKEN from previous
step>https://API_URL.com/webimageapi/api/images/item/id/page1\
project_id=<PROJECT_ID> \
item_id=<ITEM_ID> \
view_check_top=<VIEW_CHECK_TOP> \
view_check_bottom=<VIEW_CHECK_BOTTOM>
split_records=<SPLIT_RECORDS> \
front_image=<FRONT_IMAGE> \
rear_image=<REAR_IMAGE> \
Parameters
project_id: string
item_id: string
view_check_top: bool
view_check_bottom: bool
split_records: bool
front_image: bool
rear_image: bool
Response
class Item
{
public ItemType itemType { get; set; }
public DateTime runDate { get; set; }
public int batchNumber { get; set; }
public int sequenceNumber { get; set; }
public decimal amount { get; set; }
public Dictionary<string, string> fields{ get; set; }
public List<Dictionary<string, string>> splitFields{ get; set; }
public byte[] frontImage { get; set; }
public byte[] rearImage { get; set; }
}
enum ItemType
{
Check = 1,
Document = 2,
Form = 3,
Image = 4,
DepositTicket = 6,
BatchHeader = 7
}
Get items in transaction by Id
GET 'Authorization: Bearer <TOKEN from previous step>https://API_URL.com/webimageapi/api/images/transaction/id/list\
projectid=<PROJECT_ID> \
transactionid=<TRANSACTION_ID> \
Parameters
project_id: string
transaction_id: string
Response
Returns a list of all transactions ItemId and itemtype
class Items
{
public string itemId { get; set; }
public ItemType itemtype { get; set; }
}
Refresh tokens
You can use the Refresh Token to get a new Access Token. Usually, a user will need a new Access Token only after the previous one. It's bad practice to call the endpoint to get a new Access Token every time you call an API.
POST https://API_URL.com/webimageapi/api/refresh \
grant_type=refresh_token \
client_id=< YOUR_CLIENT_ID > \
client_secret=<YOUR_CLIENT_SECRET> \
refresh_token=<YOUR_REFRESH_TOKEN> \
| Name | Description |
|---|---|
| grant_type | Set this to refresh_token (required) |
| client_id | Your application's Client ID (required). Assigned by RemitPlus. |
| client_secret | Your application's Client Secret (required). |
| refresh_token | The Refresh Token to use (required). |
Response
If all goes well, you'll receive an HTTP 200 response with a payload containing a new access_token, its lifetime in seconds (expires_in), granted scope values, and token_type
Scope
remitapi.read
offline_access
Error Messages
The following error messages can be returned in the URL based on the request condition:
| Error Code | Description |
|---|---|
| 400 | Bad Request |
| 401 | Unauthorized |
| 403 | Forbidden |
| 404 | Not Found |
| 409 | Conflict |
| 422 | Forbidden Attribute |
| 422 | Validation Error |
| 500 | Internal Server Error |
| 503 | Service Unavailable |