commit ddda13d8a34519b111749f8baabefe6fbe9b8b9a Author: Giulio Date: Sun Dec 24 12:31:46 2023 +0100 First draft diff --git a/README.md b/README.md new file mode 100644 index 0000000..6bca9e5 --- /dev/null +++ b/README.md @@ -0,0 +1,299 @@ +# Revolur Card API +## Base address +https://app.revolut.com/api/revolut-secure/retail +## Headers +``` +{ + "authority": "app.revolut.com", + "accept": "application/json", + "content-type": "application/jso", + "origin": "chrome-extension://hdlehfdjcalidklijenibmpcdgjfmafn", + "sec-fetch-dest": "empty", + "sec-fetch-mode": "cors", + "sec-fetch-site": "cross-site", + "user-agent": "", + "x-browser-application": "BROWSER_EXTENSION", + "x-client-version": "100.0", + "x-device-id": "", + "x-device-model": "" +} +``` + +## Authentication +### POST /signin +#### Description +Login with phone number and passcode and get a token. +#### Request +``` +{ + "phone":"<+XX phone>", + "password":"", + "channel":"APP" +} +``` +#### Response +``` +{ + "tokenId":"" +} +``` + +### POST /token (issue) +#### Description +Once a token is obtained through the login request, the signin request has to be confirmed on the app. This request is used for polling for that authorization and then getting actual credentials. + +#### Request +``` +{ + "phone":"<+XX phone>", + "password":"", + "tokenId":"" +} +``` + +#### Response +##### Case 1 - Authorization Pending +``` +{ + "message": "One should obtain consent from the user before continuing", + "code": 9035 +} +``` +##### Case 2 - Authorization Granted +``` +{ + "tokenExpiryDate": , + "refreshCode": "", + "ownerId": ", + "accessToken": "", + "user": { + "id": " (should be same as )", + "state": "ACTIVE" + } +} +``` +### POST /token (refresh) +#### Description +The token has to be periodically refreshed. + +#### Request +``` +{ + "userId":"" + "refreshCode":"" +} +``` +#### Response +``` +{ + "tokenExpiryDate": , + "refreshCode": "", + "ownerId": "", + "accessToken": "" +} +``` + +### GET /user/current/picture +#### Description +Get user profile picture. + +#### Headers +``` +{ + "Authorization": : +} +``` + +#### Response +Profile picture raw bytes. + +### GET /user/current +#### Description +Get user details, including email, phone, full address, username, id, code. + +#### Headers +``` +{ + "Authorization": : +} +``` + + +### Response +``` +{ + "user": { + "id": "", + "individualId": "", + "createdDate": , + "address": { + "city": "", + "country": "", + "postcode": "", + "region": "", + "streetLine1": "
", + "streetLine2": "
" + }, + "birthDate": [ + , + , + + ], + "firstName": "", + "lastName": "", + "phone": "<+XX phone>", + "email": "", + "emailVerified": true, + "state": "ACTIVE", + "referralCode": "", + "code": "", + "kyc": "PASSED", + "underReview": false, + "locale": "en-GB", + "riskAssessed": false, + "username": "", + "identityDetails": { + "accountPurpose": "DAILY_SPENDING", + "taxResidencies": [], + "identificationNumbers": [ + { + "country": "", + "name": "genericTin", + "value": "" + } + ] + }, + "hasProfilePicture": true, + "appMode": "FULL" + }, + "wallet": { + "baseCurrency": "EUR" + } +} +``` + +### GET /my-card/all +#### Description +Get an array of all the available cards in the account, without secret details. In a personal account, cards can be either virtual or physical. Virtual cards can also be tagged as single use (disposable). It is also known whether a card is for professional use (`PRO`) or for personal use (`RETAIL`). + +#### Headers +``` +{ + "Authorization": : +} +``` +#### Response +``` +[ + { + "id": "", + "walletId": "", + "label": "