From ddda13d8a34519b111749f8baabefe6fbe9b8b9a Mon Sep 17 00:00:00 2001 From: Giulio Date: Sun, 24 Dec 2023 12:31:46 +0100 Subject: [PATCH] First draft --- README.md | 299 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 299 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..6bca9e5 --- /dev/null +++ b/README.md @@ -0,0 +1,299 @@ +# Revolur Card API +## Base address +https://app.revolut.com/api/revolut-secure/retail +## Headers +``` +{ + "authority": "app.revolut.com", + "accept": "application/json", + "content-type": "application/jso", + "origin": "chrome-extension://hdlehfdjcalidklijenibmpcdgjfmafn", + "sec-fetch-dest": "empty", + "sec-fetch-mode": "cors", + "sec-fetch-site": "cross-site", + "user-agent": "", + "x-browser-application": "BROWSER_EXTENSION", + "x-client-version": "100.0", + "x-device-id": "", + "x-device-model": "" +} +``` + +## Authentication +### POST /signin +#### Description +Login with phone number and passcode and get a token. +#### Request +``` +{ + "phone":"<+XX phone>", + "password":"", + "channel":"APP" +} +``` +#### Response +``` +{ + "tokenId":"" +} +``` + +### POST /token (issue) +#### Description +Once a token is obtained through the login request, the signin request has to be confirmed on the app. This request is used for polling for that authorization and then getting actual credentials. + +#### Request +``` +{ + "phone":"<+XX phone>", + "password":"", + "tokenId":"" +} +``` + +#### Response +##### Case 1 - Authorization Pending +``` +{ + "message": "One should obtain consent from the user before continuing", + "code": 9035 +} +``` +##### Case 2 - Authorization Granted +``` +{ + "tokenExpiryDate": , + "refreshCode": "", + "ownerId": ", + "accessToken": "", + "user": { + "id": " (should be same as )", + "state": "ACTIVE" + } +} +``` +### POST /token (refresh) +#### Description +The token has to be periodically refreshed. + +#### Request +``` +{ + "userId":"" + "refreshCode":"" +} +``` +#### Response +``` +{ + "tokenExpiryDate": , + "refreshCode": "", + "ownerId": "", + "accessToken": "" +} +``` + +### GET /user/current/picture +#### Description +Get user profile picture. + +#### Headers +``` +{ + "Authorization": : +} +``` + +#### Response +Profile picture raw bytes. + +### GET /user/current +#### Description +Get user details, including email, phone, full address, username, id, code. + +#### Headers +``` +{ + "Authorization": : +} +``` + + +### Response +``` +{ + "user": { + "id": "", + "individualId": "", + "createdDate": , + "address": { + "city": "", + "country": "", + "postcode": "", + "region": "", + "streetLine1": "
", + "streetLine2": "
" + }, + "birthDate": [ + , + , + + ], + "firstName": "", + "lastName": "", + "phone": "<+XX phone>", + "email": "", + "emailVerified": true, + "state": "ACTIVE", + "referralCode": "", + "code": "", + "kyc": "PASSED", + "underReview": false, + "locale": "en-GB", + "riskAssessed": false, + "username": "", + "identityDetails": { + "accountPurpose": "DAILY_SPENDING", + "taxResidencies": [], + "identificationNumbers": [ + { + "country": "", + "name": "genericTin", + "value": "" + } + ] + }, + "hasProfilePicture": true, + "appMode": "FULL" + }, + "wallet": { + "baseCurrency": "EUR" + } +} +``` + +### GET /my-card/all +#### Description +Get an array of all the available cards in the account, without secret details. In a personal account, cards can be either virtual or physical. Virtual cards can also be tagged as single use (disposable). It is also known whether a card is for professional use (`PRO`) or for personal use (`RETAIL`). + +#### Headers +``` +{ + "Authorization": : +} +``` +#### Response +``` +[ + { + "id": "", + "walletId": "", + "label": "