Authentication Overview

This document provides an overview of the authentication mechanisms that are relevant when connecting a loan provider to the Europace platform. For more details, please refer to the documentation of the individual APIs.

• KEX Market Engine API
• Unterlagen Push API
• KEX Antragsstatus API
• KEX Antragsdokumente Upload API

Create loan offer

sequenceDiagram
    actor v as sales

    participant ks as KreditSmart<br/>(EP)
    participant me as Market Engine<br/>(EP)

    participant bank_kexme as KEX Market Engine API<br/>(loan provider)

    v ->> ks: 1. calculate offer
    ks ->> me: 2. calculate offer
    v ->> ks: 3. accept offer
    ks ->> me: 4. accept offer
    me ->> bank_kexme: 5. accept offer (.../annehmen)
    Note right of bank_kexme: secured by e.g.<br/>- OAuth2 (loan provider Auth-Server)<br/>- BasicAuth

Shared proofs

sequenceDiagram
    actor v as sales

    participant uapi as Unterlagen API<br/>(EP)

    participant bank_push as Unterlagen Push API<br/>(loan provider)

    v ->> uapi: 1. share proofs
    uapi ->> bank_push: 2. POST notification-message
    Note right of bank_push: secured by HMAC <br/>(Hash-based Message Authentication Code)
    bank_push ->> uapi: 3. get metadata
    Note left of uapi: secured by OAuth2<br/>Europace Auth-Server
    bank_push ->> uapi: 4. get document
    Note left of uapi: secured by OAuth2<br/>Europace Auth-Server
    bank_push ->> uapi: 5. set receive state (e.g. "DELIVERED")
    Note left of uapi: secured by OAuth2<br/>Europace Auth-Server

Change status of application

sequenceDiagram
    participant kex_status as KEX Antragsstatus API<br/>(EP)
    
    participant bank_be as Backend<br/>(loan provider)

    bank_be ->> kex_status: 1. change the status of an application (e.g. "UNTERSCHRIEBEN")
    Note left of kex_status: secured by OAuth2<br/>Europace Auth-Server