Authentication Overview
This document provides an overview of the authentication mechanisms that are relevant when connecting a loan provider to the Europace platform. For more details, please refer to the documentation of the individual APIs.
Create loan offer
sequenceDiagram
actor v as sales
participant ks as KreditSmart<br/>(EP)
participant me as Market Engine<br/>(EP)
participant bank_kexme as KEX Market Engine API<br/>(loan provider)
v ->> ks: 1. calculate offer
ks ->> me: 2. calculate offer
v ->> ks: 3. accept offer
ks ->> me: 4. accept offer
me ->> bank_kexme: 5. accept offer (.../annehmen)
Note right of bank_kexme: secured by e.g.<br/>- OAuth2 (loan provider Auth-Server)<br/>- BasicAuth
Shared proofs
sequenceDiagram
actor v as sales
participant uapi as Unterlagen API<br/>(EP)
participant bank_push as Unterlagen Push API<br/>(loan provider)
v ->> uapi: 1. share proofs
uapi ->> bank_push: 2. POST notification-message
Note right of bank_push: secured by HMAC <br/>(Hash-based Message Authentication Code)
bank_push ->> uapi: 3. get metadata
Note left of uapi: secured by OAuth2<br/>Europace Auth-Server
bank_push ->> uapi: 4. get document
Note left of uapi: secured by OAuth2<br/>Europace Auth-Server
bank_push ->> uapi: 5. set receive state (e.g. "DELIVERED")
Note left of uapi: secured by OAuth2<br/>Europace Auth-Server
Change status of application
sequenceDiagram
participant kex_status as KEX Antragsstatus API<br/>(EP)
participant bank_be as Backend<br/>(loan provider)
bank_be ->> kex_status: 1. change the status of an application (e.g. "UNTERSCHRIEBEN")
Note left of kex_status: secured by OAuth2<br/>Europace Auth-Server