This is an example API that uses Swagger to document its endpoints.

All operations with PIN code and biometric auth should be performed on application side

• PIN code should be created on first login
• If biometric auth wasn't succesfull request PIN code input
• If user prvided wrong PIN 3 times, call /logout

The API has the following endpoints:

• Base validation of username and password should be performed on application side

• Auth button should be unactive till user didn't provide values to both fields

• If error recieved from backend application should provide button for password recovery

• PUT: Perform authorization

• Logout should be performed if user could validate identity via passcode or couldn't pass biometric identification

• POST: Revocate authorization

• If user forgot password he should be able to recover it via request with login and description in comment field

• POST: Request password recovery

• If user forgot login too, he should be able to provide additional information, like bith date via request with description in comment field

• POST: Request login recovery

• Endpoint should return welcome message, it would be used for promo, jokes, etc., without changes on application side

• GET: Get welcome message

• GET: Get list of cards

• GET: Get card by ID
• POST: Block card

• GET: Get list of transactions

• GET: Get transaction by ID
• POST: Create transaction dispute

• GET: Get list of complains
• POST: Create complain

The API uses JWT authentication. To authenticate, send a POST request to /login with a username and password in the request body. This will return an access token that can be used to access protected endpoints.

To access protected endpoints, include the access token in the Authorization header of your requests.