Pepper Money - Asset Finance Originations API

(1 review)

Developer Guide

Prerequisites

Pepper API Management framework is integrated with Mulesoft Anypoint Platform. We would require our external partners to have a Mulesoft Anypoint Platform Account Instance. Also, we are authenticating our partners application IP address to be a valid source as part of security standards. Therefore, Pepper require the following conditions to be complied:

A partner organization MUST have a Mulesoft Anypoint Platform account instance with legal company name or business name as its identifier. If not met, the organization MUST create Mulesoft Anypoint Platform account and include their developers on the instance. Registration is free and easy by signing up on this link
Partner API developers MUST NOT have an independent or personal Anypoint Platform account instance. Developer credentials MUST be linked and authorized by their business organization.
Business Partners MUST provide their applications Public IP address

Procedures

Using Pepper Partner Developer Portal

To use the Pepper Partner Developer Portal, Partner API Developers can obtain API information on the URI:

https://anypoint.mulesoft.com/exchange/portals/pepper

Developers can view details about the exposed APIs for business partners to consume. The portal is developer friendly and self-explanatory for developers to understand the valid and required fields and values to submit on the APIs. This also includes the expected valid and invalid response of the APIs.

When selecting on the specific API to be consumed, this would display detailed information about the API. Leftmost pane contains pages that would contain more relevant documentation. This would also include specification that contains summary, endpoints, data types, and security sections. The other details contain information about the API instances which contains Uniform Resource Locator (URL) of the APIs per environment.

Mocking service is also featured on the portal with mock data to try-out the API request and response reactions without affecting real systems within Pepper. This feature can be found on the rightmost side of the Portal. The panel can also have the feature to repoint to test and production URLs of the API.

Obtaining Credentials for the API

Partner Developers can only read the specifications of the API but will not be able to consume unless the developer has the correct authentication to consume the API. As mentioned on the Prerequisites Section, we require Partner Developers to have an Mulesoft Anypoint Platform Account Instance as the portal would require this for identification, tracking and authorization purposes with our API manager.

These are the following steps to request credentials:

1 - Select the API to be consumed

2 - On the top-right corner, select the _Request Access. If not yet logged in, login using your Anypoint Platform account credential

3 - A request access dialog box would pop up. _select create a new application. _if there’s already a created application and that application will be used to consume the API, reuse and the mentioned application.

4 - A dialog box would ask to create new application, provide the following details of your application and select create:

Name – Follow this following format: [organization-name] – [application-name]

Description – Meaningful description of your application. Include which deployment environment in your domain the application is running.

Application URL – URL of your application or your organization main website

OAuth 2.0 redirect URIs – optional: provide if there would be any

5 - Select for the appropriate API instance and SLA tier of your application wants to connect and select Request Access.

6 - Your access request will be submitted and subjected for approval. In parallel, mail Pepper Tech Support with the list of your application’s public IP address in CIDR format. Pepper will be whitelisting your application’s IP address to fully consume the API.

Important Reminders:

· Only production applications would be allowed for production API Instance/environment and test application would be allowed for test instance/environment. If there would be special requirements on the integration setup, kindly seek assistance to Pepper Tech Support.

· Failure to comply with the application details especially with our recommended application naming scheme would result to rejection of the API request.

Consuming the APIs

One access request has been granted and your client’s public IP address has been whitelisted, API Partner Developers would be receiving the details over e-mail with the link on the message that would redirect on Mulesoft Anypoint Platform – Client Application Details. A login prompt would happen on the process

Workaround: If the application access request has been granted, please follow these steps:

1 - Go to Pepper Partner Developer Portal: https://anypoint.mulesoft.com/exchange/portals/pepper

2 - Apply your Mulesoft Anypoint Platform login credentials

3 - Select _My applications _on the top left corner and select the application

4 - Select the API instance of your application. More details would appear including the client credentials for the API. The credential method enforced across APIs exposed is HTTP Basic Authentication. Copy the Client_ID value as username and Client_Secret value as password.

Important Reminders:

1 - API Partner Developers MUST always secure API credentials

2 - API Partner Developers MUST NOT share and configure API credentials across client applications. We recommend opening an access request per application and in some cases per environment.

3 - Promotion of client applications from test to production (to reuse the same credentials between environments) would be a special case. Contact Pepper Tech Support if there would be such case to avoid rejection of access request.

Decommissioning API Access

If business partners would request to decommission an API connection. Please do the following steps:

1 - Go to Pepper Partner Developer Portal