Bitcoin Bankathon
Build the next generation of blockchain-based banking applications to unlock improved financial services in El Salvador.
Your Apps / Services should address one of the following challenges:
Challenges
-
Build the next neobank: What could a more inclusive Bitcoin-enabled neobank for El Salvador look like in 2022?
-
Redesign remittances: How can Bitcoin remittances improve the lives of those who rely on money from abroad?
-
Battle climate change: How can banks and crypto companies unite the citizens of El Salvador to tackle climate change?
-
Empower women: How can Bitcoin and open banking data support women's economic empowerment?
-
Empower merchants: How can we empower merchants using open banking data and smart contracts?
2. Platform
There are 3 main groups of APIs offered for your use:
OBP APIs to access / create dummy bank data such as Accounts, Transactions, Customers and ATM locations.
These APIs may all be called either from a Web2 App / Service using http REST calls or from the Web3 via the Airnode.
Use the Qredo APIs either directly or via the OBP API.
The OBP API offers many classes of endpoints:
1) You can get customer data (accounts and transactions etc) and add metadata to it. See the Dummy users below
2) You can make payments (Transaction Requests below). See the Dummy users below.
3) You can create your own APIs and return mocked data.
4) You can create Dynamic Entities to store your own data.
5) You can create your own Bank, with Products and generate historical transactions.
6) You can call partner APIs e.g. Qredo
7) You can call any of the above REST APIs from the block chain using the API3 Airnode.
Sugested Build the next neobank APIs
Suggested Redesign remittances APIs
Suggested Battle climate change APIs
Suggested Empower women APIs
Suggested Empower merchants APIs
3. Web2 Getting Started
To consume the APIs via a Web2 App or service follow the following steps
- Create a Developer account
First, create a free developer account on this sandbox. Register for an account here - Get Your Consumer Key
After creating a developer account, you have to register your App to get the consumer key and consumer secret. We need those two things to call the APIs. You can register your App in this page /consumer-registration You will be asked to submit basic information about your app at this stage. - Connect your app
Use your coding skills to interact with the APIs or use our available SDKs to move faster. You’ll need your developer key, which you should have from the previous step. - Test your app using customer data
Once your app is connected, you can test it using test customer credentials. You will find some test customer data below.
Start now by requesting an API key here:
https://obp-apisandbox.bancohipotecario.com.sv/consumer-registration
Keep these links and keys somewhere where you can easily retrieve them:
Sandbox Environment/base URL: https://obp-apisandbox.bancohipotecario.com.sv/
Account Creation Link: https://obp-apisandbox.bancohipotecario.com.sv/user_mgt/login
API Documentation: https://obp-apiexplorer.bancohipotecario.com.sv
Direct Login: https://obp-apiexplorer.bancohipotecario.com.sv/glossary?#Direct-Login
Sample Customer Data: See below.
3. Web3 Getting Started
How to bring offchain data onchain: Bring Web2 data to Web3.
Instead of using a Consumer Key you will call the OBP APIs via the API3 Airnode.
Your smart contract will send a request to the Airnode and the Airnode will forward the request to OBP with certain headers.
The Airnode will send the smart_contract_address to OBP.
OBP will associate the smart_contract_address with a User on OBP. (OBP will get or create a User)
In order to give data / resources to the smart contract user, log in as a dummy customer, see below, and call one of the following endpoints to grant permissions to the smart contract user: DAuth related endpoints
For more information about how DAuth works in the background see here: https://obp-apiexplorer.bancohipotecario.com.sv/glossary?#DAuth
Steps for Smart Contract to get OBP user's data
1st:The smart contract need to first call following endpoint to get user_id and provider for the subsequent steps
Get User (Current)
2rd: Login with existing OBP user, try getAccounts, getTransactions, getCustomers ... to see what kind of smart contract would like to retrieve.
If the user does not have data, the user need to create it.
3rd: OBP User need to grant the smart contract the account access and roles which the user already has. If roles are missing need ask OBP team.
Here are the endpoints, the OBP user need to know the smart contract address first.
Create (DAuth) User with Account Access
Create (DAuth) User with Roles
4th: Then the smart contract can call obp endpoints on behalf of the OBP user.
Web2 Authentication & Authorisation
In order to make authenticated Web2 API calls, it is recommended to use DirectLogin method on the sandbox with the following API call using the received API Key:
https://obp-apisandbox.bancohipotecario.com.sv/my/logins/direct
put these headers:
Authorization: DirectLogin username="<username>", password="<password>", consumer_key="<consumer key>"
The response of this API call is a token which can be used for subsequent API calls which require authentication. You can find a detailed walkthrough of the direct login authentication here.
OAuth1 can also be used, but it is more complex to implement, as is documented here
How to use Qredo Endpoints
1 Qredo Endpoints
You can call Qredo endpoints via OBP and OBP takes care of signing requests.
2. Generate Authentication keys
https://hackathon.qredo.com/getting-started/generate-keys/
https://play.qredo.network/signin
3. Upload Public Keys and get the Qredo X-API-Key
4. Upload private-key and X-API-KEY to OBP User Auth Context
This endpoint is best called with a REST client, e.g. Postman, to avoid errors because of newlines etc.
Following is just an example, please use your own private-key and X-API-KEY.
Body:
"key": "private-key",
"value": "-----BEGIN RSA PRIVATE KEY-----
q_Example_key_iBwM7TMfOPDexYkFMfJQHhWxcw26UHt2Yq9JPeKK99OnbR4aUS6
ASvr4HM27ggmppXe1fT6x5wh8ALKnhq8HvLZOzsAuByWBbEyeyeTvivkLF1aw2zue
CjHsvkIkCYqOnHaWkv0oxAmoce25oMoms0XfGiXr0jTrn7VNpt98aI8Thzd9r3t9n
7KBLcuDyfx54BTvCymw4Nt58fJyhozkXEwQ0BjIXSrRvquDDtf2SeUb7KREuY8Vlo
WaThxBqamXUHtWfo4gxJhJH3Gp3vsmSL0gji4yY9rvLgEubSHT7fXAlBSLM2C2UJI
JyoRBl8fInOyXpoFRvxaONHnzCdwprgNkfYQdxjAPSS8LTgTiHQEWwuI59BRg96gz
G3mkjj68l2jPOjc8xmaNvway1NKyLxbiSUdpIUKoqgwkl2neBWQbEdTbBW2454WzE
SO60NGXjGMd4xzhwPlK1Dh7FfYu1gs9g4hHziMWQKTMljmxYABSouWO5HGy1P2LHd
6MtHGTkH2Biqs6SsNpfs8BhO3vrvreZnWeeYxWBGfUvHXPto0W4xKyMn2Leg0Ia30
sPGqM22mGhmgeXtSnyLd1xmiUBYcv9duXlPn6sj0M95szm6HrTZGjO8YbvBcuMErr
6sAJz1G79FIwcTamLwe0B1gaYFNeDwPZMXE7Cf5tvUTjPJOyVEoNHJKjl61R2IOSN
in1HUCJ2RzDTVwNYjlWhEt9pyB2gp3L05PPxOKAC0M87mnOA8oZzADiqlBhvWTJwe
fbWR4VfzXi37mpYxPEesWSk72l16ZntGQ3l6SK0L7qNmnvUlihr4J1fyTxMczhcCJ
lKR8GKWV92nQNs7kxjPYQMTcflfZUcknIWhdxCRx3zs3QnRMp7NoeVpG4vfPtfl8X
qVj0PRexgjPOBQTTefjrmrIuWPRVgMvXRGBxNSLkCtyPxfuP1jElVPKdAuRhipBCd
c63KkObT45hG2obg48058Lxr3LOv1kkOv7jTjryN7mZgtFF3D7reXqAWhMm9ViGOC
OAXgzhCeQLqXB5PArMTz7NzFzP5iKYj1GF3NBdLLXb25NzoykJxaXCIdx0tt6Y5j1
Hw344gFhJyJw1uQ7kNKTXrlMt2Maz7fxHcuSdd8eHXUvFBQ0OZTbeK3D0F91T5Qjo
8bcU0IlGu37sK5YOyvvihgJ4pYI9pAw9EKC7FF29eINhbhPSHKNeeeJFjEG9pswtg
Jnk7HrCZPJ3kqUAu29GJQEYw13G29QE08qnRCriJzPLPufF7LsY5D0YgopFdygAVS
OAXgzhCeQLqXB5PArMTz7NzFzP5iKYj1GF3NBdLLXb25NzoykJxaXCIdx0tt6Y5j1
Hw344gFhJyJw1uQ7kNKTXrlMt2Maz7fxHcuSdd8eHXUvFBQ0OZTbeK3D0F91T5Qjo
8bcU0IlGu37sK5YOyvvihgJ4pYI9pAw9EKC7FF29eINhbhPSHKNeeeJFjEG9pswtg
Jnk7HrCZPJ3kqUAu29GJQEYw13G29QE08qnRCriJzPLPufF7LsY5D0YgopFdygAVS
-----END RSA PRIVATE KEY-----
"
}
{
"key": "X-API-KEY",
"value": "k_Example_key_KFaeGIXYUm8wc1hmfdcjr34ep4FmeD71zCX3uM4C7lmbbYO7dVOWOJoIKkL8OegHnNJMTc4rbtn9FxWNQPQx7ryhhN76f"
}
- Web3 Getting Started
Note: You might need to ask support to grant you theCanCreateUserAuthContextrole.
5. Call the Qredo Endpoints in OBP
Supported Assets
Wallet as a Service APIs
A set of APIs to manage virtual accounts (wallets). The Wallet APIs enable you to create a virtual account, list existing accounts & transactions, and manage payments to and from this account. These APIs require authentication:
List available Wallets
List all wallets of a customer
Get Wallet details
Show account balance and other details related to the user wallet
Create a Wallet
Create a wallet (virtual account) for a specific user
Check available funds
Check if the user has enough fund on her account
Check account balance
Get the balances for a specific account
List transactions
Show transaction history of the specified wallet/virtual account
Get transaction details
Show details of a specific transaction
List beneficiaries
List all beneficiaries (counterparties) registered at a particular account
Create a beneficiary
Create a beneficiary (counterparty) for the wallet of the user
Wallet Transfers
Transfer money between two wallets
Add funds
Make funds available in a wallet of a particular user
Refund
Refund a wallet of a particular user
Events and Webhooks
Webhooks are used to call external URLs when certain events happen. Wallet Webhooks focus on events around wallets. For instance, a webhook could be used to notify an external service if a balance changes on an wallet.
Card as a Service APIs
A set of API for businesses to instantly create, manage, and distribute (physical or virtual) payment cards. These APIs require authentication.
Create Card
Issue virtual or physical cards
Delete Card
Delete virtual or physical cards
Get Card details
Show details about a specific virtual or physical card (including associated account and card attributes)
List Cards
List all physical cards a user has been issued. These could be virtual cards, debit cards, credit cards, etc.
Cancel Card
Update status of a specific Card in order to cancel it
Update Card
Update Information about a specific Card
5. Available Test Customer Accounts
There are a number of dummy customer logins available on the sandbox to test your app. These dummy accounts have access to the dummy banking data on the sandbox. Use API Explorer or a REST client to see which banks each user has accounts at:
Dummy Customers that hold USD accounts
Use these credentials to get data back from the API.
Do not use these credentials to register a consumer key.
{
"user_name":"Thiago.Busd.01",
"password":"X!601fc5d2",
},
{
"user_name":"Camila.Busd.01",
"password":"X!02006fd1",
},
{
"user_name":"Timo.Busd.01",
"password":"X!c9a49d53",
},
{
"user_name":"Isabella.Busd.01",
"password":"X!42b230fd",
},
{
"user_name":"Santiago.Busd.01",
"password":"X!cb802a67",
},
Dummy Customers that hold BTC accounts
Use these credentials to get data back from the API.
Do not use these credentials to register a consumer key.
{
"user_name":"Thiago.Bxbt.01",
"password":"X!52c8a285",
},
{
"user_name":"Camila.Bxbt.01",
"password":"X!beb24058",
},
{
"user_name":"Timo.Bxbt.01",
"password":"X!669db796",
},
{
"user_name":"Isabella.Bxbt.01",
"password":"X!d8bfb146",
},
{
"user_name":"Santiago.Bxbt.01",
"password":"X!b520d54a",
},
6. Further Support
Should you have any questions on the sandbox, please do not hesitate to reach out to TESOBE / OBP on the support chat.