Purpose
The purpose of OLB (Online Banking) aggregation is to provide the application with the user’s financial data from their bank’s website so it can be presented to them within the mobile app. This includes their transactions, account balances, and anything else they might normally want to see. To do this, the user’s information flows through a few apps:
- API
- Che
- Fetch
- Fetch uses the fetch-crawlers project to know how to crawl a given OLB provider’s websites and scrape the user’s data properly.
- From Fetch, onto the OLB website and back through the stack
Signups
When signing up, the app will make a POST call to the /users endpoint on the API, which sends a Start*Creation message to Che. It’s important to note that the user will already have an OLB account - - the bank already has their questions and answers stored (if the user has set them up). When we say signing up, they are signing up for a mobile account, and the app doesn’t know any of their OLB information: questions, answers, etc.
So, from there, Che runs the routes in Fetch to find the login question for the user (if it exists). It compares what it has to what is in the database, and if it matches sends back the answer to fetch which forwards it to the OLB site. It is used against the OLB site as part of the user’s login, and if the questions are validated they are stored in the DB. If what it has does not match, or if it does not find any existing questions, it will send a request to the user for a series of question and answer pairs, which it will forward on to Fetch and then Fetch will send on to the OLB site. The phone will also send a message to itself once the message with the Q & A pairs are sent acknowledging that it sent the message off through the stack to Fetch.
If a user has a series of login questions already set up, they will be prompted for the answers and if they fail to answer correctly, Fetch will send back a “No Go” message to Che which filters all the way back to the user as a LoginQuestionsFailed event.
A sequence diagram for signups is below:
Authentication
When signing in, the app will make a POST call to the /users endpoint on the API, which sends a OLBSignupRequest to Che. Che then signals Fetch with AggregationReady(), and Fetch will send the login to the OLB and the OLB will respond back with an OOB response. An instance of LoginOptions is sent from Fetch all the way back to API, and from API is modified slightly into LoginOptionsEncountered and sent to the phone. The user then selects a login option (either SMS or email) and their selection is sent all the way to Fetch, which then responds with LoginQuestions back to the phone. The user then answers the questions, and the Q&A pairs are sent back to Fetch. Fetch will then send a message to the phone acknowledging it received the message with LoginAnswersReceipt.
A sequence diagram for auth is below:
