Registration And Access

Registration and Access covers online banking registration, self-service password reset (OTP to a chosen contact method), and administrative user unlock.

End-user benefits

• Register for digital banking through partner apps with validation aligned to Candescent enrollment.
• Reset password using an OTP sent to SMS or voice (after listing contact methods — see Contact Info).
• Unlock a locked user without forcing a full password-reset flow when permitted.

Integration capabilities

• Registering new customers with comprehensive validation and error handling
• Implementing self-service password reset with OTP delivery
• Supporting administrative user unlock functionality

Customer Registration

The Registration API provides third-party application developers with access to the same registration process used in Candescent Digital Banking. No scope required.

Common Use Cases:

• Online banking vendors registering users for additional offerings after account opening
• Mobile banking vendors providing products to FIs using Candescent Digital Banking
• Application developers extending Candescent Digital Banking functionality

Required Personal Data:

• First name, Last name, Middle name (optional)
• Social Security Number (9 digits)
• Date of Birth (yyyy-mm-dd format)
• Address: Street, City, State, Zip Code, Country
• Phone Number (10 digits)
• Email Address
• Mother's Maiden Name

Username Policy:

• Default: 8-20 characters (configurable: min 6, max 20)
• Cannot be only numbers, can be all letters
• Allowed special characters: @$*_-=.!~
• No spaces allowed

Password Policy:

• Length: 6-32 characters (configurable within limits)
• Must contain characters from at least 2 of: Letters, Numbers, Special characters
• No spaces allowed
• Cannot be a substring of the username

Reset Password (Self-Service)

The Reset Password API enables customers to reset their password using a one-time passcode sent to their preferred contact method.

• Verify that a customer exists at a specified financial institution
• Provide a list of contact methods (SMS, Voice, Email) for the customer
• Send a one-time passcode to the customer's desired contact method

Reset Password Flow:

1. Retrieve Contact Methods: GET /ux-users/v1/customers/\{customerId\}/contactMethods
   • Returns available destinations (SMS, Voice, Email) with masked contact info
   • See endpoint documentation for response example
2. Customer Selects Destination: Choose where to receive the OTP
3. Initiate Reset: PUT /ux-users/v1/customers/\{customerId\}:resetPassword
   • Send destinationId in the request body
   • OTP is sent to the selected contact method

Scopes

Reset Password and Unlock User

Scope	Description
institution-users:read	List contact methods for the customer
institution-users:write	Trigger OTP delivery for password reset

Error codes

Registration

Code	Message	HTTP Status Code
20006	Invalid input (member number, channel TPV_API, name length, SSN, etc.)	400
26201	LoginID is already taken	400
26214	Too many destinations passed	400
26330	Registration already in progress (duplicate request)	409
26331	User is already registered	409
26340	Could not create record in database	400
220001	SSN is not 9 digits	400
220002	First name exceeds 39 characters	400
220003	Last name exceeds 39 characters	400
220005	Middle name exceeds 39 characters	400
220006	Email exceeds 64 characters	400
220007	Postal code not found	400
220008	City not found	400
220009	State not found or invalid length (US: 2 chars)	400
220010	Street/Address1 missing or exceeds 128 characters	400
220011	Country not found	400
220012	Mother's maiden name missing or exceeds 128 characters	400
220013	Invalid date of birth format	400
220014	Phone number is missing	400
220015	Invalid LoginID (6–256 chars, allowed @$*_-=.!~, no spaces)	400
220016	LoginID cannot match member number	400
220018	Invalid password	400
220019	Login must be within preconfigured range	400

Reset Password and Unlock User

Code	Message	HTTP Status Code
UXU_10001	Invalid JWT token	400
UXU_10002	Required role not present in JWT token	403
UXU_10003	JWT token has expired	400
UXU_10004	JWT token does not contain institution id	400
UXU_10005	Required Authorization header is missing	400
UXU_10006	Required Correlation Id header is missing	400
UXU_10007	Correlation Id is not a GUID	400
UXU_10008	Invalid IP address in the header	400
UXU_10009	Invalid Authorization in the header	400
UXU_10010	JWT token does not contain institution customers id	400
UXU_10011	JWT token institution customers id not matching path param	400
UXU_10012	Invalid path param	400
UXU_10013	Invalid path	400
UXU_10014	Invalid query param	400
UXU_13001	Combined firstname, middleName, lastname exceeds 39 chars	400
UXU_13002	Invalid user password	400
UXU_13003	Login Id is already taken	400
UXU_13004	You are already a registered user	400
UXU_13005	Invalid Date Format	400
UXU_13006	Soft failure, contact institution	400
UXU_13007	Login id and Member number can't be the same	400
UXU_13008	Member number/username is already registered	409
UXU_13009	Error while registering user	400
UXU_30001	Error interacting with the service	503
UXU_30002	Error interacting with the external service	503
UXU_88888	No entitled customers found	404
UXU_88889	Contact method Id not found	400
UXU_88890	Institution customer id not found	400
UXU_88891	Host phone postal address not found	400
UXU_99998	Internal server error	500
UXU_99999	Cannot handle this request — check URL, body and parameters	400

Endpoints

Register New Customer

Registers a new customer for online banking via third party applications. This API provides the same registration process used in Candescent Digital Banking. **No scope required.**

Send One-time Passcode

Send a one-time passcode to a given customer for resetting their password

Unlock Specified User

Unlock the specified user without requiring a password reset