none
6 December 2023 - Release Notes
over 1 year ago by Mike Ireson
* Input validation and sanitization for `customer onboarding` endpoint
* Enhancement for fraud check payloads to map to compliance monitoring system
## Avenu API Release Notes 1.8.5
## Overview
### Input validation and sanitization for `customer onboarding` endpoint
This enhancement entails guard railing the input provided to the customer onboarding endpoint by enforcing size, format and mandatory restrictions to those parameters. As a corollary to this implementation, error response codes were also implemented that are now provided and present concise and specific feedback to the calling application/consumer about the restriction violated.
### Enhancement for fraud check payloads to map to compliance monitoring system
This enhancement surfaces the "comments" field that is returned and maps it to the correlating field in the compliance monitoring system, in order to provide more useful information for those working the compliance alerts.
## What's New?
### The following release notes detail the updates we have included in this release.
### Input validation and sanitization for `customer onboarding` endpoint
`POST {avenu_base_url}/onboard/v1/customer`
The following input parameters table includes the new size, format, and requirements for each field.
#### Input Parameters
| Parameter | Format | Length Restriction | Required | Explanation |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------- | -------- | :----------------------------------------------------------------------------------------------------------------------------------- |
| "firstName" | String - may not contain special characters. | 50 | Y | The Avenu customer's first name. |
| "middleInitial" | String - may not contain special characters. | 1 | N | The Avenu customer's middle initial. **Avenu will not accept a full middle name, only an initial** |
| "lastName" | String - may not contain special characters. | 50 | Y | The Avenu customer's last name. |
| "dateOfBirth" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | Y | The Avenu customer's date of birth. |
| "address" | String | 200 | Y | The customer's physical street address. |
| "city" | String | 100 | Y | The customer's city. |
| "state" | String - US standard 2 letter state codes. | 2 | Y | The customer's state. |
| "zipCode" | Number - may not contain dashes or hyphens and should be numbers only. | 5 or 9 digits | N | The customer's zip code. |
| "country" | String; [ISO 3166 Alpha-3 country code](https://www.iso.org/iso-3166-country-codes.html) | 3 | Y | The address' country. |
| "citizenship" | String; [ISO 3166 Alpha-3 country code](https://www.iso.org/iso-3166-country-codes.html) | 3 | Y | The customer's citizenship. |
| "email" | String - No special characters except the "at" sign (@) directly preceding the domain name. Alphanumeric prefix with the @ symbol followed by most common top level domains. Should be of the format xyz@`<companyname>`. .com/.co/.net/.org/.edu/.gov/.us | 320 | Y | The customer's email. |
| "mobilePhone" | Number - should be numbers only and may not contain dashes or hyphens. | 10 | Y | The customer's mobile phone. |
| "idType" | String - see ID Type table below for acceptable values | 20 | Y | Government ID type. See types table below. |
| "idNumber" | String - may not contain special characters | 20 | Y | Number on government id. |
| "idIssuedBy" | String - ISO 3166-2 "US" prefix with the 2 letter state code or just the 2 letter state code. ("US-XX" or just "XX".) Use "USA" for SSN idType. | 5 | Y | Government entity issuing id. Use USA for SSN. Use "US-AL" as an example for United States Alabama. US plus two letter state code. |
| "idIssueDate" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Government entity issue date. |
| "idExpirationDate" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Government entity expiration date. |
| "deviceId" | String - may not contain special characters except dashes/hyphens. | 100 | N | The user's unique device identifier. |
| "deviceType" | String - may not contain special characters. | 50 | N | The type of the user's device |
| "deviceName" | String - may not contain special characters. | 100 | N | The name given to the user's device. |
| "deviceOperatingSystem" | String - may not contain special characters. | 100 | N | The OS of the user's device. |
| "deviceIPAddress" | String - should follow the dot-decimal notation, consisting of four decimal numbers, each ranging from 0 to 255, separated by dots. | 15 | N | Current IP Address for the device. |
| "deviceLocation" | String - may not contain special characters. | 100 | N | Current location for the device. |
| "deviceLongitude" | String - should conform to the [ISO 6709:2022](https://www.iso.org/standard/75147.html) standard for longitudes and latitudes. | 50 | N | Device's location longitude. |
| "deviceLatitude" | String - should conform to the [ISO 6709:2022](https://www.iso.org/standard/75147.html) standard for longitudes and latitudes. | 50 | N | Device's location latitude. |
| "deviceUser" | String - may not contain special characters. | 50 | N | The name of the user of the device. |
| "deviceIMEINumber" | String - may not contain special characters. | 15 | N | Mobile device unique equipment identifier. |
| "deviceTorEnabled" | Boolean - can only be Y/N | 1 | N | Device is/is not using Tor browser. |
| "deviceFirstSeen" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Date/Time the device was first used to access Avenu. |
| "deviceLastSeen" | String; [ISO 8601 YYYY-MM-DD](https://www.iso.org/iso-8601-date-and-time-format.html) | 10 | N | Date/Time the device was last used to access Avenu. |
Error codes have also been modified to provide more useful and specific details for why and error occurred.
#### Error Codes
For Required, Size, and Format restrictions an error code may be returned for each field. Only one error code is returned per field each time in that order. For example, if `firstName` is >50 characters and has special characters, only the size restriction error code and message will be sent back **first** as:
```json
{
"code": "CA3107",
"message": "firstName: Invalid Length"
}| Category | Response Code | Response Error Message |
|---|---|---|
| Required | CA3000 | {Field Name} : Missing Required Field |
| Size | CA3107 | {Field Name} : Invalid Length |
| Format | CA3107 | {Field Name} : Invalid Format |