{"info":{"_postman_id":"f6282f5e-e391-4691-b4a6-56b808b0f50f","name":"RHB API Documentation Improvement","description":"<html><head></head><body><h1 id=\"brief-introduction-on-rhbs-api-products\">📄 Brief Introduction on RHB's API Products</h1>\n<p><a href=\"https://partner.api.rhbgroup.com/product-info\">RHB's API Products</a> is intended to empower innovation between developers and businesses by integrating RHB's banking services. The platform provides a suite of APIs that allow developers to access banking tools and automate processes such as mortgages, auto financing, credit cards and many more.</p>\n<hr>\n<h1 id=\"the-goal-of-this-documentation\">🔖 The Goal of This Documentation</h1>\n<h2 id=\"rhb-api-documentation-improvement-project\">RHB API Documentation Improvement Project</h2>\n<p>As RHB continues to innovate and expand its digital offerings (in parallel with its competitors), it’s crucial for RHB's API documentation to reflect the same level of clarity that developers expect from a top-tier financial institution.</p>\n<h3 id=\"the-importance-of-high-quality-api-documentation\">The Importance of High-Quality API Documentation</h3>\n<p>In a competitive financial landscape, high-quality API documentation is essential for fostering innovation and driving adoption. Clear, concise, and developer-friendly documentation ensures that developers can easily integrate with RHB's services, reducing friction and accelerating time-to-market for new solutions.</p>\n<p>The existing RHB API documentation has areas that could be improved to enhance readability, usability, and overall developer experience.</p>\n<hr>\n<h2 id=\"project-goals\">Project Goals</h2>\n<p>This project aims to bridge the gaps in RHB’s API documentation and make it more developer-friendly.</p>\n<h3 id=\"key-focus-areas\">Key Focus Areas:</h3>\n<ol>\n<li><p><strong>Clarity</strong>: Ensure the documentation is easy to understand, with clear explanations of endpoints, parameters, and responses.</p>\n</li>\n<li><p><strong>Usability</strong>: Organize the documentation logically, making it simple for developers to find the information they need.</p>\n</li>\n<li><p><strong>Practicality</strong>: Provide actionable and relevant examples to reduce friction and help developers get started quickly.</p>\n</li>\n</ol>\n<hr>\n<h2 id=\"personal-contribution\">Personal Contribution</h2>\n<p>While this effort isn’t a definitive solution, it serves as a meaningful step forward—at least for me, and hopefully for other developers who interact with RHB’s APIs.</p>\n<h3 id=\"expected-outcomes\">Expected Outcomes:</h3>\n<ul>\n<li><p><strong>Reduced friction for developers</strong>: Clearer documentation will help developers integrate with RHB’s APIs more efficiently.</p>\n</li>\n<li><p><strong>Enhanced developer experience</strong>: Improved usability will enable developers to focus on creating innovative financial solutions.</p>\n</li>\n<li><p><strong>Increased adoption</strong>: High-quality documentation will encourage more developers and businesses to leverage RHB’s APIs.</p>\n</li>\n</ul>\n<hr>\n<p>By prioritizing <strong>clarity</strong>, <strong>usability</strong>, and <strong>practicality</strong>, this project aims to make RHB’s API documentation a more effective tool for developers, fostering innovation and driving the adoption of RHB’s digital services.</p>\n</body></html>","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","toc":[{"content":"📄 Brief Introduction on RHB's API Products","slug":"brief-introduction-on-rhbs-api-products"},{"content":"🔖 The Goal of This Documentation","slug":"the-goal-of-this-documentation"}],"owner":"41291950","collectionId":"f6282f5e-e391-4691-b4a6-56b808b0f50f","publishedId":"2sAYX3s3uu","public":true,"customColor":{"top-bar":"FFFFFF","right-sidebar":"303030","highlight":"FF6C37"},"publishDate":"2025-02-03T03:42:46.000Z"},"item":[{"name":"RHB Handshake Authentication Improvement","item":[],"id":"480cccd2-25ae-401d-822c-99c33a95556d","description":"<h3 id=\"errors-and-weaknesses\">Errors and Weaknesses</h3>\n<p>The <a href=\"https://partner.api.rhbgroup.com/apidetails#api=mortgage-handshake-api&amp;operation=jwtAuthenticationUsingPOST\">RHB Handshake Authentication</a> has several weaknesses and areas for improvement. Below is a detailed breakdown of the issues:</p>\n<hr />\n<h2 id=\"1-lack-of-clarity-in-required-fields\">1. <strong>Lack of Clarity in Required Fields</strong></h2>\n<ul>\n<li><p>The <code>username</code> and <code>password</code> fields are marked as <code>false</code> for <code>Required</code>, which is misleading. For authentication, these fields should be mandatory.</p>\n</li>\n<li><p>Similarly, <code>expiresAt</code> and <code>token</code> in the response should be required since they are critical for JWT authentication.</p>\n</li>\n</ul>\n<hr />\n<h2 id=\"2-inconsistent-response-codes\">2. <strong>Inconsistent Response Codes</strong></h2>\n<ul>\n<li>The response codes <code>200 OK</code> and <code>201 Created</code> are both used, but <code>201 Created</code> is inappropriate for an authentication endpoint. A successful authentication should return <code>200 OK</code>.</li>\n</ul>\n<hr />\n<h2 id=\"3-missing-descriptions\">3. <strong>Missing Descriptions</strong></h2>\n<ul>\n<li>The documentation lacks detailed descriptions for fields like <code>expiresAt</code>, <code>token</code>, and <code>errorCode</code>. This makes it difficult for developers to understand the purpose and format of these fields.</li>\n</ul>\n<hr />\n<h2 id=\"4-ambiguous-error-handling\">4. <strong>Ambiguous Error Handling</strong></h2>\n<ul>\n<li>The <code>ErrorResponse</code> structure is reused for multiple error codes (e.g., <code>400</code>, <code>401</code>, <code>403</code>, <code>404</code>, <code>500</code>), but there is no explanation of how the <code>errorCode</code> and <code>errorDesc</code> vary across these scenarios.</li>\n</ul>\n<hr />\n<h2 id=\"5-no-example-requestsresponses\">5. <strong>No Example Requests/Responses</strong></h2>\n<ul>\n<li>The documentation does not provide concrete examples of requests and responses, which are essential for developers to understand how to use the API.</li>\n</ul>\n<hr />\n<h2 id=\"6-no-security-information\">6. <strong>No Security Information</strong></h2>\n<ul>\n<li>There is no mention of security requirements, such as HTTPS usage or rate limiting, which are critical for authentication APIs.</li>\n</ul>\n<hr />\n<h2 id=\"7-no-versioning-information\">7. <strong>No Versioning Information</strong></h2>\n<ul>\n<li>The API does not specify its version, which could lead to issues if the API evolves in the future.</li>\n</ul>\n<hr />\n<h2 id=\"8-poor-organization\">8. <strong>Poor Organization</strong></h2>\n<ul>\n<li>The documentation is not well-structured. Key details are scattered, and there is no clear flow from request to response.</li>\n</ul>\n<hr />\n<h2 id=\"9-incomplete-definitions\">9. <strong>Incomplete Definitions</strong></h2>\n<ul>\n<li>The definitions section (<code>ErrorObj</code>, <code>ErrorResponse</code>, <code>JwtRequest</code>, <code>JwtResponse</code>) lacks detailed descriptions and examples, making it harder for developers to understand the data structures.</li>\n</ul>\n<hr />\n<h2 id=\"10-unclear-default-values\">10. <strong>Unclear Default Values</strong></h2>\n<ul>\n<li>The use of <code>default</code> in the documentation is ambiguous. It is unclear what the default values are for fields like <code>password</code>, <code>username</code>, <code>expiresAt</code>, and <code>token</code>.</li>\n</ul>\n<hr />\n<p>By addressing these weaknesses, the documentation can be significantly improved to enhance readability, usability, and developer experience.</p>\n","_postman_id":"480cccd2-25ae-401d-822c-99c33a95556d"},{"name":"RHB Handshake Authentication Copy","item":[],"id":"da08ff3f-8a0e-44c1-ac62-968d4f0fbbe4","description":"<h4 id=\"post-apihandshakerhb-handshakeauthenticate\"><strong>POST</strong> <strong><code>/api/handshake/rhb-handshake/authenticate</code></strong></h4>\n<p>The <code>RHB Handshake Authentication</code> API enables users to authenticate and retrieve a JWT (JSON Web Token) for secure access to RHB services. This API is essential for applications requiring secure, token-based authentication. For more details on security best practices, refer to the <a href=\"https://www.rhbgroup.com/security-guidelines\">Security Guidelines</a>.</p>\n<hr />\n<h4 id=\"request-parameter\">Request Parameter</h4>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Field</th>\n<th>Required</th>\n<th>Type</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>username</code></td>\n<td>Yes</td>\n<td>string</td>\n<td>The username for authentication.</td>\n</tr>\n<tr>\n<td><code>password</code></td>\n<td>Yes</td>\n<td>string</td>\n<td>The password for authentication.</td>\n</tr>\n</tbody>\n</table>\n</div><h4 id=\"request-example\">Request Example</h4>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{  \n\"username\": \"[user@example.com](https://mailto:user@example.com)\",  \n\"password\": \"securePassword123\"  \n}\n\n</code></pre>\n<hr />\n<h2 id=\"status-codes-and-errors\">Status Codes and Errors</h2>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Code</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>200 OK</code></td>\n<td>Authentication successful. Returns a JWT token and its expiration time.</td>\n</tr>\n<tr>\n<td><code>400 Bad Request</code></td>\n<td>The request is invalid or malformed.</td>\n</tr>\n<tr>\n<td><code>401 Unauthorized</code></td>\n<td>Authentication failed due to invalid credentials.</td>\n</tr>\n<tr>\n<td><code>403 Forbidden</code></td>\n<td>The user does not have permission to access the resource.</td>\n</tr>\n<tr>\n<td><code>404 Not Found</code></td>\n<td>The requested resource does not exist.</td>\n</tr>\n<tr>\n<td><code>500 Internal Server Error</code></td>\n<td>An unexpected error occurred on the server.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"response-example\">Response Example</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n    \"token\": \"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...\",\n    \"expiresAt\": \"2023-10-01T12:00:00Z\"\n}\n\n</code></pre>\n<hr />\n<h3 id=\"error-parameter\">Error Parameter</h3>\n<p>All error responses follow the same structure:</p>\n<div class=\"click-to-expand-wrapper is-table-wrapper\"><table>\n<thead>\n<tr>\n<th>Name</th>\n<th>Type</th>\n<th>Required</th>\n<th>Description</th>\n</tr>\n</thead>\n<tbody>\n<tr>\n<td><code>date</code></td>\n<td>string</td>\n<td>No</td>\n<td>Timestamp of the error.</td>\n</tr>\n<tr>\n<td><code>error</code></td>\n<td>object</td>\n<td>No</td>\n<td>Details of the error.</td>\n</tr>\n<tr>\n<td>→ <code>errorCode</code></td>\n<td>int</td>\n<td>No</td>\n<td>A code representing the error type.</td>\n</tr>\n<tr>\n<td>→ <code>errorDesc</code></td>\n<td>string</td>\n<td>No</td>\n<td>A description of the error.</td>\n</tr>\n</tbody>\n</table>\n</div><hr />\n<h2 id=\"error-example\">Error Example</h2>\n<pre class=\"click-to-expand-wrapper is-snippet-wrapper\"><code class=\"language-json\">{\n    \"date\": \"2023-09-25T10:00:00Z\",\n    \"error\": {\n        \"errorCode\": 1002,\n        \"errorDesc\": \"Invalid username or password.\"\n    }\n}\n\n</code></pre>\n<hr />\n","_postman_id":"da08ff3f-8a0e-44c1-ac62-968d4f0fbbe4"}],"event":[{"listen":"prerequest","script":{"id":"77828aaf-2183-499c-9755-8156b8feea93","type":"text/javascript","exec":[""]}},{"listen":"test","script":{"id":"3ee90522-2a4c-4755-b6f1-d6c4b802aeea","type":"text/javascript","exec":[""]}}],"variable":[{"key":"baseUrl","value":"https://farming-simulator.pstmn.io"}]}