Developer Programs
Vendor Integration Program (VIP)
Direct access to Jack Henry's technical integration resources.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Broker
Get deeper access to financial institution data.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and third-party applications using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and third-party applications using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Xperience
Modern UI that provides consistent visual integration across Jack Henry products.
Important notification about upcoming changes to the DMZ environment. Please read.
More info

Out of Band Validate

Enterprise SOAP API > API by Reference > Notification Services > Out of Band Validate

Out of Band Validate

Out of Band Validate is a jXchange service designed to enhance Enterprise Notifications Services (ENS) to become a fully capable Enterprise Out of Band (OOB) service provider.

Message Flow

In jXchange, Out of Band Validate uses a typical exchange of MType messages to provide ENS with Enterprise OOB functionality.

Primary Request

The consumer forwards the OOBValidateRq_MType message to the service provider. The message contains the following simple elements:

  • AlrtTestType
  • CustomerProd
  • EncryptVerifValSalt
  • EncryptVerifValType
  • OOBModeType
  • OOBExpSec
  • PubVer
  • PhoneNum
  • SMSText
  • VerifVal

Primary Response

The service provider returns the OOBValidateRs_MType message to the consumer. The message contains the following simple elements:

  • AlrtPkgId
  • OTP
  • RsStat

Out of Band Validate Behavior

The Out of Band Validate (OOBValidate) operation behavior is as follows.

The Out of Band Validation root request message (OOBValidateRq_MType) contains a documented choice statement. The documented choice statement is segregated based on what OOB method the customer uses: Native ENS Out of Band or Explicit Out of Band.

The Native ENS Out of Band choice statement contains the following elements:

  • Alert Name (AlrtName)
  • Out of Band Recipient Information Record (OOBRecipInfoRec_CType)
  • Alert Data Information Array (AlrtDataInfoArray_AType)
  • Institution Routing Identification (InstRtId)
  • Consumer Product (ConsumerProd)
  • Published Version (PubVer)

The Alert Name (AlrtName) and Out of Bank Recipient Information Record (OOBRecipInfoRec_CType) are required. The Alert Data Information Array (AlrtDataInfoArray_AType), Institution Routing Identification (InstRtId), Consumer Product (ConsumerProd), and Published Version (PubVer) simple elements are optional and adopt the behavior related to ENS.

The Explicit Out of Band choice statement contains the required simple elements Phone Number (PhoneNum) and SMS Text (SMSText).

The Out of Band Validation root request message (OOBValidateRq_MType) optionally allows the Verification Value (VerifVal), Out of Band Mode Type (OOBModeType), Out of Band Expiration Seconds (OOBExpSec), Encryption Verification Value Type (EncryptVerifValType), Encryption Verification Values Salt (EncryptVerifValSalt), and Alert Test Type (AlrtTestType) simple elements. The behavioral aspect of these elements is detailed in the ENS Enterprise Out of Band (OOB) Service Provider Enhancement Requirements document.

The Out of Band Mode Type default canonical value is TwoWay. The Encryption Verification Value Salt (EncryptVerifValSalt) default canonical value is SHA1. The Alert Test Type (AlrtTestType) default canonical value is false.

The Out of Band Validation root response message (OOBValidateRs_MType) contains the Response Status (RsStat), Alert Package Identifier (AlrtPkgId), and One Time Password (OTP). The customer can cache and use the Alert Package Identifier (AlrtPkgId) if they subscribe to the 90040 ENS Event.

Adhere to the tenets for fault reporting.

Adhere to the tenets related to the correlation identifications.

OOBValidateRq_MType

OOBValidateRq_MType is a message MType element.

Contains:

  • AlrtDataInfoArray_AType
  • Custom_CType
  • MsgRqHdr_CType
  • OOBRecipInfoRec_CType

Simple Elements

The following simple elements are contained within this message.

AlrtName
The name assigned to an alert package.
AlrtTestType
Answers the question: Should the alert be treated as a test? Canonical values are:
  • false
  • true
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
EncryptVerifValSalt
The random data appened to the verification value.
EncryptVerifValType
The type of secure hash algorithm for a verification value. Canonical values are:
  • SHA1
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

OOBExpSec
The number of seconds before an Out of Band expires.
OOBModeType
Identifies the Out of Band mode. Canonical values are:
  • OneWay
  • TwoWay

The default value is TwoWay.

PhoneNum
The phone number.
PubVer
The version as related to a publisher's configuration and library contents in Enterprise Notification System (ENS).
SMSText
The text to appear.
VerifVal
The value used for verification purposes.

AlrtDataInfoArray_AType

AlrtDataInfoArray_AType is an array AType element. This is an array of data matched pair substitution.

Contains:

  • AlrtDataInfoRec_CType
AlrtDataInfoRec_CType

AlrtDataInfoRec_CType is a complex CType element.

Contains:

  • Custom_CType
Simple Elements

The following simple elements are contained within this complex.

Name
The name of a name value pair.
Val
The value of a name value pair.
Custom_CType

Custom_CType is a complex CType element.

This element is optional.

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MsgRqHdr_CType

MsgRqHdr_CType is a complex CType element. This is the default message request header.

Contains:

  • AuthenUsrCred_CType
  • jXchangeHdr_CType
Simple Elements

The following simple elements are contained within this complex.

AuthenProdCred
Authentication of the Consumer Product Credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.
AuthenUsrCred_CType

AuthenUsrCred_CType is a complex CType element. This element represents authentication of the end-user credentials in the form of a WS Security element that contains a single SAML V2.0 Assertion.

Simple Elements

The following simple elements are contained within this complex.

Security
Defines the wsse:Security SOAP header element per section 4.
jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUserId
This element deprecates in three years in accordance with XSD contract tenets. Effective date: 2012–01–01. The new complex element for user authentication credentials was added to the Search Message Request Header, SrchMsgRqHdr_CType, and the Message Request Header, MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

OOBRecipInfoRec_CType

OOBRecipInfoRec_CType is a complex CType element.

Contains:

  • OOBRecipInfoArray_AType
  • Custom_CType
Simple Elements

The following simple elements are contained within this complex.

ConsmRecipAcctId
The number or character that identifies an account record.
ConsmRecipId
The identifier assigned to a publisher's alert recipient.
Custom_CType

Custom_CType is a complex CType element.

This element is optional.

OOBRecipInfoArray_AType

OOBRecipInfoArray_AType is an array AType element. This is the array of Out of Band recipient information.

Contains:

  • OOBRecipConIdInfoRec_CType

OOBValidateRs_MType

OOBValidateRs_MType is a message MType element.

Contains:

  • Custom_CType
  • MsgRsHdr_CType

Simple Elements

The following simple elements are contained within this message.

AlrtPkgId
An identifier assigned to an alert package.
OTP
A one-time password or PIN.
RsStat
The status of the response. Canonical values are:
  • Fail
  • Success

Custom_CType

Custom_CType is a complex CType element.

This element is optional.

MsgRsHdr_CType

MsgRsHdr_CType is a complex CType element. This is the default message response header.

Contains:

  • jXchangeHdr_CType
  • MsgRecInfoArray_AType
jXchangeHdr_CType

jXchangeHdr_CType is a complex CType element.

Simple Elements

The following simple elements are contained within this complex.

AuditUsrId
The user ID that the consumer would like written in the audit as performing the requested service. It varies, but it could be the same as the user ID. It is not used to authenticate. It is used to audit the Soap Header Fault.
AuditWsId
The workstation ID that the consumer would like written in the audit as performing the requested service for the Soap Header Fault. It varies, but it could be the same as the user ID.
AuthenUsrId
The user ID which the consumer would like the service provider to authenticate with for the Soap Header Fault. It is a user ID that the provider understands.

This element deprecates in accordance with XSD contract tenets. Effective date: 2017–01–01. The new complex element for user authentication credentials was added to both the Search Message Request Header SrchMsgRqHdr_CType and the Message Request Header MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.

BusCorrelId
The correlation identification as related to business functions and activities.
ConsumerName
The name of the service consumer (business name) for the Soap Header Fault.
ConsumerProd
The name of the product which is consuming the service (business product name) for the Soap Header Fault.
InstEnv
An identification provided by the consumer that defines the environment in which the institution is operating. Canonical values are:
  • Prod
InstRtId
The identification of the entity of the submitted message. A financial institution entity uses the routing transit or nine-digit number assigned to financial institutions for routing as assigned by the American Bankers Association. Any leading zeros must be provided for a complete routing and transit number. A non-financial institution entity should use a mutually agreed upon identification that must contain at least one non-integer character. The canonical value is JHA.

The element is required in all message requests.

jXLogTrackingId
An identification provided by jXchange to be able to trace the request and response of a message from the third-party gateway, internal gateway, and service provider for the Soap Header Fault.
JxVer
Contains the version jXchange is running for the Soap Header Fault.
ValidConsmName
The consumer name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table. The canonical value is: JHA.
ValidConsmProd
The consumer product name that can be validated by enterprise governance. The canonical values are managed in a consumer/product enterprise table.
WorkflowCorrelId
The correlation identification as related to workflow functions and activities.
jXchangeHdr_CType Deprecation Details
AuthenUserId
This element deprecates in three years in accordance with XSD contract tenets. Effective date: 2012–01–01. The new complex element for user authentication credentials was added to the Search Message Request Header, SrchMsgRqHdr_CType, and the Message Request Header, MsgRqHdr_CType. AuthenUsrId is ignored by the service providers when the authentication user credentials AuthenUsrCred_CType package is delivered. The expectation is that the password credentials and the user name token are provided in the authentication user credential complex element in accordance with the standards established by WS-Security.
Have a Question?
Have a how-to question? Seeing a weird error? Get help on StackOverflow.
Register for the Digital Toolkit Meetup where we answer technical Q&A from the audience.
Last updated Mon Jan 24 2022