This document lists all HTML pages in the OBP-API application and their route mappings.

• Path: /index
• File: obp-api/src/main/webapp/index.html
• Route: Menu.i("Home") / "index"
• Authentication: Not required
• Purpose: Main landing page for the API

• Path: /index-en
• File: obp-api/src/main/webapp/index-en.html
• Route: Menu.i("index-en") / "index-en"
• Authentication: Not required
• Purpose: English version of landing page

• Path: /introduction
• File: obp-api/src/main/webapp/introduction.html
• Route: Menu.i("Introduction") / "introduction"
• Authentication: Not required
• Purpose: Introduction to the API

• Path: /already-logged-in
• File: obp-api/src/main/webapp/already-logged-in.html
• Route: Menu("Already Logged In", "Already Logged In") / "already-logged-in"
• Authentication: Not required
• Purpose: Shows message when user is already logged in

• Path: /user-information
• File: obp-api/src/main/webapp/user-information.html
• Route: Menu("User Information", "User Information") / "user-information"
• Authentication: Not required
• Purpose: Displays user information

• Path: /user_mgt/lost_password (lost password form)
• Path: /user_mgt/reset_password/{TOKEN} (reset password form)
• File: None (dynamically generated by Lift Framework)
• Route: Handled by AuthUser.lostPassword and AuthUser.passwordReset methods
• Source: obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala
• Authentication: Not required (public password reset)
• Purpose: Request and reset forgotten passwords
• Note: These are not static HTML files but are rendered by Lift's user management system
• Links from:
  • oauth/authorize.html (line 30): "Forgotten password?" link
  • templates-hidden/_login.html (line 31): "Forgotten password?" link

API Endpoint for Password Reset URL:

• Path: POST /obp/v4.0.0/management/user/reset-password-url
• Role Required: CanCreateResetPasswordUrl
• Purpose: Programmatically create password reset URLs
• Property: Controlled by ResetPasswordUrlEnabled (default: false)

• Path: /user-invitation
• File: obp-api/src/main/webapp/user-invitation.html
• Route: Menu("User Invitation", "User Invitation") / "user-invitation"
• Authentication: Not required
• Purpose: User invitation form/page

• Path: /user-invitation-info
• File: obp-api/src/main/webapp/user-invitation-info.html
• Route: Menu("User Invitation Info", "User Invitation Info") / "user-invitation-info"
• Authentication: Not required
• Purpose: Information about user invitations

• Path: /user-invitation-invalid
• File: obp-api/src/main/webapp/user-invitation-invalid.html
• Route: Menu("User Invitation Invalid", "User Invitation Invalid") / "user-invitation-invalid"
• Authentication: Not required
• Purpose: Shows when invitation is invalid

• Path: /user-invitation-warning
• File: obp-api/src/main/webapp/user-invitation-warning.html
• Route: Menu("User Invitation Warning", "User Invitation Warning") / "user-invitation-warning"
• Authentication: Not required
• Purpose: Shows warnings about invitations

• Path: /oauth/authorize
• File: obp-api/src/main/webapp/oauth/authorize.html
• Route: Menu.i("OAuth") / "oauth" / "authorize"
• Authentication: Not required (starts OAuth flow)
• Purpose: OAuth authorization page where users approve access

• Path: /oauth/thanks (via OAuthWorkedThanks.menu)
• File: obp-api/src/main/webapp/oauth/thanks.html
• Route: OAuthWorkedThanks.menu
• Authentication: Not required
• Purpose: OAuth completion page that performs redirect

• Path: /consent-screen
• File: obp-api/src/main/webapp/consent-screen.html
• Route: Menu("Consent Screen", Helper.i18n("consent.screen")) / "consent-screen" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: OAuth consent screen for approving permissions

• Path: /consents
• File: obp-api/src/main/webapp/consents.html
• Route: Menu.i("Consents") / "consents"
• Authentication: Not required
• Purpose: View/manage consents

• Path: /confirm-bg-consent-request
• File: obp-api/src/main/webapp/confirm-bg-consent-request.html
• Route: Menu.i("confirm-bg-consent-request") / "confirm-bg-consent-request" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Berlin Group consent confirmation

• Path: /confirm-bg-consent-request-sca
• File: obp-api/src/main/webapp/confirm-bg-consent-request-sca.html
• Route: Menu.i("confirm-bg-consent-request-sca") / "confirm-bg-consent-request-sca" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Berlin Group consent with SCA (Strong Customer Authentication)

• Path: /confirm-bg-consent-request-redirect-uri
• File: obp-api/src/main/webapp/confirm-bg-consent-request-redirect-uri.html
• Route: Menu.i("confirm-bg-consent-request-redirect-uri") / "confirm-bg-consent-request-redirect-uri" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Berlin Group consent with redirect URI

• Path: /confirm-vrp-consent-request
• File: obp-api/src/main/webapp/confirm-vrp-consent-request.html
• Route: Menu.i("confirm-vrp-consent-request") / "confirm-vrp-consent-request" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: VRP consent request confirmation

• Path: /confirm-vrp-consent
• File: obp-api/src/main/webapp/confirm-vrp-consent.html
• Route: Menu.i("confirm-vrp-consent") / "confirm-vrp-consent" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: VRP consent confirmation

• Path: /consumer-registration
• File: obp-api/src/main/webapp/consumer-registration.html
• Route: Menu("Consumer Registration", Helper.i18n("consumer.registration.nav.name")) / "consumer-registration" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Register new API consumers (OAuth applications)

• Path: /dummy-user-tokens
• File: obp-api/src/main/webapp/dummy-user-tokens.html
• Route: Menu("Dummy user tokens", "Get Dummy user tokens") / "dummy-user-tokens" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Get dummy user tokens for testing

• Path: /create-sandbox-account
• File: obp-api/src/main/webapp/create-sandbox-account.html
• Route: Menu("Sandbox Account Creation", "Create Bank Account") / "create-sandbox-account" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Create sandbox accounts for testing
• Note: Only available if allow_sandbox_account_creation=true in properties

• Path: /add-user-auth-context-update-request
• File: obp-api/src/main/webapp/add-user-auth-context-update-request.html
• Route: Menu.i("add-user-auth-context-update-request") / "add-user-auth-context-update-request"
• Authentication: Not required
• Purpose: Add user authentication context update request

• Path: /confirm-user-auth-context-update-request
• File: obp-api/src/main/webapp/confirm-user-auth-context-update-request.html
• Route: Menu.i("confirm-user-auth-context-update-request") / "confirm-user-auth-context-update-request"
• Authentication: Not required
• Purpose: Confirm user authentication context update

• Path: /otp
• File: obp-api/src/main/webapp/otp.html
• Route: Menu("Validate OTP", "Validate OTP") / "otp" >> AuthUser.loginFirst
• Authentication: Required (AuthUser.loginFirst)
• Purpose: Validate one-time passwords

• Path: /terms-and-conditions
• File: obp-api/src/main/webapp/terms-and-conditions.html
• Route: Menu("Terms and Conditions", "Terms and Conditions") / "terms-and-conditions"
• Authentication: Not required
• Purpose: Terms and conditions

• Path: /privacy-policy
• File: obp-api/src/main/webapp/privacy-policy.html
• Route: Menu("Privacy Policy", "Privacy Policy") / "privacy-policy"
• Authentication: Not required
• Purpose: Privacy policy

• Path: /sdks
• File: obp-api/src/main/webapp/sdks.html
• Route: Menu.i("SDKs") / "sdks"
• Authentication: Not required
• Purpose: SDK documentation and downloads

• Path: /static
• File: obp-api/src/main/webapp/static.html
• Route: Menu.i("Static") / "static"
• Authentication: Not required
• Purpose: Static resource documentation

• Path: Not directly routed (likely included/embedded)
• File: obp-api/src/main/webapp/main-faq.html
• Route: None (component file)
• Authentication: N/A
• Purpose: FAQ content

• Path: /debug
• File: obp-api/src/main/webapp/debug.html
• Route: Menu.i("Debug") / "debug"
• Authentication: Not required
• Purpose: Main debug page

• Path: /debug/awake
• File: obp-api/src/main/webapp/debug/awake.html
• Route: Menu.i("awake") / "debug" / "awake"
• Authentication: Not required
• Purpose: Test if API is running/responsive

• Path: /debug/debug-basic
• File: obp-api/src/main/webapp/debug/debug-basic.html
• Route: Menu.i("debug-basic") / "debug" / "debug-basic"
• Authentication: Not required
• Purpose: Basic debug information

• Path: /debug/debug-default-header
• File: obp-api/src/main/webapp/debug/debug-default-header.html
• Route: Menu.i("debug-default-header") / "debug" / "debug-default-header"
• Authentication: Not required
• Purpose: Test default header template

• Path: /debug/debug-default-footer
• File: obp-api/src/main/webapp/debug/debug-default-footer.html
• Route: Menu.i("debug-default-footer") / "debug" / "debug-default-footer"
• Authentication: Not required
• Purpose: Test default footer template

• Path: /debug/debug-localization
• File: obp-api/src/main/webapp/debug/debug-localization.html
• Route: Menu.i("debug-localization") / "debug" / "debug-localization"
• Authentication: Not required
• Purpose: Test localization/i18n

• Path: /debug/debug-plain
• File: obp-api/src/main/webapp/debug/debug-plain.html
• Route: Menu.i("debug-plain") / "debug" / "debug-plain"
• Authentication: Not required
• Purpose: Plain debug page without templates

• Path: /debug/debug-webui
• File: obp-api/src/main/webapp/debug/debug-webui.html
• Route: Menu.i("debug-webui") / "debug" / "debug-webui"
• Authentication: Not required
• Purpose: Test WebUI properties

• Path: N/A (template component)
• File: obp-api/src/main/webapp/templates-hidden/_login.html
• Route: None (included by Lift framework)
• Purpose: Login form template component
• Note: Contains "Forgotten password?" link to /user_mgt/lost_password

• Path: N/A (template)
• File: obp-api/src/main/webapp/templates-hidden/default.html
• Route: None (Lift framework template)
• Purpose: Default page template

• Path: N/A (template)
• File: obp-api/src/main/webapp/templates-hidden/default-en.html
• Route: None (Lift framework template)
• Purpose: English default page template

• Path: N/A (template)
• File: obp-api/src/main/webapp/templates-hidden/default-header.html
• Route: None (Lift framework template)
• Purpose: Default header template

• Path: N/A (template)
• File: obp-api/src/main/webapp/templates-hidden/default-footer.html
• Route: None (Lift framework template)
• Purpose: Default footer template

• Path: Not directly routed (likely used programmatically)
• File: obp-api/src/main/webapp/basic.html
• Route: None found
• Purpose: Basic HTML page template

All routes are defined in:

• File: obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
• Method: boot method in Boot class
• Framework: Lift Web Framework's SiteMap

• >> AuthUser.loginFirst - Requires user to be logged in
• >> Admin.loginFirst - Requires admin user to be logged in
• No guard - Public access

Some routes are conditionally added based on properties:

• Sandbox account creation requires: allow_sandbox_account_creation=true

All pages are served at:

For example:

• Home page: https://api.example.com/index
• OAuth: https://api.example.com/oauth/authorize
• Consent: https://api.example.com/consent-screen

Total HTML Files: 43

• Public Pages: 27
• Authenticated Pages: 13
• Template Components: 5
• Debug Pages: 9
• Dynamically Generated: 2 (password reset pages)

Page Categories:

• Authentication & User Management: 7 pages
• Password Reset: 2 dynamically generated pages
• OAuth & Consent: 9 pages
• Developer & Admin: 3 pages
• Legal & Information: 4 pages
• Documentation: 4 pages
• Debug & Testing: 9 pages
• Templates: 5 files
• Miscellaneous: 2 pages

1. Lift Framework: The application uses Lift Web Framework for routing and page rendering
2. SiteMap: Routes are configured via Lift's SiteMap in Boot.scala
3. Templates: Pages in templates-hidden/ are not directly accessible but are used as layout templates
4. Localization: Some pages support internationalization (i18n) via Helper.i18n()
5. Security: Many pages require authentication via AuthUser.loginFirst or Admin.loginFirst
6. OAuth Flow: The OAuth authorization flow involves multiple pages: authorize - consent-screen - thanks
7. Consent Types: Different consent screens for different standards (Berlin Group, VRP, generic OAuth)
8. Password Reset: The password reset flow is handled dynamically by Lift's user management system, not static HTML files
   • Lost password form: /user_mgt/lost_password
   • Reset password form: /user_mgt/reset_password/{TOKEN}
   • Implementation in: code/model/dataAccess/AuthUser.scala

• Boot Configuration: obp-api/src/main/scala/bootstrap/liftweb/Boot.scala
• Menu Helpers: Various classes in code package
• Templates: Lift framework templates-hidden directory
• Static Resources: JavaScript, CSS, and images in webapp directory
• User Management: obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala (password reset, validation)
• Password Reset API: obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala (resetPasswordUrl endpoint)