API Reference
All API calls go through the Next.js proxy (/api/* → teller_api_dev:5200). Every request requires a valid Keycloak Bearer token. Role requirements are shown where they differ from the default (any authenticated user).
Branch & Session
Controls the branch's operating state. A branch must be Open before a session or vault can be started.
/branchGet current branch status and open/close times
/branch/openOpen the branch for the business day
/branch/closeClose the branch at end of day
/branch/force-closeEmergency close with mandatory reason
/sessionGet the active business session
/session/openInitiate dual-control session open — returns 202 + BranchOpen approval
/session/activateActivate session after teller proof-ins reviewed (Open → Active)
/session/slot/:slotGet the session record for a specific slot (Single/Morning/Evening)
/session/closeClose the session at end of day
Vault
All vault operations require dual-control: a Supervisor or HeadTeller initiates, and a BranchManager (or vice-versa) approves. Returns a pending approval — not an immediate result.
/vaultGet vault status and current cash balances
/vault/openInitiate vault opening with denomination counts
/vault/closeInitiate vault closing
/vault/transfer-inInitiate cash movement into the vault
/vault/transfer-outInitiate cash movement out of the vault
/vault/report-discrepancyReport a vault cash discrepancy — creates pending VaultDiscrepancyReconciliation approval
Approvals
The dual-control queue. Every vault or drawer operation creates a pending approval that a second authorized officer must review.
/approvalsList pending approvals for this branch (?pendingOnly=false for full history)
/approvals/:idGet a single approval by ID
/approvals/:id/approveApprove a pending action — executes immediately
/approvals/:id/rejectReject a pending action
Teller Drawer
Each teller has one drawer. Opening requires the teller to be on today's roster. All balances must reach zero before the drawer can be closed (zero-carryover rule).
/drawerGet the caller's active drawer with balances and transactions
/drawer/allList all open drawers in the branch
/drawer/peersList other drawers available for teller-to-teller exchange
/drawer/openOpen a drawer with initial denomination counts (requires roster entry)
/drawer/closeClose the drawer — rejected if any balance ≠ 0
/drawer/transfer-to-vaultInitiate cash transfer from drawer to vault (dual-control)
/drawer/transfer-from-vaultInitiate cash transfer from vault to drawer (dual-control)
/drawer-rebalanceSubmit mid-day drawer denomination count — 200 (HeadTeller+ unilateral) or 202 (pending Supervisor approval)
Transactions
Core banking operations posted through the ESB. Tellers are subject to OPA cash limits per currency; transactions above the threshold are routed to the async dual-control approval queue.
/transactionsList all transactions in the current drawer session
/transactions/depositPost a cash deposit to a customer account
/transactions/deposit/pendingSubmit an over-limit deposit for supervisor approval — returns 202 + BranchApproval
/transactions/withdrawalPost a cash withdrawal from a customer account
/transactions/withdrawal/pendingSubmit an over-limit withdrawal for supervisor approval — returns 202 + BranchApproval
/transactions/cheque-depositPost a cheque deposit
/transactions/:id/reverseReverse a previously posted transaction
/transactions/exchangePerform a foreign currency exchange
/transactions/exchange/internalInternal currency exchange between teller or vault
/transactions/transfer/ownTransfer between a customer's own accounts
/transactions/transfer/localTransfer to a third-party IBAN
Supervisor Override
When a transaction exceeds the teller's cash limit, a supervisor must authorize it in real-time. The resulting token is single-use with a 5-minute TTL.
/supervisor/authorizeIssue a time-limited override token for high-value transactions
Force Close
Emergency close operations that bypass all state and balance checks. Dual-control routing is determined by the ApprovalPolicies table — most specific rule wins by priority.
/vault/force-closeForce-close the vault with optional discrepancy record
/drawer/force-close/:drawerIdForce-close a teller drawer — initiator rank must exceed drawer owner
/session/force-closeForce-close today's business session
Teller Proof-In
Per-teller start-of-day cash-box count. Each teller submits denomination counts compared against their last closed drawer balance.
/teller-proof-inSubmit teller cash-box denomination counts — returns Matched or creates Mismatched pending approval
/teller-proof-in/statusGet the current proof-in status for the calling teller
/teller-proof-in/branch-statusGet all teller proof-in statuses for the branch (supervisor review)
/teller-system-proofMBT terminal sign-in or sign-out — gates drawer open via HasProofedIn
/teller-system-proof/statusGet today's MBT terminal system proof status (ProofInAt, ProofOutAt)
Vault Proof-In
Start-of-day physical cash count submission by ICD Officers. System computes variance against vault opening balance.
/proof-inSubmit physical cash counts for all currencies — Matched or creates pending Mismatched approval
/proof-in/statusGet the current proof-in status for the branch business day
Proof-Out
End-of-day physical cash count. Two custodians must independently submit counts; the second triggers reconciliation against live vault balances. Matched status required before vault close.
/proof-outSubmit EOD physical cash counts — first custodian sets AwaitingBothCustodians; second triggers reconciliation
/proof-out/statusGet proof-out status with custodian names and submitted counts
Counterfeit Reports
Tellers submit a counterfeit currency report when fake notes are detected. Each report creates a BranchManager review approval.
/counterfeit-reportsSubmit a counterfeit report — creates CounterfeitReportBmReview pending approval
/counterfeit-reportsList all counterfeit reports for the branch
Cash Orders (Bait Al Mal)
Request a cash transfer to or from the branch. Two order types: CTB (Cash Transfer to Branch) and CFB (Cash From Branch). Blocked after the cutoff time.
/cash-ordersSubmit a cash order — blocked after GST cutoff (Standard 15:00 / Mall 21:00); creates CashOrderBmApproval pending approval
/cash-ordersList all cash orders for the branch
Pending Admin Changes
Maker-checker queue for ICD Officer admin mutations. Changes are queued for ICD Manager review instead of being applied immediately.
/admin/pending-changesList pending admin changes — IcdOfficer read-only view; IcdManager+ can approve/reject
/admin/pending-changes/:id/approveApprove and execute a pending configuration change — self-approval blocked
/admin/pending-changes/:id/rejectReject a pending change with optional reason
Admin
Configuration endpoints. All requests are China-Wall scoped — EntityAdmin sees own entity, BankAdmin sees all. Key mutations are gated by admin.MenuAccessMatrix.
/admin/usersList Keycloak users for your entity
/admin/usersCreate a new Keycloak user with role and bank attributes
/admin/users/:idUpdate a user's role, entity, or branch assignment
/admin/users/:id/reset-passwordReset a user's Keycloak password
/admin/users/:idRemove a user from Keycloak
/admin/rosterList teller roster entries for a branch and date
/admin/rosterAdd a teller to the roster for a specific date
/admin/roster/:idRemove a roster entry
/admin/business-daysList business days for a branch in a date range
/admin/business-daysRegister a new business day
/admin/cash-limitsGet cash limits per currency for your entity
/admin/cash-limitsSet the cash limit for a currency — auto-syncs to OPA
/admin/opa/policyGet the current live Rego policy from OPA
/admin/opa/policyUpdate the Rego policy — takes effect immediately
/admin/opa/syncForce-push DB cash limits to OPA
/admin/approval-policiesList data-driven approval routing policies
/admin/approval-policiesCreate a new approval policy rule
/admin/approval-policies/:idUpdate an approval policy rule
/admin/approval-policies/:idDelete an approval policy rule
/admin/custodiansList vault custodian status for all active roster entries
/admin/roster/:id/custodianDesignate or revoke vault custodian flag for a roster entry
/admin/drawer-limitsList drawer balance limits per currency for a branch
/admin/drawer-limitsUpsert drawer balance limit — HardBlock or EscalateToApproval
/admin/exchange-rates/localList local exchange rates used for AGG calculations
/admin/exchange-rates/localUpsert a local exchange rate — write requires Entity Admin
/access-matrixGet the caller's menu access matrix (multi-role OR semantics)
/admin/access-matrixGet full access matrix for an entity (all roles, all menu keys)
/admin/access-matrixUpsert a single Role+MenuKey permission row
/admin/holidaysList public holidays for an entity/branch within a date range
/admin/holidaysCreate a public holiday (entity-wide or branch-specific)
/admin/holidays/:idRename a public holiday
/admin/holidays/:idDelete a public holiday
/admin/entities/:entity/weekend-daysSet weekend days for all branches in an entity
/admin/branches/:branchId/weekend-daysSet weekend days for a single branch