FIProfile Class

Properties   Methods   Events   Config Settings   Errors  

The FIProfile control is a single class that supports the SignOn and FI Profile functions of Open Financial eXchange, as described by the OFX Specification version 1.0.2.

Syntax

class inebank.FIProfile

Remarks

The FIProfile class provides the ability to download an OFX Financial Institution Profile. These profiles contain information about how to communicate with the financial institution, such as what message sets are supported and what URLs to post to for them as well as the type of data that is supported for sign on.

To use the FIProfile class, first identify the financial institution by setting the fi_id, fi_organization and fi_url, properties. Next identify the OFX user and application by setting the ofx_user, ofx_password, ofx_app_id and ofx_app_version properties. Use the client_routing property to notify the server as to the client's routing capabilities. Finally, set the last_update property to the date of the most recent profile request. Then just call the get_profile method to retrieve the financial institution's profile.

To determine whether the client has the latest version of the FI profile, the server checks the date and time passed by the client in last_update. If the client has the latest version of the FI profile, the server does not return a profile specific response. In this case, the ServerMessage will contain the message returned by the server (such as: 'Up to date', etc.).

Property List

The following is the full list of the properties of the class with short descriptions. Click on the links for further details.

Method List

The following is the full list of the methods of the class with short descriptions. Click on the links for further details.

Event List

The following is the full list of the events fired by the class with short descriptions. Click on the links for further details.

Config Settings

The following is a list of config settings for the class with short descriptions. Click on the links for further details.

challenge_question_count Property

The number of records in the Challenge arrays.

Syntax

def get_challenge_question_count() -> int: ...
def set_challenge_question_count(value: int) -> None: ...

challenge_question_count = property(get_challenge_question_count, set_challenge_question_count)

Default Value

0

Remarks

This property controls the size of the following arrays:

• challenge_aggregate
• challenge_answer
• challenge_question
• challenge_question_id

The array indices start at 0 and end at challenge_question_count - 1.

challenge_aggregate Property

Wrapper for a MFA challenge question.

Syntax

def get_challenge_aggregate(challenge_question_index: int) -> str: ...

Default Value

""

Remarks

Wrapper for a MFA challenge question.

Each challenge question aggregate contains elements and values associated with the following properties:

• challenge_question_id
• challenge_question

Aggregates are pieces of XML taken from the financial institution's original response. They contain elements that correspond to many of the class's properties. However, some of these elements, and/or their potential values, may not be supported by the class. Any user who wishes to use unsupported fields may use this aggregate property to parse out the desired data either via our OFXAggregate class or any other means.

Note: The original data from the server is returned as SGML or XML (depending on the value of ofx_version that FI supports. If the original data is returned in SGML format, the class internally manipulates these responses into the equivalent XML format by inserting close element tags (e.g., "</ACCTID>") into the data as it comes from the server.

The challenge_question_index parameter specifies the index of the item in the array. The size of the array is controlled by the challenge_question_count property.

This property is read-only.

challenge_answer Property

User's answer to the challenge question identified by QuestionId .

Syntax

def get_challenge_answer(challenge_question_index: int) -> str: ...
def set_challenge_answer(challenge_question_index: int, value: str) -> None: ...

Default Value

""

Remarks

User's answer to the challenge question identified by challenge_question_id.

Depending on the value of challenge_question_id, this answer can be collected by user or client. Values above MFA100 are reserved for questions that the server expects the client to answer. These do not require customer responses. All other IDs as well as server specific IDs expect customer responses. Clients may need to identify out of band which of the IDs above MFA100 they support.

The challenge_question_index parameter specifies the index of the item in the array. The size of the array is controlled by the challenge_question_count property.

challenge_question Property

The textual challenge question.

Syntax

def get_challenge_question(challenge_question_index: int) -> str: ...

Default Value

""

Remarks

The textual challenge question.

The following table details the list of possible reserved values for challenge_question_id and corresponding textual description of the challenge question:

Note:Values above MFA100 are reserved for questions that the server expects the client to answer. These do not require customer responses. All other IDs as well as server specific IDs expect customer responses. Clients may need to identify out of band which of the IDs above MFA100 they support.

The challenge_question_index parameter specifies the index of the item in the array. The size of the array is controlled by the challenge_question_count property.

This property is read-only.

challenge_question_id Property

Identifier for the challenge question.

Syntax

def get_challenge_question_id(challenge_question_index: int) -> str: ...

Default Value

""

Remarks

Identifier for the challenge question.

This is unique for this challenge question, but not unique for the user, session, etc.

The following table details the list of possible reserved values for challenge_question_id and corresponding textual description of the challenge question:

Note:Values above MFA100 are reserved for questions that the server expects the client to answer. These do not require customer responses. All other IDs as well as server specific IDs expect customer responses. Clients may need to identify out of band which of the IDs above MFA100 they support.

The challenge_question_index parameter specifies the index of the item in the array. The size of the array is controlled by the challenge_question_count property.

This property is read-only.

client_routing Property

Client routing capabilities of the Financial Institution.

Syntax

def get_client_routing() -> int: ...
def set_client_routing(value: int) -> None: ...

client_routing = property(get_client_routing, set_client_routing)

Default Value

0

Remarks

fi_address1 Property

Street address.

Syntax

def get_fi_address1() -> str: ...

fi_address1 = property(get_fi_address1, None)

Default Value

""

Remarks

The first line of the street address of the individual or business is stored in this property as a string.

This property is read-only.

fi_address2 Property

Street address.

Syntax

def get_fi_address2() -> str: ...

fi_address2 = property(get_fi_address2, None)

Default Value

""

Remarks

The second line of the street address of the individual or business is stored in this property as a string.

This property is read-only.

fi_address3 Property

Street address.

Syntax

def get_fi_address3() -> str: ...

fi_address3 = property(get_fi_address3, None)

Default Value

""

Remarks

The third line of the street address of the individual or business is stored in this property as a string.

This property is read-only.

fi_city Property

City.

Syntax

def get_fi_city() -> str: ...

fi_city = property(get_fi_city, None)

Default Value

""

Remarks

The city where the individual or business is located is stored in this property as a string.

This property is read-only.

fi_country Property

Country.

Syntax

def get_fi_country() -> str: ...

fi_country = property(get_fi_country, None)

Default Value

""

Remarks

The country where the individual or business is located is stored in this property as a string.

This property is read-only.

fi_customer_service_phone Property

Phone number for Customer Service.

Syntax

def get_fi_customer_service_phone() -> str: ...

fi_customer_service_phone = property(get_fi_customer_service_phone, None)

Default Value

""

Remarks

This is the Financial Institution's Customer Service phone number.

This property is read-only.

fi_email_address Property

Email address for contacting the Financial Institution.

Syntax

def get_fi_email_address() -> str: ...

fi_email_address = property(get_fi_email_address, None)

Default Value

""

Remarks

The FI email address.

This property is read-only.

fi_home_page Property

Home web page for general information about the Financial Institution.

Syntax

def get_fi_home_page() -> str: ...

fi_home_page = property(get_fi_home_page, None)

Default Value

""

Remarks

The Financial Institution's home page URL.

This property is read-only.

fi_id Property

Financial institution identifier.

Syntax

def get_fi_id() -> str: ...
def set_fi_id(value: str) -> None: ...

fi_id = property(get_fi_id, set_fi_id)

Default Value

""

Remarks

fi_id holds the identifier of the OFX Financial Institution and is used during signon. This value is unique for each organization name.

fi_name Property

Name.

Syntax

def get_fi_name() -> str: ...

fi_name = property(get_fi_name, None)

Default Value

""

Remarks

The name of the individual or business is stored in this property as a string.

This property is read-only.

fi_organization Property

Financial institution organization name.

Syntax

def get_fi_organization() -> str: ...
def set_fi_organization(value: str) -> None: ...

fi_organization = property(get_fi_organization, set_fi_organization)

Default Value

""

Remarks

This is the name of the OFX Financial Institution and is used during signon. Each organization has a unique fi_id that must also be used at signon.

fi_postal_code Property

Postal Code.

Syntax

def get_fi_postal_code() -> str: ...

fi_postal_code = property(get_fi_postal_code, None)

Default Value

""

Remarks

The postal code where the individual or business is located is stored in this property as a string.

This property is read-only.

fi_profile_date Property

The date the current profile was posted.

Syntax

def get_fi_profile_date() -> str: ...

fi_profile_date = property(get_fi_profile_date, None)

Default Value

""

Remarks

The date the OFX Financial Institution posted the current profile.

All input dates should be entered in the format specified by DateFormat. For example, if the DateFormat is set to "MM/dd/yyyy hh:mm:ss" (default value), an input date should look like: 09/30/2009 12:00:00 AM.

This format specifies also how the returned dates are going to get parsed.

Note: you may use this date on subsequent profile requests to ensure that you receive the latest profile. Simply set the last_update property to the value in this property on any subsequent profile requests.

This property is read-only.

firewall_auto_detect Property

Whether to automatically detect and use firewall system settings, if available.

Syntax

def get_firewall_auto_detect() -> bool: ...
def set_firewall_auto_detect(value: bool) -> None: ...

firewall_auto_detect = property(get_firewall_auto_detect, set_firewall_auto_detect)

Default Value

FALSE

Remarks

Whether to automatically detect and use firewall system settings, if available.

firewall_type Property

The type of firewall to connect through.

Syntax

def get_firewall_type() -> int: ...
def set_firewall_type(value: int) -> None: ...

firewall_type = property(get_firewall_type, set_firewall_type)

Default Value

0

Remarks

The type of firewall to connect through. The applicable values are as follows:

firewall_host Property

The name or IP address of the firewall (optional).

Syntax

def get_firewall_host() -> str: ...
def set_firewall_host(value: str) -> None: ...

firewall_host = property(get_firewall_host, set_firewall_host)

Default Value

""

Remarks

The name or IP address of the firewall (optional). If a firewall_host is given, the requested connections will be authenticated through the specified firewall when connecting.

If this property is set to a Domain Name, a DNS request is initiated. Upon successful termination of the request, this property is set to the corresponding address. If the search is not successful, the class fails with an error.

firewall_password Property

A password if authentication is to be used when connecting through the firewall.

Syntax

def get_firewall_password() -> str: ...
def set_firewall_password(value: str) -> None: ...

firewall_password = property(get_firewall_password, set_firewall_password)

Default Value

""

Remarks

A password if authentication is to be used when connecting through the firewall. If firewall_host is specified, the firewall_user and firewall_password properties are used to connect and authenticate to the given firewall. If the authentication fails, the class fails with an error.

firewall_port Property

The Transmission Control Protocol (TCP) port for the firewall Host .

Syntax

def get_firewall_port() -> int: ...
def set_firewall_port(value: int) -> None: ...

firewall_port = property(get_firewall_port, set_firewall_port)

Default Value

0

Remarks

The Transmission Control Protocol (TCP) port for the firewall firewall_host. See the description of the firewall_host property for details.

Note: This property is set automatically when firewall_type is set to a valid value. See the description of the firewall_type property for details.

firewall_user Property

A username if authentication is to be used when connecting through a firewall.

Syntax

def get_firewall_user() -> str: ...
def set_firewall_user(value: str) -> None: ...

firewall_user = property(get_firewall_user, set_firewall_user)

Default Value

""

Remarks

A username if authentication is to be used when connecting through a firewall. If firewall_host is specified, this property and the firewall_password property are used to connect and authenticate to the given Firewall. If the authentication fails, the class fails with an error.

fi_state Property

State.

Syntax

def get_fi_state() -> str: ...

fi_state = property(get_fi_state, None)

Default Value

""

Remarks

The state or province where the individual or business is located is stored in this property as a string.

This property is read-only.

fi_tech_support_phone Property

Phone number for Technical Support.

Syntax

def get_fi_tech_support_phone() -> str: ...

fi_tech_support_phone = property(get_fi_tech_support_phone, None)

Default Value

""

Remarks

The Financial Institution's Tech Support department phone number.

This property is read-only.

fi_url Property

Financial institution URL.

Syntax

def get_fi_url() -> str: ...
def set_fi_url(value: str) -> None: ...

fi_url = property(get_fi_url, set_fi_url)

Default Value

""

Remarks

This is the URL of the OFX Financial Institution to which the class will signon and fetch data.

last_update Property

Date and time of the last profile update.

Syntax

def get_last_update() -> str: ...
def set_last_update(value: str) -> None: ...

last_update = property(get_last_update, set_last_update)

Default Value

"20000101120000.000[+0:GMT]"

Remarks

This is the date (last time) the FI updated the profile on their end. If this is the first time the FIProfile class is being used, use the default value to ensure that the latest update is received. This property must be set to a value that was returned in the fi_profile_date property after a previous profile request.

All input dates should be entered in the format specified by DateFormat. For example, if the DateFormat is set to "MM/dd/yyyy hh:mm:ss" (default value), an input date should look like: 09/30/2009 12:00:00 AM.

This format specifies also how the returned dates are going to get parsed.

message_set_count Property

The number of records in the MessageSet arrays.

Syntax

def get_message_set_count() -> int: ...

message_set_count = property(get_message_set_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• message_set_aggregate
• message_set_closing_info_availability
• message_set_closing_info_image
• message_set_language
• message_set_name
• message_set_recovery
• message_set_refresh
• message_set_security_level
• message_set_service_provider
• message_set_sign_on_realm
• message_set_sync_mode
• message_set_transport_security
• message_set_tx_image
• message_set_url
• message_set_version

The array indices start at 0 and end at message_set_count - 1.

This property is read-only.

message_set_aggregate Property

Wrapper for a message set.

Syntax

def get_message_set_aggregate(message_set_index: int) -> str: ...

Default Value

""

Remarks

Wrapper for a message set.

A list of all of a given Financial Institution's supported services are stored in a series of aggregates called 'Message Sets'.

Each message set aggregate contains data (elements and values) associated with the following properties:

• message_set_name
• message_set_language
• message_set_recovery
• message_set_refresh
• message_set_security_level
• message_set_service_provider
• message_set_sign_on_realm
• message_set_sync_mode
• message_set_transport_security
• message_set_url
• message_set_version

Aggregates are pieces of XML taken from the financial institution's original response. They contain elements that correspond to many of the class's properties. However, some of these elements, and/or their potential values, may not be supported by the class. Any user who wishes to use unsupported fields may use this aggregate property to parse out the desired data either via our OFXAggregate class or any other means.

Note: The original data from the server is returned as SGML or XML (depending on the value of ofx_version that FI supports. If the original data is returned in SGML format, the class internally manipulates these responses into the equivalent XML format by inserting close element tags (e.g., "</ACCTID>") into the data as it comes from the server.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_closing_info_availability Property

This is an indicator of the Financial Institution's statement closing information capabilities.

Syntax

def get_message_set_closing_info_availability(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

This is an indicator of the Financial Institution's statement closing information capabilities. If true, the server can support statement closing information download for this message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_closing_info_image Property

This is an indicator of the Financial Institution's statement closing image capabilities.

Syntax

def get_message_set_closing_info_image(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

This is an indicator of the Financial Institution's statement closing image capabilities. If true, the server can support image of the statement closing information for this message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_language Property

Languages the server supports.

Syntax

def get_message_set_language(message_set_index: int) -> str: ...

Default Value

""

Remarks

Languages the server supports. More than one may appear in given response.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_name Property

Name of a message set supported by the given FI.

Syntax

def get_message_set_name(message_set_index: int) -> str: ...

Default Value

""

Remarks

Name of a message set supported by the given FI.

Each message_set_aggregate corresponds to a different OFX command. For example, SIGNONMSGSET corresponds to SignOn Request Message. The message_set_name is used to retrieve the name of the command associated with this Message Set.

The following table lists each message set, along with its aggregate name and the OFX Versions that support it.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_recovery Property

This is an indicator of the Financial Institution's error-recovery capabilities.

Syntax

def get_message_set_recovery(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

This is an indicator of the Financial Institution's error-recovery capabilities. If true, the server can support file-based error recovery.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_refresh Property

If true, the server can support Synchronized Refresh.

Syntax

def get_message_set_refresh(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

If true, the server can support Synchronized Refresh. Even if this property is set to false, the Financial Institution's server may still be able to support Lite Synchronization.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_security_level Property

Security level of the Message Set.

Syntax

def get_message_set_security_level(message_set_index: int) -> str: ...

Default Value

""

Remarks

Security level of the Message Set.

Legal values are defined as follows: "NONE" and "TYPE 1". If the message_set_security_level of a Message Set is 'TYPE 1', then the requests for that Message Set submitted to that FI will require a challenge request to be present during the signon.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_service_provider Property

If the OFX server has been outsourced to a service provider other than the Financial Institution, then the name of that provider should appear here.

Syntax

def get_message_set_service_provider(message_set_index: int) -> str: ...

Default Value

""

Remarks

If the OFX server has been outsourced to a service provider other than the Financial Institution, then the name of that provider should appear here.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_sign_on_realm Property

This is the name of the SignOn realm used by this message set.

Syntax

def get_message_set_sign_on_realm(message_set_index: int) -> str: ...

Default Value

""

Remarks

This is the name of the SignOn realm used by this message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_sync_mode Property

Level of synchronization offered by the server for this message set.

Syntax

def get_message_set_sync_mode(message_set_index: int) -> str: ...

Default Value

""

Remarks

Level of synchronization offered by the server for this message set. The valid values are:

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_transport_security Property

It indicates whether any security measures are taken at the Transport Layer for this message set.

Syntax

def get_message_set_transport_security(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

It indicates whether any security measures are taken at the Transport Layer for this message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_tx_image Property

It indicates whether FI supports transaction image download for this message set.

Syntax

def get_message_set_tx_image(message_set_index: int) -> bool: ...

Default Value

FALSE

Remarks

It indicates whether FI supports transaction image download for this message set. If True, the server supports transaction image (e.g., check image) for this message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_url Property

This is the address of the server to which OFX (HTTP) connections are made for this particular message set.

Syntax

def get_message_set_url(message_set_index: int) -> str: ...

Default Value

""

Remarks

This is the address of the server to which OFX (HTTP) connections are made for this particular message set.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

message_set_version Property

This version number corresponds to the version of the OFX Specification which the server uses for the message set.

Syntax

def get_message_set_version(message_set_index: int) -> str: ...

Default Value

""

Remarks

This version number corresponds to the version of the OFX Specification which the server uses for the message set. Usually this will be the same version supplied by the client, but sometimes versions may differ across message sets. Servers are required to provide this value in the VER element of the message set aggregate.

The message_set_index parameter specifies the index of the item in the array. The size of the array is controlled by the message_set_count property.

This property is read-only.

ofx_access_key Property

Access key value received after a MFA authentication in a previous signon.

Syntax

def get_ofx_access_key() -> str: ...
def set_ofx_access_key(value: str) -> None: ...

ofx_access_key = property(get_ofx_access_key, set_ofx_access_key)

Default Value

""

Remarks

This might be returned in the server response after a MFA authentication (i.e. MFA challenge question/answer pairs were validated by the server when the send_challenge_answers method in FIProfile class was called).

To prevent servers from needing to authenticate the user in each OFX request, the server may respond to a correct set of challenge answers with a ofx_access_key on the signon response (when the send_challenge_answers method in FIProfile class was called).

The server determines the contents of this optional element. On each subsequent signon request, the client will send the last value of the ofx_access_key it has received, even after the end of the current session. The server has the option to respond to any subsequent request with a 3000 error code, requiring the client to send the MFA challenge questions request again (by calling the request_challenge_questions method in FIProfile class). This allows the server to determine the lifetime of the ofx_access_key.

ofx_app_id Property

OFX application identifier.

Syntax

def get_ofx_app_id() -> str: ...
def set_ofx_app_id(value: str) -> None: ...

ofx_app_id = property(get_ofx_app_id, set_ofx_app_id)

Default Value

""

Remarks

This is the unique identifier of the user's OFX application.

ofx_app_version Property

OFX application version.

Syntax

def get_ofx_app_version() -> str: ...
def set_ofx_app_version(value: str) -> None: ...

ofx_app_version = property(get_ofx_app_version, set_ofx_app_version)

Default Value

""

Remarks

This is the version of the user's OFX application.

ofx_password Property

User's password.

Syntax

def get_ofx_password() -> str: ...
def set_ofx_password(value: str) -> None: ...

ofx_password = property(get_ofx_password, set_ofx_password)

Default Value

""

Remarks

This is the password used when signing on to the OFX Financial Institution's service.

ofx_request Property

The current OFX request aggregate.

Syntax

def get_ofx_request() -> str: ...

ofx_request = property(get_ofx_request, None)

Default Value

""

Remarks

Polling ofx_request will cause the class to generate and return an OFX request aggregate.

This property is read-only.

ofx_response Property

The current OFX response aggregate.

Syntax

def get_ofx_response() -> str: ...
def set_ofx_response(value: str) -> None: ...

ofx_response = property(get_ofx_response, set_ofx_response)

Default Value

""

Remarks

This can be used especially for debugging purposes. This can also be used to parse an OFX Response. To do so, you can set the OFX Response data (in string format) to ofx_response. Once set, the supplied OFX data will be parsed and will populate the same read-only properties that read_ofx_data_file does.

ofx_user Property

User's id.

Syntax

def get_ofx_user() -> str: ...
def set_ofx_user(value: str) -> None: ...

ofx_user = property(get_ofx_user, set_ofx_user)

Default Value

""

Remarks

This is the UserID used when signing on to the OFX Financial Institution's service.

ofx_version Property

OFX API version.

Syntax

def get_ofx_version() -> str: ...
def set_ofx_version(value: str) -> None: ...

ofx_version = property(get_ofx_version, set_ofx_version)

Default Value

"102"

Remarks

This is the OFX API version used in all requests sent to your FI server (such as 1.0.2, 2.0.1, 2.1.1, etc.). Valid values: 102, 103, 200, 201, 203, 210, 211. Note that not all OFX Versions are supported by FIs.

Note: If the ofx_version is set to 1x, the request and the response are going to be in SGML format. If set to 2x, the request will be in XML format (the response format depends on the FI's server capabilities). Note that if the OFX FI server does not support version 2x, the server will return an error (such as 'Bad Request').

Certain services are available only for a specific OFX version. For example, image download, is available only in OFX version 2.1.1.

sign_on_info_count Property

The number of records in the SignOn arrays.

Syntax

def get_sign_on_info_count() -> int: ...

sign_on_info_count = property(get_sign_on_info_count, None)

Default Value

0

Remarks

This property controls the size of the following arrays:

• sign_on_aggregate
• sign_on_auth_token
• sign_on_auth_token_first
• sign_on_auth_token_url
• sign_on_case_sensitive
• sign_on_char_type
• sign_on_client_u_id_req
• sign_on_max_pwd_length
• sign_on_mfa_challenge_first
• sign_on_mfa_challenge_req
• sign_on_min_pwd_length
• sign_on_pin_change
• sign_on_pin_change_first
• sign_on_realm
• sign_on_spaces
• sign_on_special
• sign_on_user_cred1_q
• sign_on_user_cred2_q

The array indices start at 0 and end at sign_on_info_count - 1.

This property is read-only.

sign_on_aggregate Property

Wrapper for signon information.

Syntax

def get_sign_on_aggregate(sign_on_index: int) -> str: ...

Default Value

""

Remarks

Wrapper for signon information.

Each signon information aggregate contains data (elements and values) associated with the following properties:

• sign_on_max_pwd_length
• sign_on_min_pwd_length
• sign_on_case_sensitive
• sign_on_char_type
• sign_on_spaces
• sign_on_special
• sign_on_pin_change_first
• sign_on_pin_change
• sign_on_auth_token_first
• sign_on_auth_token
• sign_on_auth_token_url
• sign_on_client_u_id_req
• sign_on_mfa_challenge_req
• sign_on_mfa_challenge_first
• sign_on_user_cred1_q
• sign_on_user_cred2_q
• sign_on_realm

Aggregates are pieces of XML taken from the financial institution's original response. They contain elements that correspond to many of the class's properties. However, some of these elements, and/or their potential values, may not be supported by the class. Any user who wishes to use unsupported fields may use this aggregate property to parse out the desired data either via our OFXAggregate class or any other means.

Note: The original data from the server is returned as SGML or XML (depending on the value of ofx_version that FI supports. If the original data is returned in SGML format, the class internally manipulates these responses into the equivalent XML format by inserting close element tags (e.g., "</ACCTID>") into the data as it comes from the server.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_auth_token Property

Text label for the Authentication Token.

Syntax

def get_sign_on_auth_token(sign_on_index: int) -> str: ...

Default Value

""

Remarks

Text label for the Authentication Token.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_auth_token_first Property

Indicates whether server requires clients to send the Authentication Token as part of first signon.

Syntax

def get_sign_on_auth_token_first(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether server requires clients to send the Authentication Token as part of first signon.

If True, then server requires clients to send the AuthToken as part of first signon.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_auth_token_url Property

URL where Authentication Token information is provided by the institution operating the OFX server.

Syntax

def get_sign_on_auth_token_url(sign_on_index: int) -> str: ...

Default Value

""

Remarks

URL where Authentication Token information is provided by the institution operating the OFX server.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_case_sensitive Property

Indicates whether the password is case-sensitive or not.

Syntax

def get_sign_on_case_sensitive(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the password is case-sensitive or not.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_char_type Property

Type of characters the password can contain.

Syntax

def get_sign_on_char_type(sign_on_index: int) -> int: ...

Default Value

1

Remarks

Type of characters the password can contain. The valid values of this string are:

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_client_u_id_req Property

Indicates whether the Client Unique Identifier is required to be included in the signon.

Syntax

def get_sign_on_client_u_id_req(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the Client Unique Identifier is required to be included in the signon.

If this is True, then the ClientUId is required to be set and included in the request.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_max_pwd_length Property

Maximum number of characters a SignOn password on this server can have.

Syntax

def get_sign_on_max_pwd_length(sign_on_index: int) -> int: ...

Default Value

0

Remarks

Maximum number of characters a SignOn password on this server can have.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_mfa_challenge_first Property

Indicates whether the Multi-Factor Authentication (MFA) challenge is required to be included in the first signon to this server.

Syntax

def get_sign_on_mfa_challenge_first(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the Multi-Factor Authentication (MFA) challenge is required to be included in the first signon to this server.

If True, then server requires clients to request MFA challenge questions (required for MFA) in the first signon request. See request_challenge_questions in FIProfile for more information.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_mfa_challenge_req Property

Indicates whether the Multi-Factor Authentication (MFA) challenge is required by this FI server.

Syntax

def get_sign_on_mfa_challenge_req(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether the Multi-Factor Authentication (MFA) challenge is required by this FI server.

If True, then server requires multi-factor authentication during each signon. See request_challenge_questions in FIProfile for more information.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_min_pwd_length Property

Minimum number of characters a SignOn password on this server can have.

Syntax

def get_sign_on_min_pwd_length(sign_on_index: int) -> int: ...

Default Value

0

Remarks

Minimum number of characters a SignOn password on this server can have.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_pin_change Property

It indicates whether the server accepts any PIN Change Requests at all.

Syntax

def get_sign_on_pin_change(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

It indicates whether the server accepts any PIN Change Requests at all.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_pin_change_first Property

Indicates whether server requires clients to change password as part of first signon.

Syntax

def get_sign_on_pin_change_first(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

Indicates whether server requires clients to change password as part of first signon.

If True, then server requires clients to change ofx_password as part of first signon. However, if sign_on_mfa_challenge_first is also True, this pin change request should be sent immediately after the session containing multi-factor authentication.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_realm Property

SignOn realm used by this message set.

Syntax

def get_sign_on_realm(sign_on_index: int) -> str: ...

Default Value

""

Remarks

SignOn realm used by this message set. The name of the SignOn realm in this message set.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_spaces Property

It indicates whether the password can contain whitespaces.

Syntax

def get_sign_on_spaces(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

It indicates whether the password can contain whitespaces.

This does not refer to any special characters. To determine whether special characters are allowed, check the value of sign_on_special.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_special Property

It indicates whether the password can contain special characters.

Syntax

def get_sign_on_special(sign_on_index: int) -> bool: ...

Default Value

FALSE

Remarks

It indicates whether the password can contain special characters. Special characters do not include spaces.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_user_cred1_q Property

Text prompt for user credential.

Syntax

def get_sign_on_user_cred1_q(sign_on_index: int) -> str: ...

Default Value

""

Remarks

Text prompt for user credential.

If this is present in the server response, a third credential is required to authenticate the user in all future requests. This is in addition to ofx_user and ofx_password. This new credential is represented by UserCred1A) which is the corresponding answer of sign_on_user_cred1_q. This should be then included in each request.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

sign_on_user_cred2_q Property

Text prompt for user credential.

Syntax

def get_sign_on_user_cred2_q(sign_on_index: int) -> str: ...

Default Value

""

Remarks

Text prompt for user credential.

If this is present in the server response, a fourth credential is required to authenticate the user in all future requests. This is in addition to ofx_user, ofx_password and sign_on_user_cred2_q. This new credential is represented by UserCred2A) which is the corresponding answer of sign_on_user_cred2_q. This should be then included in each request. In this case, the UserCred1A should also be present in the request.

The sign_on_index parameter specifies the index of the item in the array. The size of the array is controlled by the sign_on_info_count property.

This property is read-only.

ssl_accept_server_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_accept_server_cert_effective_date() -> str: ...

ssl_accept_server_cert_effective_date = property(get_ssl_accept_server_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_accept_server_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_accept_server_cert_expiration_date() -> str: ...

ssl_accept_server_cert_expiration_date = property(get_ssl_accept_server_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_accept_server_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_accept_server_cert_extended_key_usage() -> str: ...

ssl_accept_server_cert_extended_key_usage = property(get_ssl_accept_server_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_accept_server_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint() -> str: ...

ssl_accept_server_cert_fingerprint = property(get_ssl_accept_server_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_accept_server_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint_sha1() -> str: ...

ssl_accept_server_cert_fingerprint_sha1 = property(get_ssl_accept_server_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_accept_server_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_accept_server_cert_fingerprint_sha256() -> str: ...

ssl_accept_server_cert_fingerprint_sha256 = property(get_ssl_accept_server_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_accept_server_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_accept_server_cert_issuer() -> str: ...

ssl_accept_server_cert_issuer = property(get_ssl_accept_server_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_accept_server_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_accept_server_cert_private_key() -> str: ...

ssl_accept_server_cert_private_key = property(get_ssl_accept_server_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_accept_server_cert_private_key may be available but not exportable. In this case, ssl_accept_server_cert_private_key returns an empty string.

This property is read-only.

ssl_accept_server_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_accept_server_cert_private_key_available() -> bool: ...

ssl_accept_server_cert_private_key_available = property(get_ssl_accept_server_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_accept_server_cert_private_key is available for the selected certificate. If ssl_accept_server_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_accept_server_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_accept_server_cert_private_key_container() -> str: ...

ssl_accept_server_cert_private_key_container = property(get_ssl_accept_server_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_accept_server_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_accept_server_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_accept_server_cert_public_key() -> str: ...

ssl_accept_server_cert_public_key = property(get_ssl_accept_server_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_accept_server_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_accept_server_cert_public_key_algorithm() -> str: ...

ssl_accept_server_cert_public_key_algorithm = property(get_ssl_accept_server_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_accept_server_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_accept_server_cert_public_key_length() -> int: ...

ssl_accept_server_cert_public_key_length = property(get_ssl_accept_server_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_accept_server_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_accept_server_cert_serial_number() -> str: ...

ssl_accept_server_cert_serial_number = property(get_ssl_accept_server_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_accept_server_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_accept_server_cert_signature_algorithm() -> str: ...

ssl_accept_server_cert_signature_algorithm = property(get_ssl_accept_server_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_accept_server_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_accept_server_cert_store() -> bytes: ...
def set_ssl_accept_server_cert_store(value: bytes) -> None: ...

ssl_accept_server_cert_store = property(get_ssl_accept_server_cert_store, set_ssl_accept_server_cert_store)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_accept_server_cert_store_type property denotes the type of the certificate store specified by ssl_accept_server_cert_store. If the store is password-protected, specify the password in ssl_accept_server_cert_store_password.

ssl_accept_server_cert_store is used in conjunction with the ssl_accept_server_cert_subject property to specify client certificates. If ssl_accept_server_cert_store has a value, and ssl_accept_server_cert_subject or ssl_accept_server_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_accept_server_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

ssl_accept_server_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_accept_server_cert_store_password() -> str: ...
def set_ssl_accept_server_cert_store_password(value: str) -> None: ...

ssl_accept_server_cert_store_password = property(get_ssl_accept_server_cert_store_password, set_ssl_accept_server_cert_store_password)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

ssl_accept_server_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_accept_server_cert_store_type() -> int: ...
def set_ssl_accept_server_cert_store_type(value: int) -> None: ...

ssl_accept_server_cert_store_type = property(get_ssl_accept_server_cert_store_type, set_ssl_accept_server_cert_store_type)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

ssl_accept_server_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_accept_server_cert_subject_alt_names() -> str: ...

ssl_accept_server_cert_subject_alt_names = property(get_ssl_accept_server_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_accept_server_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_md5() -> str: ...

ssl_accept_server_cert_thumbprint_md5 = property(get_ssl_accept_server_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_sha1() -> str: ...

ssl_accept_server_cert_thumbprint_sha1 = property(get_ssl_accept_server_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_accept_server_cert_thumbprint_sha256() -> str: ...

ssl_accept_server_cert_thumbprint_sha256 = property(get_ssl_accept_server_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_accept_server_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_accept_server_cert_usage() -> str: ...

ssl_accept_server_cert_usage = property(get_ssl_accept_server_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_accept_server_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_accept_server_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_accept_server_cert_usage_flags() -> int: ...

ssl_accept_server_cert_usage_flags = property(get_ssl_accept_server_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_accept_server_cert_usage_flags is a combination of the following flags:

Please see the ssl_accept_server_cert_usage property for a text representation of ssl_accept_server_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_accept_server_cert_version Property

The certificate's version number.

Syntax

def get_ssl_accept_server_cert_version() -> str: ...

ssl_accept_server_cert_version = property(get_ssl_accept_server_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_accept_server_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_accept_server_cert_subject() -> str: ...
def set_ssl_accept_server_cert_subject(value: str) -> None: ...

ssl_accept_server_cert_subject = property(get_ssl_accept_server_cert_subject, set_ssl_accept_server_cert_subject)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

ssl_accept_server_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_accept_server_cert_encoded() -> bytes: ...
def set_ssl_accept_server_cert_encoded(value: bytes) -> None: ...

ssl_accept_server_cert_encoded = property(get_ssl_accept_server_cert_encoded, set_ssl_accept_server_cert_encoded)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_accept_server_cert_store and ssl_accept_server_cert_subject properties also may be used to specify a certificate.

When ssl_accept_server_cert_encoded is set, a search is initiated in the current ssl_accept_server_cert_store for the private key of the certificate. If the key is found, ssl_accept_server_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_accept_server_cert_subject is set to an empty string.

ssl_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_cert_effective_date() -> str: ...

ssl_cert_effective_date = property(get_ssl_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_cert_expiration_date() -> str: ...

ssl_cert_expiration_date = property(get_ssl_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_cert_extended_key_usage() -> str: ...

ssl_cert_extended_key_usage = property(get_ssl_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint() -> str: ...

ssl_cert_fingerprint = property(get_ssl_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint_sha1() -> str: ...

ssl_cert_fingerprint_sha1 = property(get_ssl_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_cert_fingerprint_sha256() -> str: ...

ssl_cert_fingerprint_sha256 = property(get_ssl_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_cert_issuer() -> str: ...

ssl_cert_issuer = property(get_ssl_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_cert_private_key() -> str: ...

ssl_cert_private_key = property(get_ssl_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_cert_private_key may be available but not exportable. In this case, ssl_cert_private_key returns an empty string.

This property is read-only.

ssl_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_cert_private_key_available() -> bool: ...

ssl_cert_private_key_available = property(get_ssl_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_cert_private_key is available for the selected certificate. If ssl_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_cert_private_key_container() -> str: ...

ssl_cert_private_key_container = property(get_ssl_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_cert_public_key() -> str: ...

ssl_cert_public_key = property(get_ssl_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_cert_public_key_algorithm() -> str: ...

ssl_cert_public_key_algorithm = property(get_ssl_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_cert_public_key_length() -> int: ...

ssl_cert_public_key_length = property(get_ssl_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_cert_serial_number() -> str: ...

ssl_cert_serial_number = property(get_ssl_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_cert_signature_algorithm() -> str: ...

ssl_cert_signature_algorithm = property(get_ssl_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_cert_store() -> bytes: ...
def set_ssl_cert_store(value: bytes) -> None: ...

ssl_cert_store = property(get_ssl_cert_store, set_ssl_cert_store)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_cert_store_type property denotes the type of the certificate store specified by ssl_cert_store. If the store is password-protected, specify the password in ssl_cert_store_password.

ssl_cert_store is used in conjunction with the ssl_cert_subject property to specify client certificates. If ssl_cert_store has a value, and ssl_cert_subject or ssl_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

ssl_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_cert_store_password() -> str: ...
def set_ssl_cert_store_password(value: str) -> None: ...

ssl_cert_store_password = property(get_ssl_cert_store_password, set_ssl_cert_store_password)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

ssl_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_cert_store_type() -> int: ...
def set_ssl_cert_store_type(value: int) -> None: ...

ssl_cert_store_type = property(get_ssl_cert_store_type, set_ssl_cert_store_type)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

ssl_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_cert_subject_alt_names() -> str: ...

ssl_cert_subject_alt_names = property(get_ssl_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_md5() -> str: ...

ssl_cert_thumbprint_md5 = property(get_ssl_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_sha1() -> str: ...

ssl_cert_thumbprint_sha1 = property(get_ssl_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_cert_thumbprint_sha256() -> str: ...

ssl_cert_thumbprint_sha256 = property(get_ssl_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_cert_usage() -> str: ...

ssl_cert_usage = property(get_ssl_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_cert_usage_flags() -> int: ...

ssl_cert_usage_flags = property(get_ssl_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_cert_usage_flags is a combination of the following flags:

Please see the ssl_cert_usage property for a text representation of ssl_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_cert_version Property

The certificate's version number.

Syntax

def get_ssl_cert_version() -> str: ...

ssl_cert_version = property(get_ssl_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_cert_subject() -> str: ...
def set_ssl_cert_subject(value: str) -> None: ...

ssl_cert_subject = property(get_ssl_cert_subject, set_ssl_cert_subject)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

ssl_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_cert_encoded() -> bytes: ...
def set_ssl_cert_encoded(value: bytes) -> None: ...

ssl_cert_encoded = property(get_ssl_cert_encoded, set_ssl_cert_encoded)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_cert_store and ssl_cert_subject properties also may be used to specify a certificate.

When ssl_cert_encoded is set, a search is initiated in the current ssl_cert_store for the private key of the certificate. If the key is found, ssl_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_cert_subject is set to an empty string.

ssl_provider Property

The Secure Sockets Layer/Transport Layer Security (SSL/TLS) implementation to use.

Syntax

def get_ssl_provider() -> int: ...
def set_ssl_provider(value: int) -> None: ...

ssl_provider = property(get_ssl_provider, set_ssl_provider)

Default Value

0

Remarks

This property specifies the SSL/TLS implementation to use. In most cases the default value of 0 (Automatic) is recommended and should not be changed. When set to 0 (Automatic), the class will select whether to use the platform implementation or the internal implementation depending on the operating system as well as the TLS version being used.

Possible values are as follows:

In most cases using the default value (Automatic) is recommended. The class will select a provider depending on the current platform.

When Automatic is selected, on Windows, the class will use the platform implementation. On Linux/macOS, the class will use the internal implementation. When TLS 1.3 is enabled via SSLEnabledProtocols, the internal implementation is used on all platforms.

ssl_server_cert_effective_date Property

The date on which this certificate becomes valid.

Syntax

def get_ssl_server_cert_effective_date() -> str: ...

ssl_server_cert_effective_date = property(get_ssl_server_cert_effective_date, None)

Default Value

""

Remarks

The date on which this certificate becomes valid. Before this date, it is not valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2000 15:00:00.

This property is read-only.

ssl_server_cert_expiration_date Property

The date on which the certificate expires.

Syntax

def get_ssl_server_cert_expiration_date() -> str: ...

ssl_server_cert_expiration_date = property(get_ssl_server_cert_expiration_date, None)

Default Value

""

Remarks

The date on which the certificate expires. After this date, the certificate will no longer be valid. The date is localized to the system's time zone. The following example illustrates the format of an encoded date:

23-Jan-2001 15:00:00.

This property is read-only.

ssl_server_cert_extended_key_usage Property

A comma-delimited list of extended key usage identifiers.

Syntax

def get_ssl_server_cert_extended_key_usage() -> str: ...

ssl_server_cert_extended_key_usage = property(get_ssl_server_cert_extended_key_usage, None)

Default Value

""

Remarks

A comma-delimited list of extended key usage identifiers. These are the same as ASN.1 object identifiers (OIDs).

This property is read-only.

ssl_server_cert_fingerprint Property

The hex-encoded, 16-byte MD5 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint() -> str: ...

ssl_server_cert_fingerprint = property(get_ssl_server_cert_fingerprint, None)

Default Value

""

Remarks

The hex-encoded, 16-byte MD5 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: bc:2a:72:af:fe:58:17:43:7a:5f:ba:5a:7c:90:f7:02

This property is read-only.

ssl_server_cert_fingerprint_sha1 Property

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint_sha1() -> str: ...

ssl_server_cert_fingerprint_sha1 = property(get_ssl_server_cert_fingerprint_sha1, None)

Default Value

""

Remarks

The hex-encoded, 20-byte SHA-1 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 30:7b:fa:38:65:83:ff:da:b4:4e:07:3f:17:b8:a4:ed:80:be:ff:84

This property is read-only.

ssl_server_cert_fingerprint_sha256 Property

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate.

Syntax

def get_ssl_server_cert_fingerprint_sha256() -> str: ...

ssl_server_cert_fingerprint_sha256 = property(get_ssl_server_cert_fingerprint_sha256, None)

Default Value

""

Remarks

The hex-encoded, 32-byte SHA-256 fingerprint of the certificate. This property is primarily used for keys which do not have a corresponding X.509 public certificate, such as PEM keys that only contain a private key. It is commonly used for SSH keys.

The following example illustrates the format: 6a:80:5c:33:a9:43:ea:b0:96:12:8a:64:96:30:ef:4a:8a:96:86:ce:f4:c7:be:10:24:8e:2b:60:9e:f3:59:53

This property is read-only.

ssl_server_cert_issuer Property

The issuer of the certificate.

Syntax

def get_ssl_server_cert_issuer() -> str: ...

ssl_server_cert_issuer = property(get_ssl_server_cert_issuer, None)

Default Value

""

Remarks

The issuer of the certificate. This property contains a string representation of the name of the issuing authority for the certificate.

This property is read-only.

ssl_server_cert_private_key Property

The private key of the certificate (if available).

Syntax

def get_ssl_server_cert_private_key() -> str: ...

ssl_server_cert_private_key = property(get_ssl_server_cert_private_key, None)

Default Value

""

Remarks

The private key of the certificate (if available). The key is provided as PEM/Base64-encoded data.

Note: The ssl_server_cert_private_key may be available but not exportable. In this case, ssl_server_cert_private_key returns an empty string.

This property is read-only.

ssl_server_cert_private_key_available Property

Whether a PrivateKey is available for the selected certificate.

Syntax

def get_ssl_server_cert_private_key_available() -> bool: ...

ssl_server_cert_private_key_available = property(get_ssl_server_cert_private_key_available, None)

Default Value

FALSE

Remarks

Whether a ssl_server_cert_private_key is available for the selected certificate. If ssl_server_cert_private_key_available is True, the certificate may be used for authentication purposes (e.g., server authentication).

This property is read-only.

ssl_server_cert_private_key_container Property

The name of the PrivateKey container for the certificate (if available).

Syntax

def get_ssl_server_cert_private_key_container() -> str: ...

ssl_server_cert_private_key_container = property(get_ssl_server_cert_private_key_container, None)

Default Value

""

Remarks

The name of the ssl_server_cert_private_key container for the certificate (if available). This functionality is available only on Windows platforms.

This property is read-only.

ssl_server_cert_public_key Property

The public key of the certificate.

Syntax

def get_ssl_server_cert_public_key() -> str: ...

ssl_server_cert_public_key = property(get_ssl_server_cert_public_key, None)

Default Value

""

Remarks

The public key of the certificate. The key is provided as PEM/Base64-encoded data.

This property is read-only.

ssl_server_cert_public_key_algorithm Property

The textual description of the certificate's public key algorithm.

Syntax

def get_ssl_server_cert_public_key_algorithm() -> str: ...

ssl_server_cert_public_key_algorithm = property(get_ssl_server_cert_public_key_algorithm, None)

Default Value

""

Remarks

The textual description of the certificate's public key algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_DH") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_server_cert_public_key_length Property

The length of the certificate's public key (in bits).

Syntax

def get_ssl_server_cert_public_key_length() -> int: ...

ssl_server_cert_public_key_length = property(get_ssl_server_cert_public_key_length, None)

Default Value

0

Remarks

The length of the certificate's public key (in bits). Common values are 512, 1024, and 2048.

This property is read-only.

ssl_server_cert_serial_number Property

The serial number of the certificate encoded as a string.

Syntax

def get_ssl_server_cert_serial_number() -> str: ...

ssl_server_cert_serial_number = property(get_ssl_server_cert_serial_number, None)

Default Value

""

Remarks

The serial number of the certificate encoded as a string. The number is encoded as a series of hexadecimal digits, with each pair representing a byte of the serial number.

This property is read-only.

ssl_server_cert_signature_algorithm Property

The text description of the certificate's signature algorithm.

Syntax

def get_ssl_server_cert_signature_algorithm() -> str: ...

ssl_server_cert_signature_algorithm = property(get_ssl_server_cert_signature_algorithm, None)

Default Value

""

Remarks

The text description of the certificate's signature algorithm. The property contains either the name of the algorithm (e.g., "RSA" or "RSA_MD5RSA") or an object identifier (OID) string representing the algorithm.

This property is read-only.

ssl_server_cert_store Property

The name of the certificate store for the client certificate.

Syntax

def get_ssl_server_cert_store() -> bytes: ...

ssl_server_cert_store = property(get_ssl_server_cert_store, None)

Default Value

"MY"

Remarks

The name of the certificate store for the client certificate.

The ssl_server_cert_store_type property denotes the type of the certificate store specified by ssl_server_cert_store. If the store is password-protected, specify the password in ssl_server_cert_store_password.

ssl_server_cert_store is used in conjunction with the ssl_server_cert_subject property to specify client certificates. If ssl_server_cert_store has a value, and ssl_server_cert_subject or ssl_server_cert_encoded is set, a search for a certificate is initiated. Please see the ssl_server_cert_subject property for details.

Designations of certificate stores are platform dependent.

The following designations are the most common User and Machine certificate stores in Windows:

When the certificate store type is cstPFXFile, this property must be set to the name of the file. When the type is cstPFXBlob, the property must be set to the binary contents of a PFX file (i.e., PKCS#12 certificate store).

This property is read-only.

ssl_server_cert_store_password Property

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

Syntax

def get_ssl_server_cert_store_password() -> str: ...

ssl_server_cert_store_password = property(get_ssl_server_cert_store_password, None)

Default Value

""

Remarks

If the type of certificate store requires a password, this property is used to specify the password needed to open the certificate store.

This property is read-only.

ssl_server_cert_store_type Property

The type of certificate store for this certificate.

Syntax

def get_ssl_server_cert_store_type() -> int: ...

ssl_server_cert_store_type = property(get_ssl_server_cert_store_type, None)

Default Value

0

Remarks

The type of certificate store for this certificate.

The class supports both public and private keys in a variety of formats. When the cstAuto value is used, the class will automatically determine the type. This property can take one of the following values:

This property is read-only.

ssl_server_cert_subject_alt_names Property

Comma-separated lists of alternative subject names for the certificate.

Syntax

def get_ssl_server_cert_subject_alt_names() -> str: ...

ssl_server_cert_subject_alt_names = property(get_ssl_server_cert_subject_alt_names, None)

Default Value

""

Remarks

Comma-separated lists of alternative subject names for the certificate.

This property is read-only.

ssl_server_cert_thumbprint_md5 Property

The MD5 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_md5() -> str: ...

ssl_server_cert_thumbprint_md5 = property(get_ssl_server_cert_thumbprint_md5, None)

Default Value

""

Remarks

The MD5 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_thumbprint_sha1 Property

The SHA-1 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_sha1() -> str: ...

ssl_server_cert_thumbprint_sha1 = property(get_ssl_server_cert_thumbprint_sha1, None)

Default Value

""

Remarks

The SHA-1 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_thumbprint_sha256 Property

The SHA-256 hash of the certificate.

Syntax

def get_ssl_server_cert_thumbprint_sha256() -> str: ...

ssl_server_cert_thumbprint_sha256 = property(get_ssl_server_cert_thumbprint_sha256, None)

Default Value

""

Remarks

The SHA-256 hash of the certificate. It is primarily used for X.509 certificates. If the hash does not already exist, it is automatically computed.

This property is read-only.

ssl_server_cert_usage Property

The text description of UsageFlags .

Syntax

def get_ssl_server_cert_usage() -> str: ...

ssl_server_cert_usage = property(get_ssl_server_cert_usage, None)

Default Value

""

Remarks

The text description of ssl_server_cert_usage_flags.

This value will be one or more of the following strings and will be separated by commas:

• Digital Signature
• Non-Repudiation
• Key Encipherment
• Data Encipherment
• Key Agreement
• Certificate Signing
• CRL Signing
• Encipher Only

If the provider is OpenSSL, the value is a comma-separated list of X.509 certificate extension names.

This property is read-only.

ssl_server_cert_usage_flags Property

The flags that show intended use for the certificate.

Syntax

def get_ssl_server_cert_usage_flags() -> int: ...

ssl_server_cert_usage_flags = property(get_ssl_server_cert_usage_flags, None)

Default Value

0

Remarks

The flags that show intended use for the certificate. The value of ssl_server_cert_usage_flags is a combination of the following flags:

Please see the ssl_server_cert_usage property for a text representation of ssl_server_cert_usage_flags.

This functionality currently is not available when the provider is OpenSSL.

This property is read-only.

ssl_server_cert_version Property

The certificate's version number.

Syntax

def get_ssl_server_cert_version() -> str: ...

ssl_server_cert_version = property(get_ssl_server_cert_version, None)

Default Value

""

Remarks

The certificate's version number. The possible values are the strings "V1", "V2", and "V3".

This property is read-only.

ssl_server_cert_subject Property

The subject of the certificate used for client authentication.

Syntax

def get_ssl_server_cert_subject() -> str: ...

ssl_server_cert_subject = property(get_ssl_server_cert_subject, None)

Default Value

""

Remarks

The subject of the certificate used for client authentication.

This property must be set after all other certificate properties are set. When this property is set, a search is performed in the current certificate store to locate a certificate with a matching subject.

If a matching certificate is found, the property is set to the full subject of the matching certificate.

If an exact match is not found, the store is searched for subjects containing the value of the property.

If a match is still not found, the property is set to an empty string, and no certificate is selected.

The special value "*" picks a random certificate in the certificate store.

The certificate subject is a comma-separated list of distinguished name fields and values. For instance, "CN=www.server.com, OU=test, C=US, E=support@nsoftware.com". Common fields and their meanings are as follows:

If a field value contains a comma, it must be quoted.

This property is read-only.

ssl_server_cert_encoded Property

The certificate (PEM/Base64 encoded).

Syntax

def get_ssl_server_cert_encoded() -> bytes: ...

ssl_server_cert_encoded = property(get_ssl_server_cert_encoded, None)

Default Value

""

Remarks

The certificate (PEM/Base64 encoded). This property is used to assign a specific certificate. The ssl_server_cert_store and ssl_server_cert_subject properties also may be used to specify a certificate.

When ssl_server_cert_encoded is set, a search is initiated in the current ssl_server_cert_store for the private key of the certificate. If the key is found, ssl_server_cert_subject is updated to reflect the full subject of the selected certificate; otherwise, ssl_server_cert_subject is set to an empty string.

This property is read-only.

timeout Property

The timeout for the class.

Syntax

def get_timeout() -> int: ...
def set_timeout(value: int) -> None: ...

timeout = property(get_timeout, set_timeout)

Default Value

60

Remarks

If the timeout property is set to 0, all operations will run uninterrupted until successful completion or an error condition is encountered.

If timeout is set to a positive value, the class will wait for the operation to complete before returning control.

The class will use do_events to enter an efficient wait loop during any potential waiting period, making sure that all system events are processed immediately as they arrive. This ensures that the host application does not freeze and remains responsive.

If timeout expires, and the operation is not yet complete, the class fails with an error.

Note: By default, all timeouts are inactivity timeouts, that is, the timeout period is extended by timeout seconds when any amount of data is successfully sent or received.

The default value for the timeout property is 60 seconds.

config Method

Sets or retrieves a configuration setting.

Syntax

def config(configuration_string: str) -> str: ...

Remarks

config is a generic method available in every class. It is used to set and retrieve configuration settings for the class.

These settings are similar in functionality to properties, but they are rarely used. In order to avoid "polluting" the property namespace of the class, access to these internal properties is provided through the config method.

To set a configuration setting named PROPERTY, you must call Config("PROPERTY=VALUE"), where VALUE is the value of the setting expressed as a string. For boolean values, use the strings "True", "False", "0", "1", "Yes", or "No" (case does not matter).

To read (query) the value of a configuration setting, you must call Config("PROPERTY"). The value will be returned as a string.

get_profile Method

Download the message set profile for a given Financial Institution.

Syntax

def get_profile() -> None: ...

Remarks

This function generates the Signon and FIProfile request page, submits it to the financial institution via HTTP, receives the response, and parses it. Individual transactions are downloaded with the statement.

Read-only properties that are populated as a result of response parsing include:

• fi_address1
• fi_address2
• fi_address3
• fi_city
• fi_country
• fi_customer_service_phone
• fi_email_address
• fi_home_page
• fi_name
• fi_postal_code
• fi_profile_date
• fi_state
• fi_tech_support_phone
• message_sets
• sign_on_details

read_ofx_data_file Method

Reads an OFX response from a file.

Syntax

def read_ofx_data_file(file_name: str) -> None: ...

Remarks

This method reads a previously recorded OFX response from a file, including HTTP and OFX headers.

The following read-only properties are populated as a result of parsing the data file:

• fi_address1
• fi_address2
• fi_address3
• fi_city
• fi_country
• fi_customer_service_phone
• fi_email_address
• fi_home_page
• fi_name
• fi_postal_code
• fi_profile_date
• fi_state
• fi_tech_support_phone
• message_sets
• sign_on_details

request_challenge_questions Method

Download the challenge questions when Multi-Factor Authentication (MFA) is required.

Syntax

def request_challenge_questions() -> None: ...

Remarks

This function generates the Signon and Multi-Factor Authentication challenge questions request page, submits it to the financial institution via HTTP, receives the response, and parses it.

When sending requests to a FI, if the information in the signon request is correct, but it is not sufficient to authenticate the user, the server can reply with a signon error code of 3000, which indicates that the client must perform multi-factor challenge authentication before proceeding with future OFX requests.

When this error is returned, the user should call this request_challenge_questions method, which request the server to send a list of challenge questions that must be correctly answered before the OFX client may proceed with further OFX requests.

Upon successful response, the server will return a list of challenge questions, stored to challenge_questions, where each question is specified by challenge_question_id and challenge_question. If the server does not return such list, the class will throw an HTTP 400 error.

The user should inspect the challenge_questions. When this list of challenge questions is returned, then the user has to answer each question by setting the challenge_answer for each challenge_question, and then call the send_challenge_answers method to send the answers back to the server. The class will include these answers within the signon request included as part of the next request message. If these answers are correct, the server will process the request file. If they are incorrect, the server will return an error code of 3001.

When MFA is required, to prevent servers from needing to authenticate the user with each OFX request, the server may respond to a correct set of challenge answers with a ofx_access_key on the signon response. However, the server determines the contents of this optional element. On each subsequent signon request, the client will send the last value of the ofx_access_key it has received, even after the end of the current session. The server has the option to respond to any subsequent request with a 3000 error code, requiring the client to send the MFA challenge questions request. This allows the server to determine the lifetime of the ofx_access_key.

Note: If in the profile response sign_on_mfa_challenge_first is True, the client must send this MFA challenge request in the first connection with the server, before sending any other requests.

The following properties are populated as a result of parsing a successful response:

• challenge_questions

Note: The Multi-Factor Authentication (MFA) is applicable only in ofx_versions: 1.0.3, 2.0.3, 2.1.0, and 2.1.1.

reset Method

Reset the internal state of the class and all properties to their default values.

Syntax

def reset() -> None: ...

Remarks

The Reset method does not have any parameters and does not return any value.

send_challenge_answers Method

Send the answers to challenge questions for a Multi-Factor Authentication (MFA).

Syntax

def send_challenge_answers() -> None: ...

Remarks

This function generates the Signon and Multi-Factor Authentication challenge questions request page, submits it to the financial institution via HTTP, receives the response, and parses it.

When sending requests to a FI, if the information in the signon request is correct, but it is not sufficient to authenticate the user, the server can reply with a signon error code of 3000, which indicates that the client must perform multi-factor challenge authentication before proceeding with future OFX requests.

When this error is returned, the user should call this request_challenge_questions method, which request the server to send a list of challenge questions that must be correctly answered before the OFX client may proceed with further OFX requests.

Upon successful response, the server will return a list of challenge questions, stored to challenge_questions, where each question is specified by challenge_question_id and challenge_question. If the server does not return such list, the class will throw an HTTP 400 error.

The user should inspect the challenge_questions. When this list of challenge questions is returned, then the user has to answer each question by setting the challenge_answer for each challenge_question, and then call the send_challenge_answers method to send the answers back to the server. The class will include these answers within the signon request included as part of the next request message. If these answers are correct, the server will process the request file. If they are incorrect, the server will return an error code of 3001.

When MFA is required, to prevent servers from needing to authenticate the user with each OFX request, the server may respond to a correct set of challenge answers with a ofx_access_key on the signon response. However, the server determines the contents of this optional element. On each subsequent signon request, the client will send the last value of the ofx_access_key it has received, even after the end of the current session. The server has the option to respond to any subsequent request with a 3000 error code, requiring the client to send the MFA challenge questions request. This allows the server to determine the lifetime of the ofx_access_key.

Note: If in the profile response sign_on_mfa_challenge_first is True, the client must send this MFA challenge request in the first connection with the server, before sending any other requests.

The following properties are populated as a result of parsing a successful response:

• challenge_questions

Note: The Multi-Factor Authentication (MFA) is applicable only in ofx_versions: 1.0.3, 2.0.3, 2.1.0, and 2.1.1.

write_ofx_data_file Method

Writes the OFX response sent by the server to a file.

Syntax

def write_ofx_data_file(file_name: str) -> None: ...

Remarks

This method records the entire OFX response, including HTTP and OFX headers to a file. This file can later be read and parsed by the read_ofx_data_file method as though it were a live response.

on_connection_status Event

Fired to indicate changes in the connection state.

Syntax

class FIProfileConnectionStatusEventParams(object):
  @property
  def connection_event() -> str: ...

  @property
  def status_code() -> int: ...

  @property
  def description() -> str: ...

# In class FIProfile:
@property
def on_connection_status() -> Callable[[FIProfileConnectionStatusEventParams], None]: ...
@on_connection_status.setter
def on_connection_status(event_hook: Callable[[FIProfileConnectionStatusEventParams], None]) -> None: ...

Remarks

This event is fired when the connection state changes: for example, completion of a firewall or proxy connection or completion of a security handshake.

The ConnectionEvent parameter indicates the type of connection event. Values may include the following:

on_error Event

Fired when information is available about errors during data delivery.

Syntax

class FIProfileErrorEventParams(object):
  @property
  def error_code() -> int: ...

  @property
  def description() -> str: ...

# In class FIProfile:
@property
def on_error() -> Callable[[FIProfileErrorEventParams], None]: ...
@on_error.setter
def on_error(event_hook: Callable[[FIProfileErrorEventParams], None]) -> None: ...

Remarks

The on_error event is fired in case of exceptional conditions during message processing. Normally the class fails with an error.

The ErrorCode parameter contains an error code, and the Description parameter contains a textual description of the error. For a list of valid error codes and their descriptions, please refer to the Error Codes section.

on_ssl_server_authentication Event

Fired after the server presents its certificate to the client.

Syntax

class FIProfileSSLServerAuthenticationEventParams(object):
  @property
  def cert_encoded() -> bytes: ...

  @property
  def cert_subject() -> str: ...

  @property
  def cert_issuer() -> str: ...

  @property
  def status() -> str: ...

  @property
  def accept() -> bool: ...
  @accept.setter
  def accept(value) -> None: ...

# In class FIProfile:
@property
def on_ssl_server_authentication() -> Callable[[FIProfileSSLServerAuthenticationEventParams], None]: ...
@on_ssl_server_authentication.setter
def on_ssl_server_authentication(event_hook: Callable[[FIProfileSSLServerAuthenticationEventParams], None]) -> None: ...

Remarks

During this event, the client can decide whether or not to continue with the connection process. The Accept parameter is a recommendation on whether to continue or close the connection. This is just a suggestion: application software must use its own logic to determine whether or not to continue.

When Accept is False, Status shows why the verification failed (otherwise, Status contains the string OK). If it is decided to continue, you can override and accept the certificate by setting the Accept parameter to True.

on_ssl_status Event

Fired when secure connection progress messages are available.

Syntax

class FIProfileSSLStatusEventParams(object):
  @property
  def message() -> str: ...

# In class FIProfile:
@property
def on_ssl_status() -> Callable[[FIProfileSSLStatusEventParams], None]: ...
@on_ssl_status.setter
def on_ssl_status(event_hook: Callable[[FIProfileSSLStatusEventParams], None]) -> None: ...

Remarks

The event is fired for informational and logging purposes only. This event tracks the progress of the connection.

FIProfile Config Settings

OFX Config Settings

HTTP Config Settings

TCPClient Config Settings

SSL Config Settings

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert ...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert ...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIEKzCCAxOgAwIBAgIRANTET4LIkxdH6P+CFIiHvTowDQYJKoZIhvcNAQELBQAw
... Intermediate Cert...
eWHV5OW1K53o/atv59sOiW5K3crjFhsBOd5Q+cJJnU+SWinPKtANXMht+EDvYY2w
F0I1XhM+pKj7FjDr+XNj
-----END CERTIFICATE-----
\r \n
-----BEGIN CERTIFICATE-----
MIIEFjCCAv6gAwIBAgIQetu1SMxpnENAnnOz1P+PtTANBgkqhkiG9w0BAQUFADBp
... Root Cert...
d8q23djXZbVYiIfE9ebr4g3152BlVCHZ2GyPdjhIuLeH21VbT/dyEHHA
-----END CERTIFICATE-----

Socket Config Settings

Base Config Settings

FIProfile Errors

OFX Errors

The class may also return one of the following error codes, which are inherited from other classes.

XML Errors

HTTP Errors

The class may also return one of the following error codes, which are inherited from other classes.

TCPClient Errors

SSL Errors

TCP/IP Errors