OBP-API/ideas/HTML_PAGES_REFERENCE.md

# HTML Pages Reference

## Overview
This document lists all HTML pages in the OBP-API application and their route mappings.

---

## Main Application Pages

### 1. Home & Landing Pages

#### index.html
- **Path:** `/index`
- **File:** `obp-api/src/main/webapp/index.html`
- **Route:** `Menu.i("Home") / "index"`
- **Authentication:** Not required
- **Purpose:** Main landing page for the API

#### index-en.html
- **Path:** `/index-en`
- **File:** `obp-api/src/main/webapp/index-en.html`
- **Route:** `Menu.i("index-en") / "index-en"`
- **Authentication:** Not required
- **Purpose:** English version of landing page

#### introduction.html
- **Path:** `/introduction`
- **File:** `obp-api/src/main/webapp/introduction.html`
- **Route:** `Menu.i("Introduction") / "introduction"`
- **Authentication:** Not required
- **Purpose:** Introduction to the API

---

## Authentication & User Management Pages

### 2. Login & User Information

#### already-logged-in.html
- **Path:** `/already-logged-in`
- **File:** `obp-api/src/main/webapp/already-logged-in.html`
- **Route:** `Menu("Already Logged In", "Already Logged In") / "already-logged-in"`
- **Authentication:** Not required
- **Purpose:** Shows message when user is already logged in

#### user-information.html
- **Path:** `/user-information`
- **File:** `obp-api/src/main/webapp/user-information.html`
- **Route:** `Menu("User Information", "User Information") / "user-information"`
- **Authentication:** Not required
- **Purpose:** Displays user information

### 3. Password Reset

#### Lost Password / Password Reset (Dynamically Generated)
- **Path:** `/user_mgt/lost_password` (lost password form)
- **Path:** `/user_mgt/reset_password/{TOKEN}` (reset password form)
- **File:** None (dynamically generated by Lift Framework)
- **Route:** Handled by `AuthUser.lostPassword` and `AuthUser.passwordReset` methods
- **Source:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala`
- **Authentication:** Not required (public password reset)
- **Purpose:** Request and reset forgotten passwords
- **Note:** These are not static HTML files but are rendered by Lift's user management system
- **Links from:** 
  - `oauth/authorize.html` (line 30): "Forgotten password?" link
  - `templates-hidden/_login.html` (line 31): "Forgotten password?" link

**API Endpoint for Password Reset URL:**
- **Path:** `POST /obp/v4.0.0/management/user/reset-password-url`
- **Role Required:** `CanCreateResetPasswordUrl`
- **Purpose:** Programmatically create password reset URLs
- **Property:** Controlled by `ResetPasswordUrlEnabled` (default: false)

### 4. User Invitation Pages

#### user-invitation.html
- **Path:** `/user-invitation`
- **File:** `obp-api/src/main/webapp/user-invitation.html`
- **Route:** `Menu("User Invitation", "User Invitation") / "user-invitation"`
- **Authentication:** Not required
- **Purpose:** User invitation form/page

#### user-invitation-info.html
- **Path:** `/user-invitation-info`
- **File:** `obp-api/src/main/webapp/user-invitation-info.html`
- **Route:** `Menu("User Invitation Info", "User Invitation Info") / "user-invitation-info"`
- **Authentication:** Not required
- **Purpose:** Information about user invitations

#### user-invitation-invalid.html
- **Path:** `/user-invitation-invalid`
- **File:** `obp-api/src/main/webapp/user-invitation-invalid.html`
- **Route:** `Menu("User Invitation Invalid", "User Invitation Invalid") / "user-invitation-invalid"`
- **Authentication:** Not required
- **Purpose:** Shows when invitation is invalid

#### user-invitation-warning.html
- **Path:** `/user-invitation-warning`
- **File:** `obp-api/src/main/webapp/user-invitation-warning.html`
- **Route:** `Menu("User Invitation Warning", "User Invitation Warning") / "user-invitation-warning"`
- **Authentication:** Not required
- **Purpose:** Shows warnings about invitations

---

## OAuth & Consent Pages

### 5. OAuth Flow Pages

#### oauth/authorize.html
- **Path:** `/oauth/authorize`
- **File:** `obp-api/src/main/webapp/oauth/authorize.html`
- **Route:** `Menu.i("OAuth") / "oauth" / "authorize"`
- **Authentication:** Not required (starts OAuth flow)
- **Purpose:** OAuth authorization page where users approve access

#### oauth/thanks.html
- **Path:** `/oauth/thanks` (via OAuthWorkedThanks.menu)
- **File:** `obp-api/src/main/webapp/oauth/thanks.html`
- **Route:** `OAuthWorkedThanks.menu`
- **Authentication:** Not required
- **Purpose:** OAuth completion page that performs redirect

### 6. Consent Management Pages

#### consent-screen.html
- **Path:** `/consent-screen`
- **File:** `obp-api/src/main/webapp/consent-screen.html`
- **Route:** `Menu("Consent Screen", Helper.i18n("consent.screen")) / "consent-screen" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** OAuth consent screen for approving permissions

#### consents.html
- **Path:** `/consents`
- **File:** `obp-api/src/main/webapp/consents.html`
- **Route:** `Menu.i("Consents") / "consents"`
- **Authentication:** Not required
- **Purpose:** View/manage consents

### 7. Berlin Group Consent Pages

#### confirm-bg-consent-request.html
- **Path:** `/confirm-bg-consent-request`
- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request.html`
- **Route:** `Menu.i("confirm-bg-consent-request") / "confirm-bg-consent-request" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Berlin Group consent confirmation

#### confirm-bg-consent-request-sca.html
- **Path:** `/confirm-bg-consent-request-sca`
- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-sca.html`
- **Route:** `Menu.i("confirm-bg-consent-request-sca") / "confirm-bg-consent-request-sca" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Berlin Group consent with SCA (Strong Customer Authentication)

#### confirm-bg-consent-request-redirect-uri.html
- **Path:** `/confirm-bg-consent-request-redirect-uri`
- **File:** `obp-api/src/main/webapp/confirm-bg-consent-request-redirect-uri.html`
- **Route:** `Menu.i("confirm-bg-consent-request-redirect-uri") / "confirm-bg-consent-request-redirect-uri" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Berlin Group consent with redirect URI

### 8. VRP (Variable Recurring Payments) Consent Pages

#### confirm-vrp-consent-request.html
- **Path:** `/confirm-vrp-consent-request`
- **File:** `obp-api/src/main/webapp/confirm-vrp-consent-request.html`
- **Route:** `Menu.i("confirm-vrp-consent-request") / "confirm-vrp-consent-request" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** VRP consent request confirmation

#### confirm-vrp-consent.html
- **Path:** `/confirm-vrp-consent`
- **File:** `obp-api/src/main/webapp/confirm-vrp-consent.html`
- **Route:** `Menu.i("confirm-vrp-consent") / "confirm-vrp-consent" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** VRP consent confirmation

---

## Developer & Admin Pages

### 9. Consumer Management

#### consumer-registration.html
- **Path:** `/consumer-registration`
- **File:** `obp-api/src/main/webapp/consumer-registration.html`
- **Route:** `Menu("Consumer Registration", Helper.i18n("consumer.registration.nav.name")) / "consumer-registration" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Register new API consumers (OAuth applications)

### 10. Testing & Development

#### dummy-user-tokens.html
- **Path:** `/dummy-user-tokens`
- **File:** `obp-api/src/main/webapp/dummy-user-tokens.html`
- **Route:** `Menu("Dummy user tokens", "Get Dummy user tokens") / "dummy-user-tokens" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Get dummy user tokens for testing

#### create-sandbox-account.html
- **Path:** `/create-sandbox-account`
- **File:** `obp-api/src/main/webapp/create-sandbox-account.html`
- **Route:** `Menu("Sandbox Account Creation", "Create Bank Account") / "create-sandbox-account" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Create sandbox accounts for testing
- **Note:** Only available if `allow_sandbox_account_creation=true` in properties

---

## Security & Authentication Context Pages

### 11. User Authentication Context

#### add-user-auth-context-update-request.html
- **Path:** `/add-user-auth-context-update-request`
- **File:** `obp-api/src/main/webapp/add-user-auth-context-update-request.html`
- **Route:** `Menu.i("add-user-auth-context-update-request") / "add-user-auth-context-update-request"`
- **Authentication:** Not required
- **Purpose:** Add user authentication context update request

#### confirm-user-auth-context-update-request.html
- **Path:** `/confirm-user-auth-context-update-request`
- **File:** `obp-api/src/main/webapp/confirm-user-auth-context-update-request.html`
- **Route:** `Menu.i("confirm-user-auth-context-update-request") / "confirm-user-auth-context-update-request"`
- **Authentication:** Not required
- **Purpose:** Confirm user authentication context update

### 12. OTP (One-Time Password)

#### otp.html
- **Path:** `/otp`
- **File:** `obp-api/src/main/webapp/otp.html`
- **Route:** `Menu("Validate OTP", "Validate OTP") / "otp" >> AuthUser.loginFirst`
- **Authentication:** **Required** (AuthUser.loginFirst)
- **Purpose:** Validate one-time passwords

---

## Legal & Information Pages

### 13. Legal Pages

#### terms-and-conditions.html
- **Path:** `/terms-and-conditions`
- **File:** `obp-api/src/main/webapp/terms-and-conditions.html`
- **Route:** `Menu("Terms and Conditions", "Terms and Conditions") / "terms-and-conditions"`
- **Authentication:** Not required
- **Purpose:** Terms and conditions

#### privacy-policy.html
- **Path:** `/privacy-policy`
- **File:** `obp-api/src/main/webapp/privacy-policy.html`
- **Route:** `Menu("Privacy Policy", "Privacy Policy") / "privacy-policy"`
- **Authentication:** Not required
- **Purpose:** Privacy policy

---

## Documentation & Reference Pages

### 14. Documentation

#### sdks.html
- **Path:** `/sdks`
- **File:** `obp-api/src/main/webapp/sdks.html`
- **Route:** `Menu.i("SDKs") / "sdks"`
- **Authentication:** Not required
- **Purpose:** SDK documentation and downloads

#### static.html
- **Path:** `/static`
- **File:** `obp-api/src/main/webapp/static.html`
- **Route:** `Menu.i("Static") / "static"`
- **Authentication:** Not required
- **Purpose:** Static resource documentation

#### main-faq.html
- **Path:** Not directly routed (likely included/embedded)
- **File:** `obp-api/src/main/webapp/main-faq.html`
- **Route:** None (component file)
- **Authentication:** N/A
- **Purpose:** FAQ content

---

## Debug & Testing Pages

### 15. Debug Pages

#### debug.html
- **Path:** `/debug`
- **File:** `obp-api/src/main/webapp/debug.html`
- **Route:** `Menu.i("Debug") / "debug"`
- **Authentication:** Not required
- **Purpose:** Main debug page

#### debug/awake.html
- **Path:** `/debug/awake`
- **File:** `obp-api/src/main/webapp/debug/awake.html`
- **Route:** `Menu.i("awake") / "debug" / "awake"`
- **Authentication:** Not required
- **Purpose:** Test if API is running/responsive

#### debug/debug-basic.html
- **Path:** `/debug/debug-basic`
- **File:** `obp-api/src/main/webapp/debug/debug-basic.html`
- **Route:** `Menu.i("debug-basic") / "debug" / "debug-basic"`
- **Authentication:** Not required
- **Purpose:** Basic debug information

#### debug/debug-default-header.html
- **Path:** `/debug/debug-default-header`
- **File:** `obp-api/src/main/webapp/debug/debug-default-header.html`
- **Route:** `Menu.i("debug-default-header") / "debug" / "debug-default-header"`
- **Authentication:** Not required
- **Purpose:** Test default header template

#### debug/debug-default-footer.html
- **Path:** `/debug/debug-default-footer`
- **File:** `obp-api/src/main/webapp/debug/debug-default-footer.html`
- **Route:** `Menu.i("debug-default-footer") / "debug" / "debug-default-footer"`
- **Authentication:** Not required
- **Purpose:** Test default footer template

#### debug/debug-localization.html
- **Path:** `/debug/debug-localization`
- **File:** `obp-api/src/main/webapp/debug/debug-localization.html`
- **Route:** `Menu.i("debug-localization") / "debug" / "debug-localization"`
- **Authentication:** Not required
- **Purpose:** Test localization/i18n

#### debug/debug-plain.html
- **Path:** `/debug/debug-plain`
- **File:** `obp-api/src/main/webapp/debug/debug-plain.html`
- **Route:** `Menu.i("debug-plain") / "debug" / "debug-plain"`
- **Authentication:** Not required
- **Purpose:** Plain debug page without templates

#### debug/debug-webui.html
- **Path:** `/debug/debug-webui`
- **File:** `obp-api/src/main/webapp/debug/debug-webui.html`
- **Route:** `Menu.i("debug-webui") / "debug" / "debug-webui"`
- **Authentication:** Not required
- **Purpose:** Test WebUI properties

---

## Template Files (Not Directly Accessible)

### 16. Template Components

#### templates-hidden/_login.html
- **Path:** N/A (template component)
- **File:** `obp-api/src/main/webapp/templates-hidden/_login.html`
- **Route:** None (included by Lift framework)
- **Purpose:** Login form template component
- **Note:** Contains "Forgotten password?" link to `/user_mgt/lost_password`

#### templates-hidden/default.html
- **Path:** N/A (template)
- **File:** `obp-api/src/main/webapp/templates-hidden/default.html`
- **Route:** None (Lift framework template)
- **Purpose:** Default page template

#### templates-hidden/default-en.html
- **Path:** N/A (template)
- **File:** `obp-api/src/main/webapp/templates-hidden/default-en.html`
- **Route:** None (Lift framework template)
- **Purpose:** English default page template

#### templates-hidden/default-header.html
- **Path:** N/A (template)
- **File:** `obp-api/src/main/webapp/templates-hidden/default-header.html`
- **Route:** None (Lift framework template)
- **Purpose:** Default header template

#### templates-hidden/default-footer.html
- **Path:** N/A (template)
- **File:** `obp-api/src/main/webapp/templates-hidden/default-footer.html`
- **Route:** None (Lift framework template)
- **Purpose:** Default footer template

---

## Other Pages

### 17. Miscellaneous

#### basic.html
- **Path:** Not directly routed (likely used programmatically)
- **File:** `obp-api/src/main/webapp/basic.html`
- **Route:** None found
- **Purpose:** Basic HTML page template

---

## Route Configuration

All routes are defined in:
- **File:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala`
- **Method:** `boot` method in `Boot` class
- **Framework:** Lift Web Framework's SiteMap

### Authentication Guards

- `>> AuthUser.loginFirst` - Requires user to be logged in
- `>> Admin.loginFirst` - Requires admin user to be logged in
- No guard - Public access

### Conditional Routes

Some routes are conditionally added based on properties:
- Sandbox account creation requires: `allow_sandbox_account_creation=true`

---

## URL Structure

All pages are served at:
```
https://[hostname]/[path]
```

For example:
- Home page: `https://api.example.com/index`
- OAuth: `https://api.example.com/oauth/authorize`
- Consent: `https://api.example.com/consent-screen`

---

## Summary Statistics

**Total HTML Files:** 43
- **Public Pages:** 27
- **Authenticated Pages:** 13
- **Template Components:** 5
- **Debug Pages:** 9
- **Dynamically Generated:** 2 (password reset pages)

**Page Categories:**
- Authentication & User Management: 7 pages
- Password Reset: 2 dynamically generated pages
- OAuth & Consent: 9 pages
- Developer & Admin: 3 pages
- Legal & Information: 4 pages
- Documentation: 4 pages
- Debug & Testing: 9 pages
- Templates: 5 files
- Miscellaneous: 2 pages

---

## Notes

1. **Lift Framework:** The application uses Lift Web Framework for routing and page rendering
2. **SiteMap:** Routes are configured via Lift's SiteMap in Boot.scala
3. **Templates:** Pages in `templates-hidden/` are not directly accessible but are used as layout templates
4. **Localization:** Some pages support internationalization (i18n) via `Helper.i18n()`
5. **Security:** Many pages require authentication via `AuthUser.loginFirst` or `Admin.loginFirst`
6. **OAuth Flow:** The OAuth authorization flow involves multiple pages: authorize → consent-screen → thanks
7. **Consent Types:** Different consent screens for different standards (Berlin Group, VRP, generic OAuth)
8. **Password Reset:** The password reset flow is handled dynamically by Lift's user management system, not static HTML files
   - Lost password form: `/user_mgt/lost_password`
   - Reset password form: `/user_mgt/reset_password/{TOKEN}`
   - Implementation in: `code/model/dataAccess/AuthUser.scala`

---

## Related Files

- **Boot Configuration:** `obp-api/src/main/scala/bootstrap/liftweb/Boot.scala`
- **Menu Helpers:** Various classes in `code` package
- **Templates:** Lift framework `templates-hidden` directory
- **Static Resources:** JavaScript, CSS, and images in `webapp` directory
- **User Management:** `obp-api/src/main/scala/code/model/dataAccess/AuthUser.scala` (password reset, validation)
- **Password Reset API:** `obp-api/src/main/scala/code/api/v4_0_0/APIMethods400.scala` (resetPasswordUrl endpoint)