PEP Access Control

What is PEP?
Endpoints
Access Flow
Security Features
Request Example
Error Codes

PEP accounts require two-factor verification via OTP before any access is granted. All access attempts are logged for audit compliance.

What is PEP?

Politically Exposed Persons (PEP) are individuals who hold prominent public positions or have close associations with such persons. Their accounts require enhanced due diligence and access controls.

OTP Verification

6-digit code sent to staff phone

Audit Trail

Every access logged with IP & timestamp

Time-Limited

Access expires after session ends

Endpoints

Request Access

POST /api/v1/pep/request-accessGenerate OTP and send to authorized staff

Verify Access

POST /api/v1/pep/verify-accessVerify OTP and grant temporary access

Access Flow

Initiate Request

Staff member with pep_access_authorized: true requests access to a PEP subscriber

OTP Generated

System generates 6-digit OTP and sends via SMS to staff’s registered phone

OTP Expires

OTP is valid for 5 minutes only

Verification

Staff enters OTP to verify identity

Access Granted

Temporary access granted with full audit logging

Security Features

Role-Based Access

Only users with pep_access_authorized: true in their profile can even request access to PEP accounts. This is set by system administrators.

IP & Device Logging

Every access attempt logs:

Client IP address
User agent string
Request timestamp
Staff user ID
Subscriber ID accessed

Session Expiry

PEP access is granted per-session only. When the staff member logs out or their session expires, new OTP verification is required.

Rate Limiting

Failed OTP attempts are tracked. After 3 failed attempts, the staff member is temporarily locked out.

Request Example

Request Access
Verify Access

curl -X POST https://olive-gateway-a6ba.onrender.com/api/v1/pep/request-access \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"subscriber_id": "sub_pep_12345"}'

Response:

{
  "success": true,
  "message": "OTP sent successfully",
  "expiry_time": "2025-01-15T10:35:00Z"
}

curl -X POST https://olive-gateway-a6ba.onrender.com/api/v1/pep/verify-access \
  -H "Authorization: Bearer $JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "subscriber_id": "sub_pep_12345",
    "otp_code": "123456"
  }'

Response:

{
  "success": true,
  "message": "Access granted"
}

Error Codes

Code	Error	Description
401	`UNAUTHORIZED`	User not authenticated
403	`PEP_ACCESS_DENIED`	User not authorized for PEP access
400	`INVALID_OTP`	OTP incorrect or expired
404	`SUBSCRIBER_NOT_FOUND`	PEP subscriber does not exist
429	`TOO_MANY_ATTEMPTS`	Too many failed OTP attempts

Delete Fee Setting

Request PEP Access

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

What is PEP?

OTP Verification

Audit Trail

Time-Limited

Endpoints

Request Access

Verify Access

Access Flow

Security Features

Request Example

Error Codes

Overview

Agent-TS

Subscribers

Cards

Wallet

Agents

POS

Compliance

Admin

Webhooks

Fees

PEP Access

Partner API

Processors

Suspicious Transactions

​What is PEP?

OTP Verification

Audit Trail

Time-Limited

​Endpoints

Request Access

Verify Access

​Access Flow

​Security Features

​Request Example

​Error Codes

What is PEP?

Endpoints

Access Flow

Security Features

Request Example

Error Codes