XS2A
Account info: Establish Consent Transaction
Creates an account information consent resource at the ASPSP regarding access to accounts specified in this request. All permitted "access" attributes ("accounts", "balances" and "transactions") used in this message shall carry a non-empty array of account references, indicating the accounts where the type of access is requested. Please note that a "transactions", "balances" or "accounts" access right also gives access to the generic /accounts endpoints. "access" attributes can carry an empty array, indicating that TPP is asking for accessible account list.
/xs2a/{apiGroupVersion}/consents/account-access
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Content-Type
string
Required
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
TPP-Explicit-Authorisation-Preferred
boolean
If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals "false" or if the parameter is not used, there is no preference of the TPP.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
415
Unsupported Media Type
429
Too Many Requests
Request
{
"access": {
"payments": [
{
"rights": [
"ais"
]
}
]
},
"consentType": "global",
"recurringIndicator": true,
"validTo": "2017-10-30",
"frequencyPerDay": "10"
}Responses
201
400
401
403
415
429
{
"Valid Response": {
"value": {
"consentId": "e521cf62-a45f-49c5-8372-94853fffeb55",
"consentStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca/123321"
}
}
}
}
}Account info: Get Consent Request
Returns the content of an account information consent object.
/xs2a/{apiGroupVersion}/consents/account-access/{consent-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"access": {
"payments": [
{
"rights": [
"ais"
]
}
]
},
"consentType": "global",
"recurringIndicator": true,
"validTo": "2017-10-30",
"frequencyPerDay": "20",
"consentStatus": "valid"
}
}
}Account info: Get authorisation sub-resources request
Will deliver an array of resource identifications of all generated authorisation sub-resources.
/xs2a/{apiGroupVersion}/consents/account-access/{consent-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"authorisationsIds": [
123321
]
}
}
}Account info: Start authorisation process
Starts an authorisation process in for establishing account information consent data on the server.
/xs2a/{apiGroupVersion}/consents/account-access/{consent-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
Required
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
201
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Account info: Get SCA status request
Checks the SCA status of a authorisation sub-resource.
/xs2a/{apiGroupVersion}/consents/account-access/{consent-id}/authorisations/{authorisation-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
authorisation-id
string
Required
Identification of the related authorisation sub-resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Account info: Get Status Request
Can check the status of an account information consent resource.
/xs2a/{apiGroupVersion}/consents/account-access/{consent-id}/status
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"consentStatus": "received"
}
}
}Account info: Read Account List
Reads a list of bank accounts, with balances where required.
/xs2a/{apiGroupVersion}/accounts
PARAMETERS
withBalance
boolean
If contained, this function reads the list of accessible payment accounts including the booking balance. This call will be rejected if the withBalance parameter is used in a case, where the access right on balances is not granted in the related consent
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Consent-ID
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. If PSU presence (currently IP address) is provided with recurring consent then recurring consent counter is not incremented. Therefore account data can be gathered without limits.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
415
429
{
"Valid Response": {
"value": {
"accounts": [
{
"iban": "LV80BANK0000435195001",
"currency": "EUR",
"resourceId": 12321,
"name": "string",
"balances": [
{
"balanceAmount": {
"currency": "EUR",
"amount": 12.21
},
"balanceType": "closingBooked",
"referenceDate": "12.12.2021"
}
]
}
]
}
}
}Account info: Read Account Details
Reads details about an account, with balances where required.
/xs2a/{apiGroupVersion}/accounts/{account-id}
PARAMETERS
withBalance
boolean
If contained, this function reads the list of accessible payment accounts including the booking balance. This call will be rejected if the withBalance parameter is used in a case, where the access right on balances is not granted in the related consent
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
account-id
string
Required
This identification is denoting the addressed account. The account-id is retrieved by using a 'Read Account List' call. The account-id is the 'id' attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Consent-ID
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. If PSU presence (currently IP address) is provided with recurring consent then recurring consent counter is not incremented. Therefore account data can be gathered without limits.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"account": {
"iban": "LV80BANK0000435195001",
"currency": "EUR",
"resourceId": 12321,
"name": "string",
"balances": [
{
"balanceAmount": {
"currency": "EUR",
"amount": 12.21
},
"balanceType": "closingBooked",
"referenceDate": "12.12.2021"
}
]
}
}
}
}Account info: Read Balance
Reads account data from a given account addressed by 'account-id'.
/xs2a/{apiGroupVersion}/accounts/{account-id}/balances
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
account-id
string
Required
This identification is denoting the addressed account. The account-id is retrieved by using a 'Read Account List' call. The account-id is the 'id' attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Consent-ID
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. If PSU presence (currently IP address) is provided with recurring consent then recurring consent counter is not incremented. Therefore account data can be gathered without limits.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"account": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"balances": [
{
"balanceAmount": {
"currency": "EUR",
"amount": 12.21
},
"balanceType": "closingBooked",
"referenceDate": "12.12.2021"
}
]
}
}
}Account info: Read Transaction List
Reads account data from a given account addressed by 'account-id'.
/xs2a/{apiGroupVersion}/accounts/{account-id}/transactions
PARAMETERS
dateFrom
string
Required
ISODate Starting date of the transaction list Must not be farther then 180 days in past for recurring consent. Must not be farther then 7 years in past for non-recurring consent.
dateTo
string
ISODate End date of the transaction list, default is now if not given Must not be farther then 180 days in past for recurring consent. Must not be farther then 7 years in past for non-recurring consent.
bookingStatus
string
Required
Filter by transaction booking status
withBalance
boolean
If contained, this function reads the list of accessible payment accounts including the booking balance. This call will be rejected if the withBalance parameter is used in a case, where the access right on balances is not granted in the related consent
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
account-id
string
Required
This identification is denoting the addressed account. The account-id is retrieved by using a 'Read Account List' call. The account-id is the 'id' attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Consent-ID
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. If PSU presence (currently IP address) is provided with recurring consent then recurring consent counter is not incremented. Therefore account data can be gathered without limits.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"account": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"transactions": {
"booked": [
{
"transactionId": 123,
"debtorName": "Debtor name",
"debtorAccount": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"creditorName": "Creditor name",
"creditorAccount": {
"iban": "LV80BANK0000435195321",
"currency": "EUR"
},
"transactionAmount": {
"currency": "EUR",
"amount": 123.32
},
"bookingDate": "12.12.2012",
"valueDate": "12.12.2012",
"remittanceInformationUnstructured": "Some details"
}
],
"pending": [
{
"transactionId": 321,
"debtorName": "Debtor name",
"debtorAccount": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"creditorName": "Creditor name",
"creditorAccount": {
"iban": "LV80BANK0000435195321",
"currency": "EUR"
},
"transactionAmount": {
"currency": "EUR",
"amount": 333.32
},
"valueDate": "12.12.2012",
"remittanceInformationUnstructured": "Some details 2"
}
]
},
"balances": [
{
"balanceAmount": {
"currency": "EUR",
"amount": 12.21
},
"balanceType": "closingBooked",
"referenceDate": "12.12.2021"
}
]
}
}
}Account info: Read Transaction details
Reads transaction data from a given account addressed by 'account-id' and 'transactionId'. This call is only available on transactions as reported in a JSON format.
/xs2a/{apiGroupVersion}/accounts/{account-id}/transactions/{transactionId}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
account-id
string
Required
This identification is denoting the addressed account. The account-id is retrieved by using a 'Read Account List' call. The account-id is the 'id' attribute of the account structure. Its value is constant at least throughout the lifecycle of a given consent.
transactionId
string
Required
This identification is denoting the addressed transaction. The transactionId is retrieved by using a 'Read Transaction List' call. The transactionId is the 'id' attribute of the transaction structure. Its value is constant at least throughout the lifecycle of a given consent.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Consent-ID
string
Required
Shall be contained since 'Establish Consent Transaction' was performed via this API before.
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP. If PSU presence (currently IP address) is provided with recurring consent then recurring consent counter is not incremented. Therefore account data can be gathered without limits.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"account": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"transactionsDetails": {
"transactionId": 123,
"debtorName": "Debtor name",
"debtorAccount": {
"iban": "LV80BANK0000435195001",
"currency": "EUR"
},
"creditorName": "Creditor name",
"creditorAccount": {
"iban": "LV80BANK0000435195321",
"currency": "EUR"
},
"transactionAmount": {
"currency": "EUR",
"amount": 123.32
},
"bookingDate": "12.12.2012",
"valueDate": "12.12.2012",
"remittanceInformationUnstructured": "Some details"
}
}
}
}Funds confirm: Confirmation of Funds Request
Creates a confirmation of funds request at the ASPSP. If no card number, but the PSU account identifier is contained: check on default account registered by customer. If no card number but the PSU and the account identifier with currency is contained: check the availability of funds on the corresponding sub-account. If card number and the PSU account identifier is contained:: check on sub-account addressed by card, if the addressed card is registered with one of the sub-accounts. If the card number is not registered for any of the accounts, the card number is ignored.
/xs2a/{apiGroupVersion}/funds-confirmations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Content-Type
string
Required
X-Request-ID
string
Required
Consent-ID
string
Required
Shall be contained since 'Establish Funds Confirmation Consent Transaction' was performed via this API before.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
415
Unsupported Media Type
429
Too Many Requests
Request
{
"cardNumber": "123123123213",
"account": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"payee": "customer name",
"instructedAmount": {
"currency": "EUR",
"amount": "12.32"
}
}Responses
200
400
401
403
415
429
{
"Valid request": {
"value": {
"fundsAvailable": true
}
}
}Funds confirm: Establish Funds Confirmation Consent Transaction
Creates an funds confirmation consent resource at the ASPSP regarding access to make funds confirmation to specified accounts in this request.
/xs2a/{apiGroupVersion}/consents/funds-confirmations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Content-Type
string
Required
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
TPP-Explicit-Authorisation-Preferred
boolean
If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals "false" or if the parameter is not used, there is no preference of the TPP.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
Required
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
415
Unsupported Media Type
429
Too Many Requests
Request
{
"access": {
"payments": [
{
"account": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"rights": [
"fundsConfirmations"
]
}
]
},
"consentType": "detailed",
"recurringIndicator": true,
"validTo": "2017-10-30",
"frequencyPerDay": "12"
}Responses
201
400
401
403
415
429
{
"Valid request": {
"value": {
"access": {
"payments": [
{
"account": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"rights": [
"fundsConfirmations"
]
}
]
},
"consentType": "detailed",
"recurringIndicator": true,
"validTo": "12.12.2012",
"frequencyPerDay": "12",
"consentStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Funds confirm: Get Funds Confirmation Consent Request
Returns the content of an funds confirmation consent object.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Shall be contained since 'Establish Funds Confirmation Consent Transaction' was performed via this API before.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid request": {
"value": {
"access": {
"payments": [
{
"account": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"rights": [
"fundsConfirmations"
]
}
]
},
"consentType": "detailed",
"recurringIndicator": true,
"validTo": "12.12.2012",
"frequencyPerDay": "12",
"consentStatus": "valid"
}
}
}Funds confirm: Delete an Confirmation of Funds Service Object
The TPP can delete a confirmation of funds consent object.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Shall be contained since 'Confirmation of Funds Service' was performed via this API before.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
204
No Content
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
204
400
401
403
404
415
429
Funds confirm: Get authorisation sub-resources request
Will deliver an array of resource identifications of all generated authorisation sub-resources.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"authorisationsIds": [
123321
]
}
}
}Funds confirm: Start authorisation process
Starts an authorisation process in for establishing account information consent data on the server.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
Required
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
201
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Funds confirm: Get SCA status request
Checks the SCA status of a authorisation sub-resource.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}/authorisations/{authorisation-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Identification of the related resource
authorisation-id
string
Required
Identification of the related authorisation sub-resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Funds confirm: Get Status Request
Can check the status of an funds confirmation consent resource.
/xs2a/{apiGroupVersion}/consents/funds-confirmations/{consent-id}/status
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
consent-id
string
Required
Shall be contained since 'Establish Funds Confirmation Consent Transaction' was performed via this API before.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"consentStatus": "received"
}
}
}Payment: Payment Initiation with JSON encoding of the Payment Instruction
Creates a payment initiation request at the ASPSP.
/xs2a/{apiGroupVersion}/payments/{payment-product}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-product
string
Required
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
Content-Type
string
Required
X-Request-ID
string
Required
TPP-Explicit-Authorisation-Preferred
boolean
If it equals "true", the TPP prefers to start the authorisation process separately, e.g. because of the usage of a signing basket. If it equals "false" or if the parameter is not used, there is no preference of the TPP.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
Required
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
{
"endToEndIdentification": "123321",
"debtorAccount": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"instructedAmount": {
"currency": "EUR",
"amount": "12.21"
},
"creditorName": "creditor name",
"creditorAddress": {
"country": "DE"
},
"creditorAccount": {
"iban": "XX80BANK0000435195002",
"currency": "EUR"
},
"remittanceInformationUnstructured": "Some details"
}Responses
201
400
401
403
404
415
429
{
"Valid response": {
"value": {
"paymentId": "e521cf62-a45f-49c5-8372-94853fffeb55,",
"transactionStatus": "RCVD",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Payment: Get Payment Details
Returns the content of payment object.
/xs2a/{apiGroupVersion}/payments/{payment-product}/{payment-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-product
string
Required
payment-id
string
Required
Resource Identification of the related payment.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid request": {
"value": {
"endToEndIdentification": "123321",
"debtorAccount": {
"iban": "XX80BANK0000435195001",
"currency": "EUR"
},
"instructedAmount": {
"currency": "EUR",
"amount": "12.21"
},
"creditorName": "creditor name",
"creditorAddress": {
"country": "DE"
},
"creditorAccount": {
"iban": "XX80BANK0000435195002",
"currency": "EUR"
},
"remittanceInformationUnstructured": "Some details",
"transactionStatus": "ACCC",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Payment: Get authorisation sub-resources request
Will deliver an array of resource identifications of all generated authorisation sub-resources.
/xs2a/{apiGroupVersion}/payments/{payment-product}/{payment-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-product
string
Required
payment-id
string
Required
Resource Identification of the related payment.
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"authorisationsIds": [
123321
]
}
}
}Payment: Start authorisation process
Starts the authorisation process for a payment initiation.
/xs2a/{apiGroupVersion}/payments/{payment-product}/{payment-id}/authorisations
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-product
string
Required
payment-id
string
Required
Identification of the related resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
TPP-Redirect-URI
string
Required
URI of the TPP, where the transaction flow shall be redirected to after a Redirect. Mandated for the Redirect SCA Approach (including OAuth2 SCA approach).
TPP-Nok-Redirect-URI
string
If this URI is contained, the TPP is asking to redirect the transaction flow to this address instead of the TPP-Redirect-URI in case of a negative result of the redirect SCA method.
PSU-IP-Address
string
The forwarded IP Address header field consists of the corresponding HTTP request IP Address field between PSU and TPP.
RESPONSES
201
Created
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
201
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Payment: Get SCA status request
Checks the SCA status of a authorisation sub-resource.
/xs2a/{apiGroupVersion}/payments/{payment-product}/{payment-id}/authorisations/{authorisation-id}
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-id
string
Required
Identification of the related resource
payment-product
string
Required
authorisation-id
string
Required
Identification of the related authorisation sub-resource
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
ID of the request, unique to the call, as determined by the initiating party.
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"scaStatus": "received",
"_links": {
"scaRedirect": {
"href": "https://bank.com/sca"
}
}
}
}
}Payment: Get Status Request
Can check the status of a payment initiation.
/xs2a/{apiGroupVersion}/payments/{payment-product}/{payment-id}/status
PATH
apiGroupVersion
string
Required
API Group Version string, consists of the major, minor and patch number. The highest minor and/or patch numbers are selected automatically if the short notation is used. The version is limited by the scopes defined in the Client Application.
payment-id
string
Required
Resource Identification of the related payment.
payment-product
string
Required
HEADERS
Signature
string
Mandatory in LIVE environment. A signature of the request, formatted and calculated as described in document "Signatures in Open Banking protocols"
Client-Signature-Certificate
string
Mandatory in LIVE environment. The client’s certificate, which the client’s signature was derived with. In base64 encoding.
Digest
string
Mandatory in LIVE environment. A digest of the message body as described in document "Signatures in Open Banking protocols"
X-Request-ID
string
Required
RESPONSES
200
OK
400
Bad Request
401
Unauthorized
403
Forbidden
404
Not Found
415
Unsupported Media Type
429
Too Many Requests
Request
Responses
200
400
401
403
404
415
429
{
"Valid Response": {
"value": {
"transactionStatus": "ACCC"
}
}
}