Mobile Payment Operations

Read more about Mobile Payment Operations

Mobile Payment Operations

Worldline proposes to Issuing banks to apply card digitization through its tokenization services.

Worldline proposes to Issuing banks to apply card digitization through its tokenization services. A “token” is a unique set of digits which replaces the usual card PAN number and lowers the payment card risk of compromise. Those tokens of real cards are shared in a secured way with mobile/wearable devices (smartphones with Apple pay or Samsung Pay solutions, watches for Garmin Pay, etc.) so that the cardholder can use them instead of the original card for proximity NFC payments with their devices. They can also be leveraged for the recurrent “Card-on-File” transactions (e.g. Netflix). Each context (devices, e-commerce merchants, etc.) will use a different token.

Our solution exposes a set of APIs to Issuers use cases.

Mobile Banking token provisioning support:

APP-TO-APP AUTHENTICATION – In this use case, the model is used for Mobile banking App as authentication factor, for identification and verification step
In App Provisioning – In this use case, Encrypted pass data (for Apple Pay) or payment instrument data (Google wallets) is generated for wallet activation

APP-TO-APP AUTHENTICATION

API Name: generate-crypto-otp

In case of App to App Authentication the cardholder is authenticated via the banking app and the issuer is required to generate a ‘Mobile Banking Authentication Code’ which is delivered via the wallet provider to VTS or MDES for final activation of the token. This Api is common to all Token Requestors, and can be requested by non-sensitive field, either on a specific token (TokenReferenceId), or on a specific card. The choice depends on implementation of mobile banking app.

This service lookup locally to retrieve card data, such as PAN and expiry dates, before computing the activation code, according to either VTS – App to App authentication, or MDES – App to App authentication. We assume that on this step, these data are known, as provisioning flow is already initiated, and on ‘step-up’ before activation.

If the request is done by card, this service requests I-TSP decoupling layer to retrieve card data before computing.

Flow diagram (request by token):

Request data

For Token Reference:

   

"URI":"https":{
   "Root Path"
}"/itsp-add/v2/issuers/9999/tokens/DNITHE301733961114298690/generate-crypto-otp 
Payload":{
   "tokenProviderID":"VTS"
}

For Card Reference:

"
URI":"https":{
   "Root Path"
}"/itsp-add/v2/issuers/9999/cards/52936061AAAP8026/generate-crypto-otp 
Payload":{
   "tokenProviderID":"MDES"
}

Response data


{
    "responseMetadata": {
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD",
        "statusMessage": "OK",
        "statusCode": 200,
        "responseDateTime": "2023-01-18T14:15:40.323Z",
        "timeTakenMs": 12
    },
    "data": {
        "cryptoOTP": "TUJBQUMtMS0xLTdBRjI5MUM5MUYzRUQ0RUY5MkMxRDQ1RUZGMTI3QzFGOUFCQzEyMzQ3RQ=="
    }

In App Provisioning

APPLE PUSH PROVISIONING

API Name: create-apple-tokenized-card

Background for Push Provisioning:

In case the cards are added via the banking app the issuer needs to generate the Payment Instrument Details to push the tokenization via the xPay wallet. In case of Apple Pay the issuer also has to add activation data for additional security. The Payment Instrument Details mainly contain the card number and the expiration date of the card which needs to be tokenized. The Payment Instrument Detail is pushed via the wallet server of the xPay based on the xPay interface specifications. The xPay wallet server than will forward it to VTS or MDES, and processed usually as a green flow.

Service provided by I-TSP for this purpose create-apple-tokenized-card (specific Apple variant), generates the complete Payment Data Payload for ApplePay, requested with non-sensitive card data. This service requests the Card Management System to retrieve card data, before computing the payload, according to either Visa or Mastercard flavors.

Note that Apple wallet returns Apple Certificate to mobile application. The validity of this certificate has to be controlled by Issuer (AC chain, dates, specific OID, CRL), and public key extracted, for addressing this service. They are duty of Issuer back-end. As I-TSP has no direct contractual agreement with Apple, there is no possibility to have details about format of Certificate data returned by Apple Wallet, as well as having valid test vectors. Nevertheless, Apple In-App Provisioning specification (document under NDA) gives details on this step.

Below a sample Java code to extract Public Key from Apple leaf certificate (X.509v3 / PEM format) before passing it to this I-TSP Api:

  
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBytes));
System.out.println(Base64.toBase64String(certificate.getPublicKey().getEncoded()));

Flow diagram:

Request data


"URI":"https":{
   "Root Path"
}"/itsp-add/v2/issuers/9999/cards/52936061AAAP8026/create-apple-tokenized-card 
Payload":{
   "tokenProviderID":"VTS",
   "nonce":"2E1DF468",
   "nonceSignature":"401FE09091CE8CB9E8846199587E4417AAE9421F7E9BACB993C57A4E806C4F29716E350060769B0616A11164DF25229D56732A0A5BAEA388F284E5DA369BDA8A2510B86622720808FCA797AAAA8B4B2063",
   "applePublicKey":"MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAELj5cz2uasEvnoi8/rM/ec8h+hxVTlKNIFUCKiWyhijdNrGaa879iIPyGN2f0r0dQfFvCIfxKGYdNrzm0B04+uA=="
}

Response data

 
{
   "responseMetadata":{
      "correlationId":"QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD",
      "statusMessage":"OK",
      "statusCode":200,
      "responseDateTime":"2023-01-18'T'14:15:40.323Z",
      "timeTakenMs":12
   },
   "data":{
      "encryptedPassData":"aFKevI11muy+D1roaD08NuF2HGnIN5LRKDOGC00nTnERWtkR2IzB6jxe55p8mMc10K3GEjhUPIN2/g4D0wYkzk1GMg9z...",
      "activationData":"TUJQQUMtMS1GSy0xLS1UREVBLTgzQjlEOTdCMEEzM0FCRDk5RkQwQkI5NkEwMjM3NTEzNDNCMERDRDA3NTAyNTFFRTk1NTVBMzIzQUE1OTU1QjVGNjU3ODBERTZGNDk4NkI5",
      "ephemeralPublicKey":"BPrz+LFGyvw3WbuveJ7rLOUKYC2S0lJXYVFXSUCjYTiiS/pT64+Wri3gp3QUIMx8W7mx+Iab5TMC2UDRqMknICY="
   }
}

GOOGLE PUSH PROVISIONING

VTS Push Provisioning

API Name: create-vts-tokenized-card

Background for Push Provisioning:

In case the cards are added via the banking app the issuer needs to generate the Payment Instrument Details to push the tokenization via the xPay wallet. The Payment Instrument Details mainly contain the card number and the expiration date of the card which needs to be tokenized. The Payment Instrument Detail is pushed via the wallet server of the xPay based on the xPay interface specifications. The xPay wallet server than will forward it to VTS or MDES, and processed usually as a green flow.

Service provided by I-TSP for this purpose is create-vts-tokenized-card (generic per Visa specifications).It is used by all non-Apple wallets (for example by Google who calls structure Opaque Payment Data).

The following web service generates the complete Card Provisioning Payload as specified by VTS, requested with non-sensitive card data (issuerCardIdcardReference, that is a Surrogate of the PAN).

This service requests the Card Management System to retrieve card data, before computing the payload, according to Visa “Payment Instrument Details” structure for Push Provisioning.

Flow diagram:

Request data

    
URI: https://{Root Path}/itsp-add/v2/issuers/9999/cards/52936061AAAP8026/create-vts-tokenized-card 
Payload : 
{ 
       "clientWalletAccountID": "Lejk2eFZ0gPe9DOFNDAhfHy3",
"clientWalletProvider": "40010075001",
"clientDeviceId": "rdtZyP8u4O5LkQFRgPAB-sHo",
"clientAppID": "de.issuerbanking.mobil",
"country": "DE"
}

Response data

    {
    "responseMetadata": {
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD",
        "statusMessage": "OK",
        "statusCode": 200,
        "responseDateTime": "2023-01-18'T'14:15:40.323Z",
        "timeTakenMs": 12
    },
    "data": {
        "paymentInstrumentDetails": "ewoiYWxnIjoiQTI1NkdDTUtXIiwKInR5cCI6IkpPU0UiLAoiaXYiOiJRYVNLdG1qSUpfYnF4OHpzIiwKInRhZyI6IkFweEpuSmJNeTU1OTMzeWZBTFJTY1E9PSIsCiJraWQiOiJOMVdHMThJM1QySDYwOFZHSUZLMjEzUDVKeXdjOFF2WGRUamVBRXR1azdMN0VwZHZ3IiwKImNoYW5uZWxTZWN1cml0eUNvbnRleHQiOiJTSEFSRURfU0VDUkVUIiwKImVuYyI6IkEyNTZHQ00iLAoiaWF0IjoiMTU4NjM1MDkxNCIKfQ.tYYvs2Cdn0qkVNnE5xDAgGkjx-sBQMP7sA-yj1diVL0.1vWxDYGJs5sPqoaa.LzoOgr97kxNUMZfoKdg8L6OsK3HHQvL2dJYRUddqfD-F90LwBNv24Gc5oOfTYuHSjSYqpP82YQcfhPOYexuW7vRWgwxEQo2tT6Vz4n3Zuy5vsT5OFLMSXtMmJpMqqh3ktvZo9D6NCjqzFlIMJFnUpxiX3dUrmUuCq4bGKxoY6C5KLBDhRo4pEyRsjMNugCVSrKTmAW-SnpFmyW8L066a1HfAQoPomMycZ5U26MPPN__x8k57fDycHn8a6BwWm4ssncJP1sHVPxIpmzGkA89g62n_gxIIWkajdA9tA6t9qaokKfL1wqhVvAch-TxhdLTNORhF_UzlZAILmTe3dsDeZlwy8VOzDpih_zo3Jjj5CYbDiR1yOwnjM35pcBByKouKwYTIxlo4L2Pnfk1QaaNjdVAvA4cPMwQSSymG0hUEZfXOjHBJVUyMAlBLZrwcOlkEwV7iQyusKBqT-j0Y9ULTfYoOv5FD_HMf6pNOcVUf5MqMHlONXurje_VaCU1KahR5_F3HB_YCM7Es74DjAtM-UDJ3YHsKX2aNEX5PbCcRophcVlpkgBC1VhUqgYz0Iytq0GkfFepqrGU0hLrk-CrOm9vNRE8.6T00_EU219IJBNreH7rMnQ"
    }
}

MDES Push Provisioning

API Name: create-mdes-tokenized-card

Background for Push Provisioning:

Service provided by I-TSP for this purpose is create-mdes-tokenized-card. It is used by all non-Apple wallets (for example by Google who calls structure Opaque Payment Data).

The following web service generates the complete Card Provisioning Payload as specified by MDES, requested with non-sensitive card data (issuerCardId, that is a Surrogate of the PAN).

This service requests Card Management system to retrieve card data, before computing the payload, according to Mastercard “Issuer Initiated Digitization Data” structure for Push Provisioning (Funding Account Info + Tokenization Authentication Value).

Flow diagram:

Request data

    URI: https://{Root Path}/itsp-add/v2/issuers/9999/cards/52936061AAAP8026/create-mdes-tokenized-card 
Payload : 
{ 
       "clientWalletProvider": "50120834693"
}

Response data

    
{
   "responseMetadata":{
      "correlationId":"QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD",
      "statusMessage":"OK",
      "statusCode":200,
      "responseDateTime":"2023-01-18'T'14:15:40.323Z",
      "timeTakenMs":12
   },
   "data":{
      "issuerInitiatedDigitizationData":{
         "fundingAccountInfo":{
            "encryptedPayload":{
               "encryptedData":"4545433044323232363739304532433610DE1D1461475BEB6D815F31764DDC20298BD779FBE37EE5AB3CBDA9F9825E1DDE321469537FE461E824AA55BA67BF6A",
               "publicKeyFingerprint":"4c4ead5927f0df8117f178eea9308daa58e27c2b",
               "encryptedKey":"A1B2C3D4E5F6112233445566",
               "oaepHashingAlgorithm":"SHA512",
               "iv":"31323334353637383930313233343536"
            }
         },
         "tokenizationAuthenticationValue":"\"ew0KICAgInZlcnNpb24iOiAiMyIsDQogICAic2lnbmF0dXJlQWxnb3JpdGhtIjogIlJTQS1TSEEyNTYiLA...”
         }
    }
}"

Click To Pay

Enroll

API Name: click-to-pay-enroll

This API is to enroll a card into click-to-pay. If account does not exist it will be created. For an account creation (first card) full data must be provided:

Consumer data: name, email, phone, locale, country

Billing Address

For a card enrolment into an existing account, only billing address needs to be provided

I-TSP retrieves card details from CMS (pan, expiry, embossing name, consumerId), acknowledge caller, and will process with Visa APIs asynchronously.

Request data

    URI: https://{Root Path}/itsp-add/v2/issuers/9999/cards/52936061AAAP8026/click-to-pay-enroll 
Payload : 
{ 
    "consumerInformation": { 
        "name": "John F Doe", 
        "phoneNumbers": ["+33612345678"], 
        "emailAddresses": ["john.doe@mydomain.com"], 
        "locale": "en_US", 
        "countryCode": "FRA", 
        "timeOfConsent": "2024-01-12T10:15:20.374Z" 
    }, 
    "billingAddress": { 
        "line1":"12 rue Stine", 
        "postalCode":"37200", 
        "city":"Tours", 
        "country ":"FRA" 
    } 
}

Response data

{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": " ACCEPTED", 
        "statusCode": 202, 
        "responseDateTime": "2024-04-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    }
}

Remove card or account

API Name: click-to-pay-remove

This API is to remove a card or complete account from click-to-pay.
I-TSP retrieves card info from CMS (pan), acknowledge caller, and will process with Visa APIs asynchronously.

If this card is the last one under a click-to-pay account, the complete account will be requested to be removed.

Request data

    URI:  
    POST {rootpath}/itsp-add/v2/issuers/{issuerId}/cards/{cardReference}/click-to-pay-remove?removeAll=(true|false)

Response data (Response data is empty, only metadata is provided. )

{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "ACCEPTED", 
        "statusCode": 202, 
        "responseDateTime": "2024-04-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    } 
}

Return data

API Name: click-to-pay-account-data

This API will return all data stored into Visa Click-to-Pay for a given card :

Consumer data : name, email, phone, consent info

Payment data : pan last digits, expiry, billing address

It is recommended to be called before any other Click-to-Pay enrollment or management request, in order to avoid desync or failure. I-TSP retrieves card details from CMS (pan, consumerId), then calls Visa API getData, and returns synchronously the content. No data is stored or updated locally at I-TSP.

If more than one card is returned as enrolled into click-to-pay under the same account (consumerId), the cardReference (SurrogateId) of the other cards is not retrieved, only 4 last digits of pan.

Request data

    URI:  
    GET {rootpath}/itsp-add/v2/issuers/{issuerId}/cards/{cardReference}/click-to-pay-account-data   
    Request Body is empty.

Response data

{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "OK", 
        "statusCode": 200, 
        "responseDateTime": "2024-04-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    }, 
    "data": { 
        "c2pProvider":"Visa", 
        "cardholderReference":"66012000010001884143", 
        "consumerInformation": { 
            "name": "John F Doe", 
            "phoneNumbers": ["+33612345678"], 
            "emailAddresses": ["john.doe@mydomain.com"], 
            "locale": "en_GB", 
            "countryCode": "FIN", 
            "timeOfConsent": "2024-01-12T10:15:20.374Z" 
        }, 
        "cardDetails":[ 
        { 
            "cardReference":"42936061AAAP8026", 
            "cardLastDigits":"8026", 
            "cardExpiryMonth":"06", 
            "cardExpiryYear":"2025", 
            "nameOnCard ":"John Doe", 
            "billingAddress": { 
                "line1":"1000 Market Street", 
                "line2":"Building 56", 
                "line3":"Suite 101", 
                "postalCode":"94105", 
                "city":"San Francisco", 
                "state": "CA", 
                "country ":"USA" 
            } 
        }, 
        { 
            "cardLastDigits":"4762", 
            "cardExpiryMonth":"02", 
            "cardExpiryYear":"2026", 
            "nameOnCard ":"John Doe", 
            "billingAddress": { 
                "line1":"12 rue Stine", 
                "postalCode":"37200", 
                "city":"Tours", 
                "country ":"FRA" 
            } 
        }] 
    } 
}

Token Selfcare

Get Token Data / Token List

API Name: token-list

This webservice allows local lookup for tokens attached to a given card. It does not call VTS or MDES, so the result might be desynchronized from Scheme’s repository. But due to its local lookup, this service is faster than inquiring Visa or Mastercard through TLCM Apis. This service can be used for example in front of banking app provisioning, to retrieve list of tokens belonging to a card and do cross-check with known tokens on user device.

Request data

    URI:  
    GET {Root Path}/itsp-add/v2/issuers/{issuerId}/cards/{cardReference}/token-list
    Request Body is empty.

Response data

{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "OK", 
        "statusCode": 200, 
        "responseDateTime": "2023-01-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    }, 
    "data": { 
        "tokenDataList": [ 
            { 
                "tokenProviderID": "VTS", 
                "tokenReferenceID": "DNITHE462034250054974519", 
                "tokenStatus": "ACT", 
                "tokenRequestorID": "40010051602", 
                "tokenExpiryYear": "2023", 
                "tokenExpiryMonth": "04", 
                "tokenType": "COF", 
        },{	 
                "tokenProviderID": "VTS", 
                "tokenReferenceID": "DNITHE302034249991296629", 
                "tokenStatus": "ACT", 
                "tokenRequestorID": "40010030273", 
                "tokenExpiryYear": "2023", 
                "tokenExpiryMonth": "12", 
                "tokenType": "SE",             
                "deviceID": "043D050B47508001900614097894935387C61DD337B208C0", 
                "walletID": "A4DF297BD8466140", 
             } 
        ], 
        "cardLastDigits":"1935", 
        "cardExpiryYear": "2023", 
        "cardExpiryMonth": "11" 
    } 
}

Token details

API Name: details

This webservice allows local lookup for a specific Token Reference Id and if the token is known locally (in I-TSP), then an LCM token inquiry (VTS or MDES) is triggered and latest useful data provided back. This could help Issuer to take some decisions regarding the token management

Request data

URI  – by token 
GET  {Root Path}/itsp-add/v2/issuers/{issuerId}/tokens/{tokenReference}/ tokenRequestors/{tokenRequestorId}/details?provider={tokenProviderID} 
For this request the body is empty. 
Example:
GET  

{Root Path}/itsp-add/v2/issuers/9999/tokens/DNITHE301733964444298690/ tokenRequestors/40010030273/details?provider=VTS

Response data

{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "OK", 
        "statusCode": 200, 
        "responseDateTime": "2023-01-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    }, 
    "data": { 
        "tokenSuffix ": "1234", 
        "tokenStatus": "SUSPENDED", 
        "tokenActivationDate": "2024-01-24T10:23:56.SSZ", 
        "lastTokenStatusUpdatedDate": "2024-01-24T11:23:56.SSZ", 
        "tokenExpiryDate": "2027-11", 
        "deviceID": "043D050B47508001900614097894935387C61DD337B208C0", 
        "walletID": "A4DF297BD8466140", 
        "deviceName": "My super phone", 
        "deviceType": "PHONE" 
    }   
}

Update token

API Name: update

This webservice allows local lookup for a specific Token Reference Id and if the token is known locally (in I-TSP), then an LCM token inquiry (VTS or MDES) is triggered to request for a token_status update*.

Note: (*) all operationTypes are possible, but for ‘ACTIVATE’, there are some additional rules applied on I-TSP level: for riskLevel=ORANGE or RED, the token activation is not possible.

Request data

URI  – by token 
POST {rootPath}/itsp-add/v2/issuers/{issuerId}/tokens/{tokenReference}/update?provider={tokenProviderID}  
For this request the body is empty. 
Example:
POST https://{Root Path}/itsp-add/v2/issuers/9999/tokens/ DNITHE416552825982484844/update? provider=VTS

Response data

When token is found on I-TSP and on TSP 
  { 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "ACCEPTED", 
        "statusCode": 202, 
        "responseDateTime": "2023-01-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    } 
     
} 

When token /TRID is not found on I-TSP  or on TSP 
{ 
    "responseMetadata": { 
        "correlationId": "QQI8qq6jIKq5gO78BocFzSSMI9cI2ReD", 
        "statusMessage": "NOT_FOUND", 
        "statusCode": 404, 
        "responseDateTime": "2023-01-18T14:15:40.323Z", 
        "timeTakenMs": 12 
    } 
}

ob-p-ideal-refund

Read more about ob-p-ideal-refund

Refund Processing

Refunds are reversal transactions wherein complete or partial money is moved back to customer’s source account (account from which actual payment was made). Refund can only be created for a successful or settled transaction:

Customer initiated refunds (returns or cancellation) - e.g. if the Customer has changed his mind about consumption of product pre/post order delivery.
Initiating Party initiated refunds - e.g. if a product/service is out of stock or there is a mismatch in transaction status between payment and Initiating Party wherein transaction is failed state at merchant's end but is successful at payments end.

For the refund processing the data from the original iDEAL request / response are used, so that the resulting refund transaction can be reconciled with the original transaction.

Offline Refunds

As part of the transaction processing we offer a secure Offline Refund Processing (via API's or the Backoffice). The activity diagram below describes the process.

The Backoffice GUI can be used to register and export refunds to a pain.001 file. This pain.001 file has to be provided to the bank of the merchant. This delivery is not done by the Open Banking Service, therefore this refund method is named 'offline'.

ob-p-a2a-refund

Read more about ob-p-a2a-refund

Refund Processing

Customer initiated refunds (returns or cancellation) - e.g. if the Customer has changed his mind about consumption of product pre/post order delivery.
Initiating Party initiated refunds - e.g. if a product/service is out of stock or there is a mismatch in transaction status between payment and Initiating Party wherein transaction is failed state at merchant's end but is successful at payments end.

For the refund processing the data from the original Account-to-Account request / response are used, so that the resulting refund transaction can be reconciled with the original transaction.

As part of the transaction processing we offer a secure Refund Processing Online (via API's) or Offline (via API's or the Backoffice). The activity diagram below describes the difference between those two processes. Note: Online and Offline refunds both offer API's, those API's are different.

Please note: The Refund processing allows either Online or Offline Refunds.

Online Refunds

Endpoint: POST /refunds

Use the API's to initiate payments of refunds. Multiple refunds can be payed in one go, if the merchant bank supports bulk-payments.

Offline Refunds

ob-data-ais-notification

Read more about ob-data-ais-notification

Push Notification

API Reference

Instead of polling the consent status you may want to delegate it to Worldline. The Open Banking Service will poll the bank and notify you on consent status changes by posting notifications. Note, that bank polling happens within a few days since consent initiation.

POST Status

Endpoint: POST /status

Base URL: URL provided by you as part of your onboarding

This API will notify the initiating party about the status of the consent. More details about the fields can be found in the API reference.

Data model

Request (Click to enlarge)	Response

ob-data-overview

Read more about ob-data-overview

Data Overview

In this section you will find implementation details of our Account Data Products:

Bank Connect, Account Insights and Credit Insight.

For faster integration and better user experience we offer a set of predefined screens that could be customised with your branding allowing to choose the user bank and handling the complexity of different PSD2 authorization flows (redirect / decoupled / embedded), so that you will be able to focus on your product and leave the boring stuff to us.

Depending on the implemented product, the consent can be for one-time or for ongoing up to approximately 6 months access to the data. Once the consent is expired you can prompt the user to renew the consent to ensure uninterrupted data access.

The data retrieved also depends on the implemented product and could consist of account details (e.g. account name or IBAN), balances and the list of transactions.

Whenever a recurring consent is granted, you can access the information as many times per day as needed as long as the user is actively using your software. In case you would like to perform a background data refresh, you can do so up to 4 times per day by either polling the banking data and identifying the new transactions by yourself or by letting Worldline to pull the updated banking data multiple times per day based on a predefined schedule, comparing the results to historical data and notifying you only on the differences.

To implement Bank Connect, Account Insights products, please review the Account Data section. We have a dedicated section for Credit Insight implementation.

Need help?

Please get in touch with us and we will help you to integrate our APIs.

Release Notes: Recent Update

Read more about Release Notes: Recent Update

Recent Update

Version 2.10.1 to 2.11.0
What's New
What's Changed
What's Deleted
What's Deprecated

What's New

Cancel future changes of the account by future change reference (beta)

`POST` /issuers/{issuerId}/accounts/{accountReference}/account-future-updates/{futureChangeReference}/cancel

Cancel future changes of the account by future change reference

Cancel future changes of the account by future change reference (beta)

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/account-future-updates/{futureChangeReference}/cancel

Cancel future changes of the account by future change reference

Create address for a customer and subscribe to add-on (beta)

`POST` /issuers/{issuerId}/customers/{customerReference}/addressesAndSubscriptions

The API allows to create either a permanent address or a temporary address for the customer, identified with his reference, and to subscribe to an add-on service for a contract . An address includes the following information: • the issuer address external reference • the label (eg MAIN_POSTAL_ADDRESS), • the type (mail address, phone number, email) and the corresponding data • the address usages • the start date (optional, by default, the current date is used) • the end date (conditional, only used when defining a temporary address) When creating a temporary address, If a temporary address already exists with an overlap on the activity period then only the newly created address will be kept and the old one will be removed. For information, the main postal address is mandatory. In return, the API provides the address Reference calculated by the system.

Create address for a customer and subscribe to add-on (beta)

`POST` /issuers/{issuerId}/customers/external-customers/{issuerCustomerExternalReference}/addressesAndSubscriptions

Search corporate contracts (beta)

`POST` /search-corporate-contracts

This API allows to search corporate contracts

What's Changed

Retrieve financial information by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/balance

Response:

Changed property data (object AccountBalance)
- Added property liableBalance (object)

Create mandate by external reference

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/create-mandate

Request body:

New optional properties:
- debtorBic
- debtorEmail
- debtorIban
- debtorId
- debtorName
- debtorPostalAddress
- mandateContractId
- mandateNatureType
- mandateSignCity
- mandateSignDate
- sepaCreditorId
- sepaMandateUir

Added property iban (string)
Added property bic (string)
Added property ibanOwnerName (string)

Cancel mandate by external reference

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/cancel-mandate

Request body:

New optional properties:
- cancelMandateOnExternalSystem
- validateMandate

Added property cancellationDate (string)

Retrieve financial information

`GET` /issuers/{issuerId}/accounts/{accountReference}/balance

Response:

Changed property data (object AccountBalance)
- Added property liableBalance (object)

Create mandate

`POST` /issuers/{issuerId}/accounts/{accountReference}/create-mandate

Request body:

New optional properties:
- debtorBic
- debtorEmail
- debtorIban
- debtorId
- debtorName
- debtorPostalAddress
- mandateContractId
- mandateNatureType
- mandateSignCity
- mandateSignDate
- sepaCreditorId
- sepaMandateUir

Added property iban (string)
Added property bic (string)
Added property ibanOwnerName (string)

Cancel mandate

`POST` /issuers/{issuerId}/accounts/{accountReference}/cancel-mandate

Request body:

New optional properties:
- cancelMandateOnExternalSystem
- validateMandate

Added property cancellationDate (string)

Cancel a pending ProductChange

`POST` /issuers/{issuerId}/contracts/{contractReference}/cancel-product-change

Request body:

New content type : `*/*`

Response:

Changed property data (object CancelProductChangeResponse)
- Added property originalContract (object)
- Added property changedContract (object)

Cancel a pending ProductChange by external reference

`POST` /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/cancel-product-change

Request body:

New content type : `*/*`

Response:

Changed property data (object CancelProductChangeResponse)
- Added property originalContract (object)
- Added property changedContract (object)

Retrieve future changes for the account by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/account-future-updates/{creationDate}

Response:

Changed property data (object AccountFutureUpdate)
- Added property updateStatus (string)
- Added property accountFutureUpdateIdentifier (object)
- Added property updateReason (string)
- Added property lastUpdateDate (string)
- Added property sepaCreditorId (string)
- Added property sepaMandateStatus (string)
- Added property sepaMandateUir (string)
- Added property sepaMandateUmr (string)
- Added property debtorPhoneNumber (string)
- Added property debtorEmail (string)
- Added property debtorPostalAddress (object)
- Added property mandateContractId (string)
- Added property mandateNatureType (string)
- Added property mandateSignDate (string)
- Added property mandateSignCity (string)

Create a temporary credit limit by external reference

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/temporary-credit-limits

Request body:

Added property manageOverlap (boolean)

Retrieve future changes for the account

`GET` /issuers/{issuerId}/accounts/{accountReference}/account-future-updates/{creationDate}

Response:

Changed property data (object AccountFutureUpdate)
- Added property updateStatus (string)
- Added property accountFutureUpdateIdentifier (object)
- Added property updateReason (string)
- Added property lastUpdateDate (string)
- Added property sepaCreditorId (string)
- Added property sepaMandateStatus (string)
- Added property sepaMandateUir (string)
- Added property sepaMandateUmr (string)
- Added property debtorPhoneNumber (string)
- Added property debtorEmail (string)
- Added property debtorPostalAddress (object)
- Added property mandateContractId (string)
- Added property mandateNatureType (string)
- Added property mandateSignDate (string)
- Added property mandateSignCity (string)

Create a temporary credit limit

`POST` /issuers/{issuerId}/accounts/{accountReference}/temporary-credit-limits

Request body:

Added property manageOverlap (boolean)

Retrieve account by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}

Response:

Changed property data (object Account)
- Added property isChangeOfPayerAtNextCycle (boolean)

Schedule new account parameters update in future by external reference

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/account-future-updates

Request body:

Added property accountFutureUpdateIdentifier (object)
Added property sepaMandate (object)
Added property updateReason (string)

Response:

Changed property data (object CreateAccountFutureUpdateResponse)
- Added property accountFutureUpdateIdentifier (object)

Retrieve list of future changes of the account by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/account-future-updates

Response:

Changed property data (array)
- Changed items (object AccountFutureUpdate)
  - Added property updateStatus (string)
  - Added property accountFutureUpdateIdentifier (object)
  - Added property updateReason (string)
  - Added property lastUpdateDate (string)
  - Added property sepaCreditorId (string)
  - Added property sepaMandateStatus (string)
  - Added property sepaMandateUir (string)
  - Added property sepaMandateUmr (string)
  - Added property debtorPhoneNumber (string)
  - Added property debtorEmail (string)
  - Added property debtorPostalAddress (object)
  - Added property mandateContractId (string)
  - Added property mandateNatureType (string)
  - Added property mandateSignDate (string)
  - Added property mandateSignCity (string)

Retrieve operation by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/operations/{operationId}

Response:

Changed property data (object Operation)
- Changed property detailedFeeAmounts (array)
  - Changed items (object DetailedFeeAmount)
    - Added property includeInOtherDetailFeeAmount (boolean)

Create velocity limit override by external account reference

`POST` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/velocity-limits/{velocityLimitReference}/velocity-limit-overrides

Request body:

New required properties:
- velocityLimitOverrideIdentifier

Added property velocityLimitOverrideIdentifier (object)

Retrieve account

`GET` /issuers/{issuerId}/accounts/{accountReference}

Response:

Changed property data (object Account)
- Added property isChangeOfPayerAtNextCycle (boolean)

Schedule new account parameters update in future

`POST` /issuers/{issuerId}/accounts/{accountReference}/account-future-updates

Request body:

Added property accountFutureUpdateIdentifier (object)
Added property sepaMandate (object)
Added property updateReason (string)

Response:

Changed property data (object CreateAccountFutureUpdateResponse)
- Added property accountFutureUpdateIdentifier (object)

Retrieve list of future changes of the account

`GET` /issuers/{issuerId}/accounts/{accountReference}/account-future-updates

Response:

Changed property data (array)
- Changed items (object AccountFutureUpdate)
  - Added property updateStatus (string)
  - Added property accountFutureUpdateIdentifier (object)
  - Added property updateReason (string)
  - Added property lastUpdateDate (string)
  - Added property sepaCreditorId (string)
  - Added property sepaMandateStatus (string)
  - Added property sepaMandateUir (string)
  - Added property sepaMandateUmr (string)
  - Added property debtorPhoneNumber (string)
  - Added property debtorEmail (string)
  - Added property debtorPostalAddress (object)
  - Added property mandateContractId (string)
  - Added property mandateNatureType (string)
  - Added property mandateSignDate (string)
  - Added property mandateSignCity (string)

Retrieve operation

`GET` /issuers/{issuerId}/accounts/{accountReference}/operations/{operationId}

Response:

Changed property data (object Operation)
- Changed property detailedFeeAmounts (array)
  - Changed items (object DetailedFeeAmount)
    - Added property includeInOtherDetailFeeAmount (boolean)

Create velocity limit override

`POST` /issuers/{issuerId}/accounts/{accountReference}/velocity-limits/{velocityLimitReference}/velocity-limit-overrides

Request body:

New required properties:
- velocityLimitOverrideIdentifier

Added property velocityLimitOverrideIdentifier (object)

Retrieve contract for an account by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/contract

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

List operations for an account by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for last account statement by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/statements/last/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for next account statement by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/statements/next/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for an account statement by external reference

`GET` /issuers/{issuerId}/accounts/external-accounts/{issuerAccountExternalReference}/statements/{cycleClosureDate}/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

Retrieve contract for an account

`GET` /issuers/{issuerId}/accounts/{accountReference}/contract

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

List operations for an account

`GET` /issuers/{issuerId}/accounts/{accountReference}/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for last account statement

`GET` /issuers/{issuerId}/accounts/{accountReference}/statements/last/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for next account statement

`GET` /issuers/{issuerId}/accounts/{accountReference}/statements/next/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

List operations for an account statement

`GET` /issuers/{issuerId}/accounts/{accountReference}/statements/{cycleClosureDate}/operations

Response:

Changed property data (array)
- Changed items (object Operation)
  - Changed property detailedFeeAmounts (array)
    - Changed items (object DetailedFeeAmount)
      - Added property includeInOtherDetailFeeAmount (boolean)

Retrieve list of company's information (beta)

`GET` /issuers/{issuerId}/companies

Parameters:

Added: streetName in query Changed: corporateName in query

Retrieve contract for a card contract by external reference

`GET` /issuers/{issuerId}/card-contracts/external-card-contracts/{issuerCardContractExternalReference}/contract

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve contract for a card contract

`GET` /issuers/{issuerId}/card-contracts/{cardContractReference}/contract

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate employee Accounts (beta)

`GET` /issuers/{issuerId}/corporate-contracts/{contractReference}/corporate-employee-accounts/{accountReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateEmployeeAccountResponse)
- Changed property account (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate employee accounts by account external reference (beta)

`GET` /issuers/{issuerId}/corporate-contracts/{contractReference}/corporate-employee-accounts/external-accounts/{issuerAccountExternalReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateEmployeeAccountResponse)
- Changed property account (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate employee Accounts by contract external reference and account external reference (beta)

`GET` /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/corporate-employee-accounts/external-accounts/{issuerAccountExternalReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateEmployeeAccountResponse)
- Changed property account (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate employee Accounts by contract external reference (beta)

`GET` /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/corporate-employee-accounts/{accountReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateEmployeeAccountResponse)
- Changed property account (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve contract by external reference

`GET` /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

List accounts for contract by external reference

`GET` /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/accounts

Response:

Changed property data (array)
- Changed items (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve contract

`GET` /issuers/{issuerId}/contracts/{contractReference}

Response:

Changed property data (object Contract)
- Changed property accounts (array)
  - Changed items (object Account)
    - Added property isChangeOfPayerAtNextCycle (boolean)

List accounts for contract

`GET` /issuers/{issuerId}/contracts/{contractReference}/accounts

Response:

Changed property data (array)
- Changed items (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

List accounts for account owner by external reference

`GET` /issuers/{issuerId}/customers/external-customers/{issuerCustomerExternalReference}/accounts

Response:

Changed property data (array)
- Changed items (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

List accounts for account owner

`GET` /issuers/{issuerId}/customers/{customerReference}/accounts

Response:

Changed property data (array)
- Changed items (object Account)
  - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate contract (beta)

`GET` /issuers/{issuerId}/corporate-contracts/{contractReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateContract)
- Added property rootAccount (object)
- Changed property corporateContractEntities (array)
  - Changed items (object CorporateContractEntity)
    - Changed property account (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)
- Changed property corporateEmployeeAccounts (array)
  - Changed items (object CorporateEmployeeAccount)
    - Changed property account (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve corporate contract by external reference (beta)

`GET` /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}

Parameters:

Changed: embed in query

Response:

Changed property data (object CorporateContract)
- Added property rootAccount (object)
- Changed property corporateContractEntities (array)
  - Changed items (object CorporateContractEntity)
    - Changed property account (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)
- Changed property corporateEmployeeAccounts (array)
  - Changed items (object CorporateEmployeeAccount)
    - Changed property account (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)

Retrieve contracts by criteria

`POST` /issuers/{issuerId}/contracts/search

Response:

Changed property data (array)
- Changed items (object Contract)
  - Changed property accounts (array)
    - Changed items (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)

List contracts for contract owner by external reference

`GET` /issuers/{issuerId}/customers/external-customers/{issuerCustomerExternalReference}/contracts

Response:

Changed property data (array)
- Changed items (object Contract)
  - Changed property accounts (array)
    - Changed items (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)

List contracts for contract owner

`GET` /issuers/{issuerId}/customers/{customerReference}/contracts

Response:

Changed property data (array)
- Changed items (object Contract)
  - Changed property accounts (array)
    - Changed items (object Account)
      - Added property isChangeOfPayerAtNextCycle (boolean)

List corporate contracts for a company (beta)

`GET` /issuers/{issuerId}/companies/{customerReference}/corporate-contracts

Response:

Changed property data (array)
- Changed items (object CorporateContract)
  - Added property rootAccount (object)
  - Changed property corporateContractEntities (array)
    - Changed items (object CorporateContractEntity)
      - Changed property account (object Account)
        Added property isChangeOfPayerAtNextCycle (boolean)
  - Changed property corporateEmployeeAccounts (array)
    - Changed items (object CorporateEmployeeAccount)
      - Changed property account (object Account)
        Added property isChangeOfPayerAtNextCycle (boolean)

List corporate contracts for a company by external reference (beta)

`GET` /issuers/{issuerId}/companies/external-customers/{issuerCustomerExternalReference}/corporate-contracts

Response:

Changed property data (array)
- Changed items (object CorporateContract)
  - Added property rootAccount (object)
  - Changed property corporateContractEntities (array)
    - Changed items (object CorporateContractEntity)
      - Changed property account (object Account)
        Added property isChangeOfPayerAtNextCycle (boolean)
  - Changed property corporateEmployeeAccounts (array)
    - Changed items (object CorporateEmployeeAccount)
      - Changed property account (object Account)
        Added property isChangeOfPayerAtNextCycle (boolean)

Add an entity to a Corporate contract (beta)

`POST` /issuers/{issuerId}/corporate-contracts/{contractReference}/add-corporate-contract-entity

Request body:

Changed property addCorporateContractEntity (object CreateCorporateContractRequest.AddCorporateContractEntity)
- Changed property corporateContractEntityAccounts (array)
  - Changed items (object CreateCorporateContractRequest.CorporateContractEntityAccount)
    - Changed property account (object CreateCorporateContractRequest.Account)
      - Added property ibanOwnerName (string)

Add an entity to a Corporate contract by external reference (beta)

`POST` /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/add-corporate-contract-entity

Request body:

Changed property addCorporateContractEntity (object CreateCorporateContractRequest.AddCorporateContractEntity)
- Changed property corporateContractEntityAccounts (array)
  - Changed items (object CreateCorporateContractRequest.CorporateContractEntityAccount)
    - Changed property account (object CreateCorporateContractRequest.Account)
      - Added property ibanOwnerName (string)

Create consumer contract

`POST` /issuers/{issuerId}/contracts/create-consumer-contract

Request body:

Changed property addCardsAccounts (object CreateConsumerContractRequest.AddCardsAccounts)
- Changed property accounts (array)
  - Changed items (object CreateConsumerContractRequest.Account)
    - New optional properties:
      - iban
    - Added property ibanOwnerName (string)
    - Changed property sepaMandate (object CreateConsumerContractRequest.SepaMandate)
      - New optional properties:
        debtorName
- Changed property cardContracts (array)
  - Changed items (object CreateConsumerContractRequest.CardContract)
    - Changed property card (object CreateConsumerContractRequest.Card)
      - Changed property cardOrder (object CreateConsumerContractRequest.CardOrder)
        Added property customDeliveryAddressee (string)
        
        Added property customDeliveryAddress (object)
      - Changed property pinMailerOrder (object CreateConsumerContractRequest.PinMailerOrder)
        Added property customDeliveryAddressee (string)
        
        Added property customDeliveryAddress (object)
Changed property contract (object CreateConsumerContractRequest.Contract)
- Changed property accountHierarchy (object CreateConsumerContractRequest.AccountHierarchy)
  - Changed property accounts (array)
    - Changed items (object CreateConsumerContractRequest.Account)
      - New optional properties:
        iban
      - Added property ibanOwnerName (string)
      - Changed property sepaMandate (object CreateConsumerContractRequest.SepaMandate)
        New optional properties:
        debtorName
- Changed property cardContracts (array)
  - Changed items (object CreateConsumerContractRequest.CardContract)
    - Changed property card (object CreateConsumerContractRequest.Card)
      - Changed property cardOrder (object CreateConsumerContractRequest.CardOrder)
        Added property customDeliveryAddressee (string)
        
        Added property customDeliveryAddress (object)
      - Changed property pinMailerOrder (object CreateConsumerContractRequest.PinMailerOrder)
        Added property customDeliveryAddressee (string)
        
        Added property customDeliveryAddress (object)

Add cards and accounts to a contract by external reference

`POST` /issuers/{issuerId}/contracts/external-contracts/{issuerContractExternalReference}/add-cards-accounts

Request body:

Changed property cardContracts (array)
- Changed items (object CreateConsumerContractRequest.CardContract)
  - Changed property card (object CreateConsumerContractRequest.Card)
    - Changed property cardOrder (object CreateConsumerContractRequest.CardOrder)
      - Added property customDeliveryAddressee (string)
      - Added property customDeliveryAddress (object)
    - Changed property pinMailerOrder (object CreateConsumerContractRequest.PinMailerOrder)
      - Added property customDeliveryAddressee (string)
      - Added property customDeliveryAddress (object)
Changed property accountHierarchy (object AddCardsAccountsRequest.AccountHierarchy)
- Changed property accounts (array)
  - Changed items (object CreateConsumerContractRequest.Account)
    - New optional properties:
      - iban
    - Added property ibanOwnerName (string)
    - Changed property sepaMandate (object CreateConsumerContractRequest.SepaMandate)
      - New optional properties:
        debtorName

Add cards and accounts to a contract

`POST` /issuers/{issuerId}/contracts/{contractReference}/add-cards-accounts

Request body:

Changed property cardContracts (array)
- Changed items (object CreateConsumerContractRequest.CardContract)
  - Changed property card (object CreateConsumerContractRequest.Card)
    - Changed property cardOrder (object CreateConsumerContractRequest.CardOrder)
      - Added property customDeliveryAddressee (string)
      - Added property customDeliveryAddress (object)
    - Changed property pinMailerOrder (object CreateConsumerContractRequest.PinMailerOrder)
      - Added property customDeliveryAddressee (string)
      - Added property customDeliveryAddress (object)
Changed property accountHierarchy (object AddCardsAccountsRequest.AccountHierarchy)
- Changed property accounts (array)
  - Changed items (object CreateConsumerContractRequest.Account)
    - New optional properties:
      - iban
    - Added property ibanOwnerName (string)
    - Changed property sepaMandate (object CreateConsumerContractRequest.SepaMandate)
      - New optional properties:
        debtorName

Add an employee and its card(s) and account(s) to a Corporate contract (beta)

`POST` /issuers/{issuerId}/corporate-contracts/{contractReference}/add-corporate-employee-cards-accounts

Request body:

Changed property addCorporateEmployeeCardsAndAccounts (object CreateCorporateContractRequest.AddCorporateEmployeeCardsAndAccounts)
- Changed property corporateEmployeeAccounts (array)
  - Changed items (object CreateCorporateContractRequest.CorporateEmployeeAccount)
    - Changed property account (object CreateCorporateContractRequest.Account)
      - Added property ibanOwnerName (string)

Add an employee and its card(s) and account(s) to a Corporate contract by external reference (beta)

`POST` /issuers/{issuerId}/corporate-contracts/external-contracts/{issuerContractExternalReference}/add-corporate-employee-cards-accounts

Request body:

Changed property addCorporateEmployeeCardsAndAccounts (object CreateCorporateContractRequest.AddCorporateEmployeeCardsAndAccounts)
- Changed property corporateEmployeeAccounts (array)
  - Changed items (object CreateCorporateContractRequest.CorporateEmployeeAccount)
    - Changed property account (object CreateCorporateContractRequest.Account)
      - Added property ibanOwnerName (string)

Create a Corporate contract (beta)

`POST` /issuers/{issuerId}/corporate-contracts/create-corporate-contract

Request body:

Changed property corporateContract (object CreateCorporateContractRequest.Contract)
- Changed property corporateContractRootEntity (object CreateCorporateContractRequest.CorporateContractRootEntity)
  - Changed property rootAccount (object CreateCorporateContractRequest.Account)
    - Added property ibanOwnerName (string)
Changed property addCorporateContractEntities (array)
- Changed items (object CreateCorporateContractRequest.AddCorporateContractEntity)
  - Changed property corporateContractEntityAccounts (array)
    - Changed items (object CreateCorporateContractRequest.CorporateContractEntityAccount)
      - Changed property account (object CreateCorporateContractRequest.Account)
        Added property ibanOwnerName (string)
Changed property addCorporateEmployeeCardsAndAccounts (array)
- Changed items (object CreateCorporateContractRequest.AddCorporateEmployeeCardsAndAccounts)
  - Changed property corporateEmployeeAccounts (array)
    - Changed items (object CreateCorporateContractRequest.CorporateEmployeeAccount)
      - Changed property account (object CreateCorporateContractRequest.Account)
        Added property ibanOwnerName (string)

What's Deleted

No API deleted.

What's Deprecated

No API deprecated.

Contact

Read more about Contact

Get in touch

Please get in touch if you need any assistance, our team is happy to help.

Send us a mail

Initiating Party Extranet

Read more about Initiating Party Extranet

Initiating Party Extranet

The Initiating Party Extranet is the GUI Interface for the Initiating Party to access and use the Open Banking Platform and provides the following Modules:

Master data and Subscription Management

Transaction Management and Post Processing

Refund Processing

User Management

Secure User Login

Report Management

Documents (view and download only)

Online Help

Functional Modules with partly or without GUI Access:

Directory Service Management ♦ Reconciliation / Clearing Module ♦ Audit Logs ♦ White Labelling

Administrator Portal

Read more about Administrator Portal

Administrator Portal

The Administrator Portal is the GUI Interface for Backoffice Users of the client to access and administer the Open Banking Platform. It provides the following modules:

Bank Selection Interface

Initiating Party and Subscription Management

User and Access Management

Service Provider Management

Banks can set up Providers for Initiating Parties in their environment. Those Service Providers do the technical integration for them and make it more easy to offer payment means to the customers. So (e.g. smaller) Initiating Parties can avoid the effort of integrating to the routing services systems for each payment mean by choosing a PSP as Way of Integration during the onboarding The service provider needs some configuration on the system, e.g. they have to provide a valid certificate and some mandatory data. In order to maintain the service providers per service to be offered to Initiating Parties as connection method, the Open Banking Platform provides the Service Provider Management.

Which features are provided?
The Service Provider Management enables Initiating Parties and Bank Backoffice Admins according to their access rights to maintain the following features: Service Provider data, Account data, Service Subscription Data, Technical & Security data, Setup, check, manage, deactivate existing service providers.

User Login Functionalities

As standard the Backoffice includes an access control via personified login page, the user can insert his name and valid password into the according fields and submit via the Login button. If the entered data don’t match, an error message (Authorization failed) informs him and after repetition and successful validation he is logged in the application. In case of forgotten password, additionally a link “Forgot Password” available. Using it, an according dialog starts to renew the current password.
Also as standard solution our Backoffice includes an user login with 2FA Authentication, which can be activated per acquirer bank / tenant via the configuration management. Once activated the existing username/password is used as first factor, the smartphone functions as second factor. On the smartphone an One Time Password (The user has to install an OTP generator on his smartphone, e.g. FreeOTP Authenticator). can be used to provide a temporary valid OTP, which has to be entered into the login form.

In addition the latest possible date from which the use of the OTP feature becomes mandatory for users is configurable on per acquirer / tenant: In this case an individual “Start of OTP” is stored for each user (new or already existing), who does the first login for his acquirer via 2FA. During every login now is checked, whether the individual "Start of OTP" date of the user is already exceeded and how many days remain until expiration. Before expiration, the user is able skip the OTP secret verification (via an according button on the GUI), afterwards he has to verify and register an OTP secret.

As login mechanismen to the bank systems we provide Web Single Sign On functionality (Web SSO) using credentials for authentication, which are a unique username and password: By using this functionality the first step it is checked if the user is already logged in to the authentication system. Users, who are already signed in, are marked as Single Sign On Users in the system and are granted access immediately. If not, the user is directed to the authentication system to sign in. For each session, the user must first sign into the authentication system with a unique username and password. The authentication system uses a token for the session that stays in effect until the user logs out.

After the authentication process is running, the authentication information is passed to the application, requesting verification of the user.
To login the OB Platform via Web Single Sign On (Web SSO) the banks offer special URLs. The Certificate, which is needed for the securing the Web SSO connection, can be uploaded via the Merchant and Subscription Management Module.

Certificate Management

Our Certificate Management provides a central management for certificates and is operated from the Backoffice GUI. As a consequence of PSD2 this functionality allows to manage hundreds of certificates and to automatically update related keystores in all associated Routing Service Instances during runtime: Certificates can be refreshed automatically during application runtime of the Routing service.

The Certificate Management allows creating Qualified Website Authentication Certificates (commonly known as TLS certificates) and Qualified Electronic Seal, certificate signing request (CSR). Whereas the key pairs, consisting of a private and public key, for QWAC CSRs are generated by the module itself; keys for QSEAL CSRs are derived from HSM Boxes using the restcrypto-server application.

Once the official signing process of QWAC and QSEAL CSRs is completed by an external certification authority (CA), the resulted certificates can be uploaded to the Certificate Management Module.

At last a functionality within the module allows the user to send the certificates (as for QWACs the private keys as well) wrapped in a keystore to the Routing Service Instances at runtime.

If the same certifiacte (fingerprint) is stored on merchant and subscription level, the certificate is only stored once. It will only be deleted, when the certifcate is deleted on both levels on Backoffice side.

I is possible to Upload Certificates for the API authentication in the BO on merchant level additionally to the ones on subscription level. This is allowing to use the same certificate for all subscriptions.

Transactions Processing/ Refund Processing: Overview of all IP running on the system

Initiating Party Ticketing/Support

Document Management

Dynamic Creditor Account Lookup (DCAL)

We provide a Dynamic Creditor Account Lookup Service , which can be switched on or off for each of the tenants’ Initiating Party (by the tenant’s Backoffice Admin). If the DCAL is activated, up to ten additional creditor accounts can be set up. This service will only be used for Initiating Party without Sub Ids.
In case, the DCAL service is switched off, but DCAL entries already exist, those entries will not be deleted. When DCAL is switched back on, the data are available again. Clients, who have access to the Backoffice as Admin User can select the DCAL option itself in the Tenant GUI and on the Initiating Party GUI , in the PIS service configuration.

Via the DCAL screen the on/off switch can be managed very easily and on the DCAL table creditor accounts can be created, updated and deleted.

Backoffice

Read more about Backoffice

Backoffice

The Open Banking Platform consists of several components, that you might use depending on the product - the Back Office is one major component, allowing to onboard and manage your clients, view transactions and create refunds. Here you'll find an overview of modules, which we offer and might be of interest.

The Administrator Portal is the GUI Interface for Backoffice Users of the client to access and administer the Open Banking Platform. It provides the following modules:

Initiating Party and Subscription Management ♦ User and Access Management ♦ Initiation Service ♦ User Login Functionalities ♦ Certificate Management ♦ Transactions Processing/ Refund Processing ♦ Initiating Party Ticketing/Support ♦ Document Management ♦ Dynamic Creditor Account Lookup

The Initiating Party Extranet is the GUI Interface for the Initiating Party to access and use the Open Banking Platform and provides the following Modules: Master data and Subscription Management ♦ Transaction Management and Post Processing ♦ Refund Processing ♦ User Management ♦ Secure User Login ♦ Report Management ♦ Documents (view and download only) ♦ Online Help

Functional Modules with partly or without GUI Access:

Directory Service Management ♦ Reconciliation / Clearing Module ♦ Audit Logs ♦ White Labelling

Subscribe to